Post by account_disabled on Feb 25, 2024 5:12:52 GMT
Data is increasingly the focus of cybercrime, whether it's stolen sensitive information, ransomware attacks or misconfigurations. The COVID-19 pandemic has contributed to the diffusion and widespread use of the Internet in every facet, from classic e-commerce to the education and healthcare sectors and, if on the one hand digitalisation has increased, on the other 2020 has experienced a series of cyber-criminal attacks against numerous companies. What are the worst cyber attacks of 2020? Content index: SolarWinds Estee Lauder Zoom Microsoft Elasticsearch Server Google SolarWinds This attack targeted the supply chain of Solar Winds, a company that develops information technology monitoring and management solutions, with the Orion platform among its most popular products.
It is precisely in this platform that the CVE-2020-10148 vulnerability Chinese Student Phone Number List was identified: the security flaw would allow remote code execution by including specially prepared parameters, hiding a backdoor to compromise the IT monitoring server. 18,000 companies were victims of the attack, including Cisco, Microsoft, Intel, VMWare. Estee Lauder In February 2020, the data breach occurred against Estée Lauder which, due to middleware security errors, was the victim of an attack on the records of more than 440 million users. The employees immediately worked to limit access to the breached database but, in the meantime, several sensitive user information remained exposed, such as payment details and private emails.
Zoom The platform experienced a boom at the beginning of 2020, with the adoption of distance learning and smart working due to the pandemic. In April, it was reported that 500,000 passwords and credentials were for sale online. Zoom responded that the event stemmed from another company's data breach, and that the hackers discovered that users were using the same credentials to log into their Zoom accounts. Microsoft Elasticsearch Server A misconfiguration announced on January 22, 2020, when Microsoft discovered a set of misconfigured security rules in an internal company database used for analytics that left 250 million records exposed. Google On December 14, 2020, Google experienced an outage to various services that lasted more than an hour. Cyber-security expert Will Geddes announced that the outage of Alphabet Inc. could be part of the same attack that hit the US government.
It is precisely in this platform that the CVE-2020-10148 vulnerability Chinese Student Phone Number List was identified: the security flaw would allow remote code execution by including specially prepared parameters, hiding a backdoor to compromise the IT monitoring server. 18,000 companies were victims of the attack, including Cisco, Microsoft, Intel, VMWare. Estee Lauder In February 2020, the data breach occurred against Estée Lauder which, due to middleware security errors, was the victim of an attack on the records of more than 440 million users. The employees immediately worked to limit access to the breached database but, in the meantime, several sensitive user information remained exposed, such as payment details and private emails.
Zoom The platform experienced a boom at the beginning of 2020, with the adoption of distance learning and smart working due to the pandemic. In April, it was reported that 500,000 passwords and credentials were for sale online. Zoom responded that the event stemmed from another company's data breach, and that the hackers discovered that users were using the same credentials to log into their Zoom accounts. Microsoft Elasticsearch Server A misconfiguration announced on January 22, 2020, when Microsoft discovered a set of misconfigured security rules in an internal company database used for analytics that left 250 million records exposed. Google On December 14, 2020, Google experienced an outage to various services that lasted more than an hour. Cyber-security expert Will Geddes announced that the outage of Alphabet Inc. could be part of the same attack that hit the US government.