Verkada CCTV Breach
A group of hackers claim that they breached data from up to 150,000 security cameras provided by Silicon Valley startup Verkada and gained access to live feeds from prisons, psychiatric hospitals, clinics and Verkada’s own offices. Carmaker Tesla Inc. and software provider Cloudflare Inc. happened to be among the victims of the cyber attack. One video, shot inside a hospital Halifax Health in Florida, shows how eight hospital workers trying to handle a patient by pinning him to a bed whereas another video shows Tesla warehouse workers on an assembly line in Shanghai. The hackers accessed a police station in Stoughton, Wisconsin, and Sandy Hook Elementary School in Newtown, Connecticut, through security cameras. The hackers say that they managed to access not only live feeds but also archived video and audio of dialogues between police officers and criminals. Except video and audio information, the hackers managed to access Verkada’s customer database as well as company’s financial statements, balance sheet, for example.
The Verkada CCTV data breach has showed how easy it is to break into widespread video systems pointing out their insecurity. This incident is a bright example of how important it is to secure those devices that are supposed to provide secure social environment. Binaré’s platform will check your IoT device for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards the security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident can be found here:
Accellion Breach
In the end of December, Accellion, provider of the industry’s first enterprise content firewall, released a patch regarding a number of vulnerabilities found in one of its network equipment offerings and then later in January, Accellion announced about more fixes. After that, many companies and public institutions have declared that they were breached: malware group Clop has warned that in case they don’t pay up, it will make the data public. The four vulnerabilities were found in Accelion’s legacy File Transfer Appliance (FTA) software that was used to transfer sensitive files within a network. According to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency: “Worldwide, actors have exploited the vulnerabilities to attack multiple federal and state, local, tribal, and territorial government organizations as well as private industry organizations including those in the medical, legal, telecommunications, finance, and energy sectors”. The Accelion data breach keeps getting worse as the ransomware group has been releasing its extortion requests for weeks already and “much more is to come”, a threat researcher at the antivirus firm Emsisoft says.
The Accelion data breach has caused dozens of businesses to suffer from a well-planned cyber attack. The Accelion Breach has proved one more time that companies should check the security of the devices they use in order to avoid being involved into such profit-extracting incidents. And Binaré is here to help! Binaré offers an effective solution to check your software for a wide range of vulnerabilities and security issues. Check your software for FREE with our Demo here: https://binare.io/.
More information about the incident can be found here:
https://www.wired.com/story/accellion-breach-victims-extortion/
SonicWall Breach
SonicWall is investigating the security breach of its internal network. Attackers hacked SonicWall’s internal systems exploiting zero-days in its secure remote access products. Initially the company reported that two of its products – the NetExtender VPN client and the Secure Mobile Access (SMA) gateway – were targeted, but later it was reported that only devices part of SonicWall’s SMA 100 Series, a secure remote access client for use in corporate environments, are still under investigation for the zero-day vulnerabilities. The vendor released a set of recommendations for its customers’ networks safety:
- Deploy a firewall to restrict who can interact with SMA devices
- Disable access to its firewalls via the NetExtender VPN client
- Enable two-factor authentication options in its products for admin accounts
Binaré has come up with a solution that prevents businesses from cyber-attacks. Binaré is concerned about the security of IoT device your business is using. Come to our web page and check your device with our FREE Demo! The link for the web page: https://binare.io/.
More information about the incident can be found here:
https://www.zdnet.com/article/sonicwall-says-it-was-hacked-using-zero-days-in-its-own-products/
Microsoft Exchange Server Breach
Microsoft has reported that hackers are attacking Microsoft Exchange Server installations exploiting multiple zero-days. The hackers got an access to email accounts as well as installed additional malware. The attackers are using four critical vulnerabilities to steal the full contents of several user mailboxes:
- A server-side request forgery (CVE-2021-26855) to authenticate as the Exchange server
- A unified messaging service (CVE-2021-26857) enabling the running of code as system
- Two post-authentication arbitrary file writing vulnerabilities (CVE-2021-26858 and CVE-2021-27065)
Binaré provides you not only with the platform but also with professional services that will help your business to avoid cyberattacks. Get an improved cybersecurity posture with Binaré’s expert and advisory services! Sign up here https://try.binare.io/get_in_touch and we will reach out to you as soon as possible.
More information about the incident can be found here:
Finnish IT giant TietoEVRY Breach
On Monday 22nd of February, Finnish IT services giant TietoEVRY experienced a ransomware attack. This incident made a company disconnect clients’ services to prevent further ransomware’s spread. The incident started with technical problems for several customers in the retail, manufacturing, and service-related industries which were later known to have been the result of a ransomware attack.
Binaré offers the security-testing platform to prevent Nordic and Finnish businesses from cyber-attacks. Binaré is concerned about the security of IoT device your business is using. Come to our web page and check your device with our FREE Demo! The link for the web page: https://binare.io/.
More information about the incident can be found here:
Free icons courtesy of flaticon.com by authors: Smashicons, DinosoftLabs, wanicon
2 Responses