Security summary11-01-2021 Author: DSwiss
Our short monthly review for December summarizes important news and blog posts, which focus on IT security, cloud computing and privacy protection.
1. Health IT: patient data on unprotected servers
Security researchers have taken a closer look at health IT. After it was discovered in 2019 that millions of patient data records were stored on unprotected servers, researchers have now identified even more unprotected data and additional security gaps. In some cases they were able to log into the Dicom system as a doctor and query data with remarkable ease. Unsecure patient data is also an issue in numerous medical centers.
2. Far-reaching hacker attack on Solarwinds
Thousands of customers of Solarwinds, a company that specializes in network management software, were compromised in a hacker attack. US authorities were also affected, including the Nuclear Weapons Agency, as well as large companies such as Microsoft. The issue continues to be of concern as the year clicks over and the list of those potentially affected continues to grow.
3. Google reports its own Gmail accounts as nonexistent
In mid-December, Google's email service, Gmail, went down for a short time. In addition to accounts being unavailable for a short period, Gmail also reported to other email servers that the requested account did not exist. As a result, it is likely that the affected accounts were partially removed from mailing lists, email distribution lists and other services that use saved email addresses as access data.
4. Goodbye flash player
The end of Flash Player has finally arrived. As of December 31, 2020, Adobe stopped supporting the software and from January 12, 2021, the execution of Flash content will be completely blocked. Adobe developers have been switching to modern standards such as HTML5 since 2015. It has been known since 2017 that Flash support would eventually be entirely discontinued.
5. Paid functions with the Telegram messenger service
In order to remain independent, the Telegram messenger service will need to start generating income as of 2021, according to Telegram founder Pavel Durov. All existing free functions should remain free, but functions will also be introduced for business clients and operators of channels, for which a fee will be charged.
6. Global computer network switched off
As part of a coordinated international effort, investigators succeeded in shutting down the criminal computer network Safe-Inet. The network, which is equipped with anonymization options, was offered to customers for a fee, in order to aid serious cyber crimes and various other illegal applications. Almost 50 servers were identified and confiscated.
7. New skimming malware hidden in social media buttons
Just in time for the start of the Christmas shopping season, new skimming malware has recently surfaced. The skimmer is hidden in fake social media buttons that are placed on check-out and e-commerce sites. When a user clicks on one of these fake buttons to share content, a code is activated, which, for example, taps sensitive information such as credit card details.
8. Serious security vulnerabilities in networked doorbells
A large number of low-cost digital video bells have been found to have serious security gaps, as revealed by a test run by the IT security company NCC Group for the British online magazine "Which?". Given that the smartphone apps used to control the digital bells also rely on unencrypted communication, life is made particularly easy for hackers.
9. Hacker attack on European Medicines Agency
The European Medicines Agency (EMA) has been the victim of a cyber attack. Strangers apparently got access to documents that Biontech had submitted to EMA. The approval of the COVID-19 vaccine, which Biontech developed together with Pfizer, was not at risk. Investigations have commenced.
10. Hacker attack on Funke media group
The German Funke media group has become the victim of a hacker attack. Outsiders encrypted the publisher's systems nationwide, which meant that the group's newspapers – including the WAZ and the Berliner Morgenpost – appeared only with emergency editions the following day.