A week in security (December 14 – December 20)

By December 21, 2020Blog

Last week on Malwarebytes Labs we kept you updated on the SolarWinds attack, we warned about the special dangers that come with the Christmas season, published a threat profile for the Egregor ransomware, warned how a lead generation scam was targeting potential Malwarebytes MSP partners, and talked about smart toy security. We also posted a follow-up about the many ways you can be scammed on Facebook.

A VideoBytes episode spoke about the increase in brute force attacks due to more open RDP ports.

SolarWinds related cybersecurity news:

Several publications dealt with different angles and consequences of the SolarWinds attack:

  • Researchers at Prevasio explained how reverse engineering the Domain Generation Algorithm (DGA) revealed the list of victims. (Source: Prevasio blog)
  • Experts have begun pointing to concerns about potentially substandard security protocols, like an update server that was accessible with a simple password. (Source: NewsWeek)
  • Microsoft confirmed it found compromised SolarWinds code in its systems, but denied that its own software was compromised in a supply-chain attack to infect customers. (Source: Engadget)

Other cybersecurity news:

  • The CEO of decentralized finance (DeFi) insurer Nexus Mutual has lost the equivalent of over $8 million in a targeted attack. (Source: Coindesk)
  • Researchers found more than 45 million medical imaging files, including X-rays and CT scans, freely accessible on unprotected servers. (Source: betanews)
  • The Irish Data Protection Commissioner has announced a €450,000 fine on Twitter for data breaches under GDPR. (Source: Independent.ie)
  • A threat actor is distributing fake Windows and Android installers for the Cyberpunk 2077 game, which install a ransomware calling itself CoderWare. (Source: BleepingComputer)
  • Five human rights defenders that were victims of NSO Group’s WhatsApp hacking have stepped forward to tell their stories. (Source: AccessNow)
  • Researchers have called for a determined path to cybersecurity because issues surrounding governance and a sense of responsibility are preventing mission success. (Source: SecureList)
  • A company called Capella Space launched a satellite capable of taking clear radar images of anywhere in the world, even through the walls of some buildings. (Source: Futurism)

Stay safe, everyone!

The post A week in security (December 14 – December 20) appeared first on Malwarebytes Labs.

Refer Here for Original Post and Source https://blog.malwarebytes.com/a-week-in-security/2020/12/a-week-in-security-december-14-december-20/

Robert Crossland

Author Robert Crossland

More posts by Robert Crossland