Last week, breaches and cyberattacks occurred across several industries from the information services, legal, research, to the tech industry, with devastating consequences such as major outages and data leaks. Furthermore, new vulnerabilities and patches have also been found and released. It is highly recommended to not only be aware of them but to also update them when possible.
Read on to receive a quick summary of what happened this week in the space of cybersecurity. Idaho National Laboratory, one of the biggest U.S. nuclear research lab, data breached: Personal data of thousands of employees leaked SiegedSec, a hacking group, breached a human resources application belonging to Idaho National Laboratory (INL), a nuclear research lab, and claimed that they had accessed “hundreds of thousands of user, employee and citizen data”. SiegedSec posted a sample of the leaked data. Personal data stolen and leaked includes but not limited to full names, social security numbers, address, health care information, bank account information and routing numbers, types of accounts, and marital status. One file contained a detailed list of recent terminations with brief reasoning for the termination. Another file shows more than 6000 lines of active employee’s social security numbers. Furthermore, another leaked file contains over 58,000 lines of detailed current, retired and former employees’ data. Lori McNamara, an INL spokesperson, did confirm the breach which affected the servers that supported its Oracle HCM system, which supports its Human Resources applications. But did state that the lab is still investigating the extent of the impact of the breach, alongside with the FBI and CISA. Lori also stated that INL has taken immediate action to protect their employees’ data. This is worrying, as the scientists at INL work on some of the U.S most sensitive national security programs, which includes the protection of the U.S. critical infrastructure (e.g. power grid). This leaked employees’ data can be used by foreign intelligence agencies to penetrate the lab. The Canadian government discloses data breach after 2 of its contractors have been hacked. The Canadian government has disclosed that the sensitive information of an undisclosed number of government employees have been exposed as 2 of its contractors have been hacked last month. The contractors impacted by the breaches are Brookfield Global Relocation Services (BGSR) and SIRVA Worldwide Relocation & Moving Services - they are both providers of relocation services to Canadian government employees. Government related information stored on the compromised BGRS and SIRVA Canada systems data back to 1999, and belongs to a broad spectrum of Canadian government employees. This includes the Royal Canadian Mounted Police (RCMP), Canadian Armed Forces, and Government of Canada employees. Once the Canadian government was notified about the breach, they reported the breach to the relevant authorities. Although investigations are still underway, preliminary analysis suggests that those affected may have had their personal and financial information exposed. The government will provide credit monitoring and re-issue valid passports to current and former members of the public service, RCMP, and the Canadian Armed Forces who have relocated with BGRS or SIRVA during the last 24 years. It is highly recommended that those that may be affected to update their login credentials, enable multi-factor authentication, and monitor for suspicious and unusual activity on their financial and personal accounts. TmaxSoft, an enterprise software provider, leaked over 50 million sensitive records. TmaxSoft, a Korean IT company that develops and sells enterprise software, had their 2TB Kibana dashboard exposed for over 2 years. Cybernews researchers discovered this in January 2023, noting that the set of data was first spotted in June 2021. However, the company has not responded to their emails. It was found that over 56 million records have been leaked, although some entries are duplicates. The leaked data includes employees’ names, emails, phone numbers and contract numbers, content of sent attachments (documents and pdf), metadata of sent binaries (e.g. executable names, file path of where they are stored, version names), employees’ IPs, user agents, and URLs of accessed internal tools, as well as internal issue tracking messages. Most of the data leaked are company information and company emails. Furthermore, as TmaxSoft specialises in middleware solutions, the leaked data can be exploited in a supply chain attack. This would affect their clients and providers. Researchers also state that their competitors can exploit the leaked information related to their projects. Welltok data breach exposes nearly 8.5 million patients’ personal data. Welltok, a healthcare SaaS provider, has stated that due to the MOVEit data breach, 8,493,379 patients’ personal data in the U.S. have been exposed. This number placed the Welltok breach as the 2nd largest MOVEit data breach. Patient data exposed includes the patients’ full name, email address, physical address, and telephone numbers. For some, it also includes their social security number, Medicare/Medicaid ID numbers, and health insurance information. Impacted institutions are in various states. This includes Minnesota, Alabama, Kansas, North Carolina, Michigan, Nebraska, Illinois, and Massachusetts. Taj Hotel investigates claims of data breach that exposes the personal information of 1.5 million customers. Tata-owned Taj Hotel group suffered from a data breach that has exposed the personal information of over 1.5 million of their customers. According to the report, a threat actor called “Dnacookies” demanded $5,000 as ransom for the full dataset. The dataset apparently includes customers’ addresses, membership IDs, mobile numbers, and other personally identifiable information. The company has said that they are currently investigating the claims of the data breach, and have notified the relevant authorities. The spokesperson also stated that so far they found no suggestion of any current or ongoing security issue or impact on their business operations. CTS, an IT provider, cyberattack causes major outage impacting many UK law firms. A cyberattack on CTS, a managed service provider (MSP) for the UK legal sector, has resulted in a major outage that impacted numerous law firms and home buyers in the UK since Wednesday. In CTS 'published statement, the service outage impacted some of their services that they deliver to their clients. CTS are working with a third-party cyber forensics firm to investigate the incident, and assist in restoring their online services that have been impacted following the cyberattack. However, the company is unable to provide a timeline for when the affected systems will be fully restored. Local media reports that between 80-200 law firms could have been affected based on estimates shared by CTS clients. Throughout the week, it has been reported that people have been unable to buy or sell properties due to the outage, with no clear information on when the issue will be resolved. The Kansas Judicial Branch confirms data theft occurred during last month’s cyberattack. The Kansas Judicial Branch published an update confirming that the hackers stole sensitive files that contain the confidential information from their systems during last month’s cyberattack. With the hackers threatening to post the stolen data on the dark web site if their demands are not met. The stolen information includes Office of Judicial Administration files, district court case records on appeal, and other data, “some of which may be confidential under law”. Since last month’s cyberattack, multiple systems, which have been impacted, still remain offline. This includes Kansas Courts eFiling, Kansas Protection Order Portal, Kansas District Court Public Access, Appellate Case Inquiry System, Kansas eCourt Case Management, Kansas Attorney Registration, Kansas online marriage licence application, and the Central Payment Center. The Kansas authority estimates that they will need several weeks until all systems return to normal status. They have also promised to notify impacted individuals once the review of the stolen data is completed. AutoZone warns thousands of customers of MOVEit data breach. AutoZone, an auto parts giant, warns tens of thousands of their customers that they have suffered a data breach as a result of the MOVEit data theft attack. AutoZone informed the U.S. authorities on 21 November that they suffered a data breach, which resulted in the compromise of 184,995 customers’ data. After AutoZone determined that they had been impacted by the MOVEit data breach on 15 August, it took them 3 more months to determine the type of data the threat actors stole from their systems, and who had been impacted. Although the details on what type of data was compromised were censored, the listing mentions “full names” and “social security numbers”. In the letter to impacted individuals, the firm states that they will cover the cost of identity theft protection service, and advised them to remain vigilant for the next 2 years, and to report any suspicious activity to the relevant authorities. British Library HR documents leaked, & Rhysida ransomware gang claims responsibility for the attack. It was confirmed on 20th November by the British Library’s press office that stolen internal HR documents from the British Library had been leaked online. As a precautionary measure, they warned users to reset their passwords and change similar passwords used for other accounts. However, the library has yet to find evidence that the attackers have gained access to other information during the cyberattack. The Rhysida ransomware gang has claimed responsibility for the attack that caused a major ongoing IT outage at the British Library - with their online systems, services and certain onsite facilities still being impacted. The library estimates that many of their services will be restored within the next few weeks, but some disruptions might persist for a longer period. Rhysidia is auctioning off the stolen data, and is accepting bids from interested parties. The group leaked a low-resolution screenshot of what looks like an ID scan from the library’s compromised system. A critical-severity security vulnerability in ownCloud sharing app exposes administrator passwords and mail server credentials. OwnCloud, an open source file sharing software, is warning of 3 critical-severity security vulnerabilities that could severely impact Owncloud’s integrity. This includes a vulnerability that can expose administrator passwords and mail server credentials. The first flaw (CVE-2023-49103) can be used to steal credentials and configuration information, this impacts all environment variables of the web server. The recommended fix is to delete the ‘owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php’ file, disable the ‘phpinfo’ function in Docker containers, and change potentially exposed sensitive information such as the admin password, mail server, database credentials and Object-Store/S3 access keys. The second vulnerability is an authentication bypass issue, whereby unauthenticated attackers are able to access, modify or delete any file. OwnCloud recommends to deny the use of pre-signed URLs if no signing key is configured for the owner of the files. The last flaw is a subdomain validation bypass, which allows an attacker to input a crafted redirect URL that bypasses the validation code. This allows the redirection of callbacks to a domain controlled by the attacker. OwnCloud recommends hardening the validation code in the Oauth2 app. A temporary workaround, administrators can disable the “allow subdomains” option to disable the vulnerability. These vulnerabilities can potentially lead to the exposure of sensitive information, stealthy data theft, phishing attacks and more. Hence, it is highly recommended for ownCloud administrators to apply the recommended fixes as soon as possible and perform library updates to mitigate the risks. That is all! Enjoy the rest of the week and don't forget to update your devices and systems to the latest patches! Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|