Last week, more data breaches occurred across several industries, with some having even more devastating consequences. Furthermore, a scam-as-a-service operation has been spreading their reach globally, and new research has found that Chrome extensions can steal plaintext passwords from websites.
Read on to receive a quick summary of what happened this week in the space of cybersecurity. Paramount Pictures suffered a data breach that exposed personal data. In a data breach notification letter written to impacted customers, Paramount Pictures, a production company, revealed that a data breach has led to the exposure of personal information. The cybercriminal gained access to their systems between May and June 2023, which allowed them to access the victims’ personal data. The personal information accessed includes name, birth date, social security number or other government-issued identification number (e.g. drivers license number or passport number), and information related to victims’ relationship with Paramount. A Paramount spokesperson has stated that the number of individuals that had their personal information accessed were less than 100, and the impacted individuals and relevant authorities had been notified. However, they did not reveal if the data accessed were of Paramount’s customers or employees. Paramount also reassured that the breached systems have been secured, and that there is no evidence that the breached personal data has been misused. Enhanced measurements were also put into place to prevent this incident from occurring again, and Paramount are offering free credit protection and identity theft monitoring service to those affected for 2 years. University of Sydney data breach: Applicants’ personal data accessed. The University of Sydney has put out a statement that their third-party provider suffered a data breach causing a “limited number of recently applied and enrolled international applicants’ personal data being accessed”. Although the accessed personal data has not been specified. From what they found so far, no domestic students, staff, alumni or donors’ data has been affected. This cyber incident was isolated on a single platform, and had no impact on other University systems. As of current, the University is determining the scope of the impact of this data breach, and is in the process of contacting the affected students and applicants. As of now, there is no evidence that any of the accessed personal data has been misused. University of Michigan cuts off Internet for 2 days. The University of Michigan shut down internet access for 2 days due to a “significant cybersecurity issue”. This decision was made as the cybersecurity incident caused IT outrages and disrupted access to vital online services such as Google, Canvas, Wolverine Access, and email. For safety precaution, the university has taken all of its systems and services offline, causing a widespread impact on online services the night before classes started. This decision affected roughly 120,000 individuals across the Ann Arbor, Flint and Dearborn campuses. On Wednesday, the university stated that internet service had been restored although they did warn their students that there could be some issues with selected U-M systems and services in the meantime, as their remediation efforts are not fully complete. Forever 21 data breach affects 539,207 people. A data breach notice filed with Maine’s attorney general stated that Forever 21 was hacked for 3-months beginning early January 2023, during which cybercriminