The Week In Review 04/01 – 08/01
Happy New Year and with promising news about the vaccine rollout, it is already looking like a more promising one. However, when does the world of cyber security ever slow down? Customers of Check Point immediately discovered this on New Year’s Day, peak hangover, that an absence of proper patching had left them with inoperable systems and seriously tough fixes ahead (nothing like hair of the dog). One reader of the publication The Register said their company saw around 1,600 users lose the ability to connect to the network on the 1st of January as a result of the expired security certificate, not the start to the year that IT department had in mind we are sure. In a similar vein, users of Adobe Flash software will have also found that support for it ended on New Years Eve, no longer protecting users from cyber attacks. Depending on the browser you use, some of you will have already stopped using Flash Player, with alternatives such as WebAssembly and HTML5 the new options.
A Taiwanese manufacturer of Network Devices, Zyxel, has come under fire this week for leaving up to 100,000 devices with a hardcoded vulnerability that allows for cybercriminal device takeover. The flaw, with a CvSS score of 7.8, could be exploited by hackers by logging in with an unchangeable password found in cleartext within the firmware. This news follows the large scale cyber attacks on SolarWinds that compromised well in excess of 15,000 customers. This week saw the first class action lawsuit filed in the states against SolarWinds arguing that the company deliberately misled investors, with executives knowing about the vulnerabilities since mid 2020 and failing to disclose information which would have ultimately guided investment decisions. On the topic of weak or unchangeable passwords, the lawsuit also details researcher Vinoth Kumar’s findings that alludes the SolarWinds update server had a password of “solarwinds123”, although other research suggests the attack was far more sophisticated. Based on the details from this suit, it is not a far stretch to imagine more litigation will follow imminently.
Avoid easily crackable passwords and ensure sufficient security policies and infrastructure are in place in order to help prevent breaches with Dionach’s Security Audit helping prioritise security investment and mitigating risk.
Read about all of this and more below:
Adobe flash support ends
(cybersecurity-insiders.com)
SolarWinds hit with class action law suit
(crn.com)
A lag in patching leaves Check Point customers exposed
(theregister.com)
Zyxel flaw see’s increased efforts from cyber criminals
(threatpost.com)
Attacks on VPN’s and health industry headline 2021’s biggest cyber risks
(securitymagazine.com)
Side channel attack can recover encryption keys from Google Titan security keys
(zdnet.com)
‘Earth Wendigo’ hackers exfiltrate emails through javascript backdoor
(securityweek.com)
