SecureFact™

Your curated list of Data Security News happening across the world, in a simple yet intuitive form for the fast-paced cybersecurity professionals.

WEEK OF JANUARY 18, 2021

United Nations suffers major data breach

  • 100k United Nations Environmental Programme employees had their data exposed online.

  • The discovery was made by the ethical hacking and security research group Sakura Samurai after its members Jackson Henry, Nick Sahler, John Jackson and Aubrey Cottle came across the UN’s Vulnerability Disclosure Program and Hall of Fame.

  • The data set obtained by Sakura Samurai contained a wealth of information on the travel history of UN staff including their employee IDs, names, employee groups, travel justification, start and end dates, approval status, destination and even length of stay.

*Source 

American technology company Ubiquiti Networks is disclosed a data breach

  • It is sending out notification emails to its customers asking them to change their passwords and enable 2FA for their accounts.
  • The attackers have had access to the servers containing information related to the user accounts for the web portal ui.com, exposed records include names, email addresses, and salted and hashed passwords.

  • For some users also home addresses and phone numbers may have also been exposed. The company did not provide additional details about the data breach, including how many users have been impacted.

*Source

Telegram-based phishing service Classiscam hits European marketplaces

  • Dozens of cybercriminal gangs are publishing fake ads on popular online marketplaces to lure interested users to fraudulent merchant sites or to phishing pages that steal payment data.
  • Security researchers at Group-IB through the company’s digital risk protection in Amsterdam first spotted the scam in Russia, in the summer of 2019. They named it Classiscam and observed it grow from 280 scam pages to about 3,000 in less than a year.

  • At least 40 gangs are running Classiscam, 20 of them being Russian, the most profitable ones making more than $500,000 every month. Group-IB calculated that the gangs operating in European countries make an average monthly profit of $61,000. It is estimated that the scammers made more than $6.5 million in 2020.

*Source

Email security firm Mimecast says hackers hijacked its products to spy on customers

  • The company said around 10% of its more than 36,000 customers had been affected, but it believed “a low single digit number” of users had been specifically targeted.

  • The company said it had been alerted to the attack by investigators at Microsoft and that “a sophisticated threat actor” had compromised the certificate used to guard connections between its products and Microsoft’s cloud services.

  • Three cybersecurity investigators, who spoke on condition of anonymity to discuss details of an ongoing probe, told Reuters they suspected the hackers who compromised Mimecast were the same group that broke into U.S. software maker SolarWinds and a host of sensitive U.S. government agencies.

*Source

Two-Thirds of Employees Don’t Consider Security Whilst Home Working: Survey

  • The survey of 2043 employees in the UK demonstrated a lack of awareness about how to stay secure whilst working remotely, which is putting businesses at risk of attacks.
  • Although 71% of workers do not think about the implications a cybersecurity breach could have on their work and job security, when asked, 45% said they could lose their job if their working device’s security was compromised.

  • The industries in which the highest rates of cybersecurity errors were made were manufacturing and utilities (65%), construction and engineering (61%) and recruitment (57%). In addition, 17% of all employees polled admitted to breaking confidentiality and non-disclosure agreements (NDAs) by discussing work matters with friends and family.

*Source

Russian Hacker Sentenced to 12 Years for Role in Breaches of JP Morgan, Others

  • According to the US Secret Service, Tyurin made some $19 million from his crimes.
  • Tyurin from 2012 to 2015 hacked multiple financial institutions, brokerages, and financial news publications, including JP Morgan, E*Trade, Scottrade, and The Wall Street Journal, stealing personal data of more than 100 million customers of those organizations — all from his home in Moscow.
  • He worked with co-conspirators including Gery Shalon, who together also perpetrated securities fraud and other nefarious activity.

*Source 

WEEK OF JANUARY 11, 2021

Italian mobile operator offers to replace SIM cards after massive data breach

  • Hackers stole the personal data for 2.5 million Ho Mobile subscribers.

  • While the company initially played down these initial reports, Ho confirmed the incident on Monday, in a message posted on its official website and via SMS messages sent to all impacted customers.

