SecureFact™

Your curated list of Data Security News happening across the world, in a simple yet intuitive form for the fast-paced cybersecurity professionals.

WEEK OF NOVEMBER 29, 2021

Cyber attacks on the UK hit new record – with COVID vaccine research prime target

  • A review by the National Cyber Security Centre, part of GCHQ, found that a number of the incidents were linked to hostile states, including Russia and China.
  • This included a global hacking campaign, blamed on Russia’s foreign intelligence service, which impacted the US government most significantly.
  • Britain’s cyber security agency had to tackle a record 777 cyber incidents over the past year, with coronavirus vaccine research a prime target for attack.
  • The total number of incidents the NCSC had to respond to over the past 12 months was up from 723 the previous year.

*Source

Panel on data protection bats for individual privacy

  • Strongly advocating the need to protect the privacy of individuals, the Joint Parliamentary Committee on Personal Data Protection Bill has asked the Centre to take “concrete steps ” to ensure a mirror copy of sensitive and critical personal data in possession of foreign entities be mandatorily brought to India.
  • The committee has asked the Centre to consider an individual’s ‘right to be forgotten’ by clarifying the responsibilities of data fiduciaries but noted this may depend on available technology and practicability of such applications.
  • The panel has held it may not always be easy to distinguish between “non personal” and “personal” data and the proposed authority must consider both within its ambit.

*Source

Wind turbine giant Vestas says data was compromised in security incident

  • One of the world’s largest wind turbine manufacturers, Vestas Wind Systems, says it’s contending with a cyberattack that forced the firm shut down some of its IT systems.
  • The Danish company said Monday that it’s investigating the security incident, discovered Nov. 19, and mitigating the impact.
  • Vestas has “together with external partners worked around the clock to contain the situation and re-establish the integrity of its IT systems,” it said in a statement. “The company’s preliminary findings indicate that the incident has impacted parts of Vestas’ internal IT infrastructure and that data has been compromised.”
  • Vestas, long considered an industry leader with a reported $34 billion in market value, watched a dip in stock value as word of the apparent breach spread.

*Source

GoDaddy data breach exposes over 1 million WordPress customers’ data

  • Web hosting giant GoDaddy on Monday disclosed a data breach that resulted in the unauthorized access of data belonging to a total of 1.2 million active and inactive customers, making it the third security incident to come to light since 2018.
  • In a filing with the U.S. Securities and Exchange Commission (SEC), the world’s largest domain registrar said that a malicious third-party managed to gain access to its Managed WordPress hosting environment on September 6 with the help of a compromised password, using it to obtain sensitive information pertaining to its customers.
  • The Arizona-based company claims over 20 million customers, with more than 82 million domain names registered using its services.
  • GoDaddy said it’s in the process of issuing and installing new certificates for the impacted customers. As a precautionary measure, the company also stated it has reset the affected passwords and it’s bolstering its provisioning system with added security protections.

*Source

US education software company exposed personal data of 1.2M students

  • SmarterSelect, a U.S.-based company that provides software for managing the application process for scholarships, exposed the personal data of thousands of applicants because of a misconfigured Google Cloud Storage bucket.
  • The data spill, discovered by cybersecurity company UpGuard, contained 1.5 terabytes of data collected by a number of programs that offer financial support to students.
  • The data included documents such as academic transcripts, resumes and invoices for approximately 1.2 million applications to funding programs, dated from November 2020 to September 21, 2021.

*Source 

Maritime giant Swire Pacific Offshore suffers data breach following cyber-attack

  • The maritime organization, which is headquartered in Singapore, said in a press release that it had suffered “unauthorized access to its IT systems”.
  • It reads: “The unauthorized access has resulted in the loss of some confidential proprietary commercial information and has resulted in the loss of some personal data.”
  • While the company did not share any details about the cyber-attack, it did note that the incident was reported to the relevant authorities, presumably Singapore’s Personal Data Protection Committee (PDPC).
  • SPO also said it has taken measures to “reinforce” existing security protocols and mitigate further attacks. It also reported that none of its global operations were affected.

*Source 

WEEK OF NOVEMBER 22, 2021

More than 500,000 Utahns’ sensitive information possibly hacked

  • Utah Imaging Associates, Inc. (UIA), a Farmington-based radiology medical practice, learned that a hacker gained access to sensitive personal information of former and current patients.
  • A hacker may have gained unauthorized access to personal information of UIA’s patients.
  • Under privacy laws, the U.S. Department of Health and Human Services’ Office of Civil Rights must post any breach of health information affecting more than 500 people. According to their website, the Utah breach potentially affected 583,643 Utahns.

*Source

Banks ordered to promptly flag cybersecurity incidents under new U.S. rule

  • U.S. banking regulators on Thursday finalized a rule that directs banks to report any major cybersecurity incidents to the government within 36 hours of discovery.
  • “The financial services industry is a top target, facing tens of thousands of cyberattacks each day,” said Kenneth Bentsen, CEO of the Securities Industry and Financial Markets Association, which organized and led the industry drill.
  • The new bank rule stipulates that banks must notify their primary regulator of a significant computer security breach as soon as possible, and no later than 36 hours after discovery.
  • Banks also must notify customers as soon as possible of a cybersecurity incident if it results in problems lasting more than four hours.

*Source

California Pizza Kitchen warns employees of personnel data breach

  • California Pizza Kitchen informed 103,767 current and former employees on Monday (Nov. 15) that personal data the company held, including names and Social Security numbers, may have been accessed by digital intruders during a September cyberattack.
  • A draft letter from the company to employees, available on the California attorney general’s website, states that “on or about September 15, 2021, CPK learned of a disruption to certain systems on our computing environment.”
  • The letter adds that California Pizza Kitchen secured its environment after discovering the disruption and “with the assistance of leading third-party computer forensic specialists, launched an investigation to determine the nature and scope of the incident.

*Source

Costco Confirms: A data skimmer’s been ripping off customers

  • Big-box behemoth retailer Costco is offering victims 12 months of credit monitoring, a $1 million insurance reimbursement policy and ID theft recovery services.
  • Costco has discovered a payment card skimming device at one of its retail stores and has sent out notification letters informing customers that their card data may have been ripped off if they shopped there recently.
  • Costco workers removed the device, notified the authorities and is working with law enforcement as they investigate the incident.

*Source

South Korean apartments’ CCTV intercoms hacked nationwide and footage of their personal lives were sold on the dark web

  • Not only was footage of regular home lives revealed, but provocative video content was leaked too.
  • A hacker had revealed that he was in possession of multiple videos and was selling the videos in bulk for 0.1 bitcoin per day of footage. 0.1 bitcoin according to standards of November 15, 2021, would be worth around ₩8.00 million KRW (about $6,780 USD).
  • Korean apartments mostly have a smart intercom system which allows them to video through CCTV who was at their door. The hacker gained access to almost all the apartments with such devices in South Korea.
  • The government is working on the issue to revise home technology and network security. Such measures will include password authentication and more. Unfortunately, little can be done about the already leaked footage.

*Source 

Cybercriminals increasingly employ crypto-mixers to launder stolen profits

  • Crypto-mixer services are set to grow as ransomware and other cybercriminal enterprises increasingly lean into cryptocurrency, new research shows.
  • Cryptocurrency mixing — a technique that uses pools of cryptocurrency to complicate the tracking of electronic transactions — has become a common service used by cybercriminals and is expected to become even more popular as governments regulate cryptocurrency exchanges in the future, researchers say.
  • Threat intelligence firm Intel 471 warned in a new report that crypto-mixers have professional-looking sites, offer services in English and often Russian, and handle individual transactions up to hundreds of thousands, or even hundreds of millions, of dollars. One service processed more than 54 bitcoins, or about $3.4 million, in less than two months.
  • In addition, crypto-mixing providers have started partnering with ransomware-as-a-service (RaaS) gangs to split fees for any group that offers mixing as part of their ransomware service, suggesting the service will only become more popular.

*Source 

WEEK OF NOVEMBER 15, 2021

China proposes new guidelines on foreign data transfers; Many more companies would face national security reviews

  • A new set of draft rules proposed by the Cyberspace Administration of China (CAC) would greatly expand national security screening of data being transferred to foreign countries.
  • If the rules are approved at the end of November, a broad range of Chinese companies will be subject to screening of data transfers that involve personal information or pertain to critical infrastructure.
  • The draft rules call for additional screening of data transfers if companies process the personal data of more than 100,000 people, if the data contains something particularly sensitive (such as fingerprints) and totals more than 10,000 people, or if the company operates critical information infrastructure.

*Source

HPE says hackers breached Aruba Central using stolen access key

  • HPE has disclosed that data repositories for their Aruba Central network monitoring platform were compromised, allowing a threat actor to access collected data about monitored devices and their locations.
  • HPE disclosed that a threat actor obtained an “access key” that allowed them to view customer data stored in the Aruba Central environment. The threat actor had access for 18 days between October 9th, 2021, and October 27th, when HPE revoked the key.
  • The exposed repositories contained two datasets, one for network analytics and the other for Aruba Central’s ‘Contract Tracing’ feature.

*Source

BlackMatter ransomware gang, responsible for olympus attack, announces it is shutting down

  • The BlackMatter ransomware gang rose to prominence in the criminal underworld this summer after competitors such as DarkSide and REvil fell by the wayside. The upstart group now appears to have suffered the same fate, according to malware researcher VX-Underground.
  • The group posted a message on its ransomware-as-a-service (RaaS) portal last week indicating it was going out of business due to “pressure from the authorities.”
  • The gang said that within 48 hours (over the weekend) the entire ransomware infrastructure would be disabled, and appeared to give its affiliates a window in which to obtain a decryptor key.

*Source

New Apple Privacy Policy has cost big tech platforms $10 billion in lost ad revenue

  • Apple’s privacy policy changes, which fully manifested with the release of iOS 14.5, have already cost other big tech firms nearly $10 billion in lost ad revenue.
  • The new Apple privacy policy, referred to as “App Tracking Transparency,” requires app developers to obtain permission to use the device’s unique IDFA tracking number.
  • This comes in the form of a mandatory pop-up, the text of which is dictated by Apple, that users must be presented with when apps are downloaded or when an already installed app is updated. If the user chooses to opt out, the app publisher must deliver the same level of service minus the targeted advertising.

*Source

Rollout of Facebook metaverse plans greeted with privacy concerns

  • Given the track record of Facebook, there are valid reasons to have serious privacy concerns about the company’s new focus on virtual reality.
  • The announcement of the Facebook metaverse has thus far been met with at least as much suspicion and hesitancy as it has enthusiasm, as the public wonders what (if anything) the social media giant plans to do differently this time.
  • CEO Mark Zuckerberg looks to be trying to get out ahead of these concerns, promising multiple layers of privacy protection as the company pivots with its Meta rebrand.
  • This accompanies an advertising blitz by Facebook, including television commercials, that proposes changes to the federal regulation that legally separates publishing platforms from content creators.

*Source 

Hackers apologize to Arab Royal families for leaking their data

  • Among the data Conti leaked, there were sensitive files belonging to celebrities like David Beckham, Oprah Winfrey, and Donald Trump, according to The Daily Mail.
  • There was also, according to the hackers themselves, information belonging to the UAE, Qatar, and Saudi royal families.
  • “We found that our sample data was not properly reviewed before being uploaded to the blog,” the hackers wrote in an announcement published on Thursday. “Conti guarantees that any information pertaining to members of Saudi Arabia, UAE, and Qatar families will be deleted without any exposure and review.”
  • “Our Team apologizes to His Royal Highness Prince Mohammed bin Salman and any other members of the Royal Families whose names were mentioned in the publication for any inconvenience,” the hackers added.

