Last week, breaches and cyberattacks occurred across several industries from the public sector, IT, automotive non-profits to the healthcare industry. Devastating consequences have been uncovered from earlier data breaches and attacks, with millions of personal and financial data being stolen and exposed. Furthermore, new vulnerabilities were found and the last round of 2023 patches have also been released for Apple, Microsoft, Adobe, Cisco, Android, WordPress and more. It is highly recommended to immediately update them as soon as possible.
Read on to receive a quick summary of what happened this week in the space of cybersecurity. MongoDB suffers from a cyberattack: Customer data was exposed. In an email sent to MongoDB customers, they have confirmed that MongoDB, a database management company, has fallen victim to a security incident which resulted in unauthorised access to certain corporate systems. While investigations are underway, they have confirmed that hackers have accessed customer account metadata and contact information. Although once the breach was detected on 13 December, and they activated their incident response process, they believed that the unauthorised access may have been ongoing for some time before being detected. In the email, the company urged customers to be cautious of any potential social engineering and phishing attacks. MongoDB also assured customers that as of now, there is no indication that the data stored in MongoDB Atlas, a cloud-based database service, has been accessed. In an update on 16 December, MongoDB reported a spike in login attempts, which caused issues for customers attempting to access the MongoDB Atlas and Support Portal. However, the company clarified that this issue is not related to the security incident, and advised affected users to try again in a few minutes. The company highly recommends customers to be vigilant, and activate practices such as MFA and regularly rotating their passwords. UK defence ministry fined US$439,000 for Afghan data breach. The UK’s data protection regulator has fined the Ministry of Defence (MoD) US$439,000 for a series of email data breaches that revealed details of over 265 Afghans who were seeking relocation to Britain after the Taliban took control of Afghanistan. The Information Commissioner’s Office (ICO) stated that the personal information of the affected were leaked due to the department not putting in place operating procedures to ensure group emails were sent securely to the Afghan nationals who had worked for or with the British government. The MoD had sent an email to a distribution list of Afghan nationals eligible for evacuation on 20 September 2021 with all applicants copied, causing the personal information of 245 people to be accidentally disclosed. With MoD's own investigation, they also found 2 similar breaches during the same month, compromising 265 email addresses in total. The ICO added that the data disclosed could have resulted in a threat to life if the data had fallen into Taliban’s hands. The MoD had recognised the severity of the issue, and repeated that apology, adding that they would set out further details on the measures it was implementing to address the ICO’s concerns in due course. U.S. nuclear research lab data breach impacts 45,000 people. The Idaho National Laboratory (INL) confirmed that the attackers stole the information of more than 45,000 individuals after they breached the cloud-based Oracle HCM HR management platform last month. In the breach notification letters filed with the Maine Attorney General’s Office this week, the attackers exfiltrated the data of 45,047 current and former employees (this includes postdocs, graduate fellows, and interns), as well as their dependents and spouses. The breach did not affect employees hired after 1 June 2023. Although the laboratory is still investigating the incident’s full impact, it was revealed that multiple forms of sensitive personally identifiable information (PII) was affected. This includes employees’ names, social security numbers, salary information, and banking details. INL also clarified that the breach did not impact INL’s own network, or other networks or databases used by employees, lab customers or other contractors. Delta Dental of California data breach exposes the information of 7 million patients. Delta Dental of California and its affiliates warn that a data breach has so far impacted 6,928,932 customers’ personal information due to the MOVEit Transfer software breach. According to Delta Dental of California data breach notification, the company suffered unauthorised access by threat actors via the MOVEit file transfer software application. The company learned about the compromise on 1 June 2023, and after an internal investigation, confirmed that unauthorised actors had accessed and stolen data from its systems between 27-30 May 2023. The second, more lengthy investigation found that close to 7 million customers were impacted, and the personal information exposed includes