The Briefing – WK02 2021

 In Briefing
caribsoc-badge-title-the-briefing-w-med

Curated for business leaders, owners and security staffers; The Briefing is a concise weekly summary of security headlines impacting global business sectors and industries that are prevalent across the Caribbean Region.

BRIEFING HEADLINES

New Zero-Day, Malware Indicate Second Group May Have Targeted SolarWinds: 

A piece of malware named Supernova and a zero-day vulnerability exploited to deliver this malware indicate that SolarWinds may have been targeted by a second, unrelated threat actor.

Over 250 Organizations Breached via SolarWinds Supply Chain Hack:

A new report reveals that hackers breached more than 250 government and private organizations through the recent SolarWinds supply chain attack on US Govt depts. 

Microsoft Reveals Internal Source Code Was Accessed In SolarWinds Attack:

Microsoft has stated that attackers in the SolarWinds attack accessed its a massive hack of government and private computer networks gained access to its internal source code. 

UK Judge Blocks US Extradition of WikiLeaks Founder Assange:

A British judge has rejected the United States’ request to extradite WikiLeaks founder Julian Assange to face espionage charges, stating he was likely to kill himself if held under harsh U.S. prison conditions. US Govt immediately filed to appeal the decision.

Apex Laboratory Patient Data Stolen and Published After Ransomware Attack:

Medical testing services provider Apex Laboratory issues a data breach notification alerting patients of compromised personal information being displayed on an attackers website. Apex provides medical testing services within the New York City and South Florida areas. The company suffered a ransomware attack mid 2020 and was able to recover without paying the attackers. Late 2020 the attackers disclosed ~10,000 files containing patient and employee data it claims was stolen in the attack.

Hardcoded Credentials Expose Zyxel Firewalls and WLAN Controllers to Remote Attacks:

Zyxel releases firmware updates to remove hardcoded credentials from several firewall and WLAN controller products. The credentials pertain to an undocumented admin level account used to provide firmware updates to devices via FTP. Researchers noted this account also has viable SSH access, device owners are not able to change the password for this account. The vulnerability is tracked under CVE-2020-29583.

WhatsApp T&C Change To Share User Data Across All Facebook Companies Feb 2021:

WhatsApp users are forced to agree to the terms meaning that all private data held by WhatsApp, including their phone number, will be shared with Facebook (which owns WhatsApp) and its other product platforms. All users must agree to the new terms by 8 February 2021, or lose access to their existing chats, media and contacts.

BRIEFING ARCHIVE

CARIBSOC advises organisations to corroborate all data and information as a matter of course when determining impacts to their staff & infrastructure.

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt