Updated: Jan 22, 2021
In this week's digest find out the latest on the SolarWinds supply-chain attack, Microsoft's first Patch Tuesday of 2021 and how researchers were able to access over 100,000 UN employee records. Keep reading to find out about the biggest cyber security news from around the globe.
The Reserve Bank of New Zealand announced it had suffered a data breach this week after its third-party hosting partner had been hacked. The attackers exploited a critical vulnerability in the hosting provider, which was patched the same day. It is believed that the breach likely occurred around the same time the patch was released. The Reserve Bank has said the system has been secured and taken offline.
Microsoft released updates for more than 80 security vulnerabilities, including one actively exploited flaw. Ten of the flaws are rated as “critical” which means they could be exploited by malware or miscreants to seize remote control over unpatched systems. One of the actively exploited vulnerabilities is a critical bug in Microsoft's default anti-malware suite, Windows Defender.
Researchers were able to access the records and credentials of over 100,000 UN employees in a matter of hours. The researchers discovered an exposed subdomain related to the United Nations Environment Programme that was leaking Git credentials. Once they found the GitHub credentials, they were able to download password-protected GitHub projects. The employee records included names, ID numbers, gender, paygrades and more.
This week a website was launched which claims to be selling stolen data from Microsoft, Cisco, FireEye and SolarWinds. These companies are all known to have been affected by the SolarWinds supply-chain attack. The website is selling source codes, repositories, private red team tools, and customer portal dumps, in which it is selling all of the leaked data for $1 million. The SolarLeaks domain was registered through NJALLA, a known registrar used by the Russian hacking groups Fancy Bear and Cozy Bear. It is not yet confirmed if the site is legitimate.
The Networking equipment and IoT device vendor Ubiquiti Networks had urged customers to change their passwords and enable multi-factor authentication after a security breach involving a third-party cloud provider. The customer’s account information and credentials used to remotely manage their Ubiquiti devices via the account.uo.com web portal may have been exposed in the incident.