Security News

A new report published by ReversingLabs today and shared in advance with The Hacker News has revealed that the operators behind the espionage campaign likely managed to compromise the software build and code signing infrastructure of SolarWinds Orion platform as early as October 2019 to deliver the malicious backdoor through its software release process. "The source code of the affected library was directly modified to include malicious backdoor code, which was compiled, signed, and delivered through the existing software patch release management system," ReversingLabs' Tomislav Pericin said.

Dutch prosecutors Wednesday said a man had cracked US President Donald Trump's Twitter account in October despite denials from Washington and the company, but added that the so-called "Ethical hacker" would not face charges. Both the White House and Twitter have strenuously denied reports that the account had been hacked.

Communications at the U.S. Treasury and Commerce Departments were reportedly compromised by a supply chain attack on SolarWinds, a security vendor that helps the federal government and a range of Fortune 500 companies monitor the health of their IT networks. In a security advisory, Austin, Texas based SolarWinds acknowledged its systems "Experienced a highly sophisticated, manual supply chain attack on SolarWinds Orion Platform software builds for versions 2019.4 HF 5 through 2020.2.1, released between March 2020 and June 2020.".

The motive and the full scope of what intelligence was compromised remains unclear, but signs are that adversaries tampered with a software update released by Texas-based IT infrastructure provider SolarWinds earlier this year to infiltrate the systems of government agencies as well as FireEye and mount a highly-sophisticated supply chain attack. "The compromise of SolarWinds' Orion Network Management Products poses unacceptable risks to the security of federal networks," said Brandon Wales, acting director of the US Cybersecurity and Infrastructure Security Agency, which has released an emergency directive, urging federal civilian agencies to review their networks for suspicious activity and disconnect or power down SolarWinds Orion products immediately.

Intel-owned AI processor developer Habana Labs has suffered a cyberattack where data was stolen and leaked by threat actors. Today, the Pay2Key ransomware operation leaked data allegedly stolen from Habana Labs during a cyberattack.

Subway UK has disclosed that a hacked system used for marketing campaigns is responsible for the malware-laden phishing emails sent to customers yesterday. Starting yesterday, Subway UK customers received strange emails from 'Subcard' about a Subway order that was placed.

Documents related to the Pfizer coronavirus vaccine were illegally accessed during a cyberattack at the EU regulator, the company said Wednesday, as Germany and other northern hemisphere countries grappled with a winter surge in the pandemic. While the EMA did not give details on the attack, Pfizer and BioNTech said documents relating to their vaccine candidate had been accessed, but that "No systems have been breached in connection with this incident."

FireEye, one of the largest cybersecurity firms in the world, said on Tuesday it became a victim of a state-sponsored attack by a "Highly sophisticated threat actor" that stole its arsenal of Red Team penetration testing tools it uses to test the defenses of its customers. Red Team tools are often used by cybersecurity organizations to mimic those used in real-world attacks with the goal of assessing a company's detection and response capabilities and evaluating the security posture of enterprise systems.

The EU Medicines Agency today revealed it was hacked, just a week after infosec eggheads said foreign state hackers have been targeting European institutions. BioNTech, the German biotech firm that is developing a COVID-19 coronavirus vaccine with Pfizer said it was told by EMA that the miscreants had stolen from an agency computer files submitted by BioNTech and Pfizer describing their vaccine as part of the regulatory approval process.

During our investigation to date, we have found that the attacker targeted and accessed certain Red Team assessment tools that we use to test our customers' security. These tools mimic the behavior of many cyber threat actors and enable FireEye to provide essential diagnostic security services to our customers.