Top stories of 2020

January 2, 2021  By Pierluigi Paganini


Below the list of the top stories of 2020.

December 21 – SUPERNOVA, a backdoor found while investigating SolarWinds hack

While investigating the recent SolarWinds Orion supply-chain attack security researchers discovered another backdoor, tracked SUPERNOVA.

August 2 – Garmin allegedly paid for a decryptor for WastedLocker ransomware

BleepingComputer researchers confirmed that Garmin has received the decryption key to recover their files encrypted with the WastedLocker Ransomware.

January 21 – Expert found a hardcoded SSH Key in Fortinet SIEM appliances

Expert found a hardcoded SSH public key in Fortinet ’s Security Information and Event Management FortiSIEM that can allow access to the FortiSIEM Supervisor. 

April 27 – Hacking Microsoft Teams accounts with a GIF image

Experts discovered how to take over Microsoft Teams accounts by just sending recipients a regular GIF, it works for both desktop and web Teams versions.

December 31 –New Golang-based Crypto worm infects Windows and Linux servers

Experts from Intezer discovered a new and self-spreading Golang-based malware that targets Windows and Linux servers.

May 2 – Fake Microsoft Teams notifications aim at stealing Office365 logins

Phishing attacks impersonating notifications from Microsoft Teams targeted as many as 50,000 Teams users to steal Office365 logins.

November 22 – Threat actor shared a list of 49,577 IPs vulnerable Fortinet VPNs

A threat actor has published online a list of one-line exploits to steal VPN credentials from over 49,000 vulnerable Fortinet VPNs.

January 3 – Cisco addresses several flaws in its DCNM product

Cisco has released software updates for its Data Center Network Manager (DCNM) product to address several critical and high-severity issues.

February 27 – Hunting the coronavirus in the dark web

Let me share with you the result of a one-night long analysis of major black marketplaces searching for anything related to the coronavirus epidemic.

April 26 – Hackers exploit SQL injection zero-day issue in Sophos firewall

Cybersecurity firm Sophos releases an emergency patch to address an SQL injection flaw in its XG Firewall product that has been exploited in the wild.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Top stories 2020)

[adrotate banner=”5″]

[adrotate banner=”13″]



Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.





You might also like





  • Digging the Deep Web: Exploring the dark side of the web

    Digging The Deep Web

  • Center for Cyber Security and International Relations Studies

  • Subscribe Security Affairs Newsletter

    newsletter

  • SecurityAffairs awarded as Best European Cybersecurity Tech Blog at European Cybersecurity Blogger Awards

    EU Sec Bloggers Awards 22


More Story

FBI warns swatting attacks on owners of smart devices

 The Federal Bureau Investigation (FBI) is warning owners of smart home devices with voice and video capabilities of 'swatting'...