*Source 

WEEK OF NOVEMBER 08, 2021

US government blacklists four companies due to national security concerns

  • The U.S. Government has added four foreign companies to the Entity List for engaging in activities contrary to the national security or foreign policy interests of the United States.
  • The four entities are Candiru, NSO Group, Computer Security Initiative Consultancy PTE (COSEINC) and Positive Technologies.
  • The U.S. government is not taking action against countries or governments where these entities are located. This effort aims to improve citizens’ digital security, combat cyber threats, and mitigate unlawful surveillance, the Department of State says.

*Source

Las Vegas Cancer Center notifies patients of ransomware attack

  • The Las Vegas Cancer Center is notifying patients of a ransomware attack that may have given hackers access to patients’ personal information.
  • Attorney Bridget Kelly said approximately 3,000 customers of the business, located at 2904 W. Horizon Ridge Parkway in Henderson, are receiving notifications.
  • The breach means hackers could have access to patient names, their dates of birth, Social Security numbers, medical records and insurance information.

*Source

Operation to restore NBP’s system underway after cyberattack

  • Bank says despite the cyberattack, one thousand branches of the bank have been rendering services as usual.
  • “One thousand branches of the bank have processed 800,000 transactions worth Rs 286 billion,” the statement said, adding that 200,000 customers of the bank have withdrawn Rs5 billion through ATMs machines.
  • The bank further said in the statement that the restoration work of the remaining branches will be completed this week.

*Source

Amazon spoofed in new attack

  • Impersonation attack uses legitimate Amazon links to steal financial credentials from end-users
  • The perpetrators of the attack use legitimate Amazon links to force the end-user to make a phone call and give out their financial details.
  • Victims receive what looks like a typical Amazon order confirmation email containing links that all direct the user to the legitimate Amazon site.
  • Details gathered under the scam could be used by the attackers to carry out other criminal activity.

*Source

Ransomware attack on lab in Florida

  • A ransomware attack on a laboratory based in Florida has exposed the personal health information (PHI) of more than 30,000 patients.
  •  An examination of the activity revealed that attackers had used ransomware to encrypt files across the healthcare provider’s network, making their contents inaccessible.
  • The lab hired a third-party cybersecurity firm to investigate the attack and assist with remediation.

*Source 

Medical school exposes personal data of thousands of students

  • A US medical training school exposed the personally identifiable information (PII) of thousands of students.
  • The server, which did not have authentication controls in place and was, therefore, accessible by anyone to view, contained 157GB of data, or just under an estimated 200,000 files.
  • According to vpnMentor, the records contained within were backed up from September 2020, but some were created before this time.
  • The unsecured Amazon S3 bucket contained a variety of PII including ID card and driver license copies, as well as CVs, revealing names, dates of birth, genders, photos of students, home addresses, phone numbers, email addresses, and both professional and educational summaries.

*Source 

WEEK OF NOVEMBER 01, 2021

Tesco blames cyberattack for day-long website outage

  • Although the Tesco.com website is live and responsive, any attempt to place orders, or even look at goods to purchase, is met with an error message.
  • The problems are not only affecting the website, but the Tesco app.
  • However, more than 24 hours later, the website is still struggling, causing angst among Tesco customers who are seemingly unable to place new orders or even amend existing orders.
  • Tesco’s social media team has been inviting customers to send direct messages (DMs) if they wish to cancel or amend orders, but it seems the social media team is struggling to keep up with the volume of correspondence.

*Source

Luxury hotel chain in Thailand reports data breach

  • Cyberattackers claimed to have stolen the passport details and other personal information from visitors who stayed at Centara Hotels & Resorts.
  • Thirayuth Chirathivat, CEO of Centara Hotels & Resorts, said in a statement that on October 14, they were “made aware” of a cyberattack on the hotel chain’s network.
  • An investigation confirmed that cyberattackers had in fact breached their system and accessed the data of some customers. The data accessed includes names, booking information, phone numbers, email addresses, home addresses and photos of IDs.

*Source

Hacker accessed medical info of thousands in email breach at UMass Memorial Health

  • Thousands of patients at UMass Memorial Health have been notified of a data breach involving the health system’s email system.
  • Some of the emails accessed by hackers included patient information, such as Social Security numbers and medical-related data.
  • The breach affected more than 209,048 individuals, according to the U.S. Department of Health and Human Services, which documents such incidents.
  • UMass Memorial Health, in an Oct. 15 notice to patients, said an unauthorized person accessed the accounts between June 2020 and January 2021.

*Source

SolarWinds hackers continue to hit technology companies, says Microsoft

  • Russia-linked group has stepped up attacks, cybersecurity experts say
  • The Russia-linked hackers behind last year’s compromise of a wide swath of the U.S. government and scores of private companies, including SolarWinds Corp., have stepped up their attacks in recent months, breaking into technology companies in an effort to steal sensitive information, cybersecurity experts said.
  • In a campaign that dates back to May of this year, the hackers have targeted more than 140 technology companies including those that manage or resell cloud-computing services, according to new research from Microsoft Corp.
  • The attack, which was successful with as many as 14 of these technology companies, involved unsophisticated techniques like phishing or simply guessing user passwords in hopes of gaining access to systems, Microsoft said.

