Your curated list of Data Security News happening across the world, in a simple yet intuitive form for the fast-paced cybersecurity professionals.
WEEK OF JANUARY 17, 2022
‘Massive’ cyberattack hits Ukraine Government websites
- A sweeping cyberattack briefly knocked out key government websites in Ukraine amid high-voltage tensions between Russia and the West over Ukrainian security.
- The European Union’s foreign policy chief Josep Borrell said the bloc was mobilizing “all its resources” to aid its ally after the attacks temporarily brought down sites, including those of the foreign ministry and cabinet.
- Kyiv said the damage was limited and held back on apportioning blame but the ex-Soviet country has accused Russians with links to Moscow for previous hits on websites and key infrastructure.
- The foreign ministry website earlier Friday displayed a message in Ukrainian, Russian and Polish warning Ukrainians that their personal data had been compromised. “All information about you has become public, be afraid and expect the worst,” the message read.
Aditya Birla Fashion (ABFRL) data allegedly leaked online, over 5 Million email addresses breached
- The data breach is said to include details of employees including salary details, religion, and their marital status
- The alleged database includes personal customer information such as names, phone numbers, addresses, dates of births, order histories, credit card details, and passwords stored as Message-Digest algorithm 5 (MD5) hashes.
- The alleged Aditya Birla Fashion and Retail database has been made public by a hacker group known as ShinyHunters.
- The news of a breach of ABFRL accounts was informed to some affected customers by data breach tracking website Have I Been Pwned. As many as 5,470,063 Aditya Birla Fashion and Retail Limited accounts are said to be breached and ransomed in December last year. The hacker group’s ransom demand was allegedly rejected, and the data was subsequently posted publicly on a popular hacking forum.
Teen makes Tesla hacking claim
- German hacker says he has full remote control of more than 25 Tesla cars in 13 countries
- Colombo, who is the 19-year-old founder of Colombo Technology, said he could remotely run commands on the compromised vehicles without the owners’ knowledge.
- . Actions that he can allegedly perform include disabling Sentry mode, opening the cars’ doors and windows, flashing their lights and even starting keyless driving.
- The teen also claims to be able to query the exact location of the vehicle, check if the driver is present, and cause music to play on the Tesla’s sound system.
North Korean hackers stole millions from cryptocurrency startups worldwide
- Operators associated with the Lazarus sub-group BlueNoroff have been linked to a series of cyberattacks targeting small and medium-sized companies worldwide with an aim to drain their cryptocurrency funds, in what’s yet another financially motivated operation mounted by the prolific North Korean state-sponsored actor.
- Russian cybersecurity company Kaspersky, which is tracking the intrusions under the name “SnatchCrypto,” noted that the campaign has been running since at 2017, adding the attacks are aimed at startups in the FinTech sector located in China, Hong Kong, India, Poland, Russia, Singapore, Slovenia, the Czech Republic, the U.A.E., the U.S., Ukraine, and Vietnam.
- According to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights’ data breach site, the breach – reported on Dec. 27 – affected 79,943 people.
- “The attackers have been subtly abusing the trust of the employees working at targeted companies by sending them a full-featured Windows backdoor with surveillance functions, disguised as a contract or another business file,” the researchers said. “In order to eventually empty the victim’s crypto wallet, the actor has developed extensive and dangerous resources: complex infrastructure, exploits and malware implants.”
Stolen credit card vendors retire with $358 million in crypto
- Elliptic described the shuttered platform, UniCC, as “the leading dark web marketplace of stolen credit cards.”
- UniCC’s operators reportedly announced their retirement on a number of dark web forums in both English and Russian. Elliptic shared a screenshot of one such post in which the operators say not to “build any conspiracy theories” about why they called it quits after nearly a decade.
- Elliptic notes that several platforms similar to UniCC have shut down in recent months. It only became the leading stolen credit card vendor after Joker’s Stash was shut down in February 2021, for example, and four other such platforms went dark between October 2021 and January.
Young couple lost $120k in fake text message scam targeting OCBC Bank customers
- The victims who reportedly fell victim to phishing scams involving OCBC Bank lost around $8.5 million in total.
- It claimed that an unknown payee had been added to their account, and instructed him to click on the link if it was not approved by him. “The SMS looked like it came from OCBC and entered the usual SMS chat history from OCBC used for authentic banking services,” he said.
- He then entered his account details, unwittingly handing over control of the whole account to scammers.
- The couple realised they had been scammed only when the man received SMSes from the bank informing him of changes and transactions involving the account that had taken place earlier that afternoon.
WEEK OF JANUARY 10, 2022
Insecure Amazon S3 bucket exposed personal data on 500,000 Ghanaian graduates
- Cloud storage misconfiguration left sensitive data openly accessible.
- Authorities in Ghana are investigating an apparent data breach that may have exposed the personal information of hundreds of thousands of citizens of the west African country.
- Researchers at vpnMentor say they discovered a trove of unencrypted data tied to Ghana’s National Service Secretariate (NSS) in a storage silo from Amazon Web Services (AWS).
- Some of the three million files related to NSS’s work and held on an AWS S3 bucket were password protected but many were not – an oversight that exposed data of an estimated 500,000-600,000 people from March 2018 to the end of 2021, vpnMentor said.
