Security Solutions

  • Intel Room - Weekly Briefing

The Weekly Briefing - 01/21

Updated: Jan 2


Happy 2021 to all of our readers!


Critical Vulnerability: Secret Backdoor Account in Several Zyxel Products


Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices.

The flaw, tracked as CVE-2020-29583 (CVSS score 7.8), affects version 4.60 present in wide-range of Zyxel devices, including Unified Security Gateway (USG), USG FLEX, ATP, and VPN firewall products.


SolarWinds Hackers Accessed Some of Microsoft's Source Code

Microsoft on Thursday revealed that the threat actors behind the SolarWinds supply chain attack were able to gain access to a small number of internal accounts and escalate access inside its internal network.

The "very sophisticated nation-state actor" used the unauthorized access to view, but not modify, the source code present in its repositories, the company said.

"We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories," the Windows maker disclosed in an update.


Google Docs Bug Allowed Hackers To See Your Private Documents


Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website.

The flaw was discovered on July 9 by security researcher Sreeram KL, for which he was awarded $3133.70 as part of Google's Vulnerability Reward Program


Police Arrest 21 WeLeakInfo Customers


21 people have been arrested across the UK as part of a nationwide cyber crackdown targeting customers of WeLeakInfo[.]com, a now-defunct online service that had been previously selling access to data hacked from other websites.

The suspects used stolen personal credentials to commit further cyber and fraud offences, the UK National Crime Agency (NCA) said.




25 views0 comments

Recent Posts

See All

Global HQ

317 S 6th Street

Las Vegas, NV 89101

United States

European HQ

P.O. Box

40219 Düsseldorf

Germany

Defensury

Threat Analysis | Attack Simulation 360° Security Counter Intelligence | Custom Dev Cyber Due Dilgence Consultancy

Stay
Informed

Subscribe to our newsletter, informing you about the latest industry trends, newly disclosed vulnerabilities and emerging threats.

Thanks for submitting!

Contact Us

Schedule a meeting with one of our cyber specialists & learn more about how Defensury can help your organization to reduce cyber threats.

Thanks for submitting!

© 2021 by Defensury Inc.

Russia

Butyrsky Val Ulitsa, 10

Moscow, MOS 120547

Russia