CyberSec Roundup
A synopsis of the Latest Cybersecurity News
Facebook User Data Leaked
A serious vulnerability in Facebook’s website caused data from over 500 million Facebook user accounts to be accessed by hackers in 2019. The information has likely been sold within hacker communities since then, but it was recently released for free within a hacking forum. The data includes full names, addresses and other personal information on users’ profiles. The release of this information could lead to an increase in phishing and identity theft attacks.
Ubiquiti Coverup?
Ubiquiti, an American networking company, reported that they suffered a breach of their I.T. systems hosted by a third-party cloud provider in January but they asserted that no user data was exposed. A whistle-bowler recently disclosed that there was also an extortion attempt, and the breach was more serious than initially reported, therefore user data could have been accessed. Ubiquiti subsequently confirmed the extortion attempt but maintained that user data wasn’t accessed based on the extortion request and findings of an investigation conducted by an external incident response team.
Unpatched Fortinet Devices under attack
The FBI and CISA have warned government, commercial and tech organizations to ensure their Fortinet devices are patched against known vulnerabilities from 2019 and 2020. Fortinet has a large install base, which is why state-sponsored APT groups are targeting these devices to gain access to their networks. The key vulnerabilities are CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591.
By: David Pinder
IT & Security Consultant
Certified Ethical Hacker