their names, financial account numbers, credit/debit card numbers, and security codes. Delta Dental of California is providing 24 months of free credit monitoring and identity theft protection services to impacted patients. It is highly recommended that customers of Delta Dental of California be cautious with unsolicited communications to avoid falling for phishing attacks. Norton Healthcare ransomware attack may have resulted in 2.5 million patients’ data stolen. Norton Healthcare, which runs 8 hospitals and more than 30 clinics in Kentucky and Indiana, has admitted that threat actors may have stolen 2.5 million patients’ sensitive information during the May ransomware attack. From the data breach disclosure filed with the Main Attorney General’s office, it was found that the attackers have accessed patients’ names, contact information, social security numbers, birth dates, as well as plausibly accessed their drivers’ licence, government ID numbers, financial account information and digital signatures. To add on,the health information, insurance information and medical ID numbers belonging to former patients, employees and employee dependents and beneficiaries are also at risk. In a statement on their website, Norton determined that the threat actors gained access to certain network storage devices between 7-9 May 2023, but did not access Norton Healthcare's medical record system or Norton MyChart. BlackCar ransomware affiliates claimed responsibility for the attack, and listed the healthcare system on their leak site on 25 May. Norton Healthcare stated that measures are being taken to further enhance their network security safeguards. Toyota warns customers of data breach that exposes their personal and financial information. Toyota Financial Services (TFS) warns customers that their personal and financial information has been exposed during a cyberattack that was detected last month in their Europe and Africa division. All data has been leaked on Medusa’s extortion portal on the dark web as it could be that Toyota has not negotiated a ransom payment with the cybercriminals. Earlier this month, Toyota Kreditbank GmbH in Germany was identified as one of the impacted divisions. The following customers’ data compromised includes their full name, residential address, contract information, lease-purchase details, and their International Bank Account Number (IBAN). However, it must be noted that internal investigations are still ongoing, and it could be possible that attackers accessed additional information. Toyota has promised to promptly update affected customers should the internal investigation reveal further data exposure. Close to 1 million non-profit donors’ details were exposed in an unsecured online database of DonorView. Infosec researcher, Jeremiah Fowler, found 948,029 records of personally identifiable information that belongs to donors that sent money to nonprofits were found exposed in an online database. The database is owned and operated by DonorView - a provider of a cloud-based fundraising platform that is used by schools, charities, religious institutions, and groups that focus on charitable or philanthropic goals. The exposed data includes donor names, addresses, phone numbers, emails, payment methods and more. A document seen by Fowler revealed children’s names, medical conditions, names of their attending doctors, and information on whether the child’s image could be used in marketing materials. It was found that in just a single document, more than 70,000 names and contact details were exposed. All of them believed to be donors to nonprofits. Fortunately, within days of Fowler filing a disclosure report, their database was secured. Although the database is now secured, Fowler noted that it could not be determined how long the information was exposed for, nor was it clear if the data had been accessed by unauthorised parties. Americold, a cold storage giant, confirms over 129,000 employees and their dependents' information has been stolen in an April malware attack. In notification letters sent to impacted employees, Americold has confirmed that 129,611 current and former employees, and their dependents, have been affected by the April data breach. The company revealed that the attackers were able to steal some data off their network, and it includes some of their personal information. The personal information stolen includes a combination of names, address, social security numbers, driver’s licence/state ID number, passport number, financial account information (e.g. bank account and credit card numbers), and employment-related health insurance and medical information. Ransomware group claims they have breached Kraft Heinz’s systems. Snatch, a ransomware group, has claimed on their website that they have breached the systems of Kraft Heinz. The post, which was created on 16 August, indicates that the attack occurred months ago. In a statement, the food giant stated they are investigating the claims of a cyberattack, and whether