SecureFact™

Your curated list of Data Security News happening across the world, in a simple yet intuitive form for the fast-paced cybersecurity professionals.

WEEK OF AUGUST 10, 2020

Intel investigating breach after 20GB of internal documents leak online

  • Leak confirmed to be authentic. Many files are marked “confidential” or “restricted secret.”
  • The data was published by Till Kottmann, a Swiss software engineer, who said he received the files from an anonymous hacker who claimed to have breached Intel earlier this year. The Swiss engineer said today’s leak represents the first part of a multi-part series of Intel-related leaks.
  • None of the leaked files contain sensitive data about Intel customers or employees, based on ZDNet’s review. However, the question remains to what else the alleged hacker had access to before stealing and releasing Intel’s confidential files.

*Source

Online Exam Tool Suffers Data Breach

  • According to a spokesperson, the data exposed relates to ProctorU users who registered on or before 2014.
  • A database of 440,000 ProctorU user records was published by hacker group ShinyHunters over the past week along with hundreds of millions of other user records.
  • ProctorU user data exposed includes usernames, unencrypted passwords, legal names, and full residential addresses.

*Source

Capital One fined $80 million for 2019 hack of 100 million credit card applications

  • The Capital One hack was one of the largest data breaches ever to hit a financial services firm.
  • The OCC said in a statement that the Capital One fine was “based on the bank’s failure to establish effective risk assessment processes” before it moved a major portion of its computer data to a cloud storage system, “and the bank’s failure to correct the deficiencies in a timely manner.”
  • When it announced the breach last year, Capital One emphasized that no credit card numbers or log-in credentials were compromised.

*Source

Trump Signs Executive Order That Will Effectively Ban Use Of TikTok In the U.S.

  • A move that steps up pressure on the Chinese-owned app to sell its U.S. assets to an American company.

  • Since the Trump administration began turning up the heat on TikTok, software giant Microsoft has confirmed it is among a handful of companies in early talks to acquire the short-form video service.

  • Officials at Microsoft say it is examining a TikTok acquisition that would potentially buy TikTok’s American, Canadian, Australian and New Zealand services, but officials close to the deal say the final offer may include operations in even more countries.

*Source

Macy’s sued over use of Clearview facial-recognition software

  • It was targeted in one of the first lawsuits against users of the controversial facial-recognition software made by startup Clearview AI.
  • Clearview’s software allows users to try to match a face against a database of images it scrapes from the internet, including sites like Youtube and Facebook. 
  • Though it is marketed primarily as a tool for law enforcement, the New York Times and Buzzfeed News reported earlier in the year that it had also been used by several major retailers, with Macy’s conducting more than 6,000 searches.

*Source

Nine in ten Americans view data privacy as a human right, according to new report

  • Americans are becoming increasingly concerned with, and distrustful of, how companies use, manage and protect their personal data.
  • KPMG surveyed 1000 Americans in May 2020. It reveals that nine out of ten respondents think that companies should be held responsible for corporate data breaches (91%), take corporate data responsibility seriously (91%), and take the lead in establishing corporate data responsibility (91%)
  • Nine out of ten (91%) respondents agree that the right to delete personal data and the right to know how their data is being used should be extended to all US citizens – similar to the GDPR regulations for European citizens.

*Source 

WEEK OF AUGUST 03, 2020

The Data Privacy Loophole Federal Agencies Are Still Missing

  • The knowledge-based authentication is leaving federal contact centers vulnerable to an increasingly sophisticated hacker community.
  • One of the most immediate risks to customer data privacy on the federal level lies in an over-reliance on knowledge-based authentication across a number of government agencies.
  • Regardless of which road a federal agency takes in 2020 when it comes to data privacy, it’s become clear in the fed tech community that KBA is a relic, one that leaves contact centers vulnerable to an increasingly sophisticated hacker community.

*Source

GEDmatch confirms data breach after users’ DNA profile data made available to police

  • In a statement on Wednesday, the company told users by email that it was hit by two security breaches on July 19 and July 20.
  • The site, which lets users upload their DNA profile data to trace their family tree and ancestors, rose to overnight fame in 2018 after law enforcement used the site to match the DNA from a serial murder suspect against the site’s million-plus DNA profiles in the site’s database without first telling the company.
  • GEDmatch issued a privacy warning to its users and put in new controls to allow users to opt-in for their DNA to be included in police searches.

*Source

Slack credentials abundant on cybercrime markets, but little interest from hackers

  • Security researchers find more than 17,000 Slack credentials for roughly 12,000 Slack workspaces being sold online.
  • Reporters claim the hacker found a username and password for an internal Twitter admin tool pinned to one of the Slack channel’s chat rooms, which the hacker later used to wreak havoc on Twitter by defacing high-profile accounts with a cryptocurrency scam.
  • Slack credentials might not be as useful as G Suite or Microsoft 365 accounts, but hackers usually work by mimicking successful hacks, and the Twitter hack showed that Slack workspaces might be a good place to lurk in search for sensitive data.

*Source

Hackers wipe out more than 1000 databases, leaving only the word “Meow”

  • The attack saw a database that had details of the UFO VPN. UFO VPN, and other products from seemingly the same company, had recently been in the news for exposing user information.

  • The attack seems to have come from a bot, according to Forbes, as the attack script overwrites database indexes with random numerical strings and the word ‘Meow’. It is unclear who is the source of the attacks.

  • It appears that the attackers are running searchers for servers which expose information by not being password protected – like how security companies conduct research and reports.

*Source

Clever hackers are making ATMS spit out all their money

  • Jackpotting involves attaching rogue devices called “black boxes” to open up programming interfaces inside the ATM machine’s software and issue commands, forcing it to, proverbially, make it rain.
  • Previous jackpotting approaches involved the use of black boxes that were even able to change the maximum amount a given ATM was authorized to spit out.
  • There is a silver lining to the latest hack, as Ars Technica points out. The thieves’ new approach doesn’t seem to target the retrieval of personal banking information, as has been the case with previous schemes.

*Source

Blackbaud Hack: Universities lose data to ransomware attack

  • At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked a cloud computing provider.
  • Blackbaud, one of the world’s largest providers of education administration, fundraising, and financial management software, has been criticised for not disclosing this externally until July and for having paid the hackers an undisclosed ransom.
  • The UK’s Information Commissioner’s Office [ICO], as well as the Canadian data authorities, were informed about the breach last weekend – weeks after Blackbaud discovered the hack.

*Source 

WEEK OF JULY 28, 2020

The European Union’s highest court declared that the EU-U.S. Privacy Shield for international data transfers arrangement is invalid.

  • The Court of Justice of the European Union, however, did uphold the validity of standard contractual clauses.
  • The court said that the ombudsperson mechanism in the U.S. — a role created by the Privacy Shield arrangement — “does not provide data subjects with any cause of action before a body which offers guarantees” at the level of EU law.

  • Beyond the massive implications for data transfers to the U.S., the decision will place a greater burden on businesses exporting data to other countries via SCCs. It will also require more work from EU supervisory authorities, many of which are already faced with limited resources.

*Source

Walmart Sued Under CCPA After Data Breach

  • The retail giant is the subject of a new complaint alleging that customers now face “significant injuries and damage” after an unspecified incident.
  • Customer names, addresses, financial and other information were among the haul for attackers, according to the suit filed in the US District Court for the Northern District of California.
  • Although it’s unknown at present how many customers were affected by the incident, the filing claims that the number of class members is “at least in the thousands.”

*Source

340 GDPR fines for a total of €158,135,806 issued since May 2018

  • Every one of the 28 EU nations, plus the United Kingdom, has issued at least one GDPR fine.
  • Whilst GDPR sets out the regulatory framework that all EU countries must follow, each member state legislates independently and is permitted to interpret the regulations differently and impose their own penalties to organizations that break the law.

  • The second-highest number of fines comes from Hungary. The National Authority for Data Protection and Freedom of Information has issued 32 fines to date. The largest being €288,000 issued to an ISP for improper and non-secure storage of customers’ personal data.

*Source

Orange, Europe’s Fourth-Largest Mobile Operator, Confirms Ransomware Attack

  • Orange Business Services provides support for business and local governments through the digital transformation journey.

  • Orange was added to the Nefilim dark web site that details “corporate leaks” on July 15. Samples of data that the Nefilim group says were exfiltrated from Orange customers were included in a 339MB archive.

  • Nefilim is a relatively new ransomware operator, discovered earlier this year, which follows the recent trend for stealing data that can be used to leverage ransom payment.

*Source

More than 20 million VPN users warned of massive data breach

  • It’s estimated around one billion online records have been exposed in a massive data breach.
  • In a report provided to 9News, the researchers say the server was “completely open and accessible, exposing private user data for everyone to see”. It’s claimed affected apps include UFO VPN, FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN and Rabbit VPN.
  • Lead researcher Noam Rotem said his team found entries within the exposed database that contained personal details about users, such as email addresses, home addresses, clear text passwords, IP addresses and other identifying information.

*Source

Test and Trace program skipped GDPR privacy assessment

  • England’s Test and Trace program launched nationally at the end of May, and there is still no sign of the data privacy assessment required by GDPR.
  • In a privacy notice published at the start of the program, health authorities also said that the information gathered could be used for alternative purposes, such as research into COVID-19, and that patients had “limited” rights to ask for data to be deleted.
  • An ICO spokesperson said that the organization has been working with the government as “a critical friend” in this case, providing guidance and advice for some elements of the scheme, while maintaining that there is not always a requirement for a DPIA to be shared with the regulator.

*Source 

WEEK OF JULY 20, 2020

Health insurance firm Religare has been hit by hackers

  • Cybersecurity firm Cyble has claimed that over 5 million records of Religare users have been leaked and posted on the Dark Web.
  • Cyble claims that the list of data exposed includes: Customer’s name, address, mobile number, email id, date of birth (dob); customer’s ID, policy number, start date, end date, agent assigned; name of the policy, sum insured, renewal amount; and employee /agents full names, mobile numbers, dob, usernames, password hashes, individual authorisation keys, official email IDs, email signatures having office address and personal mobile numbers, last login and logout, internal IP address through which they connected to the portal.

*Source

The MGM Resorts 2019 data breach is much larger than initially reported

  • According to the ad on the dark web, the hacker is selling the details of 142,479,937 MGM hotel guests for a price just over $2,900.
  • The security breach came to light in February 2020 after a batch of 10.6 million MGM hotel guests’ data was offered as a free download on a hacking forum. At the time, MGM admitted to suffering a security breach, but the company didn’t disclose the full breadth of the intrusion.
  • The hacker claims to have obtained the hotel’s data after they breached DataViper, a data leak monitoring service operated by Night Lion Security.

*Source

LiveAuctioneers reports data breach after user records sold online

  • On July 10th, 2020, a data breach broker began selling a database that allegedly contains 3.4 million user records stolen from the LiveAuctioneers’ site.
  • BleepingComputer was told by the data broker that the database is being sold for $2,500. This data allegedly contains user’s email addresses, usernames, MD5 hashed passwords, names, phone numbers, addresses, IP addresses, and social media profiles.

  • In addition to the this data, the seller stated that 3 million of the accounts had their passwords decrypted, which were included in the sale. This type of data is a treasure trove for threat actors as it can be used in targeted phishing attacks and credential stuffing attacks at other sites

*Source

Twitter reveals that its own employee tools contributed to unprecedented hack

  • Twitter says hackers compromised high-profile accounts thanks to access to internal tools.

  • In a series of tweets posted under its support channel, Twitter said that its internal systems were compromised by the hackers, confirming theories that the attack could not have been conducted without access to the company’s own tools and employee privileges.

  • It seems as if Twitter is acknowledging here that numerous people appear to have been involved in the hacks, not just one individual, and also that numerous employees were compromised, too.

*Source

Vulns in Open Source EHR Puts Patient Health Data at Risk

  • Five high-risk flaws in health IT software from LibreHealth, a researcher at Bishop Fox finds.
  • The vulnerabilities give unauthenticated attackers multiple ways to compromise the application’s underlying server and gain access to sensitive patient health information and health records.
  • Since the beginning of the pandemic earlier this year, security vendors have noted a general increase in attacker interest not just in electronic health systems but in a variety of other services which have seen a recent surge in use.

*Source

Critical flaw allows hackers to breach SAP systems with ease

  • SAP NetWeaver Application Server Java vulnerability can be exploited without authentication and lead to complete system takeover.
  • Researchers from security firm Onapsis who found and reported the vulnerability estimate that 40,000 SAP customers worldwide might be affected.
  • Over 2,500 vulnerable SAP systems are directly exposed to the internet and are at higher risk of being hacked, but attackers who gain access to local networks can compromise other deployments.

*Source 

WEEK OF JULY 14, 2020

India panel proposes new regulator for non-personal data: draft report

  • “There is a need to create a regulator or authority for data business, which provides centralized regulation for all non-personal data exchanges,” the government-appointed panel said in the report.
  • A company collecting data beyond a yet unspecified threshold should register as a “data business” in India, the report said, with government bodies also subject to the need to disclose what information they collect and store, and how they use it.

  • The panel consulted companies such as Amazon, Microsoft and Uber, as well as some international experts, in drawing up the report, it said.

*Source

Companies start reporting ransomware attacks as data breaches

  • Corporate victims are finally starting to realize that ransomware attacks are data breaches and have begun to notify employees and clients about data stolen data.
  • A tactic used by almost all enterprise-targeting ransomware is to steal unencrypted files before encrypting a breached network. The threat actors then use these stolen files as leverage by threatening to leak or sell the data if a ransom is not paid.
  • Unfortunately, many companies choose to sweep ransomware attacks under the rug and do not adequately disclose that personal data was stolen, even to employees who were affected.

*Source

Billions of passwords now available on underground forums, say security researchers

  • Cybersecurity researchers at Digital Shadows spent 18 months analysing how hackers gain access to and use stolen account details and have detailed how account takeover has never been easier or cheaper for cyber criminals.
  • Usernames and passwords for everything from network administrator accounts and bank details to streaming services and anti-virus software are up for grabs on the dark web – and many are being distributed for free.
  • Many breached accounts are shared multiple times – suggesting that despite being hacked, the user remains unaware of what has happened. But despite that duplication, researchers say there’s still over five billion ‘unique’ accounts up for sale on the cyber-criminal underground, providing buyers access to hacked online services.

*Source

Delivery startup Dunzo suffers data breach, numbers, emails leaked

  • No payment information, like credit or debit cards etc. has been compromised, says CTO Mukund Jha.

  • Dunzo also hasn’t revealed when the hack actually occurred or how long the database was left exposed. It’s unclear whether the attackers got access to its entire database or how many users were exposed.

  • The company also sent emails to its users informing them about the data breach, stating that it has secured its databases, rotated access tokens and changed all passwords. The email doesn’t tell users to change their passwords, but that’s likely because Dunzo uses phone numbers and one time passwords for logins.

*Source

60% of Insider Threats Involve Employees Planning to Leave

  • Researchers shows most “flight-risk” employees planning to leave an organization tend to start stealing data two to eight weeks before they go.
  • More than 80% of employees planning to leave an organization bring its data with them. These “flight-risk” individuals were involved in roughly 60% of insider threats analyzed in a new study.
  •  As more companies trust their employees to do the right thing while using cloud applications, it gets tougher to figure out when someone has gone rogue.

*Source

Morgan Stanley Tells Customers of Potential Data Compromise

  • Morgan Stanley is offering some current and former wealth management customers a two-year free subscription to a credit report monitoring service to compensate for the potential compromise of personal data.
  • In a memo sent Thursday afternoon to the firm’s 15,400 brokers, field management head Vince Lumia said the issue stems from two data centers closed in 2016. Some servers and other hardware were sold to recyclers by a vendor Morgan Stanley had hired to scrub the devices that left some client data extant, he explained.
  • Morgan Stanley is considering appropriate legal action against the firm hired to scrub the data, the person said, declining to name the vendor.

*Source 

WEEK OF JULY 06, 2020

AMT healthcare data breach impacts nearly 50,000 patients

  • Client information exposed after attack on senior care company’s email network
  • Potentially compromised data includes patient names, Social Security numbers, medical record numbers, diagnosis information, health insurance policy, medical history information, HIPAA account information, and driver’s license/state identification numbers.
  • Potentially affected patients are being offered free credit monitoring services, and AMT said it has employed extra security safeguards to protect information on its web infrastructure.

*Source

Russian Criminal Group Finds New Target: Americans Working at Home

  • American officials worry election infrastructure could be next.
  • Sophisticated new attacks by the hacking group — which the Treasury Department claims has at times worked for Russian intelligence — were identified in recent days by Symantec Corporation.
  • While ransomware has long been a concern for American officials, after devastating attacks on the cities of Atlanta and Baltimore and towns across Texas and Florida, it has taken on new dimensions in an election year.

*Source

350,000 Social Media Influencers and Users at Risk Following Data Breach

  • The leak was discovered by Risk Based Security’s data breach research team on June 6 when a known threat actor revealed they had compromised Preen.
  • The information includes influencers’ social media links, email addresses, names, phone numbers and home addresses. It was noted that those affected appear to be associated with cosmetic or lifestyle-related content.
  • Those exposed are also susceptible to spam and substantial harassment via their leaked contact information, as well as spear-phishing and identity theft scams if enough personally identifiable information is gathered.

*Source

V Shred data leak exposes PII, sensitive photos of fitness customers and trainers

  • V Shred defended the public status of its open bucket and only partially solved the problem.

  • The bucket, discovered on May 14, originally contained 1.3 million files, totaling 606GB of data. Among the files were three .CSV files of particular note; one that appeared to be a lead generation list, another a client email list, and a trainer list.

  • Combined, the files contained names, home addresses, email addresses, dates of birth, some Social Security numbers, social media accounts details, usernames and passwords, age ranges, genders, and citizenship status, among other data points.

*Source

University of California SF Pays Ransom After Medical Servers Hit

  • As one of at least three universities hit in June, the school paid $1.14 million to cybercriminals following an attack on “several IT systems” in the UCSF School of Medicine.
  • The crypto-ransomware attacks, which have been attributed to the NetWalker group, also reportedly hit Michigan State University and Columbia College of Chicago.
  • BBC News managed to get a fly-on-the-wall view of the negotiation between UCSF and the NetWalker criminal group — a negotiation that started at $3 million. After some back and forth, the two parties negotiated to 116.4 Bitcoins, or $1.14 million, which the school paid.

*Source

500,000 BMW, Mercedes and Hyundai owners hit by massive data breach

  • As per the report, the hackers claim that they got hold of the database via a call centre that works with a range of car manufacturers.
  • The database is believed to consist of 500,000 customer records dated from 2016 to 2018. These not only include the details of Brits who own BMW cars, but also owners of Mercedes, Honda, Hyundai and SEAT vehicles.
  • Last month, the hackers sold 16 databases that contained the information of contractors working for the U.S. government and weapons being created by the Russian armed forces.

*Source 

WEEK OF JULY 02, 2020

Major security breach at Service NSW after staff member opened phishing email

  • The malicious attack, discovered on April 22 of this year, illegally accessed the emails of 47 staff members.
  • Forensic specialists hired by Service NSW and working to identify any personal information that may have been accessed in this attack. The breach impacts customers who have gone into a Service NSW branch, or contacted the service over the phone.
  • Service NSW CEO Damon Rees said internal cyber security teams stopped the attack and worked to limit the impact on our customers and services.”We are now working as quickly as possible to confirm the scope of this attack on the personal information of our customers,” Mr Rees said.

*Source

EasyJet admits data of nine million hacked

  • It said email addresses and travel details had been stolen and that 2,208 customers had also had their credit and debit card details “accessed”.
  • EasyJet added that it had gone public now in order to warn the nine million customers whose email addresses had been stolen to be wary of phishing attacks. It said that it would notify everyone affected by 26 May.
  • It did not provide details about the nature of the attack or the motives, but said its investigation suggested hackers were targeting “company intellectual property” rather than information that could be used in identity theft.

*Source

Verizon Data Breach Report

  • Denial of Service (DoS), ransomware, and financially-motivated data breaches were the winners in this year’s Verizon DBIR.
  • this year DoS attacks increased in number (13,000 incidents) and were also seen as a bigger part of cybercriminals’ toolboxes (DoS attacks made up 40 percent of security incidents reported), beating out crimeware and web applications.
  • Cyber espionage attacks meanwhile have seen a downward spiral, dropping from making up 13.5 percent of breaches in 2018 to a mere 3.2 percent of data breaches in 2019.

*Source

Japan suspects missile data leak in Mitsubishi cyberattack

  • Chief Cabinet Secretary Yoshihide Suga told reporters that the Defense Ministry is investigating “the possible impact of the information leak on national security.”
  • The ministry suspects the information might have been stolen from documents sent from several defense equipment makers as part of a bidding process for the project. Mitsubishi Electric did not win the bid, Japanese media reports said.
  • Mitsubishi said in a statement Wednesday that it had reported to the Defense Ministry in February a possible leak of sensitive information related to a cyberattack earlier this year. Mitsubishi has acknowledged that its personal data on some 8,000 people also might have been leaked.

*Source

Hackers leak personal data of 29 million Indians on the dark web for free

  • Folders in the name of some of the leading job websites in India also appeared on the screenshot posted by Cyble.
  • The security incident has resulted in the exposure of sensitive data belonging to customers of the company and its staff, and even of internal API keys.
  • Wool sales were halted for several days and hastily rescheduled, with an estimated 70,000 bales held in limbo. The industry’s turnover in a typical week is up to A$80 million, but prices may now drop as the postponed sales cause a glut in the market.

*Source

Bank of America reveals data breach in PPP application process

  • Charlotte-based BofA said application information may have been visible to other SBA-authorized lenders and their vendors.
  • Compromised information could include business details, such as an address or tax identification number, or a business owner’s information, such as name, address, Social Security number, phone number, email and citizenship status.
  • The bank said the data breach did not affect the applications’ submission to the SBA. It asked the SBA to remove the visible information that same day, according to the filing.

*Source 

WEEK OF JUNE 29, 2020

IT giant Cognizant confirms data breach after ransomware attack

  • Cognizant has stated that unencrypted data was most likely accessed and stolen during an April Maze Ransomware attack.
  • On April 17th, Cognizant began emailing their clients to warn them that they were under attack by the Maze Ransomware so that they could disconnect themselves from Cognizant and protect themselves from possibly being affected.
  • This email also contained indicators of compromise that included IP addresses utilized by Maze and file hashes for the kepstl32.dll, memes.tmp, and maze.dll files. These IP addresses and files are known to be used in previous attacks by the Maze ransomware actors.

*Source

Hundreds of malicious chrome browser extensions were used for stealing user sensitive data

  • These malicious extensions could collect all credential tokens saved in cookies, and they also take screenshots, browse the content of the clipboard, and grasp the user keystrokes as well.
  • It’s one of the massive spyware attack operations that quietly hit through 32 million downloads of malicious extensions.
  • Well, if any user downloaded the malicious extension then, they will automatically get connected to several websites. So it can transmit all sensitive information, but, if you are working on the corporate network, then it will not transmit any data.

*Source

Hacker allegedly breaches govt database on COVID-19 test-takers

  • An unknown hacker has allegedly breached a government database of 230,000 people who have undergone COVID-19 testing.
  • The hacker, under the username Database Shopping, offered the personal data of COVID-19 test-takers in Indonesia on the data-exchange platform Raid Forums, where another member put up for sale the personal information of 15 million users from homegrown e-commerce unicorn Tokopedia’s internal database for US$5,000.
  • The database included personal details such as the names, addresses, ages and nationalities of the patients undergoing COVID-19 testing at several hospitals in Bali.

*Source

Stalker Online Breach: 1.3 Million User Records Stolen

  • Security researchers are warning players of a popular MMO game that over 1.3 million user records are being sold on dark web forums.
  • Usernames, passwords, email addresses, phone numbers and IP addresses belonging to players of Stalker Online were found by researchers from CyberNews.
  • Two databases were found on underground sites as part of a dark web monitoring project undertaken by the research outfit, one containing around 1.2 million records and another of 136,000 records.

*Source

Twitter apologises for business data breach

  • Twitter has emailed its business clients to tell them that personal information may have been compromised.
  • In an email to its clients, Twitter said it was “possible” others could have accessed personal information. The personal data includes email addresses, phone numbers and the last four digits of clients’ credit card numbers.

  • The company said it became aware of the issue on 20 May, and has since fixed the problem. In an email to affected users, the firm said: “We’re very sorry this happened. We recognise and appreciate the trust you place in us, and are committed to earning that trust every day.”

*Source

Breach Concerns Hit Record Levels Due to COVID-19

  • Annual “Black Hat USA Attendee Survey” indicates unprecedented concern over possible compromises of enterprise networks and US critical infrastructure.
  • Seventy percent of cybersecurity pros said they believe they will have to respond to a major security breach in their own organizations in the coming year, up from 59% in 2018.
  • When asked whether they have sufficient security staff to defend their enterprises against current cyberthreats, 59% said no. When asked whether they had enough budget to defend their data against current threats, a majority (56%) also said no.

*Source 

WEEK OF JUNE 15, 2020

Reidentification Risk Of Masked Datasets

  • Many companies take a one-size-fits-all easy route to data security, such as using Pretty Good Privacy (PGP) and thinking that 95% of the world won’t be able to reverse it only to find that this assumption is incorrect.
  • Some companies have even kicked the tires on synthetic data (pseudo values generated by algorithms), but that also negatively impacts testing since non-production environments need large volumes of data that carry the complexity of real data in order to test effectively and build the right enhancements.
  • There’s always a trade-off: Either your data is highly secure but low in functionality or vice versa. In search of alternatives, companies move to more sophisticated methods of data protection, such as anonymization and masking, to ensure data security in regard to functionality and performance.
  • There is a catch, however, and it’s the reason why it’s so important that proper and complete anonymization and masking are critical. The focus really needs to be on reducing the risk of reidentification while preserving the functionality of the data (data richness, demographics, etc).

*Source

Honda Tackling Suspected Ransomware Infection

  • Honda is investigating a cyber-attack on its IT network in Europe which researchers are claiming is Ekans ransomware.
  • A security researcher known as @milkr3am, posted several screenshots including one with purported Ekans (aka Snake) code that checks specifically for the mds.honda.com domain, indicating that this variant has been specially customized to target the firm.
  • This isn’t the first time Honda’s cybersecurity posture has come under scrutiny. Back in 2011 its American arm admitted to a data breach which compromised the personal details of over two million customers.

*Source

Fitness Depot notifies customers of data breach

  • The fitness retailer has said its ISP was to blame for a breach of its online store.
  • As per Fitness Depot’s letter, attackers compromised the company’s online store and gained access to customers’ personal and financial information. Information accessed by the attackers may have included customers’ names, addresses, contact information, and credit card numbers.
  • Though Fitness Depot discovered the breach on May 20, 2020, it dates as far back as Feb. 18, 2020. While customers who placed orders for home delivery were impacted between Feb. 18 and April 27, any customer who ordered products for home delivery or in-store pick-up would have been affected between April 28 and May 22.

*Source

CPA Canada breach put 329,000 accounting pros at risk

  • 329,000 professionals are now at risk of sustained attacks, and therefore their clients are at risk.
  • The information involved predominately relates to the distribution of the CPA Magazine and includes personal information such as names, addresses, email addresses, and employer names.
  • Paul Bischoff, a privacy advocate at Comparitech, warned accountants who belong to CPA Canada to “be on the lookout for targeted phishing and scam emails from cybercriminals posing as clients, employers, and other accountants” and avoid clicking on attachments and links in unsolicited emails.

*Source

Babylon Health admits GP app suffered a data breach

  • The firm was alerted to the problem after one of its users discovered he had been given access to dozens of video recordings of other patients’ consultations.
  • Babylon allows its members to speak to a doctor, therapist, or other health specialists via a smartphone video call and, when appropriate, sends an electronic prescription to a nearby pharmacy. It has more than 2.3 million registered users in the UK.
  • “People’s medical data is highly sensitive information, not only do people expect it to be handled carefully and securely, organizations also have a responsibility under the law,” said a spokeswoman from ICO.

*Source

North Dakota passes landmark privacy policy protecting higher-ed student data

  • The new policy was created by the North Dakota Student Association and unanimously voted to be implemented on June 4.
  • The resolution implements guidelines related to the collection, use, as well as control access to students’ personally identifiable information, and will forbid the state’s 11 public colleges from selling or releasing any student’s information for advertising purposes.
  • Although student data privacy laws, like the Family Educational Rights and Privacy Act, include provisions to protect students prohibiting the sale of data, many of the guidelines are wide open to interpretation.

*Source 

WEEK OF JUNE 08, 2020

Over 600 NTT Customers Hit in Major Data Breach

  • The firm claimed in a lengthy statement on Thursday that it detected unauthorized access to its Active Directory (AD) server on May 7
  • It appears that hackers first compromised a cloud server (labelled server B by the firm) located in its Singapore data center, before using it as a stepping stone to attack another internal server (server A) and its AD server.
  • Attackers also jumped from server B to compromise an information management server (server C) used to service NTT’s cloud and hosting customers. It is server C which NTT Communications claimed attackers may have breached to steal data on 621 customers.

*Source

Joomla team discloses data breach

  • Joomla says a team member left an unencrypted backup of the JRD portal on a private AWS S3 bucket.
  • The incident took place after a member of the Joomla Resources Directory (JRD) team left a full backup of the JRD site (resources.joomla.org) on an Amazon Web Services S3 bucket owned by their own company.
  • The Joomla team said the backup file was not encrypted and contained details for roughly 2,700 users who registered and created profiles on the JRD website — a portal where professionals advertise their Joomla site-making skills.

*Source

Data of 7 Mn Indian Users Breached at Service Centres: Israeli Co

  • The exposed data also included images of individuals’ Aadhaar cards and UPI identifiers.
  • According to a report in The Times of India (TOI), vpnMentor discovered a breach where the data of millions of users was exposed while onboarding them to the BHIM app.
  • Cyber espionage attacks meanwhile have seen a downward spiral, dropping from making up 13.5 percent of breaches in 2018 to a mere 3.2 percent of data breaches in 2019.

*Source

Amtrak discloses data breach, potential leak of customer account data

  • The rail service says that customer PII may have been compromised.
  • The data breach was discovered on April 16, 2020. In a letter to the Attorney General’s Office of Vermont, made public on April 29, the rail service said that an unknown third party managed to fraudulently access Amtrak Guest Rewards accounts.
  • Amtrak says that some personal information was viewable, although the company has not specifically said what data may have been compromised. However, Amtrak was keen to emphasize that Social Security numbers, credit card information, and other financial data was not involved in the data leak.

