fbpx

SecureFact™

Your curated list of Data Security News happening across the world, in a simple yet intuitive form for the fast-paced cybersecurity professionals.

WEEK OF NOVEMBER 23, 2020

ModPipe malware decrypts Oracle point-of-sale database passwords

  • Security researchers have discovered a new malware geared with modules that target Oracle Micros Hospitality RES 3700 point-of-sale systems.

  • The researchers still don’t know how the malware compromises the PoS systems but they figured out its architecture, which includes an initial dropper, a persistent loader, the main module, a networking module, and downloadable components.

  • Details about the decryption mechanism are not public, suggesting that the threat actor may have reversed engineered the software for Oracle’s MICROS RES 3700 Restaurant POS System to understand how the passwords are encrypted and decrypted. Alternatively, they could have gotten the info from a 2016 data breach that affected Oracle’s Micros PoS division, or by buying the code on a cybercriminal market.

*Source 

Popular stock photo service hit by data breach, 8.3M records for sale

  • Stock photo site 123RF has suffered a data breach after a hacker began selling a database containing 8.3 million user records on a hacker forum.
  • From the samples of the database seen by BleepingComputer, the stolen data includes a 123RF members’ full name, email address, MD5 hashed passwords, company name, phone number, address, PayPal email if used, and IP address. There is no financial information stored in the database.

  • While the company states that the passwords are encrypted, the passwords are MD5 hashes. Unfortunately, using online MD5 cracking tools, BleepingComputer could easily retrieve the plain-text passwords for numerous accounts.

*Source

Hackers sponsored by Russia and North Korea are targeting COVID-19 researchers

  • Three nation-state-sponsored groups are targeting organizations throughout the world.
  • There are seven prominent companies that have been targeted, Microsoft Corporate VP for Customer Security & Trust Tom Burt said. They include vaccine-makers with COVID-19 vaccines in various clinical trial stages, a clinical research organization involved in trials, and a developer of a COVID-19 test.

  • Friday’s blog post comes two weeks after officials from three US governmental organizations warned that Russian ransomware hackers were targeting hundreds of US hospitals.

*Source

46M accounts were impacted in the data breach of children’s online playground Animal Jam

  • Kids aging 7 through 11 can play games, personalize their favorite animal, learn fun facts, and so much more. Animal Jam currently has over 130 million registered players and 3.3 million monthly active users.

  • This week a threat actor published two databases, titled ‘game_accounts’ and ‘users’, belonging to the popular gaming portal for free on a hacker forum. The huge trove of data was obtained by the black hat hacker ShinyHunters, which is known for several data leaks.

  • WildWorks immediately launched an investigation into the security breach, company, it appears that threat actors compromised the server of a third-party vendor WildWorks uses for intra-company communication. The attackers obtained a key that enabled them to access this database.

*Source

ICO fines Ticketmaster UK Limited £1.25million for failing to protect customers’ payment details

  • The ICO found that the company failed to put appropriate security measures in place to prevent a cyber-attack on a chat-bot installed on its online payment page.
  • The data breach, which included names, payment card numbers, expiry dates and CVV numbers, potentially affected 9.4million of Ticketmaster’s customers across Europe including 1.5million in the UK.
  • The breach began in February 2018 when Monzo Bank customers reported fraudulent transactions. The Commonwealth Bank of Australia, Barclaycard, Mastercard and American Express all reported suggestions of fraud to Ticketmaster. But the company failed to identify the problem. In total, it took Ticketmaster nine weeks from being alerted to possible fraud to monitoring the network traffic through its online payment page.

*Source

Nearly 28 million licensed Texas drivers hit by data breach

  • An insurance software company with access to DMV records says it was breached.
  • An insurance software company called Vertafore, which has legal access to that DMV information, said in a statement the data was inadvertently stored in an unsecured storage service that was hacked between March and August of this year.
  • The company says they reported it to the Texas Office of the Attorney General, the Texas Department of Motor Vehicles, and the Texas Department of Public Safety and wrote, “Vertafore’s notice was delayed at law enforcement’s request.” Vertafore says they hired a third-party firm to investigate but identified no misuse of the information so far.

*Source 

WEEK OF NOVEMBER 16, 2020

Hacker is selling 34 million user records stolen from 17 companies

  • Stolen databases are typically sold first in private sales, with prices ranging from $500 to $100,000.

  • According to the data breach broke, all of the seventeen databases being sold were obtained in 2020, with the largest breach being Geekie.com.br with 8.1 million records. The most well-known affected company is Singapore’s RedMart that exposed 1.1 million records.

  • The combined databases expose over 34 million user records. While a password is not included in every record, for example, Clip.mx, there is still useful information disclosed in each database that threat actors can use.

*Source 

Hacker group uses Solaris zero-day to breach corporate networks

  • The zero-day appears to have been bought off a black-market website for $3,000.
  • While UNC1945 activity went as far back as 2018, Mandiant said the group caught their eye earlier this year after the threat actor utilized a never-before-seen vulnerability in the Oracle Solaris operating system. Tracked as CVE-2020-14871, the zero-day was a vulnerability in the Solaris Pluggable Authentication Module (PAM) that allowed UNC1945 to bypass authentication procedures and install a backdoor named SLAPSTICK on internet-exposed Solaris servers.