Tech vendor email breach affects dozens of health entities
- A healthcare technology vendor is notifying dozens of its healthcare provider clients of an email security breach affecting their patients’ protected health information.
- Experts say the incident serves as the latest reminder of the risks business associates pose to sensitive healthcare data.
- In a notice posted on its website, Ciox Health, an Alpharetta, Georgia-based healthcare information management vendor, says that between Nov. 23 and Dec. 30, 2021 it began the process of notifying healthcare provider customers of an email compromise last summer affecting some of their patients’ PHI.
- The affected entities include a wide range of different types of healthcare providers, including medical specialty practices such as Alabama Orthopaedic Specialists; community hospitals, such as Cameron Memorial Community Hospital; regional medical centers including Niagara Falls Memorial Medical Center; and large university-affiliated health delivery networks, including Ohio State University Health System.
China to make some firms undergo a data security review before listing overseas
- The rules are aimed at companies that carry out data processing activities which could affect national security, the regulator said.
- On Feb. 15, China will implement new rules that require internet companies holding the data of more than 1 million users to undergo a network security review before listing overseas.
- Beijing has introduced a slew of new regulation on the tech sector over the past year as it looks to reign in the power of the country’s giants and stamp out anti-competitive behavior.
Cyber attackers hit data of 80K fertility patients
- Fertility Centers of Illinois’ security measures protected electronic medical records, but the attackers still got at extremely intimate data in admin files.
- The protected health information of nearly 80,000 patients of Fertility Centers of Illinois (FCI) may have been pawed over by cyber intruders following a cyberattack.
- According to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights’ data breach site, the breach – reported on Dec. 27 – affected 79,943 people.
- A subsequent investigation indicated that security systems had blocked attackers from accessing patient EMR (electronic medical records) systems. However, the intruder(s) managed to access administrative files and folders.
Bunnings customers among victims of FlexBooker data breach
- The FlexBooker data breach in December exposed 3.7 million accounts, including Bunnings customers.
- One customer was unhappy to find out from a third-party website, Have I Been Pwned , and not Bunnings that his data had been taken. Other customers said on social media they were also victims of the data breach.
- Bunnings used FlexBooker for click and collect orders, and the customer had used it last October during a Covid lockdown.
- Bunnings chief information officer Leah Balter said the company was aware of the FlexBooker data security breach, which might include the data of some customers who had booked a time slot with its drive and collect service. Bunnings took the security of its customers’ and employees’ personal information very seriously, she said. The company would carry out a thorough investigation into the data breach.
New Mexico’s Bernalillo County investigates ransomware attack
- A suspected ransomware attack has led Bernalillo County officials to take systems offline and sever network connections.
- Officials report the disruption likely occurred between midnight and 5:30 a.m. on Jan. 5. They have taken affected systems offline and severed network connections, as well as notified county system vendors, which are working to solve the issue and restore system functionality.
- While county buildings and offices are closed to the public, employees are working remotely to assist the public, officials wrote in a release.
WEEK OF JANUARY 03, 2022
Morgan Stanley will settle data security lawsuit for $60M
- Morgan Stanley will pay $60 million to settle a lawsuit from customers saying the bank had left their personal information exposed by not retiring outdated technology.
- The customers said that Morgan Stanley failed to decommission two wealth management data centers before the equipment, which was not encrypted and had customer data on it, was sold to third parties in 2016.
- In addition, some older servers had gone missing after Morgan Stanley transferred them to another vendor in 2019 — though the bank later got them back.
Cyber security incident at SLGA
- The Saskatchewan Liquor and Gaming Authority (SLGA) took steps to secure its systems and mitigate the impact to their data and operations.
- Independent cybersecurity experts have been retained to assist SLGA in dealing with the matter in accordance with industry best practices.
- SLGA has temporarily disabled certain computer systems and applications as it investigates this incident. SLGA will bring these systems back online once its advisors have addressed the incident.
- At the present time, SLGA does not have any evidence that the security of any customer, employee or other personal data has been misused.
T-Mobile suffers another, smaller data breach
- Following a large breach earlier this year, some T-Mobile customers get an unwelcome end-of-year surprise.
- “We informed a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed,” the company said in an email.
- The latest victims received notifications from T-Mobile of “unauthorized activity” including hackers viewing customer proprietary network information, according to a Tuesday post by blog The T-Mo Report.
Global IT services provider Inetum hit by ransomware attack
- Inetum became the target of a ransomware attack that affected some of its operations in France and did not spread to larger infrastructures used by the customers.
- The Group’s crisis unit acted quickly to protect sensitive connections that could put clients at risk if compromised. To this end, the operational teams isolated all servers on the affected network and terminated client VPN connections.
- An initial investigation determined the ransomware strain used in the attack and that the recent critical Log4j vulnerability was not exploited during the incident.
- Inetum Group did not disclose the name of the malware used but according to Valéry Marchive, editor-in-chief at French publication LeMagIt, the attackers used BlackCat ransomware, also known as ALPHV and Noberus.
Shutterfly reports ransomware incident
- The company was reportedly hit by the Conti ransomware group according to one outlet.
- In a statement, the company said portions of the Lifetouch and BorrowLenses business were affected. They experienced interruptions with Groovebook, manufacturing offices, and some corporate systems as well.
- Law enforcement has been contacted and a cybersecurity company was also hired to help respond to the incident.
