Last week, breaches and cyberattacks occurred across several industries from the smart home surveillance, software, automotive, gaming to the public sector. Devastating consequences have been uncovered from earlier data breaches and attacks, such as over 210,000 personal records being leaked from the Philippines’ education ministry, and Carousell being fined S$58,000 over previous data leaks. Furthermore, new vulnerabilities and patches have also been found and released. It is highly recommended to not only be aware of them but to also update them as soon as possible. Read on to receive a quick summary of what happened this week in the space of cybersecurity. Massive data leak shows Chinese firm foreign government and activists.
I-Soon, a Chinese tech security company that competed for Chinese government contracts, was found to be able to breach foreign government systems, infiltrate social accounts and hack into personal computers. This was revealed by experts that analysed a massive data leak. The leaked documents from I-Soon showed that they compromised more than a dozen governments - such as the government office networks in India, Thailand, Vietnam and S.Korea. They breached “democracy organisations” in Hong Kong, universities, and the Nato military alliance as reported by SentinelLabs researchers. The leak contained hundreds of files that contained chat logs, presentations, and lists of targets. Lists of Thai and British government departments and screenshots of attempts to log in to an individual’s Facebook account were found. Furthermore, many of the files were versions of marketing materials, whereby the company listed targeting counterterrorism centres (such as in Pakistan and Afghanistan) as evidence of their ability to perform these tasks. There were also screenshots of arguments between an employee and supervisor over salaries, and a document describing software aimed at accessing a target’s Outlook emails. The company was also found to offer potential clients the ability to break into individuals’ accounts on X to monitor their activity, read their private messages and send posts. I-Soon also laid out how their hackers could access and take over a person’s computer remotely - allowing them to execute commands and monitor what they type. Other services include ways to breach iPhones and other smartphone operating systems, and custom hardware (e.g. power bank). Philippine education ministry hit by data leak: Over 210,000 school and tax records leaked. Jeremiah Fowler, a cybersecurity researcher, found a vulnerability that gave nearly full access to an online platform used by senior school students applying for government vouchers to cover their tuition costs. It was a serious potential security lapse as they were stored without password protection and hence was available to anyone with Internet access. This has resulted in the exposure of over 210,000 records of the Philippine education ministry. This cloud-stored database included 154 GB worth of tax filings, consent forms, government certifications, and employment and death certificates. The online application forms in particular contained the applicants’ full name, their photos, birthdate, gender, address, contact information, parents’ sources of income and properties owned. The Philippines’ National Privacy Commission stated that they were informed by Fowler of the breach in January, and that the vulnerability has been patched. Wyze security camera breach: 13,000 strangers able to look into other’s homes. After an outage on 16 February, as Wyze security cameras were brought back online, users started seeing images and videos in their Events that were not from their cameras. The company explained that due to the system becoming overloaded caused device IDs to be mapped incorrectly. This resulted in some accounts being connected to the wrong cameras. Wyze stated that the root cause was from a 3rd party caching client library that they recently integrated into their system. It has been estimated that 13,000 people were about to peek into someone else’s home. However, only 1500 of them enlarged a thumbnail or viewed a video. The company stated that 99% of their users weren’t impacted at all, and that they had already contacted all affected users. Fortunately, the breach resulted in only events being seen, and not a live view. As once Wyze discovered the problem, the events tab was immediately disabled. Wyze has stated that they have taken steps to ensure this incident would not reoccur. Critical infrastructure software maker confirms ransomware attack. PSI Software SE, a German software developer for complex production and logistics processes, confirmed that the cyber incident disclosed last week was a ransomware attack that impacted their internal infrastructure. The attack forced them to disconnect from several IT systems, including email, as a measure to mitigate data loss risk. This attack is alarming as if the attackers accessed PSI’s software code or data, they could pose risks to public services, energy and transport, as PSI serves critical infrastructure sectors. PSI says the investigation so far has not revealed any evidence that the attacker pivoted to customer systems. The company has informed all relevant authorities, and experts from the Federal Office for Information Security have been assisting them in incident response and remediation efforts. U-Haul informs customers that hackers accessed customer records using stolen credentials. U-Haul has started informing customers that a hacker used stolen account credentials to access an internal system for dealers and team members to track customer reservations. The exposed personal information includes full names, birthdates and drivers licence numbers. Fortunately, the breach system is not part of their payment system, hence the hackers did not access payment card data. U-Haul stated they had reset passwords for all affected accounts and implemented additional security safeguards and controls to prevent such incidents from happening again. Recipients of the data breach notification will receive a 1 year identity theft protection service. As of yet, U-Haul has not determined how many customers have been exposed from this incident. Insomniac Games suffered a ransomware attack: Impacted employees being notified that their personal data has been leaked online. Insomniac Games, a subsidiary under Sony, suffered a ransomware attack in November, and are currently sending data breach notification letters to impacted employees whose personal data was stolen and leaked online. 1.67 TB of documents were leaked on the dark web leak site after the game studio refused to pay the $2 million ransom. As a result, the leaked files included the personal information of their employees, former employees, and independent contractors. Furthermore, the leaked files included many ID scans and internal documents, such as contract information, licensing agreements, and screenshots of their upcoming Wolverine game. The company is extending the ID Watchdog services offered as part of their employees benefit package, with 2 additional years of complimentary credit monitoring and identity restoration beyond the current enrollment period. The company also had a dedicated call centre to answer questions from affected employees. Carousell fined S$58,000 over data leaks that affected more than 2.6 million users. Carousell, an e-commerce platform, has been fined S$58,000 over 2 data breaches. One of which resulted in at least 2.6 million customers’ data put up for sale, and the other resulted in 44,477 users’ data in Singapore, Malaysia, Indonesia, Taiwan and the Philippines being exposed. PDPC determined the financial penalty by taking account of some factors like Carousell’s cooperation with investigations, their “prompt and effective remediation actions” once the breaches were discovered, their first time being breached, and the second breach being “particularly sophisticated”. Over 28,500 Exchange servers are vulnerable to an actively exploited flaw. Up to 97,000 Microsoft Exchange servers may be vulnerable to a critical severity privilege escalation flaw (tracked as CVE-2024-21410) that are being actively exploited. Microsoft addressed this flaw on 13 February, however 28,500 servers are currently being identified as vulnerable. Furthermore, a threat monitoring service, Shadowserver, identified that there were approximately 97,000 potentially vulnerable servers. It is highly recommended to apply the Exchange Server 2019 Cumulative Update 14 (CU14) update released in the February 2024 Patch Tuesday. Hackers exploiting critical RCE flaw in WordPress Brick Builder Theme. Hackers are actively exploiting a critical RCE vulnerability (tracked as CVE-2024-25600) that impacts the Brick Builder Theme in Wordpress. This vulnerability can lead to attackers running malicious code on vulnerable sites. A fix became available on 13 February with the release of version 1.9.6.1. It was observed that in the post-exploitation phase, the attackers used specific malware to disable security plugins like Wordfence and Sucuri. Wordfence also confirmed that they had seen 24 detections of this vulnerability being exploited in a day, showing that this vulnerability is being actively exploited. It is highly recommended that Bricks users upgrade to version 1.9.3.1 immediately either by navigating “Appearance>Themes” in WordPress dashboard and clicking update or to manually update them. That is all! Enjoy the rest of the week and don't forget to update your devices and systems to the latest patches! Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|