Last week, breaches and cyberattacks occurred across several industries from electronics, to insurance to criminal courts. Devastating consequences of past cyberattacks on organisations have also been reported - with 4 million more 23andMe user records being leaked. Furthermore, an advisory from CISA to patch the latest vulnerability has been issued. It is highly recommended to not only be aware of the flaw but to also update them as soon as possible.
Read on to receive a quick summary of what happened this week in the space of cybersecurity. Hacker has now leaked 4 million more 23andMe user records. The hacker, Golem, has published a new 23andMe dataset which contains records of 4 million users on BreachForum, a cybercrime forum. TechCrunch has found that some of the newly leaked stolen data matches the known and public 23andMe user and genetic information. Golem claimed this dataset contains information on people from Great Britain as well as data from “the wealthiest people living in the U.S and Western Europe”. Casio’s data breach impacts customers from 149 countries. Casio, a Japanese electronic manufacturer, disclosed a data breach that impacts customers from 149 countries. Casio detected the incident on 11 October following the failure of a ClassPad database within the company’s development environment. On 12 October, there was evidence that suggests that the cybercriminals have accessed their customers’ personal information. The exposed personal information includes their names, email addresses, countries of residence, service usage details, and purchase information such as payment methods, order specifics, and licence codes. Casio emphasised that no credit card information was stored in the compromised database. In total, it was found that the cybercriminals accessed 91,921 items belonging to Japanese customers (this includes individuals and 1,108 educational institutional customers), and 35,049 records of customers from 148 countries outside of Japan. D-Link confirms data breach: Compromised information found for sale on a dark web forum. D-Link, a Taiwanese networking equipment manufacturer, confirmed a data breach after stolen information from their network was found for sale on BreachForums earlier this month. The attacker claims to have stolen source code for D-Link’s D-View network management software, as well as millions of entries that contains the personal information of customers and employees, this includes details on the company’s CEO. The stolen personal information includes names, emails, addresses, phone numbers, account registration dates, and users’ last sign-in dates. The data has been available for purchase on the hacking forum since 1st October, and the attackers demand $500 for the stolen information. However, D-Link has stated that from their investigation, the compromised system contains roughly 700 records that are outdated and fragmented, and has been inactive for at least 7 years. D-Link stated that this breach occurred due to an employee falling for a phishing attack, which granted the attacker access to the company’s network. In response to the breach, D-Link shut down all potentially impacted servers and disabled all but 2 user accounts used during the investigation. Henry Schein discloses data breach. Henry Schein, an American distributor of health care products and services, disclosed that part of their manufacturing and distribution business has been data breached. In response, the company took certain systems offline and is working to resolve the issue. They are working with 3rd party experts to investigate the impact of data breach on data and to respond to the breach. Furthermore, relevant law enforcement authorities were notified. The International Criminal Court breached for espionage purposes. The International Criminal Court has disclosed that the 19 September cyberattack was a targeted operation for espionage purposes. However, in the statement ICC did add that current evidence is insufficient to attribute the attack, but the Dutch law enforcement is currently running the criminal investigation. The impact of the attack remains unclear, and no evidence so far points that the Court’s data has been compromised. The ICC says that they have taken measures to address any compromise to data belonging to individuals, organisations, and States. ICC is reinforcing their risk management framework and preparing for potential repercussions from the cyberattack, such as security risks to victims and witnesses. Steps for improving digital security have also been accelerated. Over 40,000 Cisco IOS XE devices have been compromised after hackers exploited a vulnerability. More than 40,000 Cisco devices that run the IOS XE operating system have been compromised after hackers exploited a recently disclosed maximum severity vulnerability (tracked as CVE-2023-20198). As of now, there is no patch or workaround available, and the only recommendation is for customers to “disable the HTTP Server feature on all internet-facing systems” to secure the devices. Threat actors via this vulnerability, create a high-privilege account on affected hosts and take full control of the device. Based on Cisco’s analysis, the threat actor collects details about the device and carries out preliminary reconnaissance activity. The threat actors also clear logs and remove users to perhaps hide their activity. Update: As of 22 October, the number of Cisco IOS XE devices hacked with a malicious backdoor malware has decreased from over 50,000 impacted devices to only a few hundred (100-1,200), with researchers unsure what caused the sharp decline. It was hypothesised that this could be because threat actors behind the attacks are deploying an update to hide their presence, thus causing the implants to no longer be seen on scans. Kansas courts IT systems still offline after “security incident”. Information systems of state courts across Kansas are still offline as of 16 October after it was disrupted after a “security incident”. Multiple systems crucial to daily court operations across the state have been impacted, this includes the Kansas Courts’ eFiling system used by attorneys to submit case documents, the electronic payments system (includes credit card transactions and electronic checks), and the case management systems employed by district and appellate courts for case processing. In response, the state’s Supreme Court issued an administrative order on 16 October to confirm that the clerk offices in appellate courts and most district courts are offline. Despite this issue, courts remain operational. However, clerks are currently unable to accept electronic filings or payments, but they do accept pape4r filings and filings by fax. American Family Insurance confirms cyberattack is behind IT outages. American Family Insurance, an insurance giant, has confirmed they suffered a cyberattack and had to shut down some of their IT systems to prevent the spread of the cyberattack. This comes after customers reported website outages all week. Since the past weekend, American Family Insurance has suffered IT outages that impact their phone service, building connectivity, and online services. Customers have reported being unable to pay bills or file claims online, and were only met with messages that state that their online site is down and to contact them via phone instead. CISA, FBI urge administrators to patch Atlassian Confluence immediately. CISA, FBI and MS-ISAC warned network administrators to immediately patch their Atlassian Confluence servers against a maximum severity vulnerability (tracked as CVE-2023-22515) that is exploited in attacks. This flaw affects Confluence Data Center and Server 8.o.o and later, and is remotely exploitable in low-complexity attacks that don’t require user interaction. Atlassian highly advised customers to upgrade their Confluence instances as soon as possible, after they release security updates to fix this vulnerability. Those who can’t upgrade were encouraged to shut down impacted instances or isolate them from Internet access. Administrators were also highly advised to check for indicators of compromise - this includes new or suspicious admin user accounts. That is all! Enjoy the rest of the week and don't forget to update your devices and systems to the latest patches! Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|