Last week, breaches and cyberattacks occurred across several industries from the financial, healthcare, battery manufacturing, water utility to the public sector. Devastating consequences have been uncovered from earlier data breaches and attacks, such as over 2.4 million Integris customers’ personal information being compromised. Additionally, it was found that 200,000 Facebook Marketplace users’ records were leaked on a hacker forum, and that a new Android and iOS malware tricks victims into scanning their face and ID documents. Furthermore, new vulnerabilities and patches have also been found and released. It is highly recommended to not only be aware of them but to also update them as soon as possible. Read on to receive a quick summary of what happened this week in the space of cybersecurity. Bank of America warns customers of data breach that exposes their personal information after a vendor is hacked.
Bank of America is warning customers of a data breach that exposes their personally identifiable information (PII) after one of their service providers, Infosys McCamish Systems (IMS) was hacked. According to details shared with the Attorney General of Texas, exposed customers’ PII includes their names, addresses, birthdate, social security numbers, and financial information such as credit and account card numbers. While Bank of America has yet to disclose how many customers were impacted by the data breach, an IMS breach notification letter filed with the Attorney General of Maine on behalf of Bank of America revealed that a total of 57,028 people were directly impacted. The letter details that Bank of America data that were compromised were data from deferred compensation plans. US Department of Defense notifies 20,600 individuals of data breach after cloud email server was leaked. The US Department of Defense is sending breach notification letters to over 20,600 individuals that their personal information was compromised in an email data spill last year. According to the letter, the Defense Intelligence Agency stated that numerous email messages were exposed to the Internet by a service provider between 3 - 20 February 2023. This breach is related to an unsecured US government cloud email server hosted on Microsoft’s cloud that was accessible from the internet without a password which spilled sensitive emails to the open internet. This means that anyone with a public IP address of the exposed cloud email server could assess the sensitive but unclassified emails by only using a web browser. DOD spokesperson stated that the affected server was identified and removed from public access on 20 February 2023, and the vendor has resolved the issues that resulted in the exposure. In the letter, it was also noted that the department has worked with Microsoft to understand how this data breach occurred and to put in place precautionary measures to prevent this from happening again. DOD stated that this incident involved multiple department organisations, and have obtained an Identity Protection Services contract for the affected individuals. Integris Health reported that the November data breach exposed almost 2.4 million people's personal information. Integris Health has reported to the US authorities that the November 2023 data breach has 2,385,646 people’s personal information exposed. In a notification Integris published last week the compromised patient data includes patients’ full name, birthdate, contact information, demographic information and social security number. However, it was clarified that the stolen data did not involve employment information, account credentials, financial information or driver licences. The threat actor has told BleepingComputer that they are selling the stolen data on a dark web marketplace for 2.3 million Integris patients (based on the number of social security numbers). Integris Health stated that all affected patients will receive individual notifications, and recipients need to remain vigilant and report any scams, theft or fraud attempts. Southern Water announced a major data breach potentially impacting hundreds of thousands of their customers. Southern Water, a water utility company in the South East of England, announced that it had suffered a major data breach that could impact between 235,000 - 470,000 of their customers. The breach occurred in January, and hackers accessed sensitive customer data during the attack. The company disclosed that 5-10% of their customer base might have had their personal data compromised. The stolen data includes customers’ birth dates, national insurance numbers, bank account details, and reference numbers as reported by BBC News. However, Southern Water has yet to confirm the specifics of the compromised data. The cyberattack has been claimed by the BlackBasta ransomware group, and they listed Southern Water on their dark web leak site. The ransomware group has threatened to release 750GB of sensitive corporate and customer data unless a ransom was paid. Their post also included screenshots of stolen documents, such as employee passports and identity cards. Southern Water stated that they are collaborating with cybersecurity experts to monitor the dark web for any signs of the stolen data being published. The company has reported this incident to the UK’s Information Commissioner’s Office, and they are continuing to investigate the impact of the breach, and are working on measures to prevent such attacks from occurring again. 100 Romanian hospitals forced to go offline after a ransomware attack. 100 Romanian hospitals took their systems offline after a ransomware attack hit their healthcare management system, the Hipocrate Information System (HIS), and their database was encrypted. 25 hospitals confirmed that their data was encrypted, and 75 other healthcare facilities using HIS took their systems offline as a precautionary measure. This attack affected various Romanian hospitals, including regional and cancer treatment centres. Most of the affected hospitals have backups of data that is relatively recent (1/2/3 days ago) except one whose data was saved 12 days ago. Since the systems were taken offline or shut down, doctors had to return to writing prescriptions and keeping records on paper. The incident is currently under investigation, and possibilities for recovery are being assessed. As of now, it is not known if patients’ personal or medical data has been stolen. 