It has been a busy month for cyber criminals. If you’ve been busy preparing for the holiday season or wrapping up the end of the year, don’t worry because we have gathered the top cybersecurity – related news that occurred in the month of December that you need to know.
As we previously reported, FireEye, a leading cybersecurity firm, had its own systems compromised. The hackers accessed the company’s Red Team tool kit, which includes the tools FireEye uses to test their own customers’ security vulnerabilities and are known as some of the most sophisticated hacking tools in the world.
Soon after the FireEye attack, SolarWinds was targeted with an attack many believe to be engineered by the Russian government. The supply-chain attack inflected malicious code into an updated version of their software that was then pushed to over 18,000 of their customers. Microsoft, Cisco, Nvidia, and VMware all confirmed they were affected by the hack, and the US Homeland Security, State, Commerce, and Treasury Departments were also affected.
Microsoft confirmed they were affected in the SolarWinds hack and subsequently more than 40 of their customers were breached as a result. They did clarify that neither customer data nor production systems showed evidence of being invaded. If this statement is correct, then Microsoft’s own systems weren’t leveraged in their own supply chain attacks either.
On December 24th, Citrix reported a DDoS attack was hitting their Application Delivery Controllers, the networking products that let security teams manage the delivery speed and quality of applications to end users. The attack was limited to a small number of customers, and they have since disabled the network temporarily to stop the attack.
Attackers have breached at least 85,000 MySQL serves and are currently selling 250,000 compromised databases. The ransomware is called “PLEASE_READ_ME” and is targeting the open-source relational database management system.
A recent investigation revealed that the smart doorbell device sector is plagued with security bugs. The report comes from NCC Group, which published a report outlining IoT nightmares. Overall, most IoT devices are being developed and sold with an array of security issues with smart doorbells leading the charge.