Security daily (31-12-2020)

Microsoft says SolarWinds hackers accessed company source code

Microsoft said Thursday that the SolarWinds hackers were able to access company source code, although the technology giant described the incident as largely harmless in an update to an internal investigation. “We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories,” Microsoft said in a blog post. “The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated.” The initial reports that Microsoft suffered a breach via updates to the SolarWinds Orion software generated some partial denials, but the investigation update helps illuminate what happened, and what didn’t, in an apparent cyber-espionage operation that also hit the federal government and other major companies. Microsoft “found no evidence of access to production […] The post Microsoft says SolarWinds hackers accessed company source code appeared first on CyberScoop. (CyberScoop)

Ticketmaster pays $10M fine to settle charges of using stolen passwords to spy on rival company

One of the biggest brands in the music and events business, Ticketmaster, has agreed to pay a $10 million fine for “computer intrusion and fraud offenses” after employees used stolen credentials to spy on a competitor, according to the Department of Justice. The rival company didn’t know that one of its former employees had leaked logins to Ticketmaster, which used them to gather information in the mid-2010s about the competitor’s technology and other aspects of its business. “Ticketmaster employees repeatedly – and illegally – accessed a competitor’s computers without authorization using stolen passwords to unlawfully collect business intelligence,” said acting U.S. Attorney Seth D. DuCharme.  “Further, Ticketmaster’s employees brazenly held a division-wide ‘summit’ at which the stolen passwords were used to access the victim company’s computers, as if that were an appropriate business tactic.”  The feds don’t name the victim company, but it’s widely known to be Songkick. The investigation […] The post Ticketmaster pays $10M fine to settle charges of using stolen passwords to spy on rival company appeared first on CyberScoop. (CyberScoop)

S3 Ep13: A chat with hacker Keren Elazari [Podcast]

Latest episode - listen now! (Naked Security)

Get back into the cybersecurity groove for 2021

5 articles that help you become an expert, without needing you to be an expert to read them in the first place (Naked Security)

Stay Fully in Sync with Your Remote Team Using TimeSync Pro

If you've been working from home a bit more often than usual lately, you're far from alone. Despite some optimistic predictions that things would have returned to normal right now, social distancing guidelines have forced most offices to shut their doors, and it's looking like this is going to be the new normal for the foreseeable future.

But the fact that you're stuck at home doesn't have to lead to a drop in productivity or team cohesion, thanks to TimeSync Pro. As the world's leading online meeting scheduler for remote teams, TimeSync Pro makes it easy to make calls, qualify leads, and... more (Null Byte « WonderHowTo)

How to Get an Internet Connection in the Middle of Nowhere to Hack Remotely

If you're living or staying out in the middle of nowhere or a rural area outside of a big city or town — where there are no reliable cable, fiber, or wireless networks available — how can you get an internet connection? There are several possibilities, but they all come with tradeoffs, which we'll go over in detail.

Normally, rural, more isolated areas in the U.S. are usually only served by one internet provider, whether that's dial-up or some other connection type. These providers offer slower speeds than most ISPs in more populated locations. Because they are the only ones in the community... more (Null Byte « WonderHowTo)

Taking A Neighborhood Watch Approach To Retail Cybersecurity

(News ≈ Packet Storm)

What’s Next for Ransomware in 2021?

Ransomware response demands a whole-of-business plan before the next attack, according to our roundtable of experts. (Threatpost)


/security-daily/ 01-01-2021 23:44:23