
We’ve all seen the pop-ups on our laptops or phones: “Update is available, click here to download.”
We’re constantly urged to do as we’re told because these software updates improve our apps by boosting cyber-security and removing glitches.
So when, in the spring, a pop-up message hit the screens of IT staff using a popular piece of software called SolarWinds, around 18,000 workers in companies and governments diligently downloaded the update for their offices.
What they couldn’t have known was that the download was booby-trapped.
SolarWinds itself didn’t know either.
https://www.bbc.com/news/technology-55321643
SolarWinds Hack Could Affect 18K Customers
The still-unfolding breach at network management software firm SolarWinds may have resulted in malicious code being pushed to nearly 18,000 customers, the company said in a legal filing on Monday. Meanwhile, Microsoft should soon have some idea which and how many SolarWinds customers were affected, as it recently took possession of a key domain name used by the intruders to control infected systems.
https://krebsonsecurity.com/2020/12/solarwinds-hack-could-affect-18k-customers/
45 Million Medical Images Left Exposed Online
A six-month investigation by CybelAngel discovered unsecured sensitive patient data available for third parties to access for blackmail, fraud or other nefarious purposes.
https://threatpost.com/million-medical-images-online/162284/