Last week, breaches and cyberattacks occurred across several industries from the mortgage, e-commerce, telecommunications to the healthcare industry. Devastating consequences have been uncovered from earlier data breaches and attacks, with millions of individual's personal data compromised, services still remain disrupted, and internal services leaked. Additionally, new phishing campaign and malicious Chrome extensions has been found. Furthermore, new vulnerabilities and patches have also been found and released. It is highly recommended to not only be aware of them but to also update them as soon as possible.
Read on to receive a quick summary of what happened this week in the space of cybersecurity. Mr Cooper, a mortgage lending firm, data breach affects 14.7 million people. Mr Cooper (previously Nationstar Mortgage LLC) one of the largest mortgage lending firms in the U.S, is sending data breach notifications warning that the October data breach has exposed the data of close to 14.7 million customers who have, or previously had, mortgages with the company. The information exposed includes customers’ full names, home address, phone number, social security number, birth date, and bank account number. In the notice sent to impacted customers, the company stated that they immediately took steps to identify and remediate the data breach which includes locking down their systems, changing account passwords, and restoring their systems. The company also notes that they have been monitoring the dark web, and so far have not seen any evidence that the exposed data has been further shared, published or misused. Furthermore, impacted customers are offered a 24-month identity protection service, which the company highly encourages to enrol, and also urges customers to remain vigilant against unsolicited communications. Hong Kong’s privacy watchdog determined 320,000 Carousell users’ data was leaked in a security breach. The Office of the Privacy Commissioner for Personal Data investigation revealed that the 2022 January security breach has led to over 320,000 Hong Kong users’ data being compromised. They found that the data of 2.6 million users of Carousell globally has been leaked, including over 320,000 from Hong Kong. The Office found that Carousell, prior to a system migration in January 2022, did not assess the impact on privacy, had incomplete code review procedures, and lacked effective measures to detect abnormal activities. Hence, the company failed to prevent or detect users’ personal data being stolen, which violates Hong Kong’s personal data protection regulations. The Office since requested Carousell to rectify the situation in writing, and have also provided the investigation report to Singapore’s privacy watchdog, where the company’s headquarters are located. Xfinity 3rd party data breach impacts 35.9 million customers. In a data breach notification to customers published this week, Xfinity stated that they discovered during a routine cybersecurity exercise on 25 October that attackers had access to their systems from 16-19 October. This data breach was through the CitrixBleed vulnerability. Based on their Maine Attorney General Office filing, 35,879,455 customers were impacted by the breach. The information exposed includes customers’ names, contact information, birth dates, usernames, hashed passwords, last 4 digits of their social security number, and/or secret questions and answers. However, the full scope of the impact of the breach is still under investigation. Xfinity spokesperson has stated that as of now, they are not aware of any customer data being leaked nor of any attacks on their customers. The company is recommending customers to reset their passwords, and are also encouraging users to turn on 2-factor authentication. It is also highly encouraged to change similar passwords used on different platforms to prevent credential stuffing attacks. VF Corporation, owner of Vans and Supreme, confirms a cyberattack that encrypted systems and stole customers’ personal data. VF Corporation, owner of apparel brands such as Vans, Supreme and The North Face, has confirmed a cyberattack which the company first detected on 13 December. In a filing with federal regulators, hackers disrupted the company’s operations via the encryption of some of their IT systems, and stole the company’s data which includes personal data. The company still continues to experience operational disruptions, this includes their “ability to fulfil orders”. In their filing, the corporation stated that the retail stores they operate are still open globally, and that consumers can purchase available merchandise inline. However, it is unclear when the orders are expected to ship, and the company’s spokesperson did not say when. As of now, the company has yet to say how they were compromised, and the scope of the impact of the cyberattack. St Vincent’s Health Australia data breach: Unknown amount of data has been stolen. In a statement, St Vincent’s Health Australia said that the attack was first detected on 19 December. Although the hacker did not perform any actions “since early morning..of 20 December”, it