AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/03/2021

World’s leading dairy group Lactalis hit by cyberattack

Lactalis, the world’s leading dairy group, has disclosed a cyberattack after unknown threat actors have breached some of the company’s systems. Lactalis (short for Lactalis Group) has 85,000 employees in 51 countries, and it exports dairy products to over 100 countries around the world. The dairy group controls multiple leading international brands, including Président, Galbani, Lactel, Santal, and Parmalat.  In a press release published on Friday, Lactalis says that only a limited number of computers on its network were compromised during the attack. “The Lactalis Group has detected an intrusion on part of its IT network,” the company said. “We immediately took steps to contain this attack and have notified the competent authorities.” “The results of our investigations establish that a malicious third party seeks to break into our servers.”

 

SolarWinds security fiasco may have started with simple password blunders

We still don’t know just how bad the SolarWinds security breach is. We do know over a hundred US government agencies and companies were cracked. Microsoft president Brad Smith said, with no exaggeration, that it’s “the largest and most sophisticated attack the world has ever seen,” with more than a thousand hackers behind it. But former SolarWinds CEO Kevin Thompson says it may have all started when an intern first set an important password to “‘solarwinds123.” Then, adding insult to injury, the intern shared the password on GitHub. Thompson told a joint US House of Representatives Oversight and Homeland Security Committees hearing that the password was “a mistake that an intern made. They violated our password policies and they posted that password on an internal, on their own private Github account. As soon as it was identified and brought to the attention of my security team, they took that down.”

 

China Charges Ahead With a National Digital Currency

Annabelle Huang recently won a government lottery to try China’s latest economics experiment: a national digital currency. After joining the lottery through the social media app WeChat, Ms. Huang, 28, a business strategist in Shenzhen, received a digital envelope with 200 electronic Chinese yuan, or eCNY, worth around $30. To spend it, she went to a convenience store near her office and picked out some nuts and yogurt. Then she pulled up a QR code for the digital currency from inside her bank app, which the store scanned for payment. “The journey of how you pay, it’s very similar” to that of other Chinese payments apps, Ms. Huang said of the eCNY experience, though she added that it wasn’t quite as smooth. China has charged ahead with a bold effort to remake the way that government-backed money works, rolling out its own digital currency with different qualities than cash or digital deposits. The country’s central bank, which began testing eCNY last year in four cities, recently expanded those trials to bigger cities such as Beijing and Shanghai, according to government presentations.

 

Judge approves $650m settlement for Facebook users in privacy, biometrics lawsuit

A $650 million settlement to close a class-action lawsuit alleging that Facebook violated user privacy has been approved.  The case, a class-action lawsuit filed against the social media giant six years ago, alleged that Facebook violated the Illinois Biometric Information Privacy Act (BIPA), which prevents companies from gathering or using biometric information from users without consent. The lawsuit claimed that the Facebook Tag Suggestions feature, which used facial markers to suggest people in image tagging, violated BIPA by scanning, storing, and using user biometrics to create “face templates” without written permission. On Friday, in California, US District Judge James Donato approved the $650 million settlement, an increase of $100 million from Facebook’s proposed $550 million in January 2020.  The ruling has been described as a “landmark result.” 

 

Microsoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder Emails

Microsoft Corp. today released software updates to plug four security holes that attackers have been using to plunder email communications at companies that use its Exchange Server products. The company says all four flaws are being actively exploited as part of a complex attack chain deployed by a previously unidentified Chinese cyber espionage group. The software giant typically releases security updates on the second Tuesday of each month, but it occasionally deviates from that schedule when addressing active attacks that target newly identified and serious vulnerabilities in its products. The patches released today fix security problems in Microsoft Exchange Server 2013, 2016 and 2019. Microsoft said its Exchange Online service — basically hosted email for businesses — is not impacted by these flaws. Microsoft credited researchers at Reston, Va. based Volexity for reporting the attacks. Volexity President Steven Adair told KrebsOnSecurity it first spotted the attacks on Jan. 6, 2021. Adair said while the exploits used by the group may have taken great skills to develop, they require little technical know-how to use and can give an attacker easy access to all of an organization’s email if their vulnerable Exchange Servers are directly exposed to the Internet.

Related Posts