Cyber attack disrupts Gloucestershire Council’s website
- A council is working to restore parts of its website 11 days after they were crippled by a cyber attack.
- Systems affected include the council’s online revenue and benefits sections as well as planning and customer services.
- It asked for patience while the services are restored and urged people to email it directly with any issues they have. The council is also working with the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) to fix the issue.
- Residents are also unable to access interactive online application forms used to claim for housing benefit, council tax support, test and trace support payments and discretionary housing payments.
WEEK OF DECEMBER 27, 2021
Escalation in healthcare data breaches
- The number of healthcare data breaches reported in the United States has increased for the third month in a row.
- Records kept by the Department of Health and Human Services’ Office for Civil Rights (OCR) indicate that the total number of reported data breaches impacting the US health sector in 2021 is likely to be higher than the total reported in any previous year.
- In November, the OCR received reports of 68 data breaches exposing 500 or more health records. This number was 15.25% higher than the 59 breaches reported in October.
- While the number of individual data breaches has been increasing in recent months, the total number of records impacted by data breaches has diminished from October to November.
Fantom DeFi project Grim Finance suffers $30M hack
- An unknown hacker has stolen $30 million from the Fantom-based DeFi project Grim Finance.
- The hacker exploited a reentrancy bug in the project’s smart contracts.
- Following the attack, Grim Finance’s total value locked has tumbled from $98.9 million to $4.2 million, while its native token GRIM is down 70%.
- Following the hack, the Grim Finance team announced that it had paused its vaults and notified Circle, Maker, and AnySwap to “potentially freeze” further transfers.
Belgian defense ministry hacked by attackers exploiting Apache vulnerability
- They confirmed that the attack took place due to the exploitation of the log4j vulnerability.
- A spokesperson for the ministry told Belgian newspaper De Standaard on Monday that the ministry had “discovered an attack on its computer network with internet access” last week and that the organization had taken steps to quarantine the impacted network areas.
- The ministry posted on Facebook on Monday that “due to technical issues, we are unable to process your requests via mil.be or answer your queries via Facebook. We are working on a resolution and we thank you for your understanding.”
- Cybersecurity professionals around the world are scrambling to patch the log4j vulnerability before it can be exploited.
Privacy body starts probe into BDO hacking incident
- BDO said clients should also adjust their privacy settings and choose those who can see their information and posts.
- The probe started last December 11 and would also touch on the Sy-led bank’s decade-old system — which is set to be replaced next year — to see if it was equipped with necessary defenses against cybercrimes, Privacy Commissioner John Henry Naga said in a statement.
- But more importantly, Naga said the investigation would zero in on any violations of the Data Privacy Act. The online fraud — which happened amid the Christmas shopping season — affected close to 700 clients of BDO.
- The Philippines’ largest bank in total asset terms is now processing the reimbursements of compromised accounts.
Ubisoft reveals player data breach came from user error
- Data stolen related to players of the wildly popular Just Dance game.
- The French gaming giant explained in a brief post that the misconfiguration of its IT infrastructure was quickly identified, but not before unauthorized individuals were able to access and perform a “possible copy” of the information.
- Ubisoft claimed all affected players would be contacted via email shortly and would be able to follow up with any queries by getting in touch with the firm’s support team.
UK police data leaked by Cl0p ransomware group
- The stolen data may include the personal information and records of up to 13 million UK residents
- Following a ransomware attack on a British IT company in October, confidential data belonging to the UK police was leaked on Sunday by the Cl0p ransomware gang, The Daily Mail reports.
- It appears that the data was posted on the ransomware operator’s leak site after the victim, Dacoll, refused to pay an undisclosed amount in ransom to the attackers.
- Cl0p seems to have gained access to Dacoll systems via a phishing attack and exfiltrated the data, which includes PNC information, in October.
WEEK OF DECEMBER 20, 2021
Volvo hit by cyber theft of intellectual property
- Swedish car maker says cybersecurity breach could have impact on operations.
- Volvo, majority-owned by China’s Zhejiang Geely Holding Group, said the data had been stolen from an unnamed third party, which it said had contacted Volvo about the theft.
- “Investigations so far confirm that a limited amount of the company’s R&D property has been stolen during the intrusion,” the car maker said in a statement, adding that based on information it had gathered “there may be an impact on the company’s operation.”
PM’s Twitter account briefly hacked
- A tweet claiming India has “officially adopted bitcoin as legal tender” was put out from it.
- While Twitter said it took steps to secure the account as soon as it became aware of the issue, it added that as per company’s investigations this was not due to a compromise of its systems or service.
- The U.S.-headquartered microblogging site added that as per its investigation to date, it appears that the account was not compromised due to any breach of Twitter’s system.
Fretting about data security, China’s government expands its use of ‘golden shares’
- Authorities are now also keen to have some control over vast troves of data owned by certain companies, the sources said, adding that the data is seen as a national asset at risk of attack and misuse, including by foreign states.
- THE Chinese government has been expanding its practice of taking minority stakes in private companies beyond those specialising in online news and content, to firms possessing large amounts of key data, 2 people with knowledge of the matter said.
- It has made a de facto special management stake or “golden share” arrangement with Full Truck Alliance Co, a Chinese platform arranging trucking services, said one of the people.
