A quick summary of what happened this week in the space of cyber security: Vulnerability found and patched in Elementor Pro, a premium plugin powered by WordPress. Elementor Pro, with 11 million installations, had a vulnerability that has been and are continually being actively exploited by hackers. Elementor Pro is a WordPress page builder plugin allowing users to easily build professional-looking sites without knowing how to code. The issue is that it allows authenticated users (shop customers or site members) to change the site's settings and can even perform a complete site takeover. The flaw is due to a broken access control on WooCommerce module, and this will allow anyone to modify WordPress options without any proper validation. Elementor Pro released version 3.11.7, which patched the flaw. We highly recommend anyone using Elementor Pro to update and ensure they are running version 3.11.7 as all previous versions are vulnerable. Do also also check your site for infections Latitiude Financial has suffered data breach which exposed 14 millions customers details An Australian finanical services company, has suffered a large scale data breach that exposed personal information of 14 million of their customers. Latitude Group’s system indicated that these information was stolen 2 weeks prior. Information exposed included customer’s driver license numbers, passport numbers, financial statements, names, birth dates, addresses and telephone numbers. Latitude Group’s system indicated. Ferrari has suffered a ransomware attack that exposed their client’s personal information Cyber attackers accessed customers’ information via some of their IT systems, and sent a ransom demand to the company. Personal data exposed includes, names, addresses, email addresses and telephone numbers. Although the number of client’s affected by this breach has not been announced. Ferrari, together with a third party cybersecurity company, has started an investigation into this breach. DISH Network slapped with multiple lawsuits after ransomware attack which led to multi-day outrage At least 6 law firms are pursuing a class action lawsuit against DISH to recover losses for DISH shareholders who were affected by the “securities fraud” from 22 February 2021 to 27 February 2023. They alleged that DISH Network attempted to conceal their maintained “deficient” cybersecurity and IT infrastructure, while overstating their operational efficiency. The ransomware attack was the cause of a multi-day network and service outrage, whereby their websites and apps have gone offline, and customers are facing authentication issues when signing into TV channel apps via their Dish credentials. Italian regulator, has temporarily banned ChatGPT due to privacy concerns The Gurantor for the Protection of Personal Data has temporarily banned ChatGPT mainly due to the March 20 data breach, whereby users’ conversations and subscriber’s payment information were revealed. They also took issue with OpenAI not providing information notice to users whose data is collected, the lack of legal justification of collecting and storing personal data to train their software, and lastly absence of age verification system to prevent children from accessing ChatGPT. Tasmanian government suffered a data breach. The Tasmanian government is currently investigating a “breach of a third-party file transfer service” which “may have resulted in the loss of data held by the government”. Although they have declined to provide more details on which file has been breached, and how many of their citizens have been affected. FDA sets new cybersecurity rules for medical devices Medical devices are now required to meet specific cybersecurity guidelines set by the FDA. All new medical device submission must have a comprehensive cybersecurity plan on how they plan to “monitor, identify and address” cybersecurity issues, and also have internal procedures to ensure that their devices are as cybersecure as possible. Furthermore, devicemakers are also required to include a detailed list of every single software component in the device. New supply chain attack by hackers on 3CX A supply chain attack targets 3CX clients with a trojanized 3CXDesktopApp installers to install infostealer malware. 3CX, a software-based phone system, has more than 12 million daily users and 600,000 organisations worldwide. The malware is able to harvest system information and steal data and stored credentials from Brave, Microsoft, Google Chrome and Firefox user profiles. It is reported that threat actors are targeting both Windows and macOS versions of the compromised VoIP app, while currently, it appears the Linux, iOS and Andriod versions are unaffected. 3CX are urging their users to uninstall the app and re-install it, or alternative use their PWA client. [Highly recommended] Fundamental security flaw found in new Wi-Fi protocol standard which affects IOS, Android, FreeBSD and Linux Academics from Northeastern Univeristy and KU Leuven disclosed a fundamental security flaw in the IEEE 802.11 Wi-Fi protocol standard. This will allow attackers to hijack network traffic. Cisco has acknowledged the flaw, but believe that information gained by attacker would be minimal if one has a secured network. ‘Dark Power’ a new ransomware operation has been found Trellix found a new ransomware gang called ‘Dark Power’. They encrypt their victim’s data and publish said data if no payment is received. So far, it has been reported that 10 victims has been found from the USA, France, Israel, Turkey, the Czech Republic, Algeria, Egypt and Peru. Sectors of victims includes healhtcare, education, manufacturing, IT and food production. New IcedID variants shifts focus from bank fraud to malware delivery According to Proofpoint, they have found that a group of threat actors are using the new variants to shift focus from bank fraud to ransomware delivery. The new IcedID are leaner and stealthier, which can help threat actors to avoid detection. Since November 2022, Proofpoint found that 3 different threat actors have utilised these new variations in 7 campaigns. Links:
https://www.abc.net.au/news/2023-03-31/data-breach-third-party-file-transfer-service-tasmania/102173432 https://blog.nintechnet.com/high-severity-vulnerability-fixed-in-wordpress-elementor-pro-plugin/ https://www.latitudefinancial.com.au/about-us/media-releases/cybercrime-update-27-03-2023.html https://www.trellix.com/en-us/about/newsroom/stories/research/shining-light-on-dark-power.html https://www.ferrari.com/en-EN/corporate/articles/cyber-incident-in-ferrari https://www.usenix.org/conference/usenixsecurity23/presentation/schepers https://www.3cx.com/blog/news/desktopapp-security-alert/ https://www.3cx.com/blog/news/security-incident-updates/ https://www.bleepingcomputer.com/news/security/dish-slapped-with-multiple-lawsuits-after-ransomware-cyber-attack/ https://edition.cnn.com/2023/03/29/tech/fda-medical-devices-secured-cyberattacks/index.html https://www.politico.eu/article/italian-privacy-regulator-bans-chatgpt/ https://www.proofpoint.com/us/blog/threat-insight/fork-ice-new-era-icedid Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|