TOP-3 cybersecurity events of the week according to Jet CSIRT
Malicious campaign using SolarWinds Orion
One of the largest providers of information security solutions FireEye reported about a malicious campaign using the infected legitimate SolarWinds Orion software. As a result of the attack on the supply chain, the attackers managed to inject malicious code into the software, after which it was distributed through the official update CORE-2019.4.5220.20574-SolarWinds-Core-v2019.4.5220-Hotfix5.msp, affecting versions from 2019.4 to 2020.2.1 HF1. SolarWinds software developer has already released unscheduled update 2020.2.1 HF 2which fixes a backdoor in a legitimate Orion product.
A large-scale database for information security researchers announced
Information security companies ReversingLabs and Sophos presented a database for cybersecurity researchers. The project, called SOREL-20M, contains over 20 million executable files, half of which are deactivated malware samples. The main goal of the project is to accelerate research in the field of malware detection using machine learning.
Fraud with mobile device emulators revealed
IBM Security Trusteer Team reported about a fraud, during which cybercriminals used about 20 emulators to simulate more than 16 thousand mobile phones. With the help of devices, cybercriminals emulated the phones of holders of compromised accounts to steal money through mobile banks. According to experts, the damage amounts to several million dollars.