  • Ho’s statement confirms the security researcher’s assessment that hackers broke into Ho’s servers and stole details on Ho customers, including full names, telephone numbers, social security numbers, email addresses, dates and places of birth, nationality, and home addresses.

  • While the telco said no financial data or call details were stolen in the intrusion, Ho admitted that hackers got their hands on details related to customers’ SIM cards.

*Source 

Nissan Source Code Leaked via Misconfigured Git Server

  • Leaked information includes source code of Nissan mobile apps, diagnostics tool, and market research tools and data, among other assets.
  • The Git server was taken offline yesterday after its data began to be shared on Telegram and hacking forums, the report continues.

  • Nissan has confirmed the incident, stating it is “aware of a claim regarding a reported improper disclosure of Nissan’s confidential information and source code.”

*Source

Healthcare Organizations Bear the Brunt of Cyberattacks Amid Pandemic

  • In the past two months alone, attacks against the sector soared 45% – more than double the rate of other sectors, Check Point says.
  • According to a new report this week from Check Point Software, attacks on healthcare entities worldwide jumped 45% in the past two months as attackers tried to take advantage of the pandemic.

  • On average, healthcare organizations experienced 626 attacks per week in November, compared with 430 attacks on average in the previous months. The most common attack vectors were ransomware, distributed denial-of-service (DDoS), botnets, and remote code execution attacks.

*Source

Hackers Stole $2,000 From Woman’s Account, But Bank Wouldn’t Give Her Refund Until CBS 2 Got Involved

  • CBS 2 Morning Insider Tim McNicholas discovered the fraudsters used an email registered to a Big Ten university.

  • She filed a fraud claim, but Fifth Third Bank said the transaction appears valid and they won’t refund her, even though the recipients had a phone number with a California area code.

  • A day after CBS 2 got involved, Fifth Third Bank rushed their investigation and determined Senft’s case was indeed fraud, and agreed to refund her $2,000.

*Source

Man going to federal prison for defrauding Spirit out of flights you can easily buy for $9

  • Rather than join Spirit’s $9 Fare Club after his termination, Bell conspired to steal information from actual Mesa employees to book free Spirit flights for himself and others.
  • The scheme lasted from February 2016 until November 2017 and resulted in at least 1,953 stolen flights. In addition to a two-and-a-half-year prison sentence, United States District Judge Michael W. Fitzgerald also ordered Bell to pay Spirit $150,000 in restitution.

  • He also manufactured and sold fraudulent Mesa employee identification cards, according to a statement from the U.S. attorney’s office for the Central District of California.

*Source

Widely Used Software Company May Be Entry Point for Huge U.S. Hacking

  • Russian hackers may have piggybacked on a tool developed by JetBrains, to gain access to federal government and private sector systems in the United States.
  • JetBrains said on Wednesday that it was not aware of being under investigation nor was it aware of any compromise. The exact software that investigators are examining is a JetBrains product called TeamCity, which allows developers to test and exchange software code before its release.
  • By compromising TeamCity, or exploiting gaps in how customers use the tool, cybersecurity experts say the Russian hackers could have inconspicuously planted back doors in an untold number of JetBrains’ clients.

*Source 

WEEK OF JANUARY 04, 2021

Utility supplier People’s Energy has entire customer list stolen

  • All 270,000 customers of People’s Energy, a renewable energy startup, have had their details compromised in a major data breach incident.

  • In a statement to its customers, the company said: “As soon as we became aware of what was happening, we acted immediately to close down the route being used to get into our system, and to stop access to any further information.

  • People’s Energy said it had identified how its security was compromised and addressed the breach.

*Source 

Several Unpatched Popular Android Apps Put Millions of Users at Risk of Hacking

  • The bug, tracked as CVE-2020-8913, is rated 8.8 out of 10.0 for severity and impacts Android’s Play Core Library versions prior to 1.7.2.
  • Many popular apps, including Grindr, Bumble, OkCupid, Cisco Teams, Moovit, Yango Pro, Microsoft Edge, Xrecorder, and PowerDirector, are still vulnerable and can be hijacked to steal sensitive data, such as passwords, financial details, and e-mails.

  • Although Google addressed the vulnerability in March, new findings from Check Point Research show that many third-party app developers are yet to integrate the new Play Core library into their apps to mitigate the threat fully.

*Source

Ticketmaster to pay $10 million in fines after admitting to illegally accessing competitor’s computers

  • According to the deferred prosecution agreement, a Ticketmaster executive described that the goal was to “choke off” the victim company and “steal back” one of its clients.
  • A press release by federal prosecutors said Ticketmaster employees held a division-wide summit during which the stolen passwords were used to access the victim company’s computers “as if that were an appropriate business tactic.”

  • “When employees walk out of one company and into another, it’s illegal for them to take proprietary information with them,” said FBI Assistant Director-in-Charge William Sweeney, whose office is conducting the investigation. “Ticketmaster used stolen information to gain an advantage over its competition, and then promoted the employees who broke the law.”

*Source

Our servers were hacked, internal documents may get uploaded on public websites: IndiGo

  • Indigo was able to restore systems in a very short span of time with minimal impact, it said.

  • ”There were some segments of data servers that were breached – so, there is a possibility that some internal documents may get uploaded by the hackers on public websites and platforms,” the airline said.

  • The carrier said it realises the seriousness of the issue, and it continues to engage with ”all relevant experts and law enforcement” to ensure that the incident is investigated in detail.

*Source

Data Of 10 Cr Digital Payments Transactions Leaked After Attack On Juspay’s Server

  • The data, which is in the form of a data dump, appears to have been leaked through a compromised server of payments company Juspay.
  • The data includes information about credit and debit cardholders and is being sold on the dark web. Names of issuing bank, expiry date, masked credit/debit card numbers, names, customer ID and merchant account ID have been leaked among several other details.

  • The leaked payment information has been masked in places to reveal only partial copies of card numbers. While this reduces the possibilities of a financial scam, resourceful hackers could still use the information to launch phishing scams to induce victims to hand over their card information.

*Source

T-Mobile warns customers of second data breach in less than a year

  • The scope of the attack was small, but not inconsequential.
  • T-Mobile said the attack was limited to what the FCC regards as “customer proprietary network information,” which can include phone numbers, the number of lines associated with the account, and potentially information about calls placed, like phone numbers called, timing and duration.
  • The carrier further stressed that the data accessed “did not include names on the account, physical or email addresses, financial data, credit card information, social security numbers, tax ID, passwords or PINs.”

*Source 

WEEK OF DECEMBER 21, 2020

Data Leak Exposes Details of Two Million Chinese Communist Party Members

  • The information includes official records such as party position, birthdate, national ID number and ethnicity.

  • It revealed that members of China’s ruling party hold prominent positions in some of the world’s biggest companies, including in pharmaceutical giants involved in the development of COVID-19 vaccines like Pfizer and financial institutions such as HSBC.

  • The report emphasized there is no evidence that spying for the Chinese government or other forms of cyber-espionage have taken place.

*Source 

Ireland’s data regulator fines Twitter €450,000 in first sanction against US firm under GDPR

  • Twitter was found to have breached GDPR rules relating to a data breach discovered in 2018, whereby tweets by users who had protected accounts were actually unprotected and viewable to the wider public.
  • If a user protects their account, it means only their approved followers should be able to see their tweets.

  • However a bug in Twitter’s system meant if users on an Android device changed the email address associated with their account, the protected tweets became unprotected without the user’s knowledge.

*Source

Hack against US is ‘grave’ threat, cybersecurity agency says

  • Federal authorities expressed increased alarm Thursday about a long-undetected intrusion into U.S. and other computer systems around the globe that officials suspect was carried out by Russian hackers.
  • The hack compromised federal agencies and “critical infrastructure” in a sophisticated attack that was hard to detect and will be difficult to undo, the Cybersecurity and Infrastructure Security Agency said in an unusual warning message. The Department of Energy acknowledged it was among those that had been hacked.

  • Tech giant Microsoft, which has helped respond to the breach, revealed late Thursday that it had identified more than 40 government agencies, think tanks, non-governmental organizations and IT companies infiltrated by the hackers. It said four in five were in the United States — nearly half of them tech companies — with victims also in Canada, Mexico, Belgium, Spain, the United Kingdom, Israel and the United Arab Emirates.

*Source

Microsoft unleashes ‘Death Star’ on SolarWinds hackers in extraordinary response to breach

  • In the size, speed and scope of its actions, Microsoft has reminded the world that it can still muster firepower like no one else as a nearly-overwhelming force for good.

  • On Dec. 13, the day this became public, Microsoft announced that it removed the digital certificates that the Trojaned files used. That same day, Microsoft announced that it was updating Microsoft Windows Defender, the antimalware capability built into Windows.

  • Next, on Tuesday, Dec. 15, Microsoft and others moved to “sinkhole” one of the domains that the malware uses for command and control (C2): avsvmcloud[.]com.

  • Finally, today, Wednesday, Dec. 16, Microsoft basically changed its phasers from “stun” to “kill” by changing Windows Defender’s default action for Solorigate from “Alert” to “Quarantine.”
  • Taken together, these steps amount to Microsoft first neutralizing and then killing the malware while wresting control over the malware’s infrastructure from the attackers. By the end of this week, the attackers will be left with barely a fraction of the systems under their control.

*Source

People’s Energy data breach affects all 270,000 customers

  • Co-founder Karin Sode told BBC News an entire database had been stolen by hackers and included information on previous customers.
  • Data stolen included names, addresses, dates of birth, phone numbers, tariff and energy meter IDs, she said. But with the exception of that of 15 small-business customers, no financial information had been accessed.

  • Most of those affected are unlikely to face any direct financial risk. But having their data stolen may leave them more vulnerable to phishing attacks – where a criminal pretends to be from an official source to try to obtain other information, often using what they already have to sound credible.

*Source

Rogue ex-Cisco employee who crippled WebEx conferences and cost Cisco millions gets two years in US prison

  • The Ex-employee had been trying for a green card at the time of his crimes, and it’s safe to say this won’t look good on his application.
  • Sudhish Kasaba Ramesh was employed by Switchzilla for less than two years but left in April 2018.
  • Five months later he used access credentials to get back into Cisco’s systems and deleted virtual machines on Webex – borking more than 16,000 WebEx Teams accounts for two weeks in some cases and costing Cisco $2.4m in refunds and repair work.

*Source 

WEEK OF DECEMBER 14, 2020

Largest global staffing agency Randstad hit by Egregor ransomware

  • Randstad is the world’s largest staffing agency with offices in 38 markets and the owner of the well-known employment website Monster.com

  •  The Egregor ransomware operation published what they claim is 1% of Randstad’s data stolen during a recent cyberattack. This leaked data is a 32.7MB archive containing 184 files, including accounting spreadsheets, financial reports, legal documents, and other miscellaneous business documents.

  • The company confirmed that data was stolen but is still investigating whether the personal data of clients of employees was accessed. At this time, they believe that only data related to their operations in the US, Poland, Italy, and France was stolen.

*Source 

FireEye, a Top Cybersecurity Firm, Says It Was Hacked by a Nation-State

  • The Silicon Valley company said hackers — almost certainly Russian — made off with tools that could be used to mount new attacks around the world.
  • The company said hackers used “novel techniques” to make off with its own tool kit, which could be useful in mounting new attacks around the world.

  • The hack raises the possibility that Russian intelligence agencies saw an advantage in mounting the attack while American attention — including FireEye’s — was focused on securing the presidential election system.

*Source

Food bank loses nearly $1,000,000 in Business Email Compromise scam

  • Posing as a legitimate construction company that was owed money for the building work, scammers sent a bogus invoice to Philabundance requesting payment.
  • Regrettably, employees of the food bank wired $923,533 into an account under the control of criminals.

