Hackers with suspected China ties breached MTA servers in April

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

Hackers with possible ties to the Chinese government breached three of the MTA’s computer systems earlier this year, transit officials said Wednesday.

The breach occurred on two separate days in the second week of April and continued unchecked until being discovered on April 20, officials said. Hackers did not access systems related to train operations, safety or customer or employee information, the MTA said.

The authority “quickly and aggressively responded to this attack,” MTA Chief Technology Officer Rafail Portnoy said in a statement. An outside audit “found no evidence operational systems were impacted, no employee or customer information breached, no data loss and no changes to our vital systems,” Portnoy said.

“The MTA’s existing multi-layered security systems worked as designed, preventing spread of the attack and we continue to strengthen these comprehensive systems and remain vigilant as cyber-attacks are a growing global threat,” he added.

To gain access, the hackers took advantage of vulnerabilities in the remote work tool Pulse Connect Secure to breach three systems used by the MTA’s city transit and commuter rail divisions, according to the New York Times, which first reported the breach.

The hackers reportedly left “web shells” to maintain backdoor access to the MTA’s system, the Times said — and also took steps to erase evidence of their intervention.

MTA officials said the federal Cybersecurity and Infrastructure Security Agency ordered “fixes and patches” that were made within 24 hours of the breach’s discovery. Addressing the breach cost the MTA an estimated $370,000, the Times said.

The MTA has 18 total computer systems. About 5 percent of the MTA’s workforce were instructed to change their passwords as a result of April’s breach, officials said.

The attack is one of several this year that cybersecurity experts suspect are backed by the Chinese government, either directly or indirectly, the Times said.

Dozens of government agencies, contractors and financial institutions were hit by the wave of attacks, which were uncovered in late April.

With Post wires


Nokia 3.2 receiving April security patch

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

Nokia 3.2

Nokia 3.2 is a solid continuation of Nokia 3.1 which Nokia Mobile launched together with Nokia 4.2 at MWC2019. Nokia 3.2 users started reporting that their devices started receiving April security patch which should be available globally. The update is bringing 18.76 MB of monthly updates that should make the device more secure. Do check your Nokia 3.2 and update it.

This should be the first security patch after Nokia 3.2 received Android 11 back in March. How is the latest OS holding up? Are you happy with your device running it?


Kudos to Krishna for the tip and screenshot! This is keeping our Update tracker alive.


Data Privacy + Cybersecurity Insider – April #4 | Robinson & Cole LLP

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


NSA Issues New Warning About Four Critical Patches to Microsoft Exchange Servers –

The National Security Agency (NSA) recently issued a warning to private industry about four zero-day vulnerabilities in Microsoft Exchange Server versions 2013, 2016, and 2019 used on-premises. The NSA recommends immediate patching of the vulnerabilities before they are exploited by threat actors.

Please see full Publication below for more information.


Cyber Security Today, April 23 2021 – More SolarWinds news, UK law will tighten consumer internet device security and a warning to QNAP storage users

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

More SolarWinds news, UK law will tighten consumer internet device security and a warning to QNAP storage users.

Welcome to Cyber Security Today. It’s Friday April 23rd. I’m Howard Solomon, contributing reporter on cybersecurity for


The number of organizations hit after the compromise of SolarWinds’ Orion network monitoring software last year may be more than originally thought. Security company RiskIQ took a closer look at the scheme and found 18 more servers for command and control than investigators first found. These servers would be used to distribute malware to compromised Orion installations. It was thought that of the 18,000 organizations that downloaded the compromised Orion security update perhaps 100 around the world had their systems hacked. But with the discovery that more servers were involved in the scheme there may be more victim organizations. The U.S., Canada and other countries say Russia’s intelligence service is responsible for the Orion compromise.

If your organization is going to create an app for its products the software had better be secure. According to a security researcher, until recently the app and website for tractor maker John Deere wasn’t. The researcher told the vulnerabilities could have exposed data about John Deere customers including names, addresses, the equipment’s ID number and its vehicle ID number. The company has fixed the vulnerabilities, which it called “code misconfigurations.”

Many internet-connected consumer devices have poor security, including weak default passwords. In an effort to increase the cybersecurity of devices sold in the United Kingdom, the government this week promised new legislation with minimum product security requirements. No consumer-connected product will be allowed to be sold unless it has basic cybersecurity measures. These include a ban on default and easily guessable default passwords, having a way device owners can report vulnerabilities to the manufacturer and stating how long security updates will be available for a product. The government will create an enforcement authority to back up the law. It would apply to almost everything except laptops and…