Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Prasanna, Miguel Calles, Sinwindie.
CERT/CC Vulnerability Note VU#843464
SolarWinds Orion API authentication bypass allows remote command execution
2021: The Year of Multi-Level Data Extortion
Many companies fast-tracked transformation to cloud services during 2020. Yet, while traditional security measures struggle to secure these complex environments, extortionist cyber attackers will take advantage.
Microsoft Says Russian Hackers Viewed Some of Its Source Code
The hackers gained more access than the company previously understood, though they were unable to modify code or get into its products and emails.
Hacked home cams used to livestream police raids in swatting attacks
The FBI issues an alert saying offenders have sometimes spoken to police via breached smart devices.
Ticketmaster pays $10 million fine after hacking a startup rival
Ticketmaster has agreed to pay a $10 million criminal fine to avoid prosecution over charges that it accessed a rival’s computer system without authorization.
T-Mobile warns customers of second data breach in less than a year
As if 2020 weren't bad enough, some T-Mobile customers are winding down the year with word of a data breach. According to reports from BleepingComputer and AndroidPolice, T-Mobile has within the past few days begun to notify affected subscribers of "malicious, unauthorized access" to some of their account information. "We also immediately reported this matter to federal law enforcement and are now in the process of notifying impacted customers."
Ledger won’t compensate users affected by data leak
Given the magnitude of the hack, CEO Pascal Gauthier reportedly saying paying off the affected users will sink Ledger financially.
How hacked is hacked? Here’s a ‘hack scale’ to better understand the SolarWinds cyberattacks
“Microsoft, FireEye, and the U.S. Treasury department have been hacked in the SolarWinds attacks.” This statement is true but doesn’t tell the whole story accurately.
The tech that was fixed in 2020 and the tech that still needs fixing
Video chat apps, like Webex and Google Meet, became crucial work tools. After gyms shut down, virtual workout apps like Peloton transformed into must-have products.
Koei Tecmo Shuts Down Forums Following Data Hack
The Japanese publisher Koei Tecmo announced over the Christmas holiday that some personal data from 65,000 users of its English language website was hacked, leading the company to take its US and UK websites offline for the time being.