was later determined that some data had been stolen. Currently, the hospital is investigating this data breach, and are determining what data has been removed. For this investigation and to assist in containing the attack, the organisation has seeked help from the government, agencies and external security experts. These include the National Office of Cyber Security, Services Australia, the Department of Health and Aged Care, and relevant state and territory agencies. Additionally, they are also seeking to determine what data may have been accessed by the hackers but were not stolen. The organisation added that they are still operating and delivering services. ESO Solutions, a healthcare software provider, data breach affects 2.7 million patients. ESO Solutions, a provider of software products for healthcare organisations and fire departments, disclosed that a ransomware attack has compromised the personal data of 2.7 million patients. According to the notification, the attack occurred on 28 September, and data was exfiltrated before the hackers encrypted some of their systems. During their investigation of the attack, the company discovered that the attackers accessed a machine that contained sensitive personal data. Furthermore, they were able to determine that the attack impacted patients associated with its customers - this includes hospitals and clinics in the U.S. Personal data exposed includes patients’ full name, birth dates, phone number, patient account/medical record number, injury type and date, diagnosis information, treatment type and data, procedure information, and their social security number. The exact types of data exposed vary per individual, and it also depends on the details the patients provided to the healthcare organisations using ESO’s software and the care services they received. The company has informed the relevant authorities, and all impacted customers were notified on 12 December, with some of the affected hospitals sending notices of the breach to their patients in the days that followed. To mitigate the risk of the data breach, ESO are offering 12 months of identity monitoring service coverage to all notice recipients. As of now, the healthcare providers confirmed to be impacted by ESO’s ransomware attack are: Mississippi Baptist Medical Center, Community Health Systems Merit Health Biloxi, Merit Health River Oaks, ESO EMS Agency, Forrest Health Forrest General Hospital, HCA Healthcare Alaska Regional Hospital, Memorial Hospital at Gulfport Health System, Providence St Joseph Health (Providence Kodiak Island Medical Center), Providence Alaska Medical Center, Universal Health Services (UHS) Manatee Memorial Hospital, Desert View Hospital, Ascension Providence Hospital in Waco London Public Library still battling 13 December cyberattack: Services still remain disrupted, and 3 branches closed. The London Public Library is still working to restore their systems after being cyber attacked on 13 December. The attack not only limited the services offered by the library, but also closed 3 of the 16 branches (Carpenter, Lambeth and Glanworth). They will continue to stay closed until 2 January. The library stated that they had immediately engaged with third party cybersecurity experts that are continuing to work with them to repair the damage made from the attack. The system outrage took down the library’s online catalogue, staff emails, phone lines, website, public Wi-Fi of the library, printing, and access to public computers. Furthermore, the Libby app is not accessible for library patrons. As of now, the investigation has yet to determine whether personal information has been compromised. Google & Twitter ads promoting crypto drainer that stole $59 million from 63k victims. Blockchain threat analysts at ScamSniffer found that over 10,000 phishing websites contained a cryptocurrency drainer (called MS Drainer), which has already stolen $59 million from 63,210 victims over the past 9 months, from March 2023 to today. It was found that Google and Twitter ads are promoting these sites. A drainer is able to drain funds from a user’s cryptocurrency wallet without their consent. In Google Search, MS Drainer is promoted via malicious ads that are shown for keywords related to DeFi platforms (e.g. Zapper, Lido, Stargate, Orbiter Finance, Defillama, and Radiant). These ads exploit Google Ads’ tracking template loophole that makes the URL appear to belong to the imitated official domain. A redirection will occur, taking the victims to a phishing site. On Twitter (also known as X), ads for MS Drainer are so copious that these ads account for 6 out of the 9 phishing ads on their feeds. Notably, many of the scam ads on Twitter are posted from legitimate “verified” accounts (those with the blue ticks). Cryptocurrency scams have always performed well on X, but with trustworthy, hacked accounts now promoting ads with malicious sites, the success rates of these phishing attacks are expected to rise. It is highly recommended for users to be vigilant around cryptocurrency-related ads, and always beware when signing up to new platforms. Mint Mobile latest data breach