Last week, breaches and cyberattacks occurred across several industries from AI, pharmaceutical, healthcare, legal, steel to the public sector. Devastating consequences have been uncovered from earlier data breaches and attacks, such as LoanDepot confirming that 16.9 million individual’s personal information was stolen in the early January ransomware attack, and that the May 2023 breach at Houser LLP led to more than 325,000 people’s personal information being exposed. Furthermore, new vulnerabilities have been found and patches have also been found and released. It is highly recommended to not only be aware of them but to also update them as soon as possible. Read on to receive a quick summary of what happened this week in the space of cybersecurity. 20 million Cutout.Pro users’ personal information leaked on a data breach forum.
Cutout.Pro, an AI service, suffered a data breach that resulted in the exposure of 20 million members’ personal information. The exposed information includes their names, email addresses, IP addresses, hashed and salted passwords. On 27 February, a threat actor called ‘KryptonZambie’ shared a link on the BreachForums hacking forum to CSV files that contain 5.93 GB of data stolen from Cutout.Pro. 3 CSV files contains what appears to be a database dump of 41.4 million record, whereby 20 million records consist of unique email addresses. The bad actor also stated that they still had access to the breached system. From samples seen by BleepingComputer, the leaked data includes: user id, profile picture, API access key, account creation data, email address, User IP address, mobile phone number, password and salt used in hashing, user type and account status. Have I Been Pwned, a data breach monitoring service, added to their breach catalogue, confirmed that the leaked dataset includes the information of 19,972,829 people. Furthermore, the threat actor has distributed the files on their personal Telegram channel. This caused a much wider circulation of the stolen data. Although Cutout.Pro has not verified the data breach, it has been verified via multiple sources that the email listed in the data leak matches Cutout.Pro users. It is highly recommended that Cutout.Pro users reset their passwords on this service, and any other accounts that use the same credentials. It is very important that all Cutout.Pro users be vigilant against phishing scams. Cencora disclosed a cyberattack: Personal Information stolen from their systems. Cencora, a global pharmaceutical solutions provider, disclosed that they identified a data breach on 21 February in a filing with the SEC. Although, it is not yet clear the type of data exfiltrated, and if employees and/or customers are affected. In the filing, the company stated they have taken steps to contain the incident, and an investigation is underway with assistance from law enforcement and 3rd party cybersecurity experts. As of the date of the filing, the data breach has not impacted their operations. Along with Global Affairs’ cyberattack, Canada’s RCMP has also been hit by a cyberattack. The attack on the network of the Royal Canadian Mounted Police (RCMP) was disclosed on Friday, but as of Monday, the RCMP was still “actively managing” the attack. Although the details of the extent and nature of the attack was not shared, RCMP stated that they are working with other Canadian government agencies to assess the “breadth and scope” of the breach and “hold those responsible accountable”. According to the RCMP, the attack did not impact their operations, nor the safety and security of Canadians and RCMP partners. However, during the weekend, RCMP’s website was briefly unavailable. Last Monday, the Office of the Privacy Commissioner (OPC) confirmed that they were aware of the RCMP incident, and announced that they are investigating a data breach due to the attack on Global Affairs Canada’s internal network. As of now, it is unclear whether the RCMP and Global Affairs Canada attacks are related. ThyssenKrupp, one of the world’s largest steel producers, confirms a cyberattack on the automotive division. ThyssenKrupp confirms that they had suffered a cyberattack which led to their systems in its Automotive division breached. This forced them to shut down their IT systems to contain the threat. In a statement to BleepingComputer, ThyssenKrupp stated that their Automotive Body Solutions business unit recorded unauthorised access to their IT infrastructure last week, and since detection have been working with ThyssenKrupp Group’s IT security team to contain the threat. The company disclosed that no other business units or segments have been impacted by the attack, and that they are gradually returning to normal operations. Law firm disclosed more than 325,000 people’s personal information was exposed in May 2023 data breach. Houser LLP, a US law firm, stated in a regulatory filing that the May 2023 system breach exposed more than 325,000 people’s personal information. The exposed data includes names, social security numbers, drivers licence numbers, individual tax identification numbers, financial account information, and medical information. It was also stated that the unauthorised actor informed Houser that they deleted copies of any stolen data and would not distribute any stolen files. Once a 3rd party vendor completed their review on 18 January this year, Houser began notifying their clients of the investigation and findings. Furthermore, the firm has also offered to mail letters to potentially impacted individuals on the behalf of their clients. Affected clients have been offered credit monitoring services, and law enforcement has been notified about the incident. BlackCat