Latest

Latest

SecurityBoulevard - Cyber Security Roundup For January 2021 - Security Boulevard

A suspected nation-state sophisticated cyber-attack of SolarWinds which led to the distribution of a tainted version the SolarWinds Orion network monitoring tool, compromising their customers, dominated the cyber headlines in mid-December 2020.  This was not only one of the most significant cyberattacks of 2020 but perhaps of all time. The United States news media reported the Pentagon, US intelligence agencies, nuclear labs, the Commerce, Justice, Treasury and Homeland Security departments, and several utilities were all compromised by the attack. For the full details of the SolarWinds cyber-attack see my article Sunburst: SolarWinds Orion Compromise OverviewTwo other cyberattacks are possibly linked to the SolarWinds hack was also reported, the cyber-theft of sophisticated hacking tools from cybersecurity firm FireEye, a nation-state actor is suspected to be responsible. And the United States National Security Agency (NSA) advised a VMware security vulnerability was being exploited by Russian state-sponsored actors.Amidst the steady stream of COVID-19 and Brexit news reports, yet another significant ransomware and cyber-extortion attack briefly made UK headlines. Hackers stole confidential records, including patient photos, from UK cosmetic surgery chain 'The Hospital Group', and threatening to publish patient's 'before and after' photos. The UK cosmetic surgery firm, which has a long history of celebrity endorsements, confirmed it was the victim of a ransomware attack, and that it had informed the UK's Information Commissioner's Office about their loss of personal data.Spotify users had their passwords reset after security researchers alerted the music streaming platform of a leaky database which held the credentials of up to 350,000 Spotify users, which could have been part of a credential stuffing campaign. Security researchers at Avast reported 3 million devices may have been infected with malware hidden within 28 third-party Google Chrome and Microsoft Edge extensions.A McAfee report said $1 Trillion was lost to cybercrime in 2020, and companies remained unprepared for cyberattacks in 2021.Stay safe and secure.BLOGTrends in IT-Security and IAM in 2021, the “New Normal” and beyondFact vs. Fiction: Film Industry's Portrayal of CybersecuritySix Trends Shaping the 2021 Cybersecurity OutlookPredicated Data Classification Trends for 2021Sunburst: SolarWinds Orion Compromise OverviewThe Dangers of Security Vulnerability Scoring DependencyCyber Security Roundup for December 2020NEWSSunburst: SolarWinds Orion CompromiseCybersecurity firm FireEye Compromised and Hacking Tools Stolen by a suspected Nation-State Actor3 Million Users Hit with Infected Google Chrome and Microsoft Edge ExtensionsHackers Threaten to Leak Plastic Surgery Pictures45 Million Medical Imaging Files Exposed OnlineSpotify Reset Passwords following Data BreachKaspersky Statistics of the Year ReportMcAfee Hidden Cost of Cybercrime Report: $1 Trillion lost to Cybercrime in 2020, companies remain ill-preparedVULNERABILITIES AND SECURITY UPDATESMicrosoft Patches 58 Vulnerabilities, 10 Rated as CriticalVMware Security Vulnerability Possible Vector in SolarWinds BreachCritical Risk to Unpatched Fortinet VPN Devices (CVE-2018-13379)AWARENESS, EDUCATION AND THREAT INTELLIGENCENew Ransomware Campaign Exploits Weak MySQL Credentials to Lock Thousands of DatabasesTrickbot Trojan takes aim at Vulnerabilities in Booting ProcessMicrosoft Warns CrowdStrike of Hackers Targeting Azure Cloud Customers

https://securityboulevard.com/2020/12/cyber-security-roundup-for-january-2021/

01 January 2021
We use cookies to make interactions with our website and to serve you better and meaningful.
Privacy & Security Policy