  • Earlier this year, the FBI said BEC scams had defrauded companies of some $1.7 billion during 2019.

*Source

Suspected Russian hackers spied on U.S. Treasury emails – sources

  • Hackers believed to be working for Russia have been monitoring internal email traffic at the U.S. Treasury and Commerce departments.

  • The U.S. government has not publicly identified who might be behind the hacking, but three of the people familiar with the investigation said Russia is currently believed to be responsible for the attack.

  • Two of the people said that the breaches are connected to a broad campaign that also involved the recently disclosed hack on FireEye, a major U.S. cybersecurity company with government and commercial contracts.

*Source

113,000 Alaskan voter IDs exposed in data breach

  • State says no financial information was included.
  • The breach was conducted by outside actors, said Mark Breuning, chief information security officer for the state, and voter information was viewed and copied.
  • In October Alaskans were among voters targeted by messages threatening unspecified actions if they did not vote for Trump, the New York Times reported. Federal authorities found those emails were intentionally deceptive and meant to undermine confidence in elections, the Times reported.

*Source

New Zealand Privacy Act: Updated data breach legislation comes into effect on December 1

  • The Privacy Act 2020 will mandate that organizations must report “serious” data breaches immediately if there is a “risk of harm”.
  • These rules apply to any data handlers based in New Zealand, as well as any overseas organizations that carry out business or collect data relating to New Zealand citizens. The new law will replace the Privacy Act 1993.
  • Under the Privacy Act 2020, data handlers could be fined up to NZ$10,000 ($7,000) for non-compliance. While this may sound like a relatively low figure, the Office of the Privacy Commissioner can also make an official complaint to the Human Rights Tribunal, which carries a maximum penalty of NZ$230,000 ($162,000).

*Source 

WEEK OF NOVEMBER 23, 2020

ModPipe malware decrypts Oracle point-of-sale database passwords

  • Security researchers have discovered a new malware geared with modules that target Oracle Micros Hospitality RES 3700 point-of-sale systems.

  • The researchers still don’t know how the malware compromises the PoS systems but they figured out its architecture, which includes an initial dropper, a persistent loader, the main module, a networking module, and downloadable components.

  • Details about the decryption mechanism are not public, suggesting that the threat actor may have reversed engineered the software for Oracle’s MICROS RES 3700 Restaurant POS System to understand how the passwords are encrypted and decrypted. Alternatively, they could have gotten the info from a 2016 data breach that affected Oracle’s Micros PoS division, or by buying the code on a cybercriminal market.

*Source 

Popular stock photo service hit by data breach, 8.3M records for sale

  • Stock photo site 123RF has suffered a data breach after a hacker began selling a database containing 8.3 million user records on a hacker forum.
  • From the samples of the database seen by BleepingComputer, the stolen data includes a 123RF members’ full name, email address, MD5 hashed passwords, company name, phone number, address, PayPal email if used, and IP address. There is no financial information stored in the database.

  • While the company states that the passwords are encrypted, the passwords are MD5 hashes. Unfortunately, using online MD5 cracking tools, BleepingComputer could easily retrieve the plain-text passwords for numerous accounts.

*Source

Hackers sponsored by Russia and North Korea are targeting COVID-19 researchers

  • Three nation-state-sponsored groups are targeting organizations throughout the world.
  • There are seven prominent companies that have been targeted, Microsoft Corporate VP for Customer Security & Trust Tom Burt said. They include vaccine-makers with COVID-19 vaccines in various clinical trial stages, a clinical research organization involved in trials, and a developer of a COVID-19 test.

  • Friday’s blog post comes two weeks after officials from three US governmental organizations warned that Russian ransomware hackers were targeting hundreds of US hospitals.

*Source

46M accounts were impacted in the data breach of children’s online playground Animal Jam

  • Kids aging 7 through 11 can play games, personalize their favorite animal, learn fun facts, and so much more. Animal Jam currently has over 130 million registered players and 3.3 million monthly active users.

