ShadowTalk hosts Stefano, Adam and Dylan bring you the latest in threat intelligence. This week they cover:
- Post-holiday updates on SolarWinds – what have we missed?
- Ticketmaster gets fined $10 million for illegally accessing the internal systems of a competitor, using the credentials of a former employee
- Apex Laboratory announced that it was the victim of a cyber attack – what we know so far
- 2020 in review: What will the new year bring in the world of cybersecurity?
Microsoft publishes update on SolarWinds incident
Microsoft’s security response team published a blog regarding its internal investigation of the SolarWinds incident. The blog stated that there was no indication any Microsoft production services or customer data had been accessed, or that any Microsoft systems were used to attack other organizations. All SolarWinds applications have been reportedly isolated and removed by Microsoft. Although the blog stated that there was evidence of an internal account being used to view source code, this was deemed a low threat, based on Microsoft’s open approach to software development. Any further updates to the investigation will be shared to the same blog.
Hardcoded backdoor exposes 100,000 Zyxel firewalls
Security researchers discovered hardcoded, administrator-level backdoor affecting more than 100,000 Zyxel firewalls, VPN gateways, and access point controllers. Tracked as CVE-2020-29583, the backdoor can enable attackers direct access to affected devices via the Secure Shell (SSH) interface or web administration portal. These devices are typically located on the perimeters of an organization’s network; successful compromise could enable threat actors to pivot into more sensitive areas of a target’s system. Administrators should apply relevant patches immediately.
APT37 uses messaging application for reconnaissance
The North Korean state-associated threat group “APT37” targeted a messaging application used by an unnamed private stock investment firm. By compromising the legitimate installer of the application with malicious code, APT37 tricked victims into unknowingly downloading malicious scripts to their devices. These scripts executed additional payloads that
were used to establish communication with a command-and-control (C2) server. APT37 then performed reconnaissance on the infected targets, in keeping with previous activity directed at investment and trading firms.
For more details, read the full Weekly Intelligence Summary here: