The Weekly Briefing - 01/21
Updated: Jan 2
Happy 2021 to all of our readers!
Critical Vulnerability: Secret Backdoor Account in Several Zyxel Products
Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices.
SolarWinds Hackers Accessed Some of Microsoft's Source Code
Microsoft on Thursday revealed that the threat actors behind the SolarWinds supply chain attack were able to gain access to a small number of internal accounts and escalate access inside its internal network.
The "very sophisticated nation-state actor" used the unauthorized access to view, but not modify, the source code present in its repositories, the company said.
"We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories," the Windows maker disclosed in an update.
Google Docs Bug Allowed Hackers To See Your Private Documents
Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website.
The flaw was discovered on July 9 by security researcher Sreeram KL, for which he was awarded $3133.70 as part of Google's Vulnerability Reward Program
Police Arrest 21 WeLeakInfo Customers
21 people have been arrested across the UK as part of a nationwide cyber crackdown targeting customers of WeLeakInfo[.]com, a now-defunct online service that had been previously selling access to data hacked from other websites.
The suspects used stolen personal credentials to commit further cyber and fraud offences, the UK National Crime Agency (NCA) said.