  • This week a threat actor published two databases, titled ‘game_accounts’ and ‘users’, belonging to the popular gaming portal for free on a hacker forum. The huge trove of data was obtained by the black hat hacker ShinyHunters, which is known for several data leaks.

  • WildWorks immediately launched an investigation into the security breach, company, it appears that threat actors compromised the server of a third-party vendor WildWorks uses for intra-company communication. The attackers obtained a key that enabled them to access this database.

*Source

ICO fines Ticketmaster UK Limited £1.25million for failing to protect customers’ payment details

  • The ICO found that the company failed to put appropriate security measures in place to prevent a cyber-attack on a chat-bot installed on its online payment page.
  • The data breach, which included names, payment card numbers, expiry dates and CVV numbers, potentially affected 9.4million of Ticketmaster’s customers across Europe including 1.5million in the UK.
  • The breach began in February 2018 when Monzo Bank customers reported fraudulent transactions. The Commonwealth Bank of Australia, Barclaycard, Mastercard and American Express all reported suggestions of fraud to Ticketmaster. But the company failed to identify the problem. In total, it took Ticketmaster nine weeks from being alerted to possible fraud to monitoring the network traffic through its online payment page.

*Source

Nearly 28 million licensed Texas drivers hit by data breach

  • An insurance software company with access to DMV records says it was breached.
  • An insurance software company called Vertafore, which has legal access to that DMV information, said in a statement the data was inadvertently stored in an unsecured storage service that was hacked between March and August of this year.
  • The company says they reported it to the Texas Office of the Attorney General, the Texas Department of Motor Vehicles, and the Texas Department of Public Safety and wrote, “Vertafore’s notice was delayed at law enforcement’s request.” Vertafore says they hired a third-party firm to investigate but identified no misuse of the information so far.

*Source 

WEEK OF NOVEMBER 16, 2020

Hacker is selling 34 million user records stolen from 17 companies

  • Stolen databases are typically sold first in private sales, with prices ranging from $500 to $100,000.

  • According to the data breach broke, all of the seventeen databases being sold were obtained in 2020, with the largest breach being Geekie.com.br with 8.1 million records. The most well-known affected company is Singapore’s RedMart that exposed 1.1 million records.

  • The combined databases expose over 34 million user records. While a password is not included in every record, for example, Clip.mx, there is still useful information disclosed in each database that threat actors can use.

*Source 

Hacker group uses Solaris zero-day to breach corporate networks

  • The zero-day appears to have been bought off a black-market website for $3,000.
  • While UNC1945 activity went as far back as 2018, Mandiant said the group caught their eye earlier this year after the threat actor utilized a never-before-seen vulnerability in the Oracle Solaris operating system. Tracked as CVE-2020-14871, the zero-day was a vulnerability in the Solaris Pluggable Authentication Module (PAM) that allowed UNC1945 to bypass authentication procedures and install a backdoor named SLAPSTICK on internet-exposed Solaris servers.

  • Mandiant said the hackers then used this backdoor as an entry point to launch reconnaissance operations inside corporate networks and move laterally to other systems.

*Source

GDPR lawsuit against Oracle and Salesforce moves forward

  • Class action suit seeks claims worth more than £10bn over the processing of personal information.
  • The data processing policies and practices of two of the world’s largest software companies, Salesforce and Oracle, will come under scrutiny in the High Court of England and Wales in the biggest digital privacy class action lawsuit ever filed.

  • The suit, filed by privacy campaigner and data protection specialist Rebecca Rumbul, is seeking damages that have been estimated in excess of £10bn, which could conceivably lead to awards of £500 for every internet user in the UK. A parallel suit in the Netherlands backed by a Dutch group called The Privacy Collective Foundation could take the total damages to more than €15bn.

*Source

23,600 hacked databases have leaked from a defunct ‘data breach index’ site

  • Site archive of Cit0day.in has now leaked on two hacking forums after the service shut down in September.