*Source

Italian celebs’ data exposed in ransomware attack on SIAE

  • The Italian data protection authority Garante per la Protezione dei Dati Personali (GPDP) has announced an investigation into a data breach of the country’s copyright protection agency.
  • BleepingComputer has found a listing on the extortion portal of the Everest ransomware gang, where the actors claimed to have breached SIAE and have leaked 60 GB of stolen data.
  • The data leaked by the Everest gang includes national ID and driver’s license scans and documents relevant to contract agreements between SIAE and its members.

*Source 

Australian Online Privacy Bill to make social media age verification mandatory for tech giants, Reddit, Zoom, gaming platforms

  • A new Bill targeting social media platforms wants stronger penalties for user privacy breaches that could see companies fined 10% of their annual turnover.
  • “The goal of the Bill is to enhance privacy protections, particularly in the online sphere, without unduly impeding innovation within the digital economy,” the federal government wrote in the Bill’s explanatory paper.
  • Under current legislation, the federal government can only make two kinds of binding privacy codes, which are the Australian Privacy Principle code (APP) and a credit reporting code.
  • The Bill is seeking to expand the Privacy Act to allow government to create a third code specifically for regulating three classes of organisations: Social media platforms, data brokers, and large online platforms.

*Source 

WEEK OF OCTOBER 25, 2021

Data breach could cost Missouri $50M

  • A data breach that may have exposed the Social Security numbers of tens of thousands of teachers, administrators, and counselors across Missouri could end up costing the Show-Me State $50m.
  • The security incident was caused by a flaw in a search tool on a website maintained by the state’s Department of Elementary and Secondary Education.
  • After being notified of the data breach on October 12, the department removed the page that included the search tool.
  • The St. Louis Post-Dispatch estimated that more than 100,000 Social Security numbers were made vulnerable by the flaw. However, the Missouri Commissioner’s Office, in a statement released October 12, said that the personally identifiable information of only three Missouri educators was potentially compromised.

*Source

Hacker steals government ID database for Argentina’s entire population

  • A hacker has breached the Argentinian government’s IT network and stolen ID card details for the country’s entire population, data that is now being sold in private circles.
  • The hack, which took place last month, targeted RENAPER, which stands for Registro Nacional de las Personas, translated as National Registry of Persons.
  • The agency is a crucial cog inside the Argentinian Interior Ministry, where it is tasked with issuing national ID cards to all citizens, data that it also stores in digital format as a database accessible to other government agencies, acting as a backbone for most government queries for citizen’s personal information.

*Source

Fraudsters cloned company director’s voice in $35 million bank heist, police find

  • AI voice cloning is used in a huge heist being investigated by Dubai investigators, amidst warnings about cybercriminal use of the new technology.
  • The U.A.E., which is investigating the heist as it affected entities within the country, believes it was an elaborate scheme, involving at least 17 individuals, which sent the pilfered money to bank accounts across the globe.
  • It’s only the second known case of fraudsters allegedly using voice-shaping tools to carry out a heist, but appears to have been far more successful than the first, in which fraudsters used the tech to impersonate a CEO of a U.K.-based energy firm in an attempt to steal $240,000 in 2019, according to the Wall Street Journal.

*Source

Olympus suffered a second cyber attack that disrupted operations in the Americas

  • Japanese medical tech giant Olympus suffered a subsequent cyber attack, almost exactly one month after hackers disrupted its European, Middle East, and Africa (EMEA) operations.
  • On its website, the company said it was investigating a “potential cybersecurity incident” detected on Oct 10, 2021.
  • The cyber attack shut down the company’s IT systems in the Americas, affecting the U.S., Canada, and Latin America with no impacts on other parts of the world, the company said.
  • Olympus said it was working with “appropriate third parties” and had taken necessary steps to protect its customers.

*Source

72% of organizations experienced a DNS attack in the past year

  • Nearly three-quarters (72%) of organizations have suffered a domain name system (DNS) attack in the past 12 months, according to a new study by the Neustar International Security Council (NISC).
  • Of those organizations affected, 61% were targeted on multiple occasions, while 11% have been victimized regularly.
  • The most common types of DNS attacks experienced were DNS hijacking (47%), DNS flood, reflection or amplification attacks that segued into DDoS (46%), DNS tunneling (35%) and cache poisoning (33%).

*Source 

US to ban export of hacking tools to authoritarian states

  • The US government has issued new rules designed to prevent the export of hacking and surveillance tools to regimes guilty of human rights abuses.
  • The “interim final rule” was released by the Commerce Department’s Bureau of Industry and Security (BIS) and will go into force in 90 days.
  • Governments singled out by the proposals are “of concern for national security reasons” or subject to an arms embargo.
  • Restrictions will also apply if the exporter knows that the product will be used to impact the confidentiality, integrity or availability of IT systems without the knowledge of their owner/administrator.

*Source 

WEEK OF OCTOBER 18, 2021

Acer confirms second security breach

  • Earlier this year, the company suffered a $50m ransomware extortion attempt after falling prey to the REvil ransomware group in May.
  • In this latest incident, the computer maker initiated its security protocols after detecting an attack on the section of its after-sales service system that is based in India.
  • Before Acer’s confirmation of the breach, hackers claimed to have stolen more than 60 GB of the company’s data. On the underground cybercrime forum RAID, threat actors calling themselves Desorden posted a sample of the allegedly stolen data that appeared to show information belonging to 10,000 Acer customers.
  • The threat actors wrote that the stolen data includes “customer, corporate accounts and financial data,” and that “affected customer data are in the millions.”

*Source

Sunderland University IT systems down in possible cyber attack

  • Sunderland University has been hit by “extensive IT disruption” which has “all the hallmarks of a cyber-attack”.
  • Telephone, website and IT systems are down but face-to-face teaching would continue as far as possible, it said.
  • Newcastle and Northumbria Universities were targeted by hackers in September last year as the National Cyber Security Centre warned of a spike in attacks on educational institutions.

