The meltdown began on Dec. 13 when Reuters reported that hackers potentially linked to Russia had gained access to email systems at the U.S. Commerce and Treasury departments, and that the attackers got in by way of SolarWinds software updates.
The Homeland Security agency on Sunday instructed federal agencies that were affected to disconnect or power down certain versions of SolarWinds software in their networks, and Microsoft warned customers its antivirus tool would begin blocking malicious SolarWinds software.
Last week SolarWinds announced a new CEO, and two private-equity firms sold shares ahead of the drop.

SolarWinds’ update server was accessible by using the simple password “solarwinds123″ in late 2019, according to a security researcher.

News broke on Sunday that SolarWinds’ OrionIT product was hacked as far back as March, with malware added to a software update that was downloaded by thousands of clients. The cyberattack went undetected for months, compromising the computers at top federal government agencies and potentially impacting hundreds of prominent American corporations.

As the damage continues to be investigated, experts have begun pointing to concerns about potentially substandard security protocols. Security researcher Vinoth Kumar told Reuters he alerted SolarWinds last year that its update server could easily be accessed by anyone using the simple password: “solarwinds123.”

“This could have been done by any attacker, easily,” Kumar told the news agency.

Kumar initially told Newsweek that the issue had been present for more than three weeks before it was fixed. After this article published, the researcher followed-up to say that he’d discovered the problem appeared to be present all the way back in June 2018.

Alleged Russian SolarWinds Hack ‘Probably an 11′ On Scale of 1 to 10, Cybersecurity Expert Warns
https://www.newsweek.com/alleged-russian-solarwinds-hack-probably-11-scale-1-10-cybersecurity-expert-warns-1554606

Acybersecurity expert warned that the alleged Russian hack of SolarWinds software, which affected top government agencies, is “probably an 11″ in terms of seriousness on a scale of one to 10.

An unprecedented “major leak” of official records has uncovered a register of 1.95 million members of the Chinese Communist Party, many of whom are now living and working all over the world, including Australia, the United Kingdom, and the United States. The data lists names, party positions, date of birth, national identification number, ethnicity and — in some cases — their telephone number.

Major leak ‘exposes’ members and ‘lifts the lid’ on the Chinese Communist Party
https://www.skynews.com.au/details/_6215946537001

Ms Markson said the leak is a register with the details of Communist Party members, including their names, party position, birthday, national ID number and ethnicity.

“It is believed to be the first leak of its kind in the world,” the Sky News host said.

“What’s amazing about this database is not just that it exposes people who are members of the communist party, and who are now living and working all over the world, from Australia to the US to the UK,” Ms Markson said.

“But it’s amazing because it lifts the lid on how the party operates under President and Chairman Xi Jinping”.

Your name, address, phone number, email address, passport number, date of birth, and sex are worth just £0.05 in the eyes of the UK Information Commissioner’s Office, which has fined Marriott £18.4m after 339 million people’s data was stolen from the hotel chain.

The fine was imposed as a regulatory punishment for the 2018 Starwood Hotels megabreach despite Marriott not accepting liability for wrongdoing

The Office of the Comptroller of the Currency has fined Morgan Stanley $60 million for the investment bank’s failure to properly oversee the decommissioning of several data centers, putting customer data at risk of exposure.

See Also: The Fraudster’s Journey – Fraud in the IVR

When Morgan Stanley decommissioned two data centers related to the bank’s wealth management business in 2016, the company did not properly oversee the third-party company responsible for ensuring that all personal data was removed, according to the OCC, which is part of the U.S. Treasury Department.

Pankkien papereissa on tietoja noin 1 800 miljardin euron arvoisista epäilyttävistä tilisiirroista. Niitä on tutkinut kansainvälinen toimittajaryhmä, jossa Yle on ainoana suomalaistahona mukana.