a cyberattack on a decommissioned marketing website is related to Snatch’s claims. They stated that their internal systems are “operating normally” and that they are unable to verify the cybercriminals' allegations as they currently do not see any evidence of the cyberattack. The ransomware group has not published any files as proof of their claims. Review says Northern Island Police data breach is caused by widespread security flaws. In August, the surnames and initials of 9,500 the Police Service of Northern Ireland (PSNI) staff were released by mistake within an Excel spreadsheet following a Freedom of Information (FOI) request. The PSNI and the Policing Board commissioned an independent review of the incident which was carried out by Pete O’Doherty, a temporary commissioner of the City of London Police. The report found that a tab that contained the sensitive information regarding officers and staff had been hidden in a spreadsheet, and was not noticed by 6 staff members before it was released in the FOI. According to the report, the breach “was a consequence of many factors, and fundamentally a result of PSNI not seizing opportunities to better and more proactively secure and protect its data, to identify and prevent risk earlier on, or to do so in an agile and modern way.” The review noted that PSNI was adopting a “light touch approach” to data protection and security, having no strategy in that regard, and that data protection officer (DPO) has no direct reporting responsibility to the most senior level of the organisation, which is a legal requirement. Furthermore, it was also found that the 2018 Data Protection Act had not yet been fully embedded within the force. The review also added that based on the information provided, the data breach was not the result of a credible threat being made against PSNI. Last Patch of 2023: Microsoft, Adobe, Apple, Google, Cisco, WordPress, VMware and Atlassian releases patches for flaws. These are the latest patches that these companies have released, which helps patch numerous vulnerabilities that they have detected. Apple: Although last week, Apple has released the December patches, there are 2 concerning vulnerabilities (tracked as CVE-2023-42916 and CVE-2023-42917) in the WebKit that affect AppleTVs and Watches, plus some older iPhones and iPads. These vulnerabilities can be exploited against versions of iOS before iOS 16.7.1. The released patches address vulnerabilities in older iPhones and iPads, all models of AppleTV HD and AppleTV 4K, and Apple Watch Series 4 and later. Microsoft: Patches for 34 flaws have been released, with just over 30 Window patches never being listed as under attack or publicly known before today. Of these, 4 are rated critical (this includes 3 RCE and 1 spoofing bug) and 29 as important. Adobe: Adobe addressed 212 vulnerabilities in 9 patches that helps further secure Prelude Illustrator, InDesign, Dimension, Experience Manager, Substance3D Stager, Substance3D Sampler, Substance3D After Effects, and Substance3D Designer. None of these are being exploited in the wild. The bulk of the bugs (185 CVEs) are in Experience Manager, and are all important or moderate-rated cross-site scripting bugs. Google: The December security updates for Android fix 85 vulnerabilities. This includes 3 that “may be under limited, targeted exploitation”. These 3 all affect Qualcomm components, and has been announced by Qualcomm back in October that these 3 flaws were under targeted attacks. WordPress: A 9.8/10 rated critical severity vulnerability (tracked as CVE-2023-6553) in a WordPress plugin called Backup Migration, can let attackers gain remote code execution to fully compromise vulnerable websites. A patch (Backup Migration 1.3.8 plugin version) has been released hours after Wordfence reported the critical security flaw. It is highly recommended to secure their websites against this CVE by updating to the latest version. Atlassian: Has pushed updates to fix 5 high-severity rated vulnerabilities. All of these are denial-of-service flaws, and they affect Bamboo, Bitbucket, Jira and Confluence Data Center and Server. Cisco: Published a security advisory about a vulnerability (tracked as CVE-2023-50164) in Apache Struts that may affect a long list of their products containing the software. Although this issue is still being investigated. They highly recommend updating to Struts 2.5.33 or Struts 6.3.0.2 or greater. VMware: Has released a patch that fixes a moderate-rated privilege escalation vulnerability (tracked as CVE-2023-34064) in the VMware Workspace ONE Launcher product. FortiGuard: Has released a patch that fixes a double free vulnerability (tracked as CVE-2023-41678) in FortiOS and FortiPAM HTTPSd daemon. This high-severity bug could allow authenticated attackers to achieve arbitrary code execution via specially crafted commands. That is all! Enjoy the rest of the week and don't forget to update your devices and systems to the latest patches! Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|