*Source

Taiwan government mega-breach feared as trove of 20m citizens’ data found on dark web

  • Database has now been removed from underground marketplace, researchers have confirmed.
  • In a blog post published on May 29, Cyble said an underground retailer of data breach spoils – “known and reputable” in terms of the data’s authenticity – had named the source of the leak as the Ministry of the Interior’s Department of Household Registration.
  • The 3.5 GB database contained citizens’ full names, postal addresses, phone numbers, government IDs, genders, and dates of birth, according to Cyble.

*Source

Ransomware gang says it breached one of NASA’s IT contractors

  • DopplePaymer ransomware gang claims to have breached DMI, a major US IT and cybersecurity provider, and one of NASA IT contractors.
  • In a blog post published today, the DopplePaymer ransomware gang said it successfully breached the network of Digital Management Inc. (DMI), a Maryland-based company that provides managed IT and cyber-security services on demand.
  • It is unclear how deep inside DMI’s network the DopplePaymer gang made it during their breach, and how many customer networks they managed to breach.

*Source 

WEEK OF JUNE 02, 2020

Major security breach at Service NSW after staff member opened phishing email

  • The malicious attack, discovered on April 22 of this year, illegally accessed the emails of 47 staff members.
  • Forensic specialists hired by Service NSW and working to identify any personal information that may have been accessed in this attack. The breach impacts customers who have gone into a Service NSW branch, or contacted the service over the phone.
  • Service NSW CEO Damon Rees said internal cyber security teams stopped the attack and worked to limit the impact on our customers and services.”We are now working as quickly as possible to confirm the scope of this attack on the personal information of our customers,” Mr Rees said.

*Source

EasyJet admits data of nine million hacked

  • It said email addresses and travel details had been stolen and that 2,208 customers had also had their credit and debit card details “accessed”.
  • EasyJet added that it had gone public now in order to warn the nine million customers whose email addresses had been stolen to be wary of phishing attacks. It said that it would notify everyone affected by 26 May.
  • It did not provide details about the nature of the attack or the motives, but said its investigation suggested hackers were targeting “company intellectual property” rather than information that could be used in identity theft.

*Source

Verizon Data Breach Report

  • Denial of Service (DoS), ransomware, and financially-motivated data breaches were the winners in this year’s Verizon DBIR.
  • this year DoS attacks increased in number (13,000 incidents) and were also seen as a bigger part of cybercriminals’ toolboxes (DoS attacks made up 40 percent of security incidents reported), beating out crimeware and web applications.
  • Cyber espionage attacks meanwhile have seen a downward spiral, dropping from making up 13.5 percent of breaches in 2018 to a mere 3.2 percent of data breaches in 2019.

*Source

Japan suspects missile data leak in Mitsubishi cyberattack

  • Chief Cabinet Secretary Yoshihide Suga told reporters that the Defense Ministry is investigating “the possible impact of the information leak on national security.”
  • The ministry suspects the information might have been stolen from documents sent from several defense equipment makers as part of a bidding process for the project. Mitsubishi Electric did not win the bid, Japanese media reports said.
  • Mitsubishi said in a statement Wednesday that it had reported to the Defense Ministry in February a possible leak of sensitive information related to a cyberattack earlier this year. Mitsubishi has acknowledged that its personal data on some 8,000 people also might have been leaked.

*Source

Hackers leak personal data of 29 million Indians on the dark web for free

  • Folders in the name of some of the leading job websites in India also appeared on the screenshot posted by Cyble.
  • The security incident has resulted in the exposure of sensitive data belonging to customers of the company and its staff, and even of internal API keys.
  • Wool sales were halted for several days and hastily rescheduled, with an estimated 70,000 bales held in limbo. The industry’s turnover in a typical week is up to A$80 million, but prices may now drop as the postponed sales cause a glut in the market.

*Source

Bank of America reveals data breach in PPP application process

  • Charlotte-based BofA said application information may have been visible to other SBA-authorized lenders and their vendors.
  • Compromised information could include business details, such as an address or tax identification number, or a business owner’s information, such as name, address, Social Security number, phone number, email and citizenship status.
  • The bank said the data breach did not affect the applications’ submission to the SBA. It asked the SBA to remove the visible information that same day, according to the filing.

*Source