Microsoft links new malware to SolarWinds hackers
SC Magazine, Joe Uchill
“These capabilities differ from previously known Nobelium tools and attack patterns, and reiterate the actor’s sophistication. In all stages of the attack, the actor demonstrated a deep knowledge of software tools, deployments, security software and systems common in networks, and techniques frequently used by incident response teams.” Read More
More Details Emerge on the Microsoft Exchange Server Attacks
DarkReading, Kelly Sheridan
“This attack has been a series of exploiting recent CVEs and using loud, overt tradecraft, which is surprising. But considering they have sprayed this all over the Internet, they clearly don’t care about being stealthy.” Read More
Malaysia Airlines discloses a nine-year-long data breach
Bleeping Computer, Lawrence Abrams
“The member information exposed during the data breach includes member names, contact information, date of birth, gender, frequent flyer number, status. and rewards tier level. The exposed data did not include Enrich member’s itineraries, reservations, ticketing, or any ID card or payment card information.” Read More
Universal Health Services Suffered $67 Million Loss Due to Ransomware Attack
DarkReading
“The disruption caused by the attack prompted UHS staff to divert ambulance traffic and elective/scheduled procedures at UHS acute care hospitals to competitor facilities during the recovery time, which UHS said affected its finances.” Read More
Congress confronts US cybersecurity weaknesses in wake of SolarWinds hacking campaign
CNET, Laura Hautala, Rae Hodge
“Whether it’s a lack of cybersecurity personnel, poor communication between private companies and the federal government, or the absence of global standards for acceptable espionage hacking, longstanding issues all came into play.” Read More