*Source

Customers on alert as e-commerce player leaks 1.7+ billion records

  • A Brazilian e-commerce firm has unwittingly exposed close to 1.8 billion records, including customers’ and sellers’ personal information, after misconfiguring an Elasticsearch server, according to researchers.
  • The server was left unencrypted with no password protection in place. It contained 610GB of data, including customers’ full names, home and delivery addresses, phone numbers and billing details.
  • Also exposed were sellers’ full names, email and business/home addresses, phone numbers and business/tax IDs (CNPJ/CPF).
  • SafetyDetectives could not confirm the total number of those affected due to the size of the trove and the potential for duplicate email addresses.

*Source

Data stolen from American Osteopath Group

  • The personal data of thousands of individuals have been stolen from a non-profit professional membership organization located in Illinois.
  • Cyber-thieves struck the American Osteopathic Association (AOA) in the summer of 2020, making off with information that included names, Social Security numbers, and financial account details.
  • The network was shut down, and computer forensic specialists were brought in to investigate the nature and scope of the security incident.
  • It was determined that attackers had managed to breach systems where personally identifiable information was contained and had exfiltrated data from those systems.

*Source

Gmail and Outlook warning: Delete these emails now or pay a heavy price

  • GMAIL, Outlook and other popular email platforms are being urged to delete a batch of new messages that could cause havoc.
  • According to the team at consumer group Which?, these messages purport to have been sent by some of the biggest names in cyber protection, like McAfee and Norton, in a bit to trick unsuspecting users.
  • Alongside that McAfee scam, there’s also a Norton antivirus message that is landing into inboxes which uses another way to try and trick PC owners. Instead of a warning, this email pretends to be an invoice from the cyber security firm claiming that the user is about to be charged over $500 (£380) to renew their subscription.

*Source 

Olympus investigates potential Cyber-Attack

  • Olympus has launched an investigation after detecting a potential cybersecurity incident in part of its IT system.
  • The Japanese manufacturer of optics and reprography products said that suspicious activity was spotted on October 10. The possible threat affects the company’s systems in the United States, Canada, and Latin America.
  • Digital forensics experts are looking into the security issue, which Olympus said is “working with the highest priority to resolve.”

*Source 

WEEK OF OCTOBER 11, 2021

Data breach volumes for 2021 already exceed 2020 total

  • The total for the year-to-date is now 1291, versus 1108 in 2020.
  • The non-profit’s figures for Q3 breach volumes came in at 446 incidents.
  • The all-time high of 1529 breaches was set in 2017, but with phishing and ransomware leading the way in driving volumes up this year, it’s predicted that 2021 could exceed that figure.
  • “Everyone needs to continue to practice good cyber-hygiene to protect themselves and their loved ones as these crimes continue to increase.” says Eva Velasquez, President and CEO of the ITRC.

*Source

UK’s Weir Group hit by attempted cyber attack at end of Q3

  • Engineering firm Weir Group said it was the target of an attempted ransomware attack in the second half of September, which impacted third-quarter profit.
  • Weir now expects full-year profit before taxation and amortisation to be between 230 million pounds ($313.2 million) and 245 million pounds, as delay in shipments due to the attempted hack led to revenue deferrals.
  • The company said that so far there was no evidence any personal or sensitive data had been compromised or encrypted.

*Source

Company that routes billions of text messages quietly says it was hacked

  • Syniverse handles billions of text messages a year, and hackers had unauthorized access to its system for years.
  • A former Syniverse employee who worked on the EDT systems told Motherboard that those systems have information on all types of call records.
  • Syniverse repeatedly declined to answer specific questions from Motherboard about the scale of the breach and what specific data was affected, but according to a person who works at a telephone carrier, whoever hacked Syniverse could have had access to metadata such as length and cost, caller and receiver’s numbers, the location of the parties in the call, as well as the content of SMS text messages.
  • Syniverse provides backbone services to wireless carriers like AT&T, Verizon, T-Mobile, and several others around the world.

*Source

Over 1.5 billion Facebook users’ personal data found for sale on hacker forum

  • Unrelated to other recent problems Facebook has had, this particular batch of data was scraped from profiles, meaning it’s publicly available knowledge.
  • Reported by privacy research company Privacy Affairs, the data found for sale doesn’t indicate that the seller actually broke into Facebook’s systems, nor that its data tied to any other data breach.
  • The fact that the data stolen and for sale is publicly available shouldn’t ease anyone’s fears: That data can still be used to compromise users’ security and privacy.
  • In particular, the stolen data contains names, email addresses, locations, gender, phone numbers and Facebook User ID information.

*Source

NYC will not enforce restaurant customer data-sharing law while DoorDash sues

  •  New York City agreed to hold off on requiring food delivery companies to share customer data with restaurants, the subject of a recent lawsuit by DoorDash Inc.
  • DoorDash sued the city on Sept. 15, calling a requirement that food delivery app companies provide customers’ names, phone numbers, email addresses and delivery addresses to restaurants a “shocking and invasive intrusion of consumers’ privacy.”
  • The San Francisco-based company also said the law would let restaurants “free-ride” on data they would not demand from in-person diners.

*Source 

Google to auto-enroll 150 million user accounts into 2FA

  • To protect Google accounts from unauthorized access, it is possible to enroll in an optional security feature called two-factor authentication, or as Google likes to call it, 2-step verification (2SV).
  • When 2SV is enabled on a Google Account, and someone logs in with the correct username and password, they are asked for an additional form of authentication to prove they are the account owner.
  • This additional verification can be through a code from an authenticator app or SMS text, Google Prompt, a hardware security key, like a Yubikey or Google Titan, or even an iOS device.

*Source 

WEEK OF OCTOBER 04, 2021

Mental healthcare providers report data breaches

  • Data breaches at two American mental healthcare providers may have exposed thousands of individuals’ personal health information.
  • Horizon House, Inc., which is in Philadelphia, Pennsylvania, warned that 27,823 people might have been impacted by a cyber-attack that took place in the late winter.
  • The mental health and residential treatment services provider detected suspicious activity on its IT network on March 5. An investigation revealed that the healthcare provider’s IT system had been infected with ransomware.
  • Horizon House has notified all the individuals affected by the security breach and advised them to be on the lookout for fraudulent activity.

*Source

4.6M Neiman Marcus online customers alerted to data breach

  • Neiman Marcus said it “recently learned” of the breach, and has notified law enforcement and hired Mandiant to investigate the case.
  • Some 4.6 million online customers of high-end retailer Neiman Marcus received notifications this week stating their personal information — names, contact information, payment card numbers, gift cards, usernames, passwords, and security question answers — may have been exposed in a data breach that struck in May 2020.
  • Some 3.1 million payment and virtual gift cards were affected, but more than 85% of them have expired or are invalid, and none of the retailer’s branded credit cards were affected.

*Source

Thousands affected by ransomware attack on Hawaii company

  • The company believes the attack was carried out by a criminal who somehow compromised a client’s account.
  • About 4,500 customers of a Honolulu payroll processing company were potentially affected by a ransomware attack that exposed Social Security numbers, dates of birth, the full names of clients and bank account information.
  • In response, the company said it suspended all remote client access and asked its third-party vendor that handles information technology operations to evaluate the extent of the intrusion.

*Source

Coinbase says hackers stole cryptocurrency from at least 6,000 customers

  • The hack took place between March and May 20 of this year, according to a copy of the letter posted on the website of California’s Attorney General.
  • Unauthorized third parties exploited a flaw in the company’s SMS account recovery process to gain access to the accounts, and transfer funds to crypto wallets not associated with Coinbase, the company said.
  • The hackers needed to know the email addresses, passwords and phone numbers linked to the affected Coinbase accounts, and have access to personal emails, the company said.
  • Coinbase said there was no evidence to suggest the information was obtained from the company.

*Source

New GriftHorse malware has infected more than 10 million Android phones

  • Zimperium discovers GriftHorse, a new Android malware that subscribes users to premium SMS services.
  • The GriftHorse malware gang is believed to have infected more than 10 million Android devices across 70+ countries.
  • The gang is believed to be making between $1.5 million to $4 million per month.
  • Zimperium, which is a member of the App Defense Alliance, said it contacted Google about all the GriftHorse infected apps, which have now been removed from the Play Store.

*Source 

Mozilla: Superman, Batman, Spider-Man dominate list of passwords leaked in breaches

  • Mozilla used data from haveibeenpwned.com to figure out the most common passwords found in breached datasets.
  • Superman showed up in 368,397 breaches, Batman was featured in 226,327 breaches and Spider-Man was found in 160,030 breaches. Wolverine and Ironman were also seen in thousands of breaches.
  • “A password is like a key to your house. In the online world, your password keeps your house of personal information safe, so it’s important to make sure it’s strong,” a Mozilla spokesperson said.
  • Due to the prevalence of breached account details on the dark web, a number of companies are beginning to turn to password-less systems. A some services are also turning to two-factor or multi-factor authentication as a way to avoid the use of passwords.

*Source 

WEEK OF SEPTEMBER 27, 2021

New Zealand Reserve Bank hit with compliance notice from Privacy Commissioner over data breach

  • The Reserve Bank has suffered the ignominy of being the first organisation to be hit by a compliance notice under the new Privacy Act, which came into force in December last year.
  • Privacy Commissioner John Edwards says an independent review carried out by KPMG after a December 2020 cyber attack “revealed multiple areas of non-compliance with Privacy Principle 5.”
  • Principle 5 of the new Privacy Act states that organisations “must ensure there are safeguards in place that are reasonable in the circumstances to prevent loss, misuse or disclosure of personal information”.
  • Failure to follow a compliance notice risks a $10,000 fine.

*Source

Banks share data to block cyberattacks

  • This collaboration has thwarted a number of attacks in the past year, bank executives say.
  • As the number and sophistication of cyberattacks jumps, financial firms are sharing more threat intelligence with each other, according to the Financial Services Information Sharing and Analysis Center, a nonprofit group that facilitates the exchange of cybersecurity intelligence.
  • The increased cooperation among banks represents a marked shift for an industry that has occasionally struggled to build trust among competitors. Previous attempts to launch information-sharing platforms stalled, including an FS-ISAC-sponsor.

*Source

Afghanistan: Defence secretary angered over data breach

  • More than 250 people seeking relocation to the UK – many of whom are in hiding – were mistakenly copied into an email.
  • Defence Secretary Ben Wallace has said it would be an understatement to say he was angered by a data breach involving the email addresses of dozens of Afghan interpreters who worked for UK forces.
  • Mr Wallace has apologised to them, and launched an investigation. One person has been suspended, he said. The MoD has also referred itself to the Information Commissioner’s Office.

*Source

Credential phishing campaign targets governments in APAC and EMEA

  • The goal of the campaign is focused on harvesting credentials, most probably to gather intelligence.
  • According to security researchers, the campaign has used multiple phishing domains that were transferred to their present host last year. These domains were hosting malicious pages aimed at harvesting credentials.
  • Till now, no phishing emails have been observed, although it is the most likely method used for the distribution.

*Source

Apache OpenOffice is currently impacted by a remote code execution flaw

  • At the time of this writing, the flaw was only addressed with a beta software update and awaits the official release.
  • It is currently vulnerable to a remote code execution vulnerability and while the app’s source code has been patched, the fix has only been made available as beta software and awaits an official release.
  • An attacker could trigger the flaw by tricking the victim into opening a specially crafted .dbf file.

