Month: January 2021

Giant security vendors Fidelis, Mimecast, Palo Alto Networks, Qualys confirmed this week that they were impacted by the SolarWinds supply chain attack.

Fidelis confirmed that it had installed a trojaned version of the SolarWinds Orion app in May 2020, as part of a software evaluation.

A Mimecast-issued certificate used to authenticate some of the company’s products to Microsoft 365 Exchange Web Services had been “compromised by a sophisticated threat actor,” the email-protection company announced in mid-January. That caused speculation that the breach was related to SolarWinds, which the firm confirmed in an update this week.

Palo Alto disculsed tha 2 security incidents discovered in September and October 2020 wre linked to SolarWinds software installations.

Qualys said that its compromised certificate as installed only on test systems.

The list of impacted company keeps growing, and at this point includes Cisco, Cox and more.

Read more about it here.

Cybersecurity firm Malwarebytes said it was hacked by ‘Dark Halo’, the same group that breached SolarWinds in 2020. The company pointed out that hackers exploited another attack vector and did use SolarWinds Orion software.

The company’s blog post says: “While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor. We can confirm the existence of another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments. After an extensive investigation, we determined the attacker only gained access to a limited subset of internal company emails. We found no evidence of unauthorized access or compromise in any of our internal on-premises and production environments.”

Malwarebytes learned of the breach on December 15, 2020 from the Microsoft Security Response Center, which detected suspicious activity coming from a third party application in its Microsoft Office 365 tenant.

Malwarebytes adds to a growing list of security firms that were hit by Solarwinds attackers, after FireEye, Microsoft, and CrowdStrike.

Read more about it here.

On January 1, 2021, Adobe Flash Player reached its end of life (EOL). Adobe will no longer release updates to its Flash Player.

“Since Adobe will no longer be supporting Flash Player after December 31, 2020 and Adobe will block Flash content from running in Flash Player beginning January 12, 2021, Adobe strongly recommends all users immediately uninstall Flash Player to help protect their systems.” states the announcement published by Adobe. “Some users may continue to see reminders from Adobe to uninstall Flash Player from their system. See below for more details on how to uninstall Flash Player.”

In July 2017, Apple, Adobe, Facebook, Google, Microsoft, and Mozilla announced the end of the support for the Flash Player by the end of 2020. The software was considered not secure, and was replaced by new software with better performance, such as HTML5.

Read more about it here.