Secjuice Squeeze Special Edition: Top Hacks of 2020
In this Secjuice Squeeze special edition, we review the top hacks of 2020, because looking back this year was a strong year for the bad guys.
Welcome to this special edition of the Secjuice Squeeze, a curated selection of the top (i.e., most severe or impactful) hacks of 2020. Being aware of that the threat is real and has real consequences will help us be more cyber conscious. This special edition was curated by Secjuice writers Prasanna, Muhammad Luqman, Thunder-Son, Sinwindie, Mike Peterson, and Miguel Calles.
Clearview AI's entire client list stolen in data breach
The breach affected all of the facial recognition company's customers, many of which are law enforcement agencies.
Source & Link: cnet.com
18,000 Organizations Possibly Compromised in Massive Supply-Chain Cyberattack
Nation-state attackers used poisoned SolarWinds network management software updates to distribute malware; US government orders federal civilian agencies to immediately power down the technology.
Source & Link: darkreading.com
A Patient Dies After Ransomware Attack Paralyzes German Hospital Systems
Ransomware attack on the University Hospital of Düsseldorf (UKD) caused death of a woman.
Source & Link: thehackernews.com, arstechnica.com
FireEye, a Top Cybersecurity Firm, Says It Was Hacked by a Nation-State
The Silicon Valley company said hackers — almost certainly Russian — made off with tools that could be used to mount new attacks around the world.
Source & Link: nytimes.com, fireeye.com
Several Zoom Hacks
Zoom Snooping: How Body Language Can Spill Your Password
Researchers figure out how to read what people are typing during a Zoom call using shoulder movements.
Source & Link: threatpost.com, forbes.com
WebMonitor RAT Bundled with Zoom Installer
In early April, we spotted an attack leveraging Zoom installers to spread a cryptocurrency miner. We recently encountered a similar attack that drops a different malware: RevCode WebMonitor RAT (detected by Trend Micro as Backdoor.Win32.REVCODE.THDBABO).
Source & Link: trendmicro.com
Troubles with Zoom in an age of remote work and play
We probably don't need to tell you about all of the vulnerabilities, privacy issues and other blunders discovered about video conferencing app Zoom over the past week. Many took up arms against the app, and in some opinions, justifiably so.
Whether or not the outrage was warranted is really up to you. Many Infosec professionals on Twitter pointed out that not everyone's threat model will be the same. Zoom is hardly perfect, but for the average user, the riskiness of the platform is relatively low. But, some food for tought: Instead of just telling not to use the app, explain why. Get them to think about their security risk models. Offer better alternatives.
Source & Link: npr.org
Marriott discloses data breach possibly affecting over 5 million customers
Marriott International was the target of another hack, but this wasn't as massive as the previous one. The hotel chain said Tuesday it recently discovered that someone using the log-in information of two employees accessed an "unexpected amount of guest information" totaling more than 5 million guests. Marriott believes the incident happened between mid-January and February of this year.
Source & Link: cnn.com
Europol takes down SIM-swap hacking rings responsible for theft of millions of euros
Arrests have been made across Europe in an effort to stamp out gangs specializing in SIM-swapping attacks.
Source & Link: zdnet.com
Windows DNS Server Remote Code Execution Vulnerability
The Microsoft Security Response Center (MSRC) investigates all reports of security vulnerabilities affecting Microsoft products and services, and provides the information here as part of the ongoing effort to help you manage security risks and help keep your systems protected.
Source & Link: microsoft.com
Other Top Hacks Lists
Source & Link: zdnet.com, thehackpost.com, wired.com.
About The Art Used In This Article
The awesome artwork used in this article is the work of Zaki Abdelmounim. He is a 25-year-old Moroccan 3D generalist living in Qatar and working in the TV industry. This project is called Hardcoding:Redshift Study, Zaki started the project after watching the movie Chappie, he really liked the concept of the command chair that was done by George Hull, and wanted to recreate something similar in 3D for the sake of practice and fun, resulting in what we think is the worlds best hacker desk design. Learn more about this project here.