Secjuice Squeeze Special Edition: Top Hacks of 2020

Welcome to this special edition of the Secjuice Squeeze, a curated selection of the top (i.e., most severe or impactful) hacks of 2020. Being aware of that the threat is real and has real consequences will help us be more cyber conscious. This special edition was curated by Secjuice writers Prasanna, Muhammad Luqman, Thunder-Son, Sinwindie, Mike Peterson, and Miguel Calles.

Clearview AI's entire client list stolen in data breach

The breach affected all of the facial recognition company's customers, many of which are law enforcement agencies.

Source & Link: cnet.com

18,000 Organizations Possibly Compromised in Massive Supply-Chain Cyberattack

Nation-state attackers used poisoned SolarWinds network management software updates to distribute malware; US government orders federal civilian agencies to immediately power down the technology.

Source & Link: darkreading.com

A Patient Dies After Ransomware Attack Paralyzes German Hospital Systems

Ransomware attack on the University Hospital of Düsseldorf (UKD) caused death of a woman.

Source & Link: thehackernews.com, arstechnica.com

FireEye, a Top Cybersecurity Firm, Says It Was Hacked by a Nation-State

The Silicon Valley company said hackers — almost certainly Russian — made off with tools that could be used to mount new attacks around the world.

Source & Link: nytimes.com, fireeye.com

Several Zoom Hacks

Zoom Snooping: How Body Language Can Spill Your Password

Researchers figure out how to read what people are typing during a Zoom call using shoulder movements.

Source & Link: threatpost.com, forbes.com

WebMonitor RAT Bundled with Zoom Installer

In early April, we spotted an attack leveraging Zoom installers to spread a cryptocurrency miner. We recently encountered a similar attack that drops a different malware: RevCode WebMonitor RAT (detected by Trend Micro as Backdoor.Win32.REVCODE.THDBABO).

Source & Link: trendmicro.com

Troubles with Zoom in an age of remote work and play

We probably don't need to tell you about all of the vulnerabilities, privacy issues and other blunders discovered about video conferencing app Zoom over the past week. Many took up arms against the app, and in some opinions, justifiably so.

Whether or not the outrage was warranted is really up to you. Many Infosec professionals on Twitter pointed out that not everyone's threat model will be the same. Zoom is hardly perfect, but for the average user, the riskiness of the platform is relatively low. But, some food for tought: Instead of just telling not to use the app, explain why. Get them to think about their security risk models. Offer better alternatives.

Source & Link: npr.org

Marriott discloses data breach possibly affecting over 5 million customers

Marriott International was the target of another hack, but this wasn't as massive as the previous one. The hotel chain said Tuesday it recently discovered that someone using the log-in information of two employees accessed an "unexpected amount of guest information" totaling more than 5 million guests. Marriott believes the incident happened between mid-January and February of this year.

Source & Link: cnn.com

Europol takes down SIM-swap hacking rings responsible for theft of millions of euros

Arrests have been made across Europe in an effort to stamp out gangs specializing in SIM-swapping attacks.

Source & Link: zdnet.com

Windows DNS Server Remote Code Execution Vulnerability

The Microsoft Security Response Center (MSRC) investigates all reports of security vulnerabilities affecting Microsoft products and services, and provides the information here as part of the ongoing effort to help you manage security risks and help keep your systems protected.

Source & Link: microsoft.com

Other Top Hacks Lists

Source & Link: zdnet.com, thehackpost.com, wired.com.

About The Art Used In This Article

The awesome artwork used in this article is the work of Zaki Abdelmounim. He is a 25-year-old Moroccan 3D generalist living in Qatar and working in the TV industry.  This project is called Hardcoding:Redshift Study, Zaki started the project after watching the movie Chappie, he really liked the concept of the command chair that was done by George Hull, and wanted to recreate something similar in 3D for the sake of practice and fun, resulting in what we think is the worlds best hacker desk design. Learn more about this project here.