*Source 

Data of 106 million visitors to Thailand breached

  • An unsecured database containing international travel records dating back 10 years was left exposed on the web.
  • Bob Diachenko, leader of cybersecurity research at Comparitech, found the unprotected Elasticsearch database on August 22, 2021. Inside the 200GB digital index were records dating back ten years containing the personal details of more than 106 million international travelers.
  • Information exposed in the publicly accessible database consisted of full names, arrival dates, gender, residency status, passport numbers, visa information, and Thai arrival card numbers.
  • Diachenko sent word of the data breach to Thai authorities, who secured the database within 24 hours. Thai authorities informed Comparitech that the exposed data was not accessed by any unauthorized parties.

*Source 

WEEK OF SEPTEMBER 20, 2021

Saudi Arabia approves new law to protect personal data

  • The new law will ensure the privacy of personal data, regulate the sharing of personal data and prevent the abuse of personal data.
  • The data include, name, identification number, address, phone number, personal records, financial records and Images, videos or any other identifying data.
  • The head of SDAIA, Abdullah Al-Ghamdi assured that it’s not permissible to use personal means of communication for the purpose of marketing or awareness materials except with the approval of the owner of personal data, or the existence of a mechanism that enables him to express his desire to receive it or not.

*Source

China tells firms to boost cyber, data security oversight on connected vehicles

  • China tells corporations to spice up cyber, information safety oversight on linked automobiles
  • China’s industry ministry published a notice telling companies to step up cyber and data security oversight over connected vehicles, saying that security risks in the industry had become increasingly prominent.
  • All relevant companies should establish data security management systems and regularly assess risks from network attacks, the Ministry of Industry and Information Technology said in a statement.

*Source

Tesla will work with global regulators on data security: Elon Musk

  • Tesla, which assembles vehicles for China in Shanghai, has been under scrutiny over its storage and handling of customer data.
  • Cars are being fitted with an ever-increasing array of sensors and cameras to assist drivers but the data such equipment generates has also raised questions about privacy and security.
  • In May, Reuters reported that staff at some Chinese government offices had been told not to park their Tesla cars inside government compounds due to security concerns over vehicle cameras. Tesla later said it had established a site in China to store car data locally.

*Source

Working From Home Brings New Cybersecurity Challenges as Workers Commonly Bypass Inconvenient Measures

  • 76% of the IT respondents said that security sometimes had to take a backseat to business continuity needs during the pandemic period.
  • The mass shift to working from home precipitated by the Covid-19 pandemic created massive security challenges, ones that were difficult to solve even if workers could be convinced to practice nearly perfect security hygiene. A new study from HP indicates that employee buy-in is far from 100%.
  • A full 30% of remote workers under the age of 24 say that they circumvent or ignore certain corporate security policies when they get in the way of getting work done.
  • While the young cohort is most likely to buck the system, 67% of IT leaders say they get “weekly” complaints about restrictive policies and 48% of all workers feel that these measures are a waste of time.

*Source

Nearly 50% of On-Premises Databases Have Vulnerabilities

  • A network compromise shouldn’t mean “game over” for corporate data, but survey data shows many companies fail to protect their crown jewels.
  • Almost half of all companies have internal databases with known vulnerabilities, with the average vulnerable database having 26 publicly disclosed flaws – more than half of which are critical or high-severity issues, according to data collected over the past five years by Internet security firm Imperva.
  • While vulnerable on-premises databases gain some protection from being inside the corporate firewall, companies that leave databases with known and unpatched flaws are exposing them to attackers who gain access to a company’s network or are able to use public applications to deliver payloads to the back-end systems, the company.
  • Many of the unpatched vulnerabilities are at least 3 years old, and more than half (56%) are considered serious.

*Source 

CISA, FBI: State-Backed APTs may be exploiting critical Zoho bug

  • The newly identified bug in a Zoho single sign-on and password management tool has been under active attack since early August.
  • The Zoho ManageEngine ADSelfService Plus is a self-service password management and single sign-on (SSO) platform for AD and cloud apps, meaning that any cyberattacker able to take control of the platform would have multiple pivot points into both mission-critical apps (and their sensitive data) and other parts of the corporate network via AD.
  • It is, in other words, a powerful, highly privileged application which can act as a convenient point-of-entry to areas deep inside an enterprise’s footprint, for both users and attackers alike.
  • “FBI, CISA, and CGCYBER strongly urge users and administrators to update to ADSelfService Plus build 6114,” the trio of agencies stated. They also strongly urged organizations to keep ADSelfService Plus away from direct access via the internet.

*Source 

WEEK OF SEPTEMBER 13, 2021

Recent breaches underscore high healthcare security risk

  • Healthcare institutions in California and Arizona are sending breach notification letters after attackers compromised thousands of patients’ data.
  • The average cost of a cyberattack-related shutdown exceeds $440,000 for smaller organizations and $130,000 for larger ones.
  • Researchers say while attacks against healthcare have increased, many victims – especially midsize hospitals – have not adapted to the change.

*Source

Only 8% of orgs with web apps for file uploads have adequate cybersecurity

  • Yet almost all of them (99%) are concerned (to a varying degree) about cyber threats.
  • Organizations have raced to digitally transform their businesses in response to market pressures and customer demands leading to widespread adoption of cloud services and collaboration and sharing platforms. However, security for their web applications supporting file uploads and transfers has lagged behind, further exacerbated by the pandemic.
  • In their 2021 Web Application Security Report, Opswat found that 87% of organizations are “extremely” or “very” concerned about file uploads as an attack vector for malware and cyberattacks, with 82% reporting increased concern since last year.

