Last week, breaches and cyberattacks occurred across several industries from the streaming, fast food, ICT, financial to the public sector. Devastating consequences have been uncovered from earlier data breaches and attacks, such as Nissan confirming that 100,000 people’s data has been breached and Stanford University confirming that 27,000 individual’s personal information has been compromised during a breach. Furthermore, new vulnerabilities have been found and patches have also been found and released. It is highly recommended to not only be aware of them but to also update them as soon as possible. Read on to receive a quick summary of what happened this week in the space of cybersecurity. French Employment Agency data breach exposes up to 43 million people’s data. France’s Employment Agency suffered a data breach that could potentially expose up to 43 million users’ data, and this affected users who registered over the past 20 years. French Travail, the French national employment agency, announced on 13 March 2024 that their IT systems and those of Cap Emploi, a government employment service, were breached. The exposed personal data includes names, birth dates, social security numbers, user IDs, email addresses, postal addresses, and phone numbers of France Travail and Cap Emploi users. Through a statement, the agency confirmed that login credentials, passwords and bank details were not compromised. Although this breach does not affect allowance payments, and users can still connect to their account, it is highly advised to be vigilant against any phishing attacks such as messages that pretend to be from their services, and identity theft. France Travail has notified relevant authorities, and investigations have started to determine whether sufficient data security measures were put in place in compliance with the EU’s GDPR. It was indicated that the malicious actor had gained unauthorised access to Cap Emploi’s systems around 6 February and French Travail that the threat actor impersonated a Cap Emploi civil service officer to do so. The agency started to notice suspicious activity in their IT systems a few days later. More than 15,000 Roku customers’ accounts were sold for as little as 50¢ each to make illegal purchases. Roku has disclosed a data breach whereby 15,363 customers accounts have been hacked in a credential stuffing attack. This has led to the hacked accounts being sold for as little as 50¢, which allows the purchasers to make fraudulent purchases of hardware and streaming subscriptions. Roku stated that once an account was breached, it allowed threat actors to change the account’s information which includes passwords, email addresses and shipping addresses. This allows threat actors to use stored credit card information without the account holder receiving order confirmation emails. Roku stated that they have secured the impacted accounts and forced a password reset upon detecting the incident. Furthermore, Roku’s security team said that any unauthorised purchases will be cancelled and will be refunded. Legitimate account holders who are impacted must visit “my.roku.com” and click on ‘Forgot password?’ to get a reset link. The International Monetary Fund (IMF) suffers a cyberattack: Email accounts breached. The IMF has disclosed that they have suffered a cyber incident which was detected on 16 February 2024 and it was determined that 11 IMF email accounts were compromised. The impacted email accounts have been re-secured, and so far they found no evidence of attackers gaining access to other systems or resources outside of the breached email accounts. Investigations into this breach are still ongoing. Due to security reasons, IMF no further details were disclosed. McDonald’s stated that the global outage was caused by a 3rd party service provider’s configuration change. McDonald’s blamed a 3rd party service provider’s configuration change for the global outage that forced many of their fast-food restaurants to close. According to a statement shared by the company’s Chief Information Officer Brian Rice, the global technology system outage began around midnight CDT on Friday. Rice stated that many markets are back online, and the rest are in the process of coming back online. Rice emphasised that the outage was not directly caused by a “cybersecurity event” rather it was caused by a configuration change. In a separate message sent to employees via the company’s OTP portal, McDonald’s stated that the issue is being resolved and that all impacted stores and systems are returning online. The massive IT outage impacted restaurants worldwide - such as in the US, the UK, Japan, Australia, Canada, the Netherlands, Italy, and New Zealand. Employees has shared on social media that they could not take orders, open cash registers, or process payments because POS systems were down. Acer confirms Philippines employees’ data has been leaked. Acer Philippines confirmed that employee data has been stolen during a cyberattack on their 3rd party vendor after a threat actor leaked the data on a hacking forum. On 12 March, a threat actor - ph1ns published a link to download a stolen database that contains Acer employee data on a hacking forum. The attacker told BleepingComputer that no ransomware or encryption was involved and that it was a pure data theft attack. They further confirmed that they were not attempting to extort the company, but they provided evidence that they wiped the data on the breached servers before they lost access. Acer Philippines emphasised that no customer data has been affected, and that their systems remained uncompromised. Acer has also notified relevant authorities, and an investigation of the breach is underway. Nissan confirms that 100,000 people's data has been exposed after a ransomware attack. Nissan Oceania is warning that a December 2023 ransomware attack has impacted 100,000 people due to a data breach. Nissan has confirmed that the hackers have stolen data on some current and former employees, and customers of Nissan, Mitsubishi, Renault, Skyline, Infiniti, LDV and RAM dealerships in the region. In an updated statement, Nissan will notify approximately 100,000 individuals of the data breach over the coming weeks on what information of theirs that was exposed, what they can do, and the forms of support available. Based on their estimates, about 10% of the impacted individuals had some form of government identification compromised. It includes approximately 4000 Medicare cards, 7,500 drivers licence, 220 passports, and 1300 tax file numbers. The remaining 90% had other personal information impacted which includes loan-related documents, employment details and birth dates. Unfortunately, Akira (the ransomware group that attacked them) has already leaked the stolen data via their extortion page on the dark web. Nissan will be providing free access to IDCARE, free credit monitoring services through Equifax in Australia and Centrix in New Zealand, and reimbursement for the replacement of compromised government IDs. It is highly recommended to be vigilant against any suspicious activity on their accounts and immediately report any suspicious activity to the authorities. Equilend January 2024 ransomware attack has led to a data breach of employee’s data. Equilend, a Fintech firm, is sending notification letters to their employees to inform them that their personal information has been compromised in a January 2024 ransomware attack. The personal information impacted are names, birthdates, social security numbers, and Equilend payroll information. In the notification letter, Equilend stated that they have found no evidence that any personal information has been used to commit identity theft or fraud. However, Equilend will be providing impacted individuals with complementary identity theft protection services. Stanford University data breach compromised 27,000 individuals’ personal information. Stanford University is starting to send notification letters to 27,000 individuals that their personal information has been stolen in a ransomware attack on Stanford’s Department of Public Safety (DPS). Akira ransomware group claimed responsibility for the attack. In the notification letter, it was stated that the stolen personal information includes individuals’ names, birthdates, social security numbers, passport numbers, driver’s licence numbers, government ID numbers and other information. Although, the type of personal information varies for each individual. For some individuals, other types of information leaked include biometric data, health/medical information, email address with password, username with password, security questions and answers, digital signature, and credit card information with security codes. The university also stated that they have found no evidence of the compromised information being misused. Impacted individuals are offered identity theft protection services including credit monitoring for free. Fortinent released patch for critical RCE vulnerability in endpoint management software. Fortinent has released a patch for a critical RCE vulnerability (tracked as CVE-2024-48788) in its FortiClient Enterprise Management Server (EMS) software. This vulnerability can allow attackers to gain remote code execution on vulnerable servers in low-complexity attacks that do not require user interaction. This vulnerability impacts FortiClient EMS versions 7.0 (7.0 through 7.0.10) and 7.2 (7.2.0 through 7.2.2). Fortinent has not revealed if there is any evidence of this vulnerability being exploited in attacks before patching. Fortinent has also fixed another critical out-of-bounds write weakness (CVE-2023-42789) in the FortiOS and FortiProxy captive portal that could let unauthorized users to remotely execute unauthorised code or commands. 2 other high–severity flaws (tracked as CVE-2023-36554 and CVE-2023-47534) has also been patched this week, which allows attackers to execute arbitrary commands or code on vulnerable systems. That is all! Enjoy the rest of the week and don't forget to update your devices and systems to the latest patches! Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|