Time for the weekly security roundup! We have more important breaches to share and additional details on the massive SolarWinds attack -
Secret backdoor discovered in Zyxel firewalls and AP controllers
Over 100,000 Zyxel devices are potentially vulnerable to a secret backdoor caused by hardcoded credentials used to update firewall and AP controllers’ firmware. Niels Teusink of Dutch cybersecurity firm EYE discovered a secret hardcoded admin account in the latest 4.60 patch 0 firmware for some Zyxel devices. Teusink found that the account could be used to log into vulnerable devices over both SSH and the web interface. Since the SSL VPN inferface operates on the same port as the web interface, Teusink found that many users have allowed port 443 to be accessible on the Internet. Zyxel has released ZLD V4.60 patch 1 to remove the hardcoded credentials in vulnerable devices. Any devices using earlier firmware or SD-OS are not affected.
COVID-19 vaccine scams appearing online, over text, and by email
Amid the chaos of vaccine deployment, scammers and other threat actors have taken advantage of the opportunity and launched their own programs to steal personal information, conduct identity theft, scam victims, and all with the potential for criminal financial gain. Some of the scams include fake vaccines being offered for sale, phishing emails, malvertising to fraudulent websites, text messages with fake URLs, and cold calls to get personal information.
SolarWinds hack poses risk to cloud services’ API keys and IAM identities
The SolarWinds Orion supply chain hack endangers Amazon Web Services and Microsoft Azure API keys and their corresponding accounts, a security blog post from identity and access security company Ermetic has warned. If the SolarWinds attackers were able to extract and decrypt API keys from any compromised Orion databases, they could subsequently gain access to the related cloud-based services. (Note: I would highly recommend taking a look at the full article linked above! They get a bit deeper into the particular issue at hand.)
Italian mobile operator offers to replace SIM cards after massive data breach
Ho Mobile, an Italian mobile operator owned by Vodafone, has confirmed a massive data breach on Monday and is now taking the rare step of offering to replace the SIM cards of all affected customers. This breach is believed to have impacted roughly 2.5 million customers. The breach first came to light on December 28th when a security analyst spotted the telco’s database being offered for sale on a dark web forum. Ho’s statement confirmed the security researcher’s assessment that hackers broke into Ho’s servers and stole personal data information on Ho customers.
Share any security updates you have in the comments below!