Warning for thousands on US payroll as hackers attack big company with ransomware
- A ransomware attack on a payroll and HR management software company has left at least one firm struggling to pay its staff.
- UKG is said to have around 50,000 customers across the globe and was targeted by cyber criminals over the weekend.
- It’s currently unclear whether user data like payroll information has been stolen or compromised.
- UKG vice president Bob Hughes said: “We took immediate action to investigate and mitigate the issue, and have determined that this is a ransomware incident affecting the Kronos Private Cloud—the portion of our business where UKG Workforce Central, UKG TeleStaff, Healthcare Extensions, and Banking Scheduling Solutions are deployed.
CISA Issues Emergency Directive on Log4j
- The Cybersecurity Infrastructure and Security Agency orders federal agencies to take actions to mitigate vulnerabilities to the Apache Log4j flaw and attacks exploiting it.
- “CISA has determined that this vulnerability poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action. This determination is based on the current exploitation of this vulnerability by threat actors in the wild, the likelihood of further exploitation of the vulnerability, the prevalence of the affected software in the federal enterprise, and the high potential for a compromise of agency information systems,” the emergency directive states.
- Federal agencies — not including the Defense Department or intelligence agencies — have until 5 p.m. on Dec. 23 to identify, patch, or apply mitigation measures on all Internet-facing systems vulnerable to Log4j or, if necessary, remove the affected software altogether.
Sites hacked with credit card stealers undetected for months
- Threat actors are gearing up for the holidays with credit card skimming attacks remaining undetected for months as payment information is stolen from customers.
- The code can steal payment details such as credit card number, holder name, addresses, and CVV, and send them to the actor.
- Threat actors may then use this information for purchasing goods online or sold to other actors on underground forums and dark web marketplaces known as “carding” sites.
WEEK OF DECEMBER 13, 2021
Bitmart loses $150m in large-scale hack
- Crypto exchange Bitmart lost $150 million worth of assets on Sunday in what it described as a large-scale security breach.
- The company revealed that the hack was related to one if its ETH hot wallets and one of its BSC hot wallets.
- In a tweet, Bitmart’s founder and chief executive Sheldon Xia assured customers that the wallets carry a small percentage of assets on its exchange and that all other wallets are secure and unharmed.
- The company has temporarily suspended withdrawals.
‘Family Safety’ app selling precise location data of millions of users
- Life360, a family safety app, sells information about the whereabouts of millions of its users with “few safeguards to prevent the misuse of this sensitive information,” an investigation by The Markup has revealed.
- Ex-employees of the company, which provides an app to enable parents to track the location of children and vulnerable family members, spoke to The Markup on 6 Dec. due to their “concerns with the location data industry’s security and privacy.”
- In response to the report, Life360 founder Chris Hulls said selling data was an “important part” of the company’s “business model,” which allowed it “to keep the core Life360 services free” for most users.
- The company said it implemented a policy in 2020 that would prevent the sale of data to government agencies, and that it does not sell the data of children under 13 owing to the Children’s Online Privacy Protection Act (COPPA), a US federal privacy law.
Maryland health department says there’s no evidence of data lost after cyberattack
- The Maryland Department of Health said Monday that there was “no evidence” any of its data had been compromised after a cyberattack forced the agency to take its website offline over the weekend.
- “As part of the ongoing investigation into the network security incident that occurred, the Maryland Department of Health’s servers will remain offline out of an abundance of caution,” Owen said. “Data updates will resume as soon as possible.”
- The attack, first reported Sunday, has halted the department’s reporting of Maryland’s COVID-19 statistics for two days, including new cases, deaths and hospitalizations from the virus.
Hackers pretending to be Iranian govt steal credit card information and create botnet
- Hackers in Iran have convinced citizens using SMS messages to download malicious applications by claiming judicial complaints have been filed against them.
- The first messages typically claim that a complaint has been filed against the victim and that an application needs to be downloaded in order to respond.
- Once downloaded, the applications allow hackers to access the victim’s personal messages. Victims are asked to enter credit card information in order to cover a service fee, giving attackers access to card information that can then be used. With access to a victim’s personal messages, the attackers can also get past two-factor authentication.
Hackers infect random WordPress plugins to steal credit cards
- Credit card swipers are being injected into random plugins of e-commerce WordPress sites, hiding from detection while stealing customer payment details.
- With the Christmas shopping season in full swing, card-stealing threat actors raise their efforts to infect online shops with stealthy skimmers, so administrators ought to remain vigilant.
- The latest trend is injecting card skimmers into WordPress plugin files, avoiding the closely-monitored ‘wp-admin’ and ‘wp-includes’ core directories where most injections are short-lived.
Hacked cryptocurrency platform begs hacker to please return $119 million
- BadgerDAO, which lost about $119 million in a hack last week, is now pleading with the hacker to return the money.
- Last week, an unknown hacker or hackers stole around 2,100 BTC ($118,500,000) and 151 ETH ($679,000) worth of cryptocurrency tokens from a blockchain company called BadgerDAO.
- “You have taken funds that do not belong to you, but we are willing to work with you and compensate you for identifying this vulnerability in the systems,” BadgerDAO wrote in a public announcement. “We are providing you with a direct line of communication to discuss a peaceful resolution without involving any outside parties. Contact us to discuss further and do the right thing on behalf of the community.”
