Secjuice Squeeze Volume 49
Welcome to the Secjuice Squeeze, a curated selection of security articles and news that you may have missed.
Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Prasanna, Miguel Calles, Sinwindie.
Articles
CERT/CC Vulnerability Note VU#843464
SolarWinds Orion API authentication bypass allows remote command execution
Source & Link: cert.org
Curator: Prasanna
2021: The Year of Multi-Level Data Extortion
Many companies fast-tracked transformation to cloud services during 2020. Yet, while traditional security measures struggle to secure these complex environments, extortionist cyber attackers will take advantage.
Source & Link: darkreading.com
Curator: Miguel Calles
Microsoft Says Russian Hackers Viewed Some of Its Source Code
The hackers gained more access than the company previously understood, though they were unable to modify code or get into its products and emails.
Source & Link: nytimes.com
Curator: Sinwindie
Hacked home cams used to livestream police raids in swatting attacks
The FBI issues an alert saying offenders have sometimes spoken to police via breached smart devices.
Source & Link: bbc.com
Curator: Sinwindie
Ticketmaster pays $10 million fine after hacking a startup rival
Ticketmaster has agreed to pay a $10 million criminal fine to avoid prosecution over charges that it accessed a rival’s computer system without authorization.
Source & Link: engadget.com
Curator: Sinwindie
T-Mobile warns customers of second data breach in less than a year
As if 2020 weren't bad enough, some T-Mobile customers are winding down the year with word of a data breach. According to reports from BleepingComputer and AndroidPolice, T-Mobile has within the past few days begun to notify affected subscribers of "malicious, unauthorized access" to some of their account information. "We also immediately reported this matter to federal law enforcement and are now in the process of notifying impacted customers."
Source & Link: engadget.com
Curator: Sinwindie
Ledger won’t compensate users affected by data leak
Given the magnitude of the hack, CEO Pascal Gauthier reportedly saying paying off the affected users will sink Ledger financially.
Source & Link: coingeek.com
Curator: Sinwindie
How hacked is hacked? Here’s a ‘hack scale’ to better understand the SolarWinds cyberattacks
“Microsoft, FireEye, and the U.S. Treasury department have been hacked in the SolarWinds attacks.” This statement is true but doesn’t tell the whole story accurately.
Source & Link: geekwire.com
Curator: Sinwindie
The tech that was fixed in 2020 and the tech that still needs fixing
Video chat apps, like Webex and Google Meet, became crucial work tools. After gyms shut down, virtual workout apps like Peloton transformed into must-have products.
Source & Link: denverpost.com
Curator: Sinwindie
Koei Tecmo Shuts Down Forums Following Data Hack
The Japanese publisher Koei Tecmo announced over the Christmas holiday that some personal data from 65,000 users of its English language website was hacked, leading the company to take its US and UK websites offline for the time being.
Source & Link: kotaku.com
Curator: Sinwindie