Last week, breaches and cyberattacks occurred across several industries from ticketing, auction house, computer hardware manufacturing, managed care, and the public service broadcasting sector. Furthermore, new vulnerabilities and patches for Check Point VPN, TP-Link game router and Linux have also been found and released. It is highly recommended to not only be aware of them but to also update them as soon as possible. Read on to receive a quick summary of what happened this week in the space of cybersecurity. Ticketmaster/Live Nation data breach: More than 500 million customers’ personal data compromised. The ShinyHunters hacking group has shared details of an alleged breach of Ticketmaster/Live Nation, and is selling the 1.3 terabyte data for US$500,000. The hacking group claims to have stolen the personal information of 560 million Ticketmaster customers in 16 different folders and files, each being dozens of gigabytes in size. They have also shared a sample of the stolen data, which includes customers’ names, addresses, emails, order history information (includes ticket purchase details and Ticketmaster event information), hashed credit card numbers, the last 4 digits of credit cards, credit credit card expiration dates, and fraud details. The data was posted on 28 May, but peculiarly a second hacker on a different forum has made an identical post. It is unclear if the second hacker has any links to ShinyHunters. The Australia’s Home Affairs Department has confirmed a “cyber incident impacting Ticketmaster customers”. Live Nation has confirmed on 31 May that Ticketmaster suffered a data breach after its data was stolen from a 3rd party cloud database provider. They are currently placing security measures to mitigate the risk to their users and company, and have notified the relevant authorities. Christie’s Auction House data breach after ransomware attack: RansomHub claims 500,000 customers have been affected. On 9 May, the auction house website went offline after what it was described as a “technology security incident”. Now, RansomHub has claimed responsibility for the attack, and have posted a sample of data that belongs to Christie’s. The hacking group has stated that they have at least 500,000 of Christie’s private clients globally. According to RansomHub, the data stolen includes Christie’s customers full name, birthdate, birthplace, sex, nationality, full Machine Readable Zone (found on passports, IDs and visas) code, and some document data (this includes document category, document type, issuing authority, issue date, and expiry date). Christie’s CEO posted a statement stating that their investigation has determined that there was unauthorised access to parts of Christie’s network, and that some data was taken from their network. This includes a limited amount of client’s personal data. RansomHub has given Christie’s a week deadline to pay the ransom, or all the information will be posted online. This could potentially cause Christie’s to pay large fines from GDPR breaches and a damaged reputation. Christie’s have stated that they are complying with regulations, and will make appropriate notifications to privacy regulators. Cooler Master data breach exposes customers’ information. Cooler Master, a computer hardware manufacturer, has suffered a data breach after a threat actor breached the company’s website and claimed to have stolen the information of 500,000 customers. A threat actor, Ghostr, contacted BleepingComputer, and claimed to have stolen 103 GB of data from Cooler Master on 18 May 2024. The stolen data includes Cooler Master corporate, vendor, sales, warranty, inventory and hr data, and over 500,000 of fanzone members personal information. This includes customers’ name, credit card number, expiry and 3 digits cc code. Ghostr stated that the data was stolen by breaching one of the company’s front-facing websites. This allowed them to download numerous databases, including the one containing Fanzone information. From the CSV files, one of the files contains approximately 1,000 records of what appears to be recent customer support tickets and RMA requests, which includes customers’ names, email addresses, birth date, physical addresses, phone numbers, and IP addresses. BleepingComputer has confirmed with numerous customers in the file that the listed data is correct, and that they opened an RMA or support ticket on the date specified in the leaked sample. The threat actor stated they will sell the data in the future but has yet to choose the price. Sav-Rx, a prescription management company, data breach impacts over 2.8 million people in the U.S. Sav-Rx is warning 2,812,336 people in the U.S. that they have suffered a data breach, and that their personal data was stolen in a 2023 cyberattack. On Friday, the company notified the Maine Attorney General’s office of a cybersecurity incident in October 2023 that exposed the data of 2,812,336 people. In the