- The hack on BadgerDAO took advantage of an old-school web-based attack: The hacker was able to steal an API key that gave them control of BadgerDAO’s account on Cloudflare, the project’s content delivery network for its site. This gave the hacker the ability to inject a malicious script on the site that prompted users to give up wallet permissions, which then allowed the hackers to steal customers’ cryptocurrency.
WEEK OF DECEMBER 06, 2021
Cyberattacks hit 26,000 Indian sites in 10 months
- CERT-In has reported that a total number of 17,560, 24,768, 26,121 and 25,870 Indian websites were hacked during the years 2018, 2019, 2020 and 2021 (up to October), respectively.
- The Indian Computer Emergency Response Team (CERT-In) is mandated to track and monitor cybersecurity incidents in India.
- “There have been attempts from time to time to launch cyberattacks on Indian cyberspace… attackers are compromising computer systems located in different parts of the world and use masquerading techniques and hidden servers to hide the identity of actual systems from which the attacks are being launched,” the Minister said in his reply to the lower house.
- He added that the government is fully cognisant and aware of various cybersecurity threats including cyber terrorism; and has taken various measures to enhance the cybersecurity posture and prevent cyberattacks.
Panasonic hit in data breach
- Panasonic recently discovered that it had suffered a data breach in which attackers were able to reach one of its file servers and pilfer data.
- The tech firm said its network was breached on Nov. 11, 2021, and “some data” on the sever was exposed to the attackers.
- Still unclear, however, is whether customer or other sensitive data was stolen in the attack.
IKEA email systems targeted in cyberattack
- IKEA has warned its employees of an ongoing cyberattack that uses stolen reply-chain emails to target internal corporate inboxes.
- In an email sent to IKEA employees and published by Bleeping Computer, company officials tell employees the malicious emails contain links with seven digits and instruct recipients to not open them.
- Other IKEA organizations, suppliers, and business partners are also targeted in the same attack, the email states.
- KEA has reportedly disabled the ability for employees to release emails from quarantine, the report states. There is a concern that recipients of malicious emails might see them in quarantine and release them, believing they were filtered by mistake.
Planned parenthood LA data exfiltrated, 400,000 affected
- Planned Parenthood Los Angeles is notifying about 400,000 individuals of an apparent ransomware attack in October that involved exfiltration of files containing sensitive health information, including patients’ diagnoses and medical procedures.
- In a sample data breach letter provided to the California attorney general’s office on Wednesday, PPLA says that on Oct. 17, it identified “suspicious activity” on its computer network.
- PPLA says it immediately took its systems offline, notified law enforcement authorities and engaged a third-party cybersecurity firm to assist.
Suspected Chinese hackers breach more US defense and tech firms
- A suspected Chinese hacking campaign has breached four more US defense and technology companies in the last month, and hundreds more US organizations are running the type of vulnerable software that the attackers have exploited, according to research shared with CNN.
- The apparent espionage activity, which the National Security Agency helped investigate when it emerged in recent months, is more extensive than previously known and has seen the hackers steal passwords from targeted organizations with a goal of intercepting sensitive communications.
- The cybersecurity researchers in November publicly confirmed just one victimized US organization, CNN reported then, but they now say the number is at least five and could continue to grow.
Former Ubiquiti Dev arrested for orchestrating data breach, trying to extort $2M
- The DOJ says Nickolas Sharp stole data, demanded a $2 million ransom, and pretended to be a whistleblower in communications with reporters.
- The DOJ accuses Sharp of “secretly stealing gigabytes of confidential files from a New York-based technology company where he was employed…and then, while purportedly working to remediate the security breach, extorting the company for nearly $2 million for the return of the files and the identification of a remaining purported vulnerability.”
- BleepingComputer reports that Sharp was employed by Ubiquiti, a networking equipment provider that disclosed a data breach in January.
- Brian Krebs of KrebsOnSecurity reported in March that an anonymous whistleblower claimed the Ubiquiti breach was “catastrophic” and that the company was covering up the full extent of the incident to protect its share price.
WEEK OF NOVEMBER 29, 2021
Cyber attacks on the UK hit new record – with COVID vaccine research prime target
- A review by the National Cyber Security Centre, part of GCHQ, found that a number of the incidents were linked to hostile states, including Russia and China.
- This included a global hacking campaign, blamed on Russia’s foreign intelligence service, which impacted the US government most significantly.
- Britain’s cyber security agency had to tackle a record 777 cyber incidents over the past year, with coronavirus vaccine research a prime target for attack.
- The total number of incidents the NCSC had to respond to over the past 12 months was up from 723 the previous year.
Panel on data protection bats for individual privacy
- Strongly advocating the need to protect the privacy of individuals, the Joint Parliamentary Committee on Personal Data Protection Bill has asked the Centre to take “concrete steps ” to ensure a mirror copy of sensitive and critical personal data in possession of foreign entities be mandatorily brought to India.
- The committee has asked the Centre to consider an individual’s ‘right to be forgotten’ by clarifying the responsibilities of data fiduciaries but noted this may depend on available technology and practicability of such applications.
- The panel has held it may not always be easy to distinguish between “non personal” and “personal” data and the proposed authority must consider both within its ambit.
Wind turbine giant Vestas says data was compromised in security incident
- One of the world’s largest wind turbine manufacturers, Vestas Wind Systems, says it’s contending with a cyberattack that forced the firm shut down some of its IT systems.
