AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/28/2020

Five Solution Providers Breached By SolarWinds Hackers

Deloitte, Stratus Networks, Digital Sense, ITPS and Netdecisions were breached via SolarWinds and then specifically targeted by the hackers for additional internal compromise, according to a cybersecurity consultancy. The Sweden-based firm, Truesec, analyzed the malware — as well as historical network data — to determine which firms were explicitly selected by the SolarWinds hackers for further activities, meaning that additional internal compromise could have taken place. Nearly 18,000 firms were compromised via SolarWinds Orion, but many fewer were targeted in the attack’s second stage. “The impact of this attack is likely to be of gigantic proportions,” Fabio Viggiani, technical lead for Truesec security team, wrote in a blog post Thursday. “The full extent of this breach will most likely never be communicated to the public, and instead will be restricted to trusted parts of the intelligence community.”


Travel-booking company Sabre Corp. settles with 27 states over breach of credit card data

Sabre Corp. will make a $2.4 million payout and shore up its cybersecurity policies under an agreement with 27 state attorneys general who investigated a breach of its hotel-booking technology. The settlement, announced Wednesday, involves a 2016 intrusion into the SynXis Central Reservation, run by the Texas-based corporation’s Sabre Hospitality Solutions subsidiary. The breach exposed the details of about 1.3 million credit cards. The attorneys general held that Sabre responded poorly to the incident, particularly in notifying people that their information might be compromised.


iPhone Calendar Events spam is back: Here’s how to get rid of it

iPhone and iPad Users on multiple Reddit and iPhone forums are reporting a resurgence of the nasty spam. As per Hackread.com research, a rogue Calendar Accounts gets stuck to the Calendar App, causing annoying notifications. Many are worried whether it’s malware and their account security is at risk. Others are wondering how to delete these events like any other calendar event. However, there is no option to delete them. So now, they are stuck with annoying pop-ups every day! Well, there’s some good news for all of you. It’s not malware, and your account security is not at risk. It gets added to your calendar app because you unknowingly accept an offer from a third party website while surfing the interwebs.


Watch Out for COVID-19 Stimulus Text Message Scams

As we head into 2021 we are continuing to see cybercriminals try and exploit the COVID-19 pandemic to trick victims into clicking on malicious content to steal user information and funds. Unfortunately, this social engineering trend also extends to text message scams that are attempting to cash in on peoples’ stress and worry as benefits from the original COVID-19 stimulus package expire at the end of December 2020—and as the new stimulus package rolls out. In fact, this month the IRS issued an alert warning of a new text scam that lures potential victims into providing their bank account information by pretending to offer a $1,200 economic impact payment. We’ve also recently seen a significant increase in payday loans and holiday related fake brand mobile spam. To help mobile users identify stimulus-related scam attempts, below are some real-life examples and information on how to reduce risk.


Suspected Russian hackers used Microsoft vendors to breach customers

The suspected Russian hackers behind the worst U.S. cyber attack in years leveraged reseller access to Microsoft Corp services to penetrate targets that had no compromised network software from SolarWinds Corp, investigators said.  While updates to SolarWinds’ Orion software was previously the only known point of entry, security company CrowdStrike Holdings Inc said Thursday hackers had won access to the vendor that sold it Office licenses and used that to try to read CrowdStrike’s email. It did not specifically identify the hackers as being the ones that compromised SolarWinds, but two people familiar with CrowdStrike’s investigation said they were. “They got in through the reseller’s access and tried to enable mail ‘read’ privileges,” one of the people familiar with the investigation told Reuters. “If it had been using Office 365 for email, it would have been game over.”

Related Posts