ransomware gang claims they allegedly stole 6TB of data from Change Healthcare. The BlackCat ransomware gang claimed responsibility for a cyberattack on Optum, a subsidiary of UnitedHealthGroup (UHG). In a statement published on their data leak site, BlackCat stated that they allegedly stole 6TB of data from Change Healthcare’s network that belonged to “thousands of healthcare providers, insurance providers, pharmacies, etc.” The ransomware gang claims that they stole source code for Change Healthcare solutions and sensitive information that belongs to their partners. This includes the US military’s Tricare healthcare program, the Medicare federal health insurance program, CVS Caremark, MetLife, Health Net etc. From their claims, the stolen sensitive data includes medical records, insurance records, dental records, payments information, claims information, patients’ PII data (e.g. email addresses, addresses, social security numbers, phone numbers), and active US military/navy personnel PII data. On a dedicated status page, Optum stated that they are working to restore the impacted systems. As of 1 March, they have restored Change Healthcare’s Rx ePrescribing service, however other services are not operational. They also added that Optum, United Healthcare, and UnitedHealth Group systems have not been affected. In the page, Optum has also confirmed that the attack was caused by the BlackCat ransomware gang. Hessen Consumer Center hit by a ransomware attack causing disruption in their systems. The Hessen Consumer Center in Germany was hit by a ransomware attack which caused their IT system to shut down, disrupting their operations. In an announcement on 22 February, the organisation stated that their telephone and email communications have been impacted. Although the communication disruptions have been mostly addressed, people still have trouble reaching the consumer advice centre and consumer advocates. It was also reported that 3rd party security experts are aiding them to restore the availability of all communication channels in the impacted advice centres. However, an estimate for the return to normal operations has not been given. At this stage, the organisation is unable to confirm whether any data or what type of data has been stolen. Although they did state that once they are able to determine the type of data stolen, they will inform the affected individuals. Rhysida ransomware gang claimed cyberattack on Lurie Children’s Hospital: Demands $3.7 million for the stolen data. The Rhysida ransomware gang has claimed the cyberattack on Lurie Children’s Hospital in Chicago beginning of this month. The cyberattack forced the hospital to take their IT systems offline, and postpone some of their medical care. The attack caused their email, phone, accesstoMyChart, and on-premises internet were all impacted. Furthermore, their ultrasound and CT scan results were rendered unavailable, patient service prioritisation systems were taken down, and doctors were forced to switch to pen and paper for prescriptions. On 28 February, the ransomware gang listed the hospital on their extortion portal and they claimed to have stolen 600GB of data from the hospital. They are offering to sell the data for 60 BTC (~$3.7 million) to a single buyer. As of 2 March, some of their services are still unavailable, and their systems are still offline. LoanDepot confirmed 16.9 million individuals’ personal information was stolen in the early January ransomware attack. LoanDepot informed the Maine Attorney General’s Office that more than 16.9 million individuals were impacted by the early January attack, and has started sending out notification letters to them. In the letter, LoanDepot stated that via their investigation, it was determined that an unauthorised 3rd party gained access to some of their systems and managed to access sensitive personal information. The compromised personal information includes names, addresses, email addresses, birthdates, social security numbers, and financial account numbers. For those impacted, LoanDepot is offering free identity protection and credit monitoring services. It is highly recommended for affected individuals to also be vigilant against any suspicious activity, especially in their financial accounts. Anycubic 3D printers hacked to expose a critical security bug. According to online reports from Anycubic customers, someone has hacked into their 3D printers to alert them that their printer is impacted by a critical security bug that exposes them to cyberattacks. The person who hacked into the printers added a hacked_machine_readme.gcode.file to their devices, a file that usually contains instructions. This vulnerability allegedly can allow threat actors to control any Anycubic 3D printer using the company’s MGTT service API. The file also asked Anycubic to open-source their 3D printers as their software “is lacking”. The text file states that their machine has a critical vulnerability, and that immediate action is strongly recommended to prevent potential attacks. It adds that affected customers can disconnect the printer from the Internet if they do not want to get hacked, and that this is just a harmless message and that the hacker does not intend or has harmed them in any way. The text file also states that 2,934,635 devices have downloaded the message via the vulnerable API. Customers who received the message are highly recommended to disconnect their printers from the Internet until the company patches the security issue. That is all! Enjoy the rest of the week and don't forget to update your devices and systems to the latest patches! Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|