“Expert” hackers used 11 zerodays to infect Windows, iOS, and Android users
Ars Technica, Dan Goodin
“The ability to pierce advanced defenses built into well-fortified OSes and apps that were fully patched—for example, Chrome running on Windows 10 and Safari running on iOSA—was one testament to the group’s skill.” Read More
Mimecast says SolarWinds hackers breached its network and spied on customers
Ars Technica, Dan Goodin
“The hackers also accessed email addresses, contact information, and ‘encrypted and/or hashed and salted credentials.’” Read More
Microsoft Exchange attacks doubling ‘every two to three hours’
ITProPortal, Sead Fadilpašić
“Most of the attacks are against organizations in Turkey and the United States, followed by Italy . In most cases, criminals are pursuing government and military organizations, manufacturing firms and financial institutions.” Read More
Verkada Breach Demonstrates Danger of Overprivileged Users
DarkReading, Robert Lemos
“The massive breach of privacy of Verkada’s customers highlights that companies — often, startups — have not always adopted best practices for privileged access to systems. The lesson is learned with regularity, often when a vendor’s clients or customers have their security or privacy compromised.” Read More
Exchange servers first compromised by Chinese hackers hit with ransomware
Ars Technica, Dan Goodin
“Though many of the still unpatched organizations may have been exploited by cyber espionage actors, criminal ransomware operations may pose a greater risk as they disrupt organizations and even extort victims by releasing stolen emails.” Read More