  • The database collection is said to have originated from Cit0Day.in, a private service advertised on hacking forums to other cybercriminals. Cit0day operated by collecting hacked databases and then providing access to usernames, emails, addresses, and even cleartext passwords to other hackers for a daily or monthly fee.

  • Cybercriminals would then use the site to identify possible passwords for targeted users and then attempt to breach their accounts at other, more high-profile sites.

*Source

Wakefern and ShopRite Settle Slapdash Data Disposal Claim

  • The company has agreed to appoint a chief privacy officer and to ensure that all ShopRite stores with pharmacies in the Wakefern cooperative designate a HIPAA privacy officer and HIPAA security officer.
  • The companies agreed to the substantial settlement to resolve claims that they failed to protect the personal information of more than 9,700 New Jersey residents who shopped at ShopRite supermarkets in Millville, New Jersey, and Kingston, New York.
  • After the devices were replaced with newer technology by Wakefern in 2016, it is alleged that the old machines were simply tossed into dumpsters. Under HIPAA, any protected health information that may have been stored on the devices should have been removed prior to their disposal.

*Source

FBI: Hackers stole source code from US government agencies and private companies

  • FBI blames intrusions on improperly configured SonarQube source code management tools.
  • The alert specifically warns owners of SonarQube, a web-based application that companies integrate into their software build chains to test source code and discover security flaws before rolling out code and applications into production environments.
  • This year, a Swiss security researcher named Till Kottmann has also raised the same issue of misconfigured SonarQube instances. Throughout the year, Kottmann has gathered source code from tens of tech companies in a public portal, and many of these came from SonarQube applications.

*Source 

WEEK OF NOVEMBER 09, 2020

Hacker group uses Solaris zero-day to breach corporate networks

  • The zero-day appears to have been bought off a black-market website for $3,000.

  • Mandiant, the investigations unit of security firm FireEye, has published details today about a new threat actor it calls UNC1945 that the security firm says it used a zero-day vulnerability in the Oracle Solaris operating system as part of its intrusions into corporate networks.

  • Mandiant said that while UNC1945 has been active for several years, it spotted the Solaris zero-day in one confirmed breach; however, this doesn’t mean the zero-day wasn’t exploited against other corporate networks.

*Source 

Folksam data breach leaks info of 1M Swedes to Google, Facebook, more

  • The insurer discovered the data breach after an internal audit and reported the incident to the Swedish Data Protection Authority
  • “The companies that have received personal data from Folksam are, for example, Facebook, Google, Microsoft, Linkedin, and Adobe,” Wikström explained. “The purpose has been, among other things, to analyze what information logged-in customers and other visitors searched for on folksam.se.”

  • After discovering the breach, Folksam immediately stopped sharing the sensitive information with its digital partners and requested the information be deleted by the companies which received it.

*Source

Hackers Make Off With Millions From Wisconsin Republicans

  • According to the Wisconsin Republican Party, thieves used altered invoices to make off with $2.3 million in election funds.
  • The theft occurred when hackers modified invoices submitted for services such as direct mail and products like campaign giveaways so that payments went to the criminals rather than to the legitimate vendors, the state party says.

  • The theft exposed tensions between the state party and Trump re-election campaign officials, who learned about the hack from media reports, according the AP article.

*Source

Marriott Hotels fined £18.4m for data breach that hit millions

  • The UK’s data privacy watchdog has fined the Marriott Hotels chain £18.4m for a major data breach that may have affected up to 339 million guests.

  • The first part of the cyber-attack happened in 2014, affecting the Starwood Hotels group, which was acquired by Marriott two years later. But until 2018, when the problem was first noticed, the attacker continued to have access to all affected systems.

  • The ICO report makes clear Marriott beefed up the security of Starwood’s IT systems far too late and the hackers had free rein to move around, cherry-picking the data that would sell best on criminal forums.

