cyber security news
Sequoia Capital, one of the most prominent venture capital firms in Silicon Valley, told investors on February 19, 2021 that it was hacked.
Some personal and financial information may have been accessed by a third party, after one of its employees fell victim to a successful
phishing attack.
Sequoia’s portfolio includes Airbnb, DoorDash, 23andMe, and Robinhood. It also invested in major cybersecurity firms like FireEye and Carbon Black.
Read more about it here.
In an effort to better understand why some users are more heavily targeted by phishing emails and malware than others, search giant Google teamed up with researchers at Stanford University. The study examined over a period of 5 months 1.2 billion malicious emails and their intended targets against Gmail users, to determine which factors influence the risk of attack.
The researchers discovered that each phishing and malware campaign lasted one to three days on average. In a week, such campaigns accounted for 100 million phishing and malware emails targeting Gmail users worldwide.
The researchers found that users in the US were the most popular targets (42% of all attacks), followed by the Untied Kingdom (10%) and Japan (5%).
In addition, age played a role: Users between the ages of 55 and 64 were 1.64 times more likely to be targeted when compared to 18 to 24 year-olds.
Read more about it here.
U.S. Cellular, the fourth largest wireless carrier in America, with 4.9 million customers, has suffered a data breach. A few retail store employees were scammed into downloading a software onto their computer. The software allowed the attacker to access their computers remotely. Once the employees logged into the customer relationship management (CRM) system, the hackers gained access to these records.
While on the CRM system, the attackers were able to view customers’ account, including their name, address, PIN, cell phone numbers, service plan, and billing/usage statements.
USCellular believes the attack occurred on January 4, 2021.
Read more about it here.
Giant security vendors Fidelis, Mimecast, Palo Alto Networks, Qualys confirmed this week that they were impacted by the SolarWinds supply chain attack.
Fidelis confirmed that it had installed a trojaned version of the SolarWinds Orion app in May 2020, as part of a software evaluation.
A Mimecast-issued certificate used to authenticate some of the company’s products to Microsoft 365 Exchange Web Services had been “compromised by a sophisticated threat actor,” the email-protection company announced in mid-January. That caused speculation that the breach was related to SolarWinds, which the firm confirmed in an update this week.
Palo Alto disculsed tha 2 security incidents discovered in September and October 2020 wre linked to SolarWinds software installations.
Qualys said that its compromised certificate as installed only on test systems.
The list of impacted company keeps growing, and at this point includes Cisco, Cox and more.
Read more about it here.
Cybersecurity firm Malwarebytes said it was hacked by ‘Dark Halo’, the same group that breached SolarWinds in 2020. The company pointed out that hackers exploited another attack vector and did use SolarWinds Orion software.
The company’s blog post says: “While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor. We can confirm the existence of another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments. After an extensive investigation, we determined the attacker only gained access to a limited subset of internal company emails. We found no evidence of unauthorized access or compromise in any of our internal on-premises and production environments.”
Malwarebytes learned of the breach on December 15, 2020 from the Microsoft Security Response Center, which detected suspicious activity coming from a third party application in its Microsoft Office 365 tenant.
Malwarebytes adds to a growing list of security firms that were hit by Solarwinds attackers, after FireEye, Microsoft, and CrowdStrike.
Read more about it here.
On January 1, 2021, Adobe Flash Player reached its end of life (EOL). Adobe will no longer release updates to its Flash Player.
“Since Adobe will no longer be supporting Flash Player after December 31, 2020 and Adobe will block Flash content from running in Flash Player beginning January 12, 2021, Adobe strongly recommends all users immediately uninstall Flash Player to help protect their systems.” states the announcement published by Adobe. “Some users may continue to see reminders from Adobe to uninstall Flash Player from their system. See below for more details on how to uninstall Flash Player.”
In July 2017, Apple, Adobe, Facebook, Google, Microsoft, and Mozilla announced the end of the support for the Flash Player by the end of 2020. The software was considered not secure, and was replaced by new software with better performance, such as HTML5.
Read more about it here.
The Parliament of Finland confirmed on December 28, 2020, that threat actors gained access to email accounts of multiple members of parliament (MPs).
Parliament officials said:
“Parliament of Finland has been subjected to a cyberattack in the fall of 2020. The attack was discovered by parliamentrainer technical surveillance.
Some parliament e-mail accounts may have been compromised as a result of the attack, among them e-mail accounts that belong to MPs.
The cyberattack is being investigated by the National Bureau of Investigation. The investigation is supported by Parliament of Finland.”
According to NBI Detective Inspector Tero Muurman, the attack is likely part of a cyberespionage campaign carried out by nation-state actors.
Read more about it here.
A number of U.S. government agencies reportedly have been hacked: The Commerce Department, the Department of Homeland Security, the Pentagon, the Treasury Department, the U.S. Postal Service, and the National Institutes of Health. The attack began in March 2020, and is still ongoing, meaning that the malware that was placed on computers may still be capturing confidential information.
According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), tech company SolarWinds was compromised, and it posed “unacceptable risks to the security of federal networks.” SolarWinds Orion products are used by several U.S. agencies for network management.
In turn, SolarWinds said in a statement that the breach of their system “was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a broad, system-wide attack.”
Read more about it here.
Cybersecurity giant FireEye announced that it was hacked by nation-state actors, likely Russian state-sponsored hackers. In a blog post, FireEye CEO Kevin Mandia said company tools used for testing customers’ security had been stolen. “The attacker primarily sought information related to certain government customers,” he wrote. The hackers “used a novel combination of techniques not witnessed by us or our partners in the past.” As of this writing, FireEye has seen no evidence to date that any attacker has used the stolen tools.
Read more about it here.
Personal and health data of 16 million Brazilians infected with Covid-19 have been exposed online, after an employee of the Albert Einstein Hospital in the city of Sao Paolo uploaded earlier in November 2020 a spreadsheet with usernames, passwords, and access keys to sensitive government systems on GitHub. The leak included the E-SUS-VE and Sivep-Gripe applications that are used to manage data on COVID-19 patients.
The two databases contained sensitive details such as patient names, addresses, ID information, but also healthcare records such as medical history and medication regimes.
Among those affected by the leak are Brazil President Jair Bolsonaro, 7 ministers, and 17 provincial governors.
The data leak was discovered by a GitHub user who found the spreadsheet containing the credentials on the GitHub account associated with the hospital employee.
The user shared his discovery with the Brazilian newspaper Estadao, which notified the Brazilian Ministry of Health and the hospital.
The spreadsheet was quickly removed from GitHub, and the passwords and the access keys for the systems were changed.
Read more about it here.