Last week, there were data breaches from a range of industries and countries. To add on, more organizations and government agencies are being added to the long list of those compromised by MOVEit attacks. Additionally, data leaks and vulnerabilities have been found.
Read on to receive a quick summary of what happened this week in the space of cybersecurity. MITRE released a new list of top 25 most dangerous software bugs, with out-of-bounds write being the most dangerous. On 29th June, MITRE shared this year’s list of the top 25 most dangerous software weaknesses. These weaknesses include flaws, bugs, vulnerabilities, and errors in software solutions’ code, architecture, implementation, or design. And these can lead to attackers exploiting these vulnerabilities to take control of one’s systems, steal data or prevent applications from working. The most dangerous software bug is out-of-bounds write, which is responsible for 70 CVE-tagged holes in the US government’s list of known vulnerabilities that are under active attack and need to be patched. Out-of-bound write happens when software alters memory it’s not supposed to, which can cause unexpected change to other variables and information and/or just crash. At least 100,000 people’s data exposed after the US health department was hit by MOVEit cyber attack The personal information of at least 100,000 people could have been compromised due to a hack of their contractors at the Department of Health and Human Services. The official stated that while no systems or networks were compromised, attackers managed to gain access to data via the exploitation of the vulnerability in the MOVEit transfer software of 3rd party vendors. This adds to the long list of government agencies, and organizations that have been affected by MOVEit ransomware attacks. TSMC confirms data breach by Lockbit ransomware gang. Taiwan Semiconductor Manufacturing Company (TSMC), the world’s largest contract chipmaker, has confirmed a data breach after the Lockbit ransomware gang listed TSMC on their leak site last Thursday. The gang threatens to publish TSMC’s stolen data unless the company pays $70 million. TSMC has denied the hacking claims and stated that a “cybersecurity incident” has occurred at a third-party vendor - one of the company’s IT hardware suppliers, Kinmax Technology, which led to the leak of information that was essential to “server initial setup and configuration”. TSMC also stated that this incident has not affected their business operations nor their customers’ information. They have also terminated the data exchange with this supplier according to TSMC’s security protocols and procedures. Australia regulator told Medibank to set aside A$250 million after the data breach. Australia’s banking regulator told Medibank, Australia’s health insurer, last Tuesday to set aside A$250 million in extra capital after a major data breach that resulted in 9.7 million current and former customers’ personal information stolen and leaked. Medibank’s shares fell as much as 4.6%. At least 3 separate class action lawsuits have been filed against the company in Australian courts on behalf of affected customers. The Australian Prudential and Regulation Authority (APRA) stated that the capital adjustment would be effective from 1st July and will remain in place until an agreed remediation programme is completed by Medibank. Medibank has stated they had sufficient existing funds to meet the capital adjustment and would continue to work with APRA on remediation measures. Threat actors leaks information and texts from Android stalkerware app, LetMeSpy. The developer of the app stated that information from LetMeSpy was stolen in a “security incident” on 21st June, when a threat actor obtained “ unauthorized access” to their website’s databases. The stolen data has been circulating online and the spyware’s users (those who got the app to put on someone else’s device) reportedly included government workers and a ton of US college students. The information leaked included the victims’ text messages, call logs, geolocations, and the email addresses, payment logs, user IDs and customer account password hashes of those who used the software. More than 8,000 American & Southwest Airlines pilot candidate data exposed. Pilot Credentials, a pilot recruitment platform used by major airlines, was hacked which caused personal files of more than 8,000 pilot and cadet applicants at American Airlines and Southwest Airlines to be exposed. The stolen data included pilot applicants’ names, Special Security numbers, and other government issued identification numbers. According to filings with the state of Maine, 5,745 people with American airlines had their data stolen. While for Southwest, it was 3,009 people. Both airlines have contacted law enforcement agencies and are cooperating with investigators. Both airlines are offering people affected by the attack 2 years of credit and identity protection for free. CPF login may require Singpass face verification to prevent malware scams. As a precautionary measure, the Central Provident Fund (CPF) and Singapore Government Technology Agency (GovTech) have introduced Singpass face verification during login to vulnerable members who access CPF e-services. Introduction of this verification came as the authorities reported victims lost about $8 million in more than 700 malware-related scams between January and June of this year. CPF Board, GovTech and the police stated that ongoing investigations found that at least 8 of these scams involved CPF savings, with about $124,000 lost. US Patent and Trademark Office confirms years-long data leak. US Patent and Trademark Office (USPTO) has confirmed that they had inadvertently exposed about 61,000 filers’ private addresses in a years-long data leak. USPTO stated in a notice that were sent to affected trademark applicants that their private domicile address (usually their home address) have been accidentally appearing in public records between February 2020 to March 2023. USPTO also stated that the address data also appeared in bulk datasets that the agency publishes online to aid academic and economic research. They have since blocked access to all USPTO non-critical APIs and taken down the impacted bulk datasets. 8Base ransomware gang escalates double extortion attacks. 8Base ransomware gang is targeting many organizations in various industries worldwide in double-extortion attacks, with a spike in new victims in June 2023. As of now, 8Base has listed 35 victims on its dark web extortion site, and on some days announcing up to 6 victims at once. As 8Base has only just gained the attention from analysts, many aspects of their technical nature as of present still remain unknown. More than 16 million people have had their data exposed in MOVEit breaches. More than 16 million people are known to have had their data compromised by the Clop ransomware gang during the MOVEit breaches, according to researchers that are tracking the situation. Emsisoft threat analyst, Brett Callow, said that the number of confirmed victims has now reached at least 158. This is based on reports from affected organizations and Clop ransomware gang’s leak site. Of those, only 11 (most are state-level agencies) are forced to file breach notifications. Callow stated as only 11 organizations have so far disclosed the number of people impacted by the MOVEit breach, it is likely that “massively more people were affected than we currently know about”. Hacktivists stole and leaked data belonging to the Texas city of Fort Worth. A hacktivists group, SiegedSec, has stolen several gigabytes of data from Fort Worth and have posted it online. Fort Worth officials stated that after a review of the leaked data, there seems to be no indication of any sensitive information related to residents and staff that has been leaked, and said that the data “would be information releasable to the public through a Public Information Request.” The leaked data included “attachments to work orders” which includes “photos, spreadsheets, invoices, emails, PDF documents and other material related to work orders”. Techcrunch reviewed the leaked files which mirrored the example of stolen data that the city stated, however they also found a document that included the names, phone numbers and email addresses of Fort Worth’s employees. The city stated that the hackers accessed “an internal information system” called Vueworks by acquiring login credentials. The city is asking users of the affected system to reset their passwords, and are currently working with law enforcement and computer forensic experts to determine the scope and depth of this incident. Ultimate Member WordPress plugin zero-day vulnerability exploit: Recommended for users to uninstall immediately. Hackers exploit a zero-day privilege escalation vulnerability in the ‘Ultimate Member’ WordPress plugin to compromise websites via bypassing security measures and registering rogue administrator accounts. Ultimate Member is a user's profile and membership plugin on WordPress and has over 200,000 active installations. While developers have attempted to fix the flaws, there are still ways to exploit the flaw. Developers are still continuing to work on resolving the issue. Wordfence security specialists discovered the vulnerability, and warned that attackers can exploit the plugin’s registration forms to define their user role as administrators. This will grant them complete access to the vulnerable site. As the critical flaw remains unpatched and is so easy to exploit, WordFence recommends the Ultimate Members plugin to be uninstalled immediately. As if a site is compromised, removing the plugin will not be enough to remediate the risk. Website owners must run complete malware scans to remove any residue of the compromise. Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|