Senator Ron Wyden is among the legislators who wrote to the NSA.
In light of the recent SolarWinds supply chain hack on government agencies and others, 10 Democratic lawmakers are asking the National Security Agency to explain why it apparently did not take action after the 2012 Juniper Networks supply chain hack to help prevent similar attacks.
In a recent letter to NSA, the lawmakers state: “The American people have a right to know why NSA did not act after the Juniper hack to protect the government from the serious threat posed by supply chain hacks. A similar supply chain hack was used in the recent SolarWinds breach, in which several government agencies were compromised with malware snuck into the company’s software updates.”
Get Permission
New Zealand’s financial regulator has issued a searing report about IT security failures at NZX, the country’s stock exchange, that contributed to a disruptive DDoS attack.
The Financial Markets Authority says in a new report that NZX lacked sufficient technology resources and had inadequate IT security, including poor network design and unprotected infrastructure.
The stock market also suffered from cultural problems, including “a lack of willingness to accept fault,” the authority says. NZX officials couldn’t immediately be reached for comment on the regulator s findings.
The Financial Markets Authority s report
NZX was hit with a series of volumetric distributed denial-of-service attacks in August 2020 as part of an extortion attempt. The stock exchange also faced other technology-related problems last year, including trading volume issues that caused outages in March and April and an inability to accommodate trades of debt securities in August.
Get Permission
A recently discovered 10-year-old bug, if exploited, could give hackers root access to vulnerable Linux and Unix operating systems, the security firm Qualys says. Security experts are urging users to immediately implement a patch to mitigate the risk.
The vulnerability, called Baron Samedit by the researchers and officially tracked as CVE-2021-3156, is a heap-based buffer overflow in the Sudo utility, which is found in most Unix and Linux operating systems.
Sudo is a utility included in open-source operating systems that enables users to run programs with the security privileges of another user, which would them give them administrative – or superuser - privileges.
Recent credit license applications were accessed without authorization, ASIC says.
“While the investigation is ongoing, it appears that there is some risk that some limited information may have been viewed by the threat actor,” ASIC says. “At this time, ASIC has not seen evidence that any Australian credit license application forms or any attachments were opened or downloaded.”
ASIC officials couldn’t be immediately reached for comment. The Sydney Morning Herald reports that ASIC informed financial institutions about the breach on Monday, 10 days after it knew it had been compromised.
Meanwhile, the Australian Financial Review reports that the law firm Allens was also the victim of a breach tied to the unpatched Accellion vulnerability.
Al Pascual, COO at Breach Clarity What impact could the SolarWinds supply chain hack have on fraud trends? Al Pascual of Breach Clarity offers an analysis. “It is very hard for fraud professionals to plan and anticipate. How do you figure out what the incident means for your clients, vendors and your organization when you do not even know whether or not they were compromised?” Pascual says. In a video interview with Information Security Media Group, Pascual also discusses: The impact of the SolarWinds hack on government agencies and the financial sector; Changes in the fraud risk landscape; Technologies that anti-fraud practitioners can leverage.