- The Danish company said Monday that it’s investigating the security incident, discovered Nov. 19, and mitigating the impact.
- Vestas has “together with external partners worked around the clock to contain the situation and re-establish the integrity of its IT systems,” it said in a statement. “The company’s preliminary findings indicate that the incident has impacted parts of Vestas’ internal IT infrastructure and that data has been compromised.”
- Vestas, long considered an industry leader with a reported $34 billion in market value, watched a dip in stock value as word of the apparent breach spread.
GoDaddy data breach exposes over 1 million WordPress customers’ data
- Web hosting giant GoDaddy on Monday disclosed a data breach that resulted in the unauthorized access of data belonging to a total of 1.2 million active and inactive customers, making it the third security incident to come to light since 2018.
- In a filing with the U.S. Securities and Exchange Commission (SEC), the world’s largest domain registrar said that a malicious third-party managed to gain access to its Managed WordPress hosting environment on September 6 with the help of a compromised password, using it to obtain sensitive information pertaining to its customers.
- The Arizona-based company claims over 20 million customers, with more than 82 million domain names registered using its services.
- GoDaddy said it’s in the process of issuing and installing new certificates for the impacted customers. As a precautionary measure, the company also stated it has reset the affected passwords and it’s bolstering its provisioning system with added security protections.
US education software company exposed personal data of 1.2M students
- SmarterSelect, a U.S.-based company that provides software for managing the application process for scholarships, exposed the personal data of thousands of applicants because of a misconfigured Google Cloud Storage bucket.
- The data spill, discovered by cybersecurity company UpGuard, contained 1.5 terabytes of data collected by a number of programs that offer financial support to students.
- The data included documents such as academic transcripts, resumes and invoices for approximately 1.2 million applications to funding programs, dated from November 2020 to September 21, 2021.
Maritime giant Swire Pacific Offshore suffers data breach following cyber-attack
- The maritime organization, which is headquartered in Singapore, said in a press release that it had suffered “unauthorized access to its IT systems”.
- It reads: “The unauthorized access has resulted in the loss of some confidential proprietary commercial information and has resulted in the loss of some personal data.”
- While the company did not share any details about the cyber-attack, it did note that the incident was reported to the relevant authorities, presumably Singapore’s Personal Data Protection Committee (PDPC).
- SPO also said it has taken measures to “reinforce” existing security protocols and mitigate further attacks. It also reported that none of its global operations were affected.
WEEK OF NOVEMBER 22, 2021
More than 500,000 Utahns’ sensitive information possibly hacked
- Utah Imaging Associates, Inc. (UIA), a Farmington-based radiology medical practice, learned that a hacker gained access to sensitive personal information of former and current patients.
- A hacker may have gained unauthorized access to personal information of UIA’s patients.
- Under privacy laws, the U.S. Department of Health and Human Services’ Office of Civil Rights must post any breach of health information affecting more than 500 people. According to their website, the Utah breach potentially affected 583,643 Utahns.
Banks ordered to promptly flag cybersecurity incidents under new U.S. rule
- U.S. banking regulators on Thursday finalized a rule that directs banks to report any major cybersecurity incidents to the government within 36 hours of discovery.
- “The financial services industry is a top target, facing tens of thousands of cyberattacks each day,” said Kenneth Bentsen, CEO of the Securities Industry and Financial Markets Association, which organized and led the industry drill.
- The new bank rule stipulates that banks must notify their primary regulator of a significant computer security breach as soon as possible, and no later than 36 hours after discovery.
- Banks also must notify customers as soon as possible of a cybersecurity incident if it results in problems lasting more than four hours.
California Pizza Kitchen warns employees of personnel data breach
- California Pizza Kitchen informed 103,767 current and former employees on Monday (Nov. 15) that personal data the company held, including names and Social Security numbers, may have been accessed by digital intruders during a September cyberattack.
- A draft letter from the company to employees, available on the California attorney general’s website, states that “on or about September 15, 2021, CPK learned of a disruption to certain systems on our computing environment.”
- The letter adds that California Pizza Kitchen secured its environment after discovering the disruption and “with the assistance of leading third-party computer forensic specialists, launched an investigation to determine the nature and scope of the incident.
Costco Confirms: A data skimmer’s been ripping off customers
- Big-box behemoth retailer Costco is offering victims 12 months of credit monitoring, a $1 million insurance reimbursement policy and ID theft recovery services.
- Costco has discovered a payment card skimming device at one of its retail stores and has sent out notification letters informing customers that their card data may have been ripped off if they shopped there recently.
- Costco workers removed the device, notified the authorities and is working with law enforcement as they investigate the incident.
South Korean apartments’ CCTV intercoms hacked nationwide and footage of their personal lives were sold on the dark web
- Not only was footage of regular home lives revealed, but provocative video content was leaked too.
- A hacker had revealed that he was in possession of multiple videos and was selling the videos in bulk for 0.1 bitcoin per day of footage. 0.1 bitcoin according to standards of November 15, 2021, would be worth around ₩8.00 million KRW (about $6,780 USD).
- Korean apartments mostly have a smart intercom system which allows them to video through CCTV who was at their door. The hacker gained access to almost all the apartments with such devices in South Korea.
- The government is working on the issue to revise home technology and network security. Such measures will include password authentication and more. Unfortunately, little can be done about the already leaked footage.
Cybercriminals increasingly employ crypto-mixers to launder stolen profits
- Crypto-mixer services are set to grow as ransomware and other cybercriminal enterprises increasingly lean into cryptocurrency, new research shows.
- Cryptocurrency mixing — a technique that uses pools of cryptocurrency to complicate the tracking of electronic transactions — has become a common service used by cybercriminals and is expected to become even more popular as governments regulate cryptocurrency exchanges in the future, researchers say.
- Threat intelligence firm Intel 471 warned in a new report that crypto-mixers have professional-looking sites, offer services in English and often Russian, and handle individual transactions up to hundreds of thousands, or even hundreds of millions, of dollars. One service processed more than 54 bitcoins, or about $3.4 million, in less than two months.
- In addition, crypto-mixing providers have started partnering with ransomware-as-a-service (RaaS) gangs to split fees for any group that offers mixing as part of their ransomware service, suggesting the service will only become more popular.
WEEK OF NOVEMBER 15, 2021
China proposes new guidelines on foreign data transfers; Many more companies would face national security reviews
- A new set of draft rules proposed by the Cyberspace Administration of China (CAC) would greatly expand national security screening of data being transferred to foreign countries.
- If the rules are approved at the end of November, a broad range of Chinese companies will be subject to screening of data transfers that involve personal information or pertain to critical infrastructure.
- The draft rules call for additional screening of data transfers if companies process the personal data of more than 100,000 people, if the data contains something particularly sensitive (such as fingerprints) and totals more than 10,000 people, or if the company operates critical information infrastructure.
HPE says hackers breached Aruba Central using stolen access key
- HPE has disclosed that data repositories for their Aruba Central network monitoring platform were compromised, allowing a threat actor to access collected data about monitored devices and their locations.
- HPE disclosed that a threat actor obtained an “access key” that allowed them to view customer data stored in the Aruba Central environment. The threat actor had access for 18 days between October 9th, 2021, and October 27th, when HPE revoked the key.
- The exposed repositories contained two datasets, one for network analytics and the other for Aruba Central’s ‘Contract Tracing’ feature.
BlackMatter ransomware gang, responsible for olympus attack, announces it is shutting down
- The BlackMatter ransomware gang rose to prominence in the criminal underworld this summer after competitors such as DarkSide and REvil fell by the wayside. The upstart group now appears to have suffered the same fate, according to malware researcher VX-Underground.
- The group posted a message on its ransomware-as-a-service (RaaS) portal last week indicating it was going out of business due to “pressure from the authorities.”
- The gang said that within 48 hours (over the weekend) the entire ransomware infrastructure would be disabled, and appeared to give its affiliates a window in which to obtain a decryptor key.
- This comes in the form of a mandatory pop-up, the text of which is dictated by Apple, that users must be presented with when apps are downloaded or when an already installed app is updated. If the user chooses to opt out, the app publisher must deliver the same level of service minus the targeted advertising.
Rollout of Facebook metaverse plans greeted with privacy concerns
- Given the track record of Facebook, there are valid reasons to have serious privacy concerns about the company’s new focus on virtual reality.
- The announcement of the Facebook metaverse has thus far been met with at least as much suspicion and hesitancy as it has enthusiasm, as the public wonders what (if anything) the social media giant plans to do differently this time.
- CEO Mark Zuckerberg looks to be trying to get out ahead of these concerns, promising multiple layers of privacy protection as the company pivots with its Meta rebrand.
- This accompanies an advertising blitz by Facebook, including television commercials, that proposes changes to the federal regulation that legally separates publishing platforms from content creators.
Hackers apologize to Arab Royal families for leaking their data
- Among the data Conti leaked, there were sensitive files belonging to celebrities like David Beckham, Oprah Winfrey, and Donald Trump, according to The Daily Mail.
- There was also, according to the hackers themselves, information belonging to the UAE, Qatar, and Saudi royal families.
- “We found that our sample data was not properly reviewed before being uploaded to the blog,” the hackers wrote in an announcement published on Thursday. “Conti guarantees that any information pertaining to members of Saudi Arabia, UAE, and Qatar families will be deleted without any exposure and review.”
- “Our Team apologizes to His Royal Highness Prince Mohammed bin Salman and any other members of the Royal Families whose names were mentioned in the publication for any inconvenience,” the hackers added.
WEEK OF NOVEMBER 08, 2021
US government blacklists four companies due to national security concerns
- The U.S. Government has added four foreign companies to the Entity List for engaging in activities contrary to the national security or foreign policy interests of the United States.
- The four entities are Candiru, NSO Group, Computer Security Initiative Consultancy PTE (COSEINC) and Positive Technologies.
- The U.S. government is not taking action against countries or governments where these entities are located. This effort aims to improve citizens’ digital security, combat cyber threats, and mitigate unlawful surveillance, the Department of State says.
Las Vegas Cancer Center notifies patients of ransomware attack
- The Las Vegas Cancer Center is notifying patients of a ransomware attack that may have given hackers access to patients’ personal information.
- Attorney Bridget Kelly said approximately 3,000 customers of the business, located at 2904 W. Horizon Ridge Parkway in Henderson, are receiving notifications.
- The breach means hackers could have access to patient names, their dates of birth, Social Security numbers, medical records and insurance information.
