CyberSec Roundup
A synopsis of the latest Cybersecurity News

Russia formally accused of SolarWinds Attack

In a joint statement last week, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and Office of the Director of National Intelligence (ODNI) identified Russia as the likely origin of the APT group behind the SolarWinds attack. These agencies believe the attack was an intelligence gathering exercise, where follow operations were executed against a very small subset of the 18,000 affected customers. Russia has officially denied any involvement, stating that they do not conduct offensive operations in the cyber domain.

DOJ E-mail accounts compromised

As part of the SolarWinds attack, the US Department of Justice (DoJ), discovered that around 3% of their Office 365 email inboxes were compromised. They detected malicious activity around Christmas Eve and took steps to block the attackers. At this time, they do not believe any classified information was accessed.

Nissan Source Code Leaked

Nissan (North America) maintains source code in a public repository on GitLab. This repository contains source code for their mobile apps, diagnostics tools, market research tools and NissanConnect services. This repository was compromised and leaked as a result of Nissan not changing the default credentials of the server Git server.

By: David Pinder
IT & Security Consultant
Certified Ethical Hacker