  • Mandiant said the hackers then used this backdoor as an entry point to launch reconnaissance operations inside corporate networks and move laterally to other systems.

*Source

GDPR lawsuit against Oracle and Salesforce moves forward

  • Class action suit seeks claims worth more than £10bn over the processing of personal information.
  • The data processing policies and practices of two of the world’s largest software companies, Salesforce and Oracle, will come under scrutiny in the High Court of England and Wales in the biggest digital privacy class action lawsuit ever filed.

  • The suit, filed by privacy campaigner and data protection specialist Rebecca Rumbul, is seeking damages that have been estimated in excess of £10bn, which could conceivably lead to awards of £500 for every internet user in the UK. A parallel suit in the Netherlands backed by a Dutch group called The Privacy Collective Foundation could take the total damages to more than €15bn.

*Source

23,600 hacked databases have leaked from a defunct ‘data breach index’ site

  • Site archive of Cit0day.in has now leaked on two hacking forums after the service shut down in September.

  • The database collection is said to have originated from Cit0Day.in, a private service advertised on hacking forums to other cybercriminals. Cit0day operated by collecting hacked databases and then providing access to usernames, emails, addresses, and even cleartext passwords to other hackers for a daily or monthly fee.

  • Cybercriminals would then use the site to identify possible passwords for targeted users and then attempt to breach their accounts at other, more high-profile sites.

*Source

Wakefern and ShopRite Settle Slapdash Data Disposal Claim

  • The company has agreed to appoint a chief privacy officer and to ensure that all ShopRite stores with pharmacies in the Wakefern cooperative designate a HIPAA privacy officer and HIPAA security officer.
  • The companies agreed to the substantial settlement to resolve claims that they failed to protect the personal information of more than 9,700 New Jersey residents who shopped at ShopRite supermarkets in Millville, New Jersey, and Kingston, New York.
  • After the devices were replaced with newer technology by Wakefern in 2016, it is alleged that the old machines were simply tossed into dumpsters. Under HIPAA, any protected health information that may have been stored on the devices should have been removed prior to their disposal.

*Source

FBI: Hackers stole source code from US government agencies and private companies

  • FBI blames intrusions on improperly configured SonarQube source code management tools.
  • The alert specifically warns owners of SonarQube, a web-based application that companies integrate into their software build chains to test source code and discover security flaws before rolling out code and applications into production environments.
  • This year, a Swiss security researcher named Till Kottmann has also raised the same issue of misconfigured SonarQube instances. Throughout the year, Kottmann has gathered source code from tens of tech companies in a public portal, and many of these came from SonarQube applications.

*Source 

WEEK OF NOVEMBER 09, 2020

Hacker group uses Solaris zero-day to breach corporate networks

  • The zero-day appears to have been bought off a black-market website for $3,000.

  • Mandiant, the investigations unit of security firm FireEye, has published details today about a new threat actor it calls UNC1945 that the security firm says it used a zero-day vulnerability in the Oracle Solaris operating system as part of its intrusions into corporate networks.

  • Mandiant said that while UNC1945 has been active for several years, it spotted the Solaris zero-day in one confirmed breach; however, this doesn’t mean the zero-day wasn’t exploited against other corporate networks.

*Source 

Folksam data breach leaks info of 1M Swedes to Google, Facebook, more

  • The insurer discovered the data breach after an internal audit and reported the incident to the Swedish Data Protection Authority
  • “The companies that have received personal data from Folksam are, for example, Facebook, Google, Microsoft, Linkedin, and Adobe,” Wikström explained. “The purpose has been, among other things, to analyze what information logged-in customers and other visitors searched for on folksam.se.”

  • After discovering the breach, Folksam immediately stopped sharing the sensitive information with its digital partners and requested the information be deleted by the companies which received it.

*Source

Hackers Make Off With Millions From Wisconsin Republicans

  • According to the Wisconsin Republican Party, thieves used altered invoices to make off with $2.3 million in election funds.
  • The theft occurred when hackers modified invoices submitted for services such as direct mail and products like campaign giveaways so that payments went to the criminals rather than to the legitimate vendors, the state party says.

  • The theft exposed tensions between the state party and Trump re-election campaign officials, who learned about the hack from media reports, according the AP article.

*Source

Marriott Hotels fined £18.4m for data breach that hit millions

  • The UK’s data privacy watchdog has fined the Marriott Hotels chain £18.4m for a major data breach that may have affected up to 339 million guests.

  • The first part of the cyber-attack happened in 2014, affecting the Starwood Hotels group, which was acquired by Marriott two years later. But until 2018, when the problem was first noticed, the attacker continued to have access to all affected systems.

  • The ICO report makes clear Marriott beefed up the security of Starwood’s IT systems far too late and the hackers had free rein to move around, cherry-picking the data that would sell best on criminal forums.

*Source

Breaches down 51%, exposed records set new record with 36 billion so far

  • There were 2,935 publicly reported breaches in the first three quarters of 2020, with the three months of Q3 adding an additional 8.3 billion records to what was already the “worst year on record.
  • The report explores numerous factors such as how media coverage may be a factor contributing to the decline in publicly reported breaches. In addition, the increase of ransomware attacks may also have a part to play.
  • “After all, while the compromised data may be sensitive to the target organization, unless it contains a sufficient amount of personal data to trigger a notification obligation the event can go unreported.”

*Source

Lazada confirms 1.1M accounts compromised in RedMart security breach

  • An outdated database containing personal information including email addresses, encrypted passwords, and partial credit card numbers was illegally accessed.
  • An individual has claimed to be in possession of the database involved in the breach, which contains various personal information such as mailing addresses, encrypted passwords, and partial credit card numbers.
  • They were also informed of a “RedMart data security incident” that was discovered the day before, on October 29, as part of “regular proactive monitoring” carried out by the company’s cybersecurity team.

*Source 

WEEK OF NOVEMBER 02, 2020

Fragomen, a law firm used by Google, confirms data breach

  • Immigration law firm has confirmed a data breach involving the personal information of current and former Google employees.

  • The New York-based law firm provides companies with employment verification screening services to determine if employees are eligible and authorized to work in the United States.

  • The law firm said it discovered last month that an unauthorized third-party accessed a file containing personal information on a “limited number” of current and former Google employees.

*Source 

Nitro PDF data breach might impact major companies, including Microsoft, Google, and Apple

  • According to a security advisory issued by the software maker and unauthorized third party gained limited access to a company database.
  • Cybersecurity intelligence firm Cyble came across a threat actor that was selling a database, allegedly stolen from Nitro Software’s cloud service, that includes users’ data and documents. The huge archive contains 1TB of documents, the threat actor is attempting to sell it in a private auction with the starting price of $80,000.

  • The database contains a table named ‘user_credential’ that contains 70 million user records, including email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related data.

*Source

Finnish psychotherapy center Vastaamo suffered a shocking security breach

  • To worse the situation the hackers now demanding ransoms threatening to leak the stolen data.
  • Finland’s interior minister summoned an emergency meeting Sunday after the private Finnish psychotherapy center Vastaamo suffered a security breach that caused the exposure of patient records.

  • Vastaamo operates as a sub-contractor for Finland’s public health system, according to the authorities, the hackers have stolen patient sensitive data during two attacks that started almost two years ago.

*Source

FBI warns ransomware assault threatens US healthcare system

  • In a joint alert Wednesday, the FBI and two federal agencies warned that they had “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.”

  • The alert said malicious groups are targeting the sector with attacks that produce “data theft and disruption of healthcare services.”

  • Independent security experts say it has already hobbled at least five U.S. hospitals this week, and could potentially impact hundreds more.

*Source

Survey Uncovers High Level of Concern Over Firewalls

  • More than half of respondents are planning to reduce their network firewall footprint because of what they see as limitations in the technology.
  • The Ponemon Institute recently surveyed 603 US security professionals on their firewall use. The survey, sponsored by Guardicore, asked respondents to evaluate the effectiveness of firewalls in blocking ransomware and a range of other existing and emerging threats.
  • A relatively high percentage of cybersecurity leaders apparently perceive most firewall technologies — long a linchpin of enterprise security — as being ineffective in protecting their applications against attack.

*Source

Mimecast Research: Half of Workers Admit to Opening Emails They Considered Suspicious

  • ‘Check the Box’ Awareness Training has Little Impact on an Organization’s Security Posture.
  • Mimecast’s research found that 73% of respondents extensively use their company-issued device for personal matters, with nearly two-thirds (60%) admitting to an increase in frequency since starting to work remote. The most common activities were checking personal email (47%), carrying out financial transactions (38%) and online shopping (35%).
  • According to the State of Email Security 2020 report, personal email and browsing the web/shopping online were already two areas of major concern for IT professionals. Seventy-three percent said there was a risk to checking personal email as the cause of a serious security mistake, and 69% thought surfing the web or online shopping could likely cause an incident.

*Source 

WEEK OF OCTOBER 19, 2020

Personal data of Bharatmatrimony users breached says security firm Cyble Inc

  • The data leaked includes sensitive personal information like names, phone numbers, user IDs and date and time of account creation.

  • Customer data worth 1.7 GB belonging to thousands of users was up for sale in exchange for $500 in cryptocurrency, according to researchers at the firm.

  • The firm said that the parameter “themeid” was injected onto one of the website’s URLs. “We identified the breach and notified the company,” the cybersecurity firm said.

*Source 

Breach at Dickey’s BBQ Smokes 3M Cards

  • KrebsOnSecurity has learned the data was stolen in a lengthy data breach at more than 100 Dickey’s Barbeque Restaurant locations around the country.
  • Multiple companies that track the sale in stolen payment card data say they have confirmed with card-issuing financial institutions that the accounts for sale in the BlazingSun batch have one common theme: All were used at various Dickey’s BBQ locations over the past 13-15 months.

  • Gemini says its data indicated some 156 Dickey’s locations across 30 states likely had payment systems compromised by card-stealing malware, with the highest exposure in California and Arizona.

*Source

British Airways fined £20m over data breach

  • British Airways has been fined £20m ($26m) by the Information Commissioner’s Office (ICO) for a data breach which affected more than 400,000 customers.
  • The breach took place in 2018 and affected both personal and credit card data. The fine is considerably smaller than the £183m that the ICO originally said it intended to issue back in 2019.

  • The company breached data protection law and failed to protect themselves from preventable cyber attack. It then failed to detect the hack until the damage was done to hundreds of thousands of customers.

*Source

Haldiram’s crucial data stolen; hackers demand ₹7.50 lakh to release information

  • A Haldiram’s representative claimed the hacker(s) have demanded a ransom of ₹7,50,000 in order to decrypt the servers of the company including all its files.

  • The unidentified accused hacked the server of the company based in the industrial Sector 62 of Noida using a cyber malware popularly called ‘Ransomware Attack’, the police said.

  • It said that the hackers, to give effect to a pre-planned criminal conspiracy, have not only stolen data from the servers and systems of the company but have also contacted company officials through certain servers to illegally extort money to provide back the access to the company’s own data and to delete the stolen data from the servers and systems.

*Source

Chinese hackers using fake McAfee software to trick users into installing virus, says Google

  • Google in a blog post noted that China state-sponsored hackers are tricking people into installing malware by posing as the antivirus provider McAfee ahead of US elections.
  • But the company was storing hundreds of large spreadsheets packed with sensitive patient data in a storage bucket, hosted on Amazon Web Services (AWS), without a password, allowing anyone to access the data inside.
  • Google noted previous instances where attempts were made to hijack the email accounts of campaign staffers with President Donald Trump and Democratic nominee Joe Biden in June which it had successfully prevented.

*Source

Cybercrime Losses Up 50%, Exceeding $1.8B

  • Fewer companies are being hit by cyber incidents, but those that do get hit are hit harder and more often.
  • According Hiscox, a Bermuda-based insurance provider, cyber losses rose nearly sixfold worldwide over the past 12 months. Its recently released “Cyber Readiness Report 2020” pins the total cyber losses among affected firms at $1.8 billion — up a sobering 50% from the previous year’s total of $1.2 billion. Overall, more than 6% of the respondents in the report paid a ransom, and their collective losses totaled $381 million.
  • Cybercriminals demanded ransoms from roughly 17% of the companies they attacked, and caused dire financial consequences for the targets. The highest loss from ransom was more than $50 million for one unfortunate organization.

*Source 

WEEK OF OCTOBER 06, 2020

IT guy whose job was to stop ex-staff running amok on the network is jailed for running amok on the network

  • After he was demoted and fired, idiot logged into office PC from home and wiped storage systems.

  • On the day he was terminated, Stafford didn’t return his work-issued MacBook Pro, went home, and that evening used the laptop and his home internet connection to repeatedly attempt to log into the company’s network using his credentials and those of a former colleague.

  • A couple of days later, in the early hours, he managed to get into his office PC remotely using the coworker’s details. From there he was able to “delete all of the file storage drives used by the Washington office, then changed the password to access the storage management system.

*Source 

An unspecified US government agency was hacked by a miscreant who appears to have made off with archives of information.

  • Hacker had set up shop on network using stolen Office 365 accounts.
  • Armed with those stolen Office 365 credentials, the attacker logged into one of the agency’s O365 accounts, made a beeline for a SharePoint server, and browsed its pages and downloaded a file. Shortly after, the intruder connected to the unnamed agency’s VPN, presumably using information gleaned so far from snooping around.
  • Next, the miscreant enumerated the network using standard Windows command-line tools, connected to an external virtual server via SMB, and then, using their administrator credentials, sought to gain a persistent presence on the network.

*Source

85% of COVID-19 tracking apps leak data

  • 71% of healthcare and medical apps have at least one serious vulnerability that could lead to a breach of medical data, according to Intertrust.
  • The report investigated 100 publicly available global mobile healthcare apps across a range of categories—including telehealth, medical device, health commerce, and COVID-tracking—to uncover the most critical mHealth app threats.

  • Cryptographic issues pose one of the most pervasive and serious threats, with 91% of the apps in the study failing one or more cryptographic tests. This means the encryption used in these medical apps can be easily broken by cybercriminals, potentially exposing confidential patient data, and enabling attackers to tamper with reported data, send illegitimate commands to connected medical devices, or otherwise use the application for malicious purposes.

*Source

German privacy watchdog fines H&M $41M for spying on workers

  • A German privacy watchdog is fining clothing retailer H&M 35.3 million euros ($41 million) after the company was found to have spied on some of its employees in Germany.

  • Hamburg’s data protection commissioner said in a statement that the Swedish company collected private information about employees at a customer service center in Nuremberg, “ranging from rather harmless details to family issues and religious beliefs.”

  • The data protection commissioner, Johannes Caspar, said that “the combination of collecting details about their private lives and the recording of their activities led to a particularly intensive encroachment on employees’ civil rights.”

*Source

After breach, Twitter hires a new cybersecurity chief

  • Following a high-profile breach in July, Twitter has hired Rinki Sethi as its new chief information security officer.
  • Twitter had left the role of chief information security officer vacant since the departure of its previous security chief, Mike Convertino, who left in December to join cyber resilience firm Arceo.
  • In July, the company was hit by a very public cyberattack on the company’s internal “admin” tools that played out on the social media platform in real time, as hackers hijacked high-profile Twitter accounts to spread a cryptocurrency scam. The hackers used voice phishing, a social engineering technique that involves tricking someone on the phone to hand over passwords or access to internal systems.

*Source

Emerging challenges and solutions for the boards of financial-services companies

  • Mature boards are making themselves valuable partners for management in the effort to make firms more resilient.
  • A growing number of firms—22 percent overall, and as many as 35 percent in some segments—have a technology committee to oversee cybersecurity.
  • Mature firms are also streamlining their metrics and linking KPIs and key risk indicators (KRIs) by implementing metrics that measure both inputs and outputs. Inputs are a company’s risk-reduction efforts, and outputs are the resulting reduction in enterprise risk. 

*Source 

WEEK OF OCTOBER 27, 2020

Morgan Stanley Fined $60m Over Data Disposal

  • Among the issues flagged by the OCC were inadequate risk assessment and monitoring of third-party vendors and a failure to keep track of customer information.

  • Morgan Stanley, which is headquartered in New York City, was also found to have failed to exercise adequate due diligence in selecting the third-party vendor engaged by Morgan Stanley and failed to adequately monitor the vendor’s performance.

  • Three years on from the decommissioning of the two data centers, the OCC found data disposal at the banks was still not as it should be.

*Source 

US retailer Made in Oregon confirms website data breach

  • Customer credit card details included in list of potentially stolen information.
  • According to the retailer, an unauthorized third party accessed information in an attack dating from February to August this year. Information including names, billing addresses, email addresses, and credit card details entered through the site was potentially accessed.

  • In a breach notification to consumers that was also posted on the Vermont Attorney General’s Office website, the company said it wasn’t aware of any other information being accessed.

*Source

Dr Reddy’s suffers cyber-attack, isolates all its data center services

  • In the wake of a detected cyber-attack, we have isolated all data center services to take required preventive actions, the company said.
  • Commenting on the development, Mukesh Rathi, CIO, Dr Reddy’s Laboratories said, “We are anticipating all services to be up within 24 hours and we do not foresee any major impact on our operations due to this incident.”

  • The share price of Dr Reddy’s Laboratories fell on the report of the data breach. The stock was trading 1.19 percent lower at Rs 4,986.90 on the BSE, at 10: 55 am.

*Source

U.S.: Russian hackers targeting state, local governments on eve of election

  • The attackers may be trying to gain footholds in U.S. computer networks to aid subsequent efforts to undermine the American political process, the federal advisory warned.

  • A Russian hacking team best known for attacks on energy companies “has conducted a campaign against a wide variety of U.S. targets” including “dozens” of state and local governments, the FBI and DHS’s Cybersecurity and Infrastructure Security Agency said in an alert.

  • The FBI and CISA initially disclosed on Oct. 9 that sophisticated hackers were targeting state and local governments and had gained “unauthorized access to elections support systems,” but at the time they did not attribute the activity to Russia.

*Source

How AI Will Supercharge Spear-Phishing

  • To keep pace with intelligent, unpredictable threats, cybersecurity will have to adopt an intelligent security of its own.
  • But AI won’t just be used for good. Inevitably, it will also open the door for sophisticated cyberattacks like the threat spelled out above. Indeed, AI will supercharge spear-phishing with automated, intelligent technology. Hyper-realistic, machine-written copy is not some distant fiction. Rather, the technology required for this already exists today.
  • Artificial intelligence won’t just power phishing attacks either. It will augment every kind of cyberattack with adaptive decision-making capabilities. Automatically crafting a well-informed, well-written email containing a malicious payload is just the start; the inbox is simply a gateway into the organization.

*Source

Credential-Stuffing Attacks Plague Loyalty Programs

  • But that’s not the only type of web attack cybercriminals have been profiting from.
  • Between July 2018 and June 2020, Akamai observed more than 63 billion credential-stuffing attacks lobbied against the retail, travel, and hospitality industries, all of which rely heavily on consumer awards programs.
  • Loyalty program accounts are easy pickings for credential stuffing because “many consumers don’t think of them as high risk and are more likely to use weak passwords or mirror accounts they’re using with another organization.”

*Source 

WEEK OF OCTOBER 19, 2020

Personal data of Bharatmatrimony users breached says security firm Cyble Inc

  • The data leaked includes sensitive personal information like names, phone numbers, user IDs and date and time of account creation.

  • Customer data worth 1.7 GB belonging to thousands of users was up for sale in exchange for $500 in cryptocurrency, according to researchers at the firm.

  • The firm said that the parameter “themeid” was injected onto one of the website’s URLs. “We identified the breach and notified the company,” the cybersecurity firm said.

*Source 

Breach at Dickey’s BBQ Smokes 3M Cards

  • KrebsOnSecurity has learned the data was stolen in a lengthy data breach at more than 100 Dickey’s Barbeque Restaurant locations around the country.
  • Multiple companies that track the sale in stolen payment card data say they have confirmed with card-issuing financial institutions that the accounts for sale in the BlazingSun batch have one common theme: All were used at various Dickey’s BBQ locations over the past 13-15 months.

  • Gemini says its data indicated some 156 Dickey’s locations across 30 states likely had payment systems compromised by card-stealing malware, with the highest exposure in California and Arizona.

*Source

British Airways fined £20m over data breach

  • British Airways has been fined £20m ($26m) by the Information Commissioner’s Office (ICO) for a data breach which affected more than 400,000 customers.
  • The breach took place in 2018 and affected both personal and credit card data. The fine is considerably smaller than the £183m that the ICO originally said it intended to issue back in 2019.

  • The company breached data protection law and failed to protect themselves from preventable cyber attack. It then failed to detect the hack until the damage was done to hundreds of thousands of customers.

*Source

Haldiram’s crucial data stolen; hackers demand ₹7.50 lakh to release information

  • A Haldiram’s representative claimed the hacker(s) have demanded a ransom of ₹7,50,000 in order to decrypt the servers of the company including all its files.

  • The unidentified accused hacked the server of the company based in the industrial Sector 62 of Noida using a cyber malware popularly called ‘Ransomware Attack’, the police said.

  • It said that the hackers, to give effect to a pre-planned criminal conspiracy, have not only stolen data from the servers and systems of the company but have also contacted company officials through certain servers to illegally extort money to provide back the access to the company’s own data and to delete the stolen data from the servers and systems.

*Source

Chinese hackers using fake McAfee software to trick users into installing virus, says Google

  • Google in a blog post noted that China state-sponsored hackers are tricking people into installing malware by posing as the antivirus provider McAfee ahead of US elections.
  • But the company was storing hundreds of large spreadsheets packed with sensitive patient data in a storage bucket, hosted on Amazon Web Services (AWS), without a password, allowing anyone to access the data inside.
  • Google noted previous instances where attempts were made to hijack the email accounts of campaign staffers with President Donald Trump and Democratic nominee Joe Biden in June which it had successfully prevented.

*Source

Cybercrime Losses Up 50%, Exceeding $1.8B

  • Fewer companies are being hit by cyber incidents, but those that do get hit are hit harder and more often.
  • According Hiscox, a Bermuda-based insurance provider, cyber losses rose nearly sixfold worldwide over the past 12 months. Its recently released “Cyber Readiness Report 2020” pins the total cyber losses among affected firms at $1.8 billion — up a sobering 50% from the previous year’s total of $1.2 billion. Overall, more than 6% of the respondents in the report paid a ransom, and their collective losses totaled $381 million.
  • Cybercriminals demanded ransoms from roughly 17% of the companies they attacked, and caused dire financial consequences for the targets. The highest loss from ransom was more than $50 million for one unfortunate organization.

*Source 

WEEK OF OCTOBER 06, 2020

IT guy whose job was to stop ex-staff running amok on the network is jailed for running amok on the network

  • After he was demoted and fired, idiot logged into office PC from home and wiped storage systems.

  • On the day he was terminated, Stafford didn’t return his work-issued MacBook Pro, went home, and that evening used the laptop and his home internet connection to repeatedly attempt to log into the company’s network using his credentials and those of a former colleague.

  • A couple of days later, in the early hours, he managed to get into his office PC remotely using the coworker’s details. From there he was able to “delete all of the file storage drives used by the Washington office, then changed the password to access the storage management system.

*Source 

An unspecified US government agency was hacked by a miscreant who appears to have made off with archives of information.

  • Hacker had set up shop on network using stolen Office 365 accounts.
  • Armed with those stolen Office 365 credentials, the attacker logged into one of the agency’s O365 accounts, made a beeline for a SharePoint server, and browsed its pages and downloaded a file. Shortly after, the intruder connected to the unnamed agency’s VPN, presumably using information gleaned so far from snooping around.
  • Next, the miscreant enumerated the network using standard Windows command-line tools, connected to an external virtual server via SMB, and then, using their administrator credentials, sought to gain a persistent presence on the network.

*Source

85% of COVID-19 tracking apps leak data

  • 71% of healthcare and medical apps have at least one serious vulnerability that could lead to a breach of medical data, according to Intertrust.
  • The report investigated 100 publicly available global mobile healthcare apps across a range of categories—including telehealth, medical device, health commerce, and COVID-tracking—to uncover the most critical mHealth app threats.

  • Cryptographic issues pose one of the most pervasive and serious threats, with 91% of the apps in the study failing one or more cryptographic tests. This means the encryption used in these medical apps can be easily broken by cybercriminals, potentially exposing confidential patient data, and enabling attackers to tamper with reported data, send illegitimate commands to connected medical devices, or otherwise use the application for malicious purposes.

*Source

German privacy watchdog fines H&M $41M for spying on workers

  • A German privacy watchdog is fining clothing retailer H&M 35.3 million euros ($41 million) after the company was found to have spied on some of its employees in Germany.

  • Hamburg’s data protection commissioner said in a statement that the Swedish company collected private information about employees at a customer service center in Nuremberg, “ranging from rather harmless details to family issues and religious beliefs.”

  • The data protection commissioner, Johannes Caspar, said that “the combination of collecting details about their private lives and the recording of their activities led to a particularly intensive encroachment on employees’ civil rights.”

*Source

After breach, Twitter hires a new cybersecurity chief

  • Following a high-profile breach in July, Twitter has hired Rinki Sethi as its new chief information security officer.
  • Twitter had left the role of chief information security officer vacant since the departure of its previous security chief, Mike Convertino, who left in December to join cyber resilience firm Arceo.
  • In July, the company was hit by a very public cyberattack on the company’s internal “admin” tools that played out on the social media platform in real time, as hackers hijacked high-profile Twitter accounts to spread a cryptocurrency scam. The hackers used voice phishing, a social engineering technique that involves tricking someone on the phone to hand over passwords or access to internal systems.

*Source

Emerging challenges and solutions for the boards of financial-services companies

  • Mature boards are making themselves valuable partners for management in the effort to make firms more resilient.
  • A growing number of firms—22 percent overall, and as many as 35 percent in some segments—have a technology committee to oversee cybersecurity.
  • Mature firms are also streamlining their metrics and linking KPIs and key risk indicators (KRIs) by implementing metrics that measure both inputs and outputs. Inputs are a company’s risk-reduction efforts, and outputs are the resulting reduction in enterprise risk. 

*Source 

WEEK OF SEPTEMBER 29, 2020

US Staffing Firm Hit by Ransomware Again

  • One of the largest IT staffing companies in America has been hit by a second ransomware attack in nine months.

  • At the start of September, Artech Information Systems disclosed a data breach caused by a ransomware attack perpetrated between January 5 and 8, 2020.

  • Attackers deployed the ransomware three days after gaining unauthorized access to some of the company’s systems. The incident was picked up by the company following reports of suspicious activity on the user account of an Artech employee.

*Source 

Medical group announces data breach of patient information at Montana hospitals

  • SCL Health Medical Group announced on Sept. 10 a data breach of patient information that occurred earlier this year, including personal information of patients at three Montana hospitals.
  • The information that may have been accessed includes patient names, dates of birth, addresses, phone numbers, email addresses, admission dates, hospital locations, service locations and treatment providers.

  • Encrypted information, like social security numbers, financial accounts and credit card information stored in Blackbaud was not accessed after a forensic investigation was conducted by the company. The incident did not involve any access to medical system or electronic health records.

*Source

The Real Cost of a Data Breach for Your Brand

  • The aftermath can hurt in more ways than just a bank balance.
  • Customer trust is the cornerstone of any brand’s success, and a failure of data security impacts this all-important area immediately. Studies show that private data such as credit card and social security numbers are top targets and that 48 percent of consumers have cut ties with brands that have had a security breach.

  • A data breach can drive a promising day straight into the gutter and leave your business in pain for much longer. A data breach blows the doors off any sense of security for your customer base and is blood in the water to competitors. The best way to attend to both issues is to ensure your internal systems are prepared to meet the moment.

*Source

Minnesota Suffers Second-Largest Data Breach

  • Hundreds of thousands of Minnesotans are receiving letters warning them that their data may have been exposed in the second-largest healthcare data breach in state history.

  • Attackers gained access to copies of a backup fundraising database stored by the Children’s Minnesota Foundation on Blackbaud’s cloud computing systems. Individuals impacted by the breach have been warned to monitor their medical bills for any instances of fraud.

  • To date, over 3 million people in the United States have been impacted by the attack on Blackbaud, which has also impacted a number of universities, charities, and organizations in the United Kingdom. 

*Source

SFU ransomware attack exposed data from 250,000 accounts, documents show

  • Officials didn’t disclose number in March when personal data of students, faculty, alumni were compromised.
  • The information included student and employee identification numbers, full names, birthdays, course enrolments and encrypted passwords. Accounts were also linked to staff and retirees.
  • The loophole arose when a developer replaced a software tool on an SFU computer and assumed the new version behaved the same way. The previous version had allowed local network access only, but the new software was open globally to the internet.

*Source

Shopify announces data breach affecting fewer than 200 merchants

  • The e-commerce giant (SHOP) (SHOP.TO) says the data breach was a result of “two rogue members” on a support team who allegedly “engaged in a scheme to obtain customer transactional records of certain merchants.”
  • Shopify added this was not a result of technical issues or vulnerabilities and that “the vast majority of merchants using Shopify are not affected.”
  • It did note that data of customers related to those merchants could have been exposed, including contact information like email and names, addresses, order details, and products and services purchased.

*Source 

WEEK OF SEPTEMBER 21, 2020

Magecart Attack Impacts More Than 10K Online Shoppers

  • Close to 2,000 e-commerce sites were infected over the weekend with a payment-card skimmer, maybe the result of a zero-day exploit.

  • According to Sansec Threat Intelligence, online stores running Magento versions 1 and 2 are being targeted in a classic Magecart attack pattern, where e-commerce sites are hacked, either via a common vulnerability or stolen credentials.

  • Researchers recently reported that they have seen an uptick in the number of e-commerce sites that are being attacked by Magecart and related groups, dovetailing with new tactics.

*Source 

Staples discloses data breach exposing customer order data

  • The office retail giant sent out a data breach notification letter to the impacted customers, the incident took place around September 2.
  • According to the notification, no sensitive data was exposed and an unauthorized party only accessed a limited amount of order data for customers of Staples.com. 

  • Staples revealed that exposed order data includes customers’ names, addresses, email addresses, phone numbers, last four credit card digits, cost of the products, delivery and product ordered. The data accessed by the hackers did not include account credentials and full payment card data.

*Source

Hackers working for China have successfully compromised US government systems, according to a federal cybersecurity agency

  • Hackers linked to the Chinese government have successfully infiltrated US government systems across “many sectors,” according to the Cybersecurity and Infrastructure Security Agency and the FBI.
  • The report suggests that, after vulnerabilities are discovered and publicized by US defenders, hackers are often able to exploit the vulnerabilities before government agencies patch them.

  • CISA did not specify which agencies were compromised or how many records were potentially stolen, but says that hackers were frequently successful using “low-complexity” methods.

*Source

Blackbaud hack: US healthcare organizations confirm data breach impacted 190,000 patients

  • So far, the Blackbaud incident has affected hundreds of organizations from healthcare providers to universities and other charities.

  • Children’s Minnesota, one of the largest children’s healthcare organizations in the US, recently announced that the personal data of more than 160,000 patients may have been compromised in the incident.

  • Joseph Carson, chief security officer at Thycotic, added: “It is essential to perform a data impact and risk assessment on any software a company decides to use such as what data is being collected, what security controls it has, data integrity and availability such as a strong data backup and resiliency.

*Source

Ransomware warning: Hackers are launching fresh attacks against universities

  • Cybersecurity agency warns about a spike in ransomware attacks targeting universities and colleges.
  • With colleges and universities gearing up to start the new academic year and welcome new students – while already facing challenges because of the ongoing coronavirus pandemic – they’ve been urged to make sure their cybersecurity infrastructure is ready to defend the additional challenge of a ransomware attack.
  • The warning from the UK’s National Cyber Security Centre (NCSC) – the cyber arm of GCHQ – comes following a recent spike in hackers targeting universities with ransomware attacks during August. In some instances, hackers have not only demanded a significant bitcoin ransom from victims of attacks, but they’ve also threatened to leak stolen personal data of students if they’re not paid.

*Source

Brazil’s LGPD now in effect — what does this mean for enforcement?

  • The LGPD, strongly inspired by the EU General Data Protection Regulation, establishes various obligations and principles regarding the treatment of people’s personal data.
  • Simply and objectively speaking, the entry into force of the LGPD now generates the immediate need for companies to adjust their practices to the law because its rules are valid without delay.
  • With the postponement of the penalties until 2021, companies need to be aware that the law can already be applied by the courts or other competent authorities, making it a valuable instrument to protect personal data.

*Source 

WEEK OF SEPTEMBER 14, 2020

Service NSW reveals 738GB of customer data was stolen during email breach

  • Attack accessed 47 staff email accounts and affected 186,000 customers.

  • Service NSW said it would now progressively notify affected customers by sending personalised letters via registered post containing information about the data that was stolen and how they could access support, including access to an individual case manager to help with possibly replacing some documents.

  • Service NSW said in light of the incident, it has added additional security measures to protect against future attacks, such as partnering with IDCare that will provide the agency with additional “cyber support”.

*Source 

China Launches Initiative to Set Global Data-Security Rules

  • Move, unveiled Tuesday is meant to counter U.S. Clean Network effort.
  • China’s initiative has eight key points including not using technology to impair other countries’ critical infrastructure or steal data, and making sure service providers don’t install backdoors in their products and illegally obtain user data.
  • It is unclear if any country has signed up to China’s initiative and how it will be implemented and policed. But the world’s second-largest economy has been looking to increase its role in setting standards around the world.

*Source

Cyberattackers Go Global To Steal Company Cash

  • With cyberattacks skyrocketing amid the pandemic, new data is rolling out to paint a picture of just how damaging the ramped-up thievery has become.
  • $80,000 is now the average amount phishers demand from their business email compromise targets, according to new research from the Anti-Phishing Working Group (APWG) in its second-quarter 2020 Phishing Activity Trends Report.

  • Yet, as researchers pointed out, the amount of funds sought vary significantly from one attack to the other, with one particular BEC-attack group seeking an average of $1.27 million per targeted attack. The average sought in a BEC scam is up from $54,000 in the first quarter of the year.

*Source

How can the C-suite support CISOs in improving cybersecurity?

  • The shift to widespread remote work has made a compelling case for the need to bring security within the remit of other departments.

  • While CISOs continue to spearhead the development of the organization’s security program and define the security mission and culture, other C-suite executives can vocally support these programs to ensure their integrity throughout the whole process, from vision and development to implementation and ongoing enforcement.

  • One likely companion for this type of cross-department alignment is the Chief Operating Officer (COO). This means a good COO today needs to encourage a business culture that supports security efforts thoroughly, while also ensuring security is prioritized at a tactical level.

*Source

Gaming hardware manufacturer Razer suffered a data leak

  • An unsecured database managed by the company containing gamers’ info was exposed online.
  • Discovery made by the security researcher Bob Diachenko found that the unsecured database exposed the information of approximately 100,000 individuals who purchased items from Razer’s online store.
  • The unsecured database was discovered on August 19, it contained customers’ info, including a name, email address, phone number, order numbers, order details, and billing and shipping addresses.

*Source

Inova Suffers Third-Party Data Breach

  • The breach occurred as part of a ransomware attack against service provider Blackbaud.
  • According to Blackbaud, data was exfiltrated between February 7, 2020, and May 20, 2020. The exfiltration was part of a ransomware attack that did not succeed in encrypting significant data at Blackbaud.
  • Ultimately, though, the company says that it paid a ransom in order to have the exfiltrated data destroyed, which it says was done.

*Source