notification sent to impacted individuals, Sav-Rx stated that they identified an interruption to their computer network on 8 October 2023, and their investigation completed on 30 April 2024. The investigation revealed that the hackers accessed customer data on 3 October 2023. The data exposed includes full name, birth date, social security number, email address, physical address, phone number, eligibility data, and insurance identification number. The company notes that it did not have sufficient contact information to notify some individuals in many cases, hence people are urged to confirm if they are affected by calling 888-326-0815. The company is also providing a 2 year credit monitoring and identity theft protection service for those impacted. It is strongly advised that impacted individuals by vigilant and monitor their credit reports for any fraudulent activity. BBC hit by data breach: Current and former employees impacted. The BBC has disclosed a data security incident that occurred on 21 May, which involved unauthorised access to files hosted on a cloud-based service. This breach has compromised the personal information of BBC Pension Scheme members. As per the reports, this breach impacted around 25,000 people. This includes current and former employees. The compromised data includes full names, national insurance numbers, birth dates, sex and home addresses. The breach did not impact any financial information, ‘myPension Online’ usernames and passwords. Furthermore, the incident did not impact the operation of the pension scheme portal. Impacted individuals will be contacted via email or post. The relevant authorities have been notified of the incident. It is highly advised impacted members to be cautious of any unsolicited and unexpected communications. BBC has also published a FAQ page about the security incident, guidance on enabling 2FA, and how to activate a 24-month credit and web monitoring service. Check Point VPN zero-day vulnerability exploited in attacks since 30 April. Check Point warned customers on Monday that attackers have been exploiting a high-severity Check Point Remote Access VPN zero-day (tracked as CVE-2024-24919) since at least 30 April. Attackers do so by targeting customers’ security gateways using old VPN local accounts with insecure password-only authentication. This information disclosure flaw could potentially allow attackers to read certain information on Internet-connected Gateways with remote access VPN or mobile access enabled. Check Point has released hotfixes to aid customers in blocking exploitation attempts against vulnerable CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark appliances. After applying the hotfix, all login attempts using weak credentials and authentication methods will be blocked automatically and logged. Check Point has also provided a supporting document to give additional information about the vulnerability and hotfix installation instructions. CISA: Actively exploited Linux high-severity privilege elevation flaw. CISA has added 2 vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalogue, which includes a Linux kernel privilege elevation flaw. The high-severity flaw (tracked as CVE-2024-1086) allows an attacker with local access to achieve privilege escalation on the target system, potentially gaining root-level access. The issue was fixed via a commit submitted in January 2024, which prevents exploitation. The fix has been backported to multiple stable kernel versions: V5.4.269 and later, V5.10.210 and later, V6.6.15 and later, V4.19.307 and later, V6.1.76 and later, V5.15.149 and later, V6.7.3 and later. The cybersecurity agency has now given federal agencies until 20 June 2024, to apply the available patches. If updating is not possible, admins are recommended to apply the follow mitigations: 1) Blocklist ‘nf_tables’ if its not needed/actively used, 2) Restrict access to user namespaces to limit the attack surface, 3) Load the Linux Kernel Runtime Guard (LKRG) module (however this can cause instability). TP Link releases critical RCE flaw in C5400X gaming router. TP-Link has released a security patch for a critical RCE flaw (CVE-2024-5035) that could enable an unauthenticated remote attacker to execute commands on the device. This can lead to attackers hijacking routers, data interception, changing DNS settings, and potentially breaching internal networks. This flaw impacts all users of the device using the vulnerable firmware versions, through 1.1.1.6. The security update came with the release of Archer C5400X(EU)_V1_1.1.7Build 20240510, which effectively addresses this critical vulnerability. Users are highly encouraged to download the firmware update from TP Link’s official portal or use their router admin panel to perform the update. That is all! Enjoy the rest of the week and don't forget to update your devices and systems to the latest patches! Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|