Secjuice Squeeze Volume 49

Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Prasanna, Miguel Calles, Sinwindie.

Articles

CERT/CC Vulnerability Note VU#843464

SolarWinds Orion API authentication bypass allows remote command execution

Source & Link: cert.org
Curator: Prasanna

2021: The Year of Multi-Level Data Extortion

Many companies fast-tracked transformation to cloud services during 2020. Yet, while traditional security measures struggle to secure these complex environments, extortionist cyber attackers will take advantage.

Source & Link: darkreading.com
Curator: Miguel Calles

Microsoft Says Russian Hackers Viewed Some of Its Source Code

The hackers gained more access than the company previously understood, though they were unable to modify code or get into its products and emails.

Source & Link: nytimes.com
Curator: Sinwindie

Hacked home cams used to livestream police raids in swatting attacks

The FBI issues an alert saying offenders have sometimes spoken to police via breached smart devices.

Source & Link: bbc.com
Curator: Sinwindie

Ticketmaster pays $10 million fine after hacking a startup rival

Ticketmaster has agreed to pay a $10 million criminal fine to avoid prosecution over charges that it accessed a rival’s computer system without authorization.

Source & Link: engadget.com
Curator: Sinwindie

T-Mobile warns customers of second data breach in less than a year

As if 2020 weren't bad enough, some T-Mobile customers are winding down the year with word of a data breach. According to reports from BleepingComputer and AndroidPolice, T-Mobile has within the past few days begun to notify affected subscribers of "malicious, unauthorized access" to some of their account information. "We also immediately reported this matter to federal law enforcement and are now in the process of notifying impacted customers."

Source & Link: engadget.com
Curator: Sinwindie

Ledger won’t compensate users affected by data leak

Given the magnitude of the hack, CEO Pascal Gauthier reportedly saying paying off the affected users will sink Ledger financially.

Source & Link: coingeek.com
Curator: Sinwindie

How hacked is hacked? Here’s a ‘hack scale’ to better understand the SolarWinds cyberattacks

“Microsoft, FireEye, and the U.S. Treasury department have been hacked in the SolarWinds attacks.” This statement is true but doesn’t tell the whole story accurately.

Source & Link: geekwire.com
Curator: Sinwindie

The tech that was fixed in 2020 and the tech that still needs fixing

Video chat apps, like Webex and Google Meet, became crucial work tools. After gyms shut down, virtual workout apps like Peloton transformed into must-have products.

Source & Link: denverpost.com
Curator: Sinwindie

Koei Tecmo Shuts Down Forums Following Data Hack

The Japanese publisher Koei Tecmo announced over the Christmas holiday that some personal data from 65,000 users of its English language website was hacked, leading the company to take its US and UK websites offline for the time being.

Source & Link: kotaku.com
Curator: Sinwindie