exposes customer data. Mint Mobile, a mobile virtual network operator owned by T-Mobile, has disclosed that a data breach has exposed their customers’ personal information, which data can be used to perform SIM swap attacks. The company is notifying impacted customers via email which states that they had suffered a security incident and the attacker managed to obtain customer information. The exposed customer data includes customers’ name, telephone number, email address, SIM serial number and IMEI number (a device identifier similar to a serial number), and a brief description of service plan purchased. Mint Mobile has stated that customers do not need to take any action and customers can call customer support with any questions. Ubisoft is investigating alleged data breach after images of the company's internal services leaked. Ubisoft, a French video game publisher, are investigating an alleged data breach after images of the company’s internal software and developer tools were leaked online. These leaked screenshots were shared by a research collective called VX-Underground. In a tweet, VX-Underground stated that an unknown threat actor compromised Ubisoft on 20 December, and had access for roughly 48 hours until administration revoked their access once they realised something was off. The unknown threat actor had planned to exfiltrate around 900GB of data until they lost access. The threat actor also claimed they gained access to the Ubisoft Sharepoint server, Microsoft Teams, Confluence, and MongoDB Atlas panel - they even shared screenshots of their access to some of these services. The threat actors even stated that they attempted to steal Rainbow 6 Siege user data but lost access once they were detected. 3 malicious fake VPN Chrome extensions downloaded 1.5 million times. 3 malicious Chrome extensions posing as VPN were downloaded 1.5 million times. According to ReasonLabs, these malicious extensions were spread via an installer hidden in pirated copies of popular video games such as Grand Theft Auto, Assassins Creed, and The Sims 4. These malicious extensions act as browsing hijackers, cashback hack tools, and data stealers. It was reported that the malware targets over 100 cashback extensions, and the extensions help to redirect profits to the attackers. Furthermore, the extensions also enable data exchange of instructions and commands, IDing the victim, exfiltrating sensitive data, and more. ReasonLabs had notified Google of their findings, and Google has removed the malicious extensions from the Chrome Web Store, but only after they have been downloaded 1.5 million times. The installation of these malicious extensions are automatic and forced, and does not involve the user or require any action from the user. It is highly recommended to routinely check the extensions installed in your browser, and always check for new reviews in the Chrome Web Store to see if others are reporting malicious behaviour. New phishing campaign steals your Instagram backup accounts to bypass 2FA. A new phishing campaign is imitating a ‘copyright infringement’ email in attempts to steal your Instagram backup codes, which allows hackers to bypass two-factor authentication (2FA). The latest phishing emails impersonate Meta, with the email content warning Instagram users that they received copyright infringement complaints. The email will prompt the user to fill out an appeal form to resolve the issue. By clicking the button, the victim will be taken to a phishing site that impersonates Meta’s actual violations portal. When the victim clicks on another button labelled ‘Go to Confirmation Form’. This will redirect them to another phishing page which impersonates Meta’s “Appeal Center” portal, where the victims are requested to enter their username and password. After which, the phishing site will ask the victim if their account has 2FA and to enter one of the 8-digit backup codes. When configuring 2FA on Instagram, they will also provide an 8-digit backup code that can be used to regain access to accounts if you are unable to verify your account using 2FA. It is highly recommended to remember that when you have access to your 2FA codes/keys, there is never a reason to enter your backup codes other than within the Instagram website or app. Google releases the 8th emergency update to fix Chrome zero-day exploited in attacks. Google has released the 8 emergency update to fix another Chrome zero-day vulnerability (tracked as CVE-2023-7024) exploited in the wild. This high-severity vulnerability is due to a heap buffer overflow weakness in the open-source WebRTC framework in Google Chrome. This allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. The bug was discovered and reported by Google’s Threat Analysis Group. Individuals who prefer not to update manually can rely on their web browser to automatically check for new updates and install them upon the next launch. That is all! I hoped that you had a merry Christmas and a Happy New Year! Enjoy the rest of the week and don't forget to update your devices and systems to the latest patches! Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|