*Source

Breaches down 51%, exposed records set new record with 36 billion so far

  • There were 2,935 publicly reported breaches in the first three quarters of 2020, with the three months of Q3 adding an additional 8.3 billion records to what was already the “worst year on record.
  • The report explores numerous factors such as how media coverage may be a factor contributing to the decline in publicly reported breaches. In addition, the increase of ransomware attacks may also have a part to play.
  • “After all, while the compromised data may be sensitive to the target organization, unless it contains a sufficient amount of personal data to trigger a notification obligation the event can go unreported.”

*Source

Lazada confirms 1.1M accounts compromised in RedMart security breach

  • An outdated database containing personal information including email addresses, encrypted passwords, and partial credit card numbers was illegally accessed.
  • An individual has claimed to be in possession of the database involved in the breach, which contains various personal information such as mailing addresses, encrypted passwords, and partial credit card numbers.
  • They were also informed of a “RedMart data security incident” that was discovered the day before, on October 29, as part of “regular proactive monitoring” carried out by the company’s cybersecurity team.

*Source 

WEEK OF NOVEMBER 02, 2020

Fragomen, a law firm used by Google, confirms data breach

  • Immigration law firm has confirmed a data breach involving the personal information of current and former Google employees.

  • The New York-based law firm provides companies with employment verification screening services to determine if employees are eligible and authorized to work in the United States.

  • The law firm said it discovered last month that an unauthorized third-party accessed a file containing personal information on a “limited number” of current and former Google employees.

*Source 

Nitro PDF data breach might impact major companies, including Microsoft, Google, and Apple

  • According to a security advisory issued by the software maker and unauthorized third party gained limited access to a company database.
  • Cybersecurity intelligence firm Cyble came across a threat actor that was selling a database, allegedly stolen from Nitro Software’s cloud service, that includes users’ data and documents. The huge archive contains 1TB of documents, the threat actor is attempting to sell it in a private auction with the starting price of $80,000.

  • The database contains a table named ‘user_credential’ that contains 70 million user records, including email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related data.

*Source

Finnish psychotherapy center Vastaamo suffered a shocking security breach

  • To worse the situation the hackers now demanding ransoms threatening to leak the stolen data.
  • Finland’s interior minister summoned an emergency meeting Sunday after the private Finnish psychotherapy center Vastaamo suffered a security breach that caused the exposure of patient records.

  • Vastaamo operates as a sub-contractor for Finland’s public health system, according to the authorities, the hackers have stolen patient sensitive data during two attacks that started almost two years ago.

*Source

FBI warns ransomware assault threatens US healthcare system

  • In a joint alert Wednesday, the FBI and two federal agencies warned that they had “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.”

  • The alert said malicious groups are targeting the sector with attacks that produce “data theft and disruption of healthcare services.”

  • Independent security experts say it has already hobbled at least five U.S. hospitals this week, and could potentially impact hundreds more.

*Source

Survey Uncovers High Level of Concern Over Firewalls

  • More than half of respondents are planning to reduce their network firewall footprint because of what they see as limitations in the technology.
  • The Ponemon Institute recently surveyed 603 US security professionals on their firewall use. The survey, sponsored by Guardicore, asked respondents to evaluate the effectiveness of firewalls in blocking ransomware and a range of other existing and emerging threats.
  • A relatively high percentage of cybersecurity leaders apparently perceive most firewall technologies — long a linchpin of enterprise security — as being ineffective in protecting their applications against attack.

*Source

Mimecast Research: Half of Workers Admit to Opening Emails They Considered Suspicious

  • ‘Check the Box’ Awareness Training has Little Impact on an Organization’s Security Posture.
  • Mimecast’s research found that 73% of respondents extensively use their company-issued device for personal matters, with nearly two-thirds (60%) admitting to an increase in frequency since starting to work remote. The most common activities were checking personal email (47%), carrying out financial transactions (38%) and online shopping (35%).
  • According to the State of Email Security 2020 report, personal email and browsing the web/shopping online were already two areas of major concern for IT professionals. Seventy-three percent said there was a risk to checking personal email as the cause of a serious security mistake, and 69% thought surfing the web or online shopping could likely cause an incident.

*Source