200,000 Facebook Marketplace users’ personal information leaked on a hacker forum. A threat actor, IntelBroker, leaked 200,000 Facebook Marketplace users’ records on a hacker forum. They claimed that the leaked database contained a wide variety of personally identifiable information which includes names, phone numbers, email addresses, Facebook IDs, and Facebook profile information. BleepingComputer has verified some of the leaked information by matching the email addresses and phone numbers on random records within the sample data shared by IntelBroker. This is particularly alarming as these personal information can be used for phishing attacks, and even SIM swap attacks. Health NZ is starting to notify around 12,000 individuals impacted by the data breach. Health New Zealand is starting to notify around 12,000 individuals who were impacted by an alleged unauthorised data release by a former employee. Health NZ chief executive, Margie Apa stated that the first group being contacted is a large number of COVID-19 vaccinators who had their personal information made available in a downloadable file on a blog. Upon discovery, Health NZ requested for the information to be removed, which was later taken down. Apa stated that Health NZ is pursuing legal avenues to have the data removed in accordance with the orders by the Employment Relations Authority. The company is continuing to work with the relevant authorities, and have local and international cybersecurity experts to work with them to assist and monitor signs of the data being disclosed online. Furthermore, Apa stated that they are strengthening their security measures and internal controls to prevent similar incidents from happening. Prudential Financial disclosed February cyberattack in SEC filing. Prudential Financial reported in a SEC filing that an unspecified threat actor accessed company administrative and user data, as well as a small percentage of user accounts associated with employees and contractors. In the filing, the company reported that they detected the breach on 5 February, and that the hacker gained access to their systems the day before. The company also reported that there is no evidence that the hacker took customer or client data. Prudential has reported the breach to all relevant authorities, and an investigation is ongoing to determine the full scope and impact of the breach. Varta, a German battery maker, had to stop production after a cyberattack. Varta announced on 13 February that they had suffered a cyberattack, whereby hackers targeted parts of their IT infrastructure, which caused them to shut down their IT system for security reasons. This caused severe disruption in 5 production units, and production had to stop at their plants. The scope and impact of the attack is currently under investigation and has yet to be determined. The company stated that they implemented the measures in its emergency plan and formed a task force that consists of cybersecurity experts and data forensics specialists, who will aid in system restoration. New ‘Gold Pickaxe’ Android, iOS malware trick victims into scanning their face and ID documents. Group-IB has found a new iOS and Android malware ‘GoldPickaxe’ employs a social engineering scheme to trick victims into scanning their faces and ID documents. It is believed that these are then used to generate deepfakes for unauthorised banking access. Group-IB analysts observed that the attacks primarily targeted the Asia-Pacific region, mainly Thailand and Vietnam. Victims are approached via phishing or smishing messages on the LINE app that are written in their local language, and these messages tend to impersonate government authorities or services. The messages tend to trick the victims into installing fraudulent apps, such as fake ‘Digital Pension’ apps hosted on websites that impersonate Google Play. For iOS users, the threat actors initially direct victims to a TestFlight URL to install the malicious app. However, when Apple removed the app, they switched to luring victims into downloading a malicious Mobile Device Management (MDM) profile that allows threat actors to take control of their device. Once the malware has been installed, it manipulates functions in the background, captures the victim’s face, intercepts incoming SMS, requests ID documents, and even proxy network traffic through the infected device. CISA: Roundcube email server is being actively exploited in cross-site scripting attacks. CISA warns that a Roundcube email server vulnerability patched in September is now actively exploited in cross-site scripting (XXS) attacks. The flaw (tracked as CVE-2023-43770) is a persistent XSS bug that allows attackers access restricted information via maliciously crafted links in low-complexity attacks. The vulnerability impacts Roundcube email servers running versions newer than 1.4.14, 1.5.x before 1.5.4, and 1.6x before 1.6.3. It is highly recommended to update all productive installations of Roundcube 1.6x with the new version. CISA has ordered US Federal Civilian Executive Branch (FCEB) agencies to secure Roundcube webmail servers against this flaw within 3 weeks (by 3 March). Microsoft’s Patch Tuesday for February 2024 fixes 2 zero-days and 73 flaws. Microsoft’s February 2024 Patch Tuesday includes security updates for 2 actively exploited zero-days (tracked as CVE-2024-21351 and CVE-2024-21412) and 73 flaws. This patch fixes 5 critical vulnerabilities which includes denial of service, remote code execution, information disclosure and elevation of privileges vulnerabilities. The total count of 73 flaws does not include 6 Microsoft Edge flaws fixed on 8 February and 1 Mariner flaw. To view the full report to access the full description of each vulnerability, click here. That is all! Enjoy the rest of the week and don't forget to update your devices and systems to the latest patches! Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|