|
|
Cyber Daily: SolarWinds Discloses Earlier Evidence of Hack | Reserve Bank of New Zealand Says Commercial Data Potentially Compromised
|
|
|
|
|
|
|
|
Hello. New findings in the cyberattack investigation at network-management firm SolarWinds Corp. fill out the timeline of the Russia-linked campaign, The Wall Street Journal reports.
Also today: Another breach at T-Mobile; stolen Covid-19 vaccination documents posted online; Reserve Bank of New Zealand says commercial and personal data might be compromised; New York weighs biometric privacy law; and employees sue Canon over data breach.
|
|
|
|
|
|
New SolarWinds Revelations
|
|
|
|
|
The U.S. judiciary said it was working to immediately add new security procedures after being compromised in the SolarWinds hack. Above, the Thurgood Marshall federal courthouse in Manhattan. PHOTO: DREW ANGERER/GETTY IMAGES
|
|
|
|
SolarWinds discloses earlier evidence of hack. SolarWinds Corp. said a computer breach tied to Russia-linked hackers began at least a month earlier than first disclosed.
Hackers were accessing its systems in early September 2019, the network-management company said Tuesday, based on a continuing investigation. Cybersecurity experts suspect preparations for the attack go back far longer. A month later, a version of the company’s Orion Platform software appears to have contained modifications designed to test the hackers' ability to insert malicious code into the system. The code was added starting Feb. 20, 2020, SolarWinds said, and the compromised software was available to its customers by March 26, 2020.
Targets include U.S. government systems and corporate networks.
SolarWinds, working with hired cybersecurity experts, said it reverse-engineered the malicious code, called Sunburst, enabling them to learn more about the hack.
Read the full story.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Information about a Covid-19 vaccine from Pfizer and BioNTech was leaked online. Annie Innes received the vaccine in Hamilton, Scotland, on Dec. 14, 2020. PHOTO: RUSSELL CHEYNE/ASSOCIATED PRESS
|
|
|
|
Breached European Covid-19 vaccine information posted online. The European Medicines Agency said Tuesday it has discovered that documents related to Covid-19 treatments and vaccines were leaked on the internet after a cyber intrusion at the organization in December. "Necessary action is being taken by the law enforcement authorities," said the EMA, which monitors the safety of medicines. It didn't describe the leaked information. Unauthorized access of an EMA server that contained material about a vaccine from Pfizer Inc. and BioNTech SE remains under investigation. (CyberScoop)
Reserve Bank of New Zealand investigates data compromise. Some of the bank's commercial and personal data might have been compromised when file-sharing software at business partner Accellion Inc., based in Palo Alto, Calif., was breached. The bank, which monitors monetary policy in the country, said it took offline the systems involved and continues to investigate. Accellion said it released a patch within 72 hours of finding out about the breach in mid-December and fewer than 50 customers were affected. (ZDNet)
|
|
|
New York weighs biometric privacy law. Companies would have to get permission from individuals to take their biometric data, and store it only for as long as needed for the initial purpose of obtaining it or destroy it within three years of last contact with the individual. (Technology Law Dispatch)
|
|
|
|
Employees sue Canon over data breach. Current and former employees whose personal data, and that of their dependents, was exposed in a cyberattack at Canon U.S.A. Inc. allege the company was negligent and didn't notify them quickly. Canon was hit in a ransomware attack in August 2020 and confirmed the incident three months later. Employees from 2005 to 2020 were affected. Canon didn't immediately respond to a request for comment from WSJ Pro Cybersecurity. (Data Privacy and Security Insider)
|
|
|
|
|
|
|
|
