Cyber Victor – a leading blog on cyber security

On January 1, 2021, Adobe Flash Player reached its end of life (EOL). Adobe will no longer release updates to its Flash Player.

“Since Adobe will no longer be supporting Flash Player after December 31, 2020 and Adobe will block Flash content from running in Flash Player beginning January 12, 2021, Adobe strongly recommends all users immediately uninstall Flash Player to help protect their systems.” states the announcement published by Adobe. “Some users may continue to see reminders from Adobe to uninstall Flash Player from their system. See below for more details on how to uninstall Flash Player.”

In July 2017, Apple, Adobe, Facebook, Google, Microsoft, and Mozilla announced the end of the support for the Flash Player by the end of 2020. The software was considered not secure, and was replaced by new software with better performance, such as HTML5.

Read more about it here.

The Parliament of Finland confirmed on December 28, 2020, that threat actors gained access to email accounts of multiple members of parliament (MPs).

Parliament officials said:
“Parliament of Finland has been subjected to a cyberattack in the fall of 2020. The attack was discovered by parliamentrainer technical surveillance.

Some parliament e-mail accounts may have been compromised as a result of the attack, among them e-mail accounts that belong to MPs.

The cyberattack is being investigated by the National Bureau of Investigation. The investigation is supported by Parliament of Finland.”

According to NBI Detective Inspector Tero Muurman, the attack is likely part of a cyberespionage campaign carried out by nation-state actors.

Read more about it here.

A number of U.S. government agencies reportedly have been hacked: The Commerce Department, the Department of Homeland Security, the Pentagon, the Treasury Department, the U.S. Postal Service, and the National Institutes of Health. The attack began in March 2020, and is still ongoing, meaning that the malware that was placed on computers may still be capturing confidential information.

According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), tech company SolarWinds was compromised, and it posed “unacceptable risks to the security of federal networks.” SolarWinds Orion products are used by several U.S. agencies for network management.

In turn, SolarWinds said in a statement that the breach of their system “was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a broad, system-wide attack.”

Read more about it here.

Cybersecurity giant FireEye announced that it was hacked by nation-state actors, likely Russian state-sponsored hackers. In a blog post, FireEye CEO Kevin Mandia said company tools used for testing customers’ security had been stolen. “The attacker primarily sought information related to certain government customers,” he wrote. The hackers “used a novel combination of techniques not witnessed by us or our partners in the past.” As of this writing, FireEye has seen no evidence to date that any attacker has used the stolen tools.

Read more about it here.

Personal and health data of 16 million Brazilians infected with Covid-19 have been exposed online, after an employee of the Albert Einstein Hospital in the city of Sao Paolo uploaded earlier in November 2020 a spreadsheet with usernames, passwords, and access keys to sensitive government systems on GitHub. The leak included the E-SUS-VE and Sivep-Gripe applications that are used to manage data on COVID-19 patients.

The two databases contained sensitive details such as patient names, addresses, ID information, but also healthcare records such as medical history and medication regimes.

Among those affected by the leak are Brazil President Jair Bolsonaro, 7 ministers, and 17 provincial governors.

The data leak was discovered by a GitHub user who found the spreadsheet containing the credentials on the GitHub account associated with the hospital employee.

The user shared his discovery with the Brazilian newspaper Estadao, which notified the Brazilian Ministry of Health and the hospital.

The spreadsheet was quickly removed from GitHub, and the passwords and the access keys for the systems were changed.

Read more about it here.

Officials confirmed that the city of Saint John, New Brunswick, Canada, was hit by a massive cyberattack, that has crippled much of its IT municipal infrastructure: The city’s website, email, online payment portals, customer service applications and more. However, the 911 center in the city remained open. The attack was discovered on November 13, 2020, and was posted on Facebook on November 16.

The city later confirmed that it was a ransomware attack. The city didn’t disclose whether a specific amount was named in the ransom demand, or details about how the attack was first discovered.

There wasn’t any indication that personal information was accessed or transferred.

Read more about it here.

Researchers at WMC Global spotted a new sneaky Office 365 phishing campaign, targeted at Office 365 users, still at the login page. The strategy involves inverting the background colors of the image presented to the user at login, causing the image hash to differ from the original. This hinders scanning engines ability to flag the image altogether.

The phishing kit further reverts the inverted image, using Cascading Style Sheets (CSS), to make the image look just like the original, legitimate background image of Office 365 login pages. Phishing engines are highly unlikely to detect the image as being an inverted copy of the Office 365 background.

While it is hard to spot fake login pages, staying away from unsolicited links and forms might save users from further trouble. Using a powerful antiivirus or antimalware detection engine should also help.

Read more about it here.

A massive data breach suffered by the Australian company Nitro, maker of the popular Nitro PDF service, impacted many well-known organizations, including Microsoft, Google, Apple, Amazon, Chase, and Citibank.

Nitro disclosed the data breach on its web site on On October 21, 2020. The breach advisory classified it as “low impact security incident”. However, Cybersecurity intelligence firm Cyble has shared details hinting at Nitro downplaying the incident. They found a threat actor seeing a 1TB database of documents, and 70 million user records that include email address, bcrypt hashed passwords, full names, IP addresses, company names, and other user data, for $80,000.

From the samples of the database, the document titles alone disclose a great deal of information about financial reports, M&A activities, NDAs, and product releases.

Read more about it here.

The Information Commissioner’s Office (ICO), U.K.’s data protection watchdog, announced it was fining British Airways 20 million pounds ($20 million), for a data breach in which the personal details of 400,000 customers were leaked. The ICO found that British Airways should have identified weaknesses in its security and resolved them with measures available at the time, which would have prevented the data breach.

The regulator said its investigators found that British Airways did not detect the attack on June 22, 2018, but was alerted by a third party more than two months later, on Sep. 5.

The penalty was far less than the 183.4 million pounds the ICO proposed in 2019 – in part reflecting the crisis many airlines are is now facing due to COVID-19.

Read more about it here.

The University Hospital New Jersey (UHNJ) in Newark, New Jersey, U.S., has paid a $670,000 ransom to prevent the publishing of 240 GB of stolen data, including patient info.

In September 2020, systems at the University Hospital New Jersey were encrypted with the SunCrypt ransomware. Threat actors leaked online a small portion of 48,000 documents, spanning 1.7 GB of data, out of 240 GB they claimed to have accessed.

This data leak included patient information release authorization forms, copies of driving licenses, Social Security Numbers, date of birth, and records about the Board of Directors.

To prevent further leaking of patient data, the hospital contacted the ransomware operators. The initial ransom demand was for $1.7 million. After negotiations, the hospital paid $672,744. The attackers then provided the decryption key.

The entry point was a phishing email sent to an employee, providing the attackers network credentials.

Read more about it here.