*Source

UN confirms April 2021 data breach

  • UN official also confirms further attacks connected to the initial breach have been detected and are under investigation.
  • Attackers likely broke into UN infrastructure using the stolen username and password of a UN employee bought on the Dark Web, the report states.
  • These credentials granted access to an account for Umoja, the UN’s proprietary project management software. The account attackers accessed was not protected with multifactor authentication, the report notes.
  • From this entry point, the attackers could further infiltrate the UN network, says Resecurity, which found the breach and claims the earliest known date attackers accessed UN systems was April 5. They were still active as of Aug. 7.

*Source

Hackers leak passwords for 500,000 Fortinet VPN accounts

  • While the threat actor states that the exploited Fortinet vulnerability has since been patched, they claim that many VPN credentials are still valid.
  • This leak is a serious incident as the VPN credentials could allow threat actors to access a network to perform data exfiltration, install malware, and perform ransomware attacks.
  • The list of Fortinet credentials was leaked for free by a threat actor known as ‘Orange,’ who is the administrator of the newly launched RAMP hacking forum and a previous operator of the Babuk Ransomware operation.

*Source

CISA warns of actively exploited Zoho ManageEngine ADSelfService vulnerability

  • The flaw, tracked as CVE-2021-40539, concerns a REST API authentication bypass that could lead to arbitrary remote code execution (RCE). ADSelfService Plus builds up to 6113 are impacted.
  • ManageEngine ADSelfService Plus is an integrated self-service password management and a single sign-on solution for Active Directory and cloud apps, enabling admins to enforce two-factor authentication for application logins and users to reset their passwords.
  • In an independent advisory, Zoho cautioned that it’s a “critical issue” and that it’s “noticing indications of this vulnerability being exploited.”

*Source 

Jenkins hit as Atlassian Confluence cyberattacks widen

  • The popular biz-collaboration platform is seeing mass scanning and exploitation just two weeks after a critical RCE bug was disclosed.
  • Atlassian Confluence is a collaboration platform where business teams can organize its work in one place: “Dynamic pages give your team a place to create, capture, and collaborate on any project or idea,” according to the website.
  • Earlier, in June, researchers uncovered a chain of Atlassian bugs that could be tied together for one-click information disclosure from Jira accounts.
  • Sensitive information could have been easily siphoned out of the platform, researchers at Check Point Research said: “Anything related to managing a team or writing…code that you can encounter bugs in.”

*Source 

WEEK OF SEPTEMBER 06, 2021

India is fast becoming the global ransomware capital, says NPCI CEO

  • Dominance of a few players may not be in the best interest and there is a need to raise competition, says Dilip Asbe.
  • Recently I read that India is becoming or has become the ransomware capital of the world and most of these demands are in crypto currencies, Asbe mentioned.
  • At NPCI, we ensure that strong and in-depth security standards are applied, from infrastructure to data security. We look forward to implementing this in RuPay in the next few days, and in addition UPI offers secure and secure tokenization with its original design, Asbe said in an exclusive interview.

*Source

Bangkok Airways clarifies the incident of a cybersecurity attack

  • Bangkok Airways Public Company Limited discovered that the company had been a victim of cybersecurity attack which resulted in unauthorized and unlawful access to its information system.
  • Upon such discovery, the company immediately took action to investigate and contain the event, with the assistance of a cybersecurity team. 
  • Currently, the company is investigating, as a matter of urgency, to verify the compromised data and the affected passengers as well as taking relevant measures to strengthen its IT system.

*Source

US Cyber Command warns of ongoing ‘Mass Exploitation’ of critical confluence vuln

  • Apply Atlassian’s patch now — before the holiday weekend — the US Defense Department cybersecurity unit and CISA say.
  • On the heels of an advisory earlier this week from the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI about the potential for widespread ransomware attacks over the upcoming Labor Day weekend, the US Cyber Command warned of ongoing and spreading attacks in the wild exploiting a vulnerability in the Confluence workspace software platform.
  • CISA also issued an alert today, urging organizations to install the patches immediately.

*Source

Coinbase users fear hacking after erroneous emails

  • A major cryptocurrency exchange has mistakenly sent emails to 125,000 users, wrongly telling them their two-factor authentication settings had been changed.
  • Coinbase said the emails were “not the result of malicious behaviour”.
  • Two-factor authentication requires users to enter information, such as a texted code, in addition to a password. And the alert caused alarm many among users, who feared their accounts had been hacked.
  • The company said the error had been due to an issue with its notification system.

*Source

New malware uses novel fileless technique to Evade Detection

  • PRIVATELOG and its installer STASHLOG first to use Common Log File System to stash secondary payload, Mandiant researchers say.
  • The malware is noteworthy because of the novel technique it uses to try and reside undetected in memory on infected systems, according to the security vendor.
  • Fileless — or memory-resident — malware typically executes in memory, unlike malware that writes payloads to disk and therefore is more easily detected via antivirus tools.
  • The usual recommendations for mitigating risk to a network apply to fileless malware as well, Matthew Dunwoody, senior principal researcher at Mandiant, says. This includes patching to mitigate vulnerabilities, managing the risk of phishing through both technology, and employee education and monitoring systems for evidence of malicious activity.

*Source 

Translated ransomware playbook gives rare insight into gang’s operation

  • A purported playbook for working with the Conti ransomware group shows that even cybercriminals need dead-simple instructions to navigate complex attacks.
  • Threat experts at Cisco Talos this week provided a full English translation of the playbook, which came to light last month, allegedly after a disgruntled “affiliate” leaked the location of the server controlling compromised machines and more than 100MB of tools and documents.
  • The playbook focuses on a number of popular tools — such as Cobalt Strike, Mimikatz, and PowerShell — and tells affiliates, low-level cybercriminals who infect systems for a cut of the profits, how to find exploits for common vulnerabilities.

*Source