Operation to restore NBP’s system underway after cyberattack
- Bank says despite the cyberattack, one thousand branches of the bank have been rendering services as usual.
- “One thousand branches of the bank have processed 800,000 transactions worth Rs 286 billion,” the statement said, adding that 200,000 customers of the bank have withdrawn Rs5 billion through ATMs machines.
- The bank further said in the statement that the restoration work of the remaining branches will be completed this week.
Amazon spoofed in new attack
- Impersonation attack uses legitimate Amazon links to steal financial credentials from end-users
- The perpetrators of the attack use legitimate Amazon links to force the end-user to make a phone call and give out their financial details.
- Victims receive what looks like a typical Amazon order confirmation email containing links that all direct the user to the legitimate Amazon site.
- Details gathered under the scam could be used by the attackers to carry out other criminal activity.
Ransomware attack on lab in Florida
- A ransomware attack on a laboratory based in Florida has exposed the personal health information (PHI) of more than 30,000 patients.
- An examination of the activity revealed that attackers had used ransomware to encrypt files across the healthcare provider’s network, making their contents inaccessible.
- The lab hired a third-party cybersecurity firm to investigate the attack and assist with remediation.
Medical school exposes personal data of thousands of students
- A US medical training school exposed the personally identifiable information (PII) of thousands of students.
- The server, which did not have authentication controls in place and was, therefore, accessible by anyone to view, contained 157GB of data, or just under an estimated 200,000 files.
- According to vpnMentor, the records contained within were backed up from September 2020, but some were created before this time.
- The unsecured Amazon S3 bucket contained a variety of PII including ID card and driver license copies, as well as CVs, revealing names, dates of birth, genders, photos of students, home addresses, phone numbers, email addresses, and both professional and educational summaries.
WEEK OF NOVEMBER 01, 2021
Tesco blames cyberattack for day-long website outage
- Although the Tesco.com website is live and responsive, any attempt to place orders, or even look at goods to purchase, is met with an error message.
- The problems are not only affecting the website, but the Tesco app.
- However, more than 24 hours later, the website is still struggling, causing angst among Tesco customers who are seemingly unable to place new orders or even amend existing orders.
- Tesco’s social media team has been inviting customers to send direct messages (DMs) if they wish to cancel or amend orders, but it seems the social media team is struggling to keep up with the volume of correspondence.
Luxury hotel chain in Thailand reports data breach
- Cyberattackers claimed to have stolen the passport details and other personal information from visitors who stayed at Centara Hotels & Resorts.
- Thirayuth Chirathivat, CEO of Centara Hotels & Resorts, said in a statement that on October 14, they were “made aware” of a cyberattack on the hotel chain’s network.
- An investigation confirmed that cyberattackers had in fact breached their system and accessed the data of some customers. The data accessed includes names, booking information, phone numbers, email addresses, home addresses and photos of IDs.
Hacker accessed medical info of thousands in email breach at UMass Memorial Health
- Thousands of patients at UMass Memorial Health have been notified of a data breach involving the health system’s email system.
- Some of the emails accessed by hackers included patient information, such as Social Security numbers and medical-related data.
- The breach affected more than 209,048 individuals, according to the U.S. Department of Health and Human Services, which documents such incidents.
- UMass Memorial Health, in an Oct. 15 notice to patients, said an unauthorized person accessed the accounts between June 2020 and January 2021.
SolarWinds hackers continue to hit technology companies, says Microsoft
- Russia-linked group has stepped up attacks, cybersecurity experts say
- The Russia-linked hackers behind last year’s compromise of a wide swath of the U.S. government and scores of private companies, including SolarWinds Corp., have stepped up their attacks in recent months, breaking into technology companies in an effort to steal sensitive information, cybersecurity experts said.
- In a campaign that dates back to May of this year, the hackers have targeted more than 140 technology companies including those that manage or resell cloud-computing services, according to new research from Microsoft Corp.
- The attack, which was successful with as many as 14 of these technology companies, involved unsophisticated techniques like phishing or simply guessing user passwords in hopes of gaining access to systems, Microsoft said.
Italian celebs’ data exposed in ransomware attack on SIAE
- The Italian data protection authority Garante per la Protezione dei Dati Personali (GPDP) has announced an investigation into a data breach of the country’s copyright protection agency.
- BleepingComputer has found a listing on the extortion portal of the Everest ransomware gang, where the actors claimed to have breached SIAE and have leaked 60 GB of stolen data.
- The data leaked by the Everest gang includes national ID and driver’s license scans and documents relevant to contract agreements between SIAE and its members.
Australian Online Privacy Bill to make social media age verification mandatory for tech giants, Reddit, Zoom, gaming platforms
- A new Bill targeting social media platforms wants stronger penalties for user privacy breaches that could see companies fined 10% of their annual turnover.
- “The goal of the Bill is to enhance privacy protections, particularly in the online sphere, without unduly impeding innovation within the digital economy,” the federal government wrote in the Bill’s explanatory paper.
- Under current legislation, the federal government can only make two kinds of binding privacy codes, which are the Australian Privacy Principle code (APP) and a credit reporting code.
- The Bill is seeking to expand the Privacy Act to allow government to create a third code specifically for regulating three classes of organisations: Social media platforms, data brokers, and large online platforms.