Updated: Jan 22, 2021
In this week's digest find out the latest on the SolarWinds supply-chain attack, Microsoft's first Patch Tuesday of 2021 and how researchers were able to access over 100,000 UN employee records. Keep reading to find out about the biggest cyber security news from around the globe.
The Reserve Bank of New Zealand announced it had suffered a data breach this week after its third-party hosting partner had been hacked. The attackers exploited a critical vulnerability in the hosting provider, which was patched the same day. It is believed that the breach likely occurred around the same time the patch was released. The Reserve Bank has said the system has been secured and taken offline.
Microsoft released updates for more than 80 security vulnerabilities, including one actively exploited flaw. Ten of the flaws are rated as “critical” which means they could be exploited by malware or miscreants to seize remote control over unpatched systems. One of the actively exploited vulnerabilities is a critical bug in Microsoft's default anti-malware suite, Windows Defender.
Researchers were able to access the records and credentials of over 100,000 UN employees in a matter of hours. The researchers discovered an exposed subdomain related to the United Nations Environment Programme that was leaking Git credentials. Once they found the GitHub credentials, they were able to download password-protected GitHub projects. The employee records included names, ID numbers, gender, paygrades and more.