23-12-202025-12-2020

Security daily (24-12-2020)

Microsoft alerts CrowdStrike of hackers' attempted break-in

During the course of investigating the SolarWinds breach, CrowdStrike says Microsoft uncovered an attempt from unidentified hackers to read emails linked with the company. The hackers failed in their attempt to breach CrowdStrike, Chief Technology Officer Michael Sentonas said in a blog post Wednesday. Microsoft researchers first found the attempt, Sentonas said. Microsoft told CrowdStrike that “several months ago,” the Microsoft Azure account of a Microsoft reseller was making “abnormal calls” to Microsoft cloud application programming interfaces (APIs). The account managed Microsoft Office licenses for CrowdStrike. The attackers tried to access emails, but, “as part of our secure IT architecture, CrowdStrike does not use Office 365 email,” Sentonas said. “We have conducted an extensive review of our production and internal environments and found no impact,” Sentonas said. “CrowdStrike conducted a thorough review into not only our Azure environment, but all of our infrastructure for the indicators shared by Microsoft.” It […] The post Microsoft alerts CrowdStrike of hackers' attempted break-in appeared first on CyberScoop. (CyberScoop)

Travel-booking company Sabre Corp. settles with 27 states over breach of credit card data

Sabre Corp. will make a $2.4 million payout and shore up its cybersecurity policies under an agreement with 27 state attorneys general who investigated a breach of its hotel-booking technology. The settlement, announced Wednesday, involves a 2016 intrusion into the SynXis Central Reservation, run by the Texas-based corporation’s Sabre Hospitality Solutions subsidiary. The breach exposed the details of about 1.3 million credit cards. The attorneys general held that Sabre responded poorly to the incident, particularly in notifying people that their information might be compromised. “Sabre first failed its customers with a susceptible security system, then failed them when it came to provide proper notifications,” said New York Attorney General Letitia James. “Today’s agreement not only imposes a hefty fine on Sabre but will ensure that the company has the appropriate security and incident response plan in place so that its failure does not take place again.” In announcing the breach […] The post Travel-booking company Sabre Corp. settles with 27 states over breach of credit card data appeared first on CyberScoop. (CyberScoop)

S3 Ep12: A chat with social engineering hacker Rachel Tobac [Podcast]

Lastest episode - listen now! (And please leave us a review if you like what you hear.) (Naked Security)

Lazarus Group Hits COVID-19 Vaccine Maker In Espionage Attack

(News ≈ Packet Storm)

Windows Zero-Day Still Circulating After Faulty Fix

(News ≈ Packet Storm)

SolarWinds Hack Continues To Spread: What You Need To Know

(News ≈ Packet Storm)

Hackers Threaten To Leak Plastic Surgery Pictures

(News ≈ Packet Storm)

Windows Zero-Day Still Circulating After Faulty Fix

The LPE bug could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights. (Threatpost)

23-12-202025-12-2020

/security-daily/ 25-12-2020 23:44:24