Malicious SolarWinds Orion backdoor installed in Microsoft’s network led to the attackers viewing some of its source code. Microsoft today disclosed its discovery that the attackers behind the SolarWinds breach and rigged software update had commandeered one of its internal accounts to view — but not alter — some of its source code “in a […]
Year: 2020
SolarWinds hackers accessed our source code
The threat actors behind the SolarWinds attack could breach internal Microsoft accounts to view the source code for Microsoft products. Earlier this month, Microsoft confirmed that they detected malicious executables in their environment that were downloaded during the SolarWinds Orion platform supply chain attack. SolarWinds supply chain cyberattack In a blog post published today, Microsoft stated that […]
Adobe Flash Player is officially dead tomorrow
Flash Player will reach its end of life (EOL) on January 1, 2021, after always being a security risk to those who have used it over the years. Over the years, multiple zero-day and critical vulnerabilities [1, 2, 3, 4] found to impact Flash Player were used by both cybercriminals and nation-state hacking groups to install […]
Data breach broker selling user records stolen from 26 companies
A data breach broker is selling the allegedly stolen user records for twenty-six companies on a hacker forum, BleepingComputer has learned. When threat actors and hacking groups breach a company and steal their user databases, they commonly work with data breach brokers who market and sell the data for them. Brokers will then create posts […]
Ticketmaster fined $10 million for breaking into rival’s systems
Ticketmaster, a Live Nation subsidiary and a leading ticket distribution and sales company, was fined $10 million for illegally accessing the systems of competitor CrowdSurge using the credentials of one of its former employees. “Ticketmaster employees repeatedly – and illegally – accessed a competitor’s computers without authorization using stolen passwords to unlawfully collect business intelligence,” Acting U.S. Attorney […]
Adobe now shows alerts in Windows 10 to uninstall Flash Player
With the Flash Player officially reaching the end of life tomorrow, Adobe has started to display alerts on Windows computers recommending that users uninstall Flash Player. When Flash Player is installed, it creates a scheduled task named ‘Adobe Flash Player PPAPI Notifier’ that executes the following command: “C:WindowsSysWOW64MacromedFlashFlashUtil32_32_0_0_465_pepper.exe” -update pepperplugin When this command is executed, […]
DHS orders federal agencies to update SolarWinds Orion platform
The Cybersecurity and Infrastructure Security Agency (CISA) has ordered all US federal agencies to update the SolarWinds Orion platform to the latest version by the end of business hours on December 31, 2020. CISA’s Supplemental Guidance to Emergency Directive 21-01 demands this from all agencies using Orion versions unaffected in the SolarWinds supply chain attack. […]
T-Mobile data breach exposed phone numbers, call records
T-Mobile has announced a data breach exposing customers’ proprietary network information (CPNI), including phone numbers and call records. Starting yesterday, T-Mobile began texting customers that a “security incident” exposed their account’s information. According to T-Mobile, its security team recently discovered “malicious, unauthorized access” to their systems. After bringing in a cybersecurity firm to perform an […]
Emotet malware hits Lithuania’s National Public Health Center
The internal networks of Lithuania’s National Center for Public Health (NVSC) and several municipalities have been infected with Emotet malware following a large campaign targeting the country’s state institutions. “When infected recipients opened infected messages, the virus entered the internal networks of the institutions,” NVSC officials said in a statement published today. “Infected computers, after […]
Mobile Endpoint Security: Still the Crack in the Enterprise's Cyber Armor
A combination of best practices and best-in-class technology will help keep your enterprise from falling victim to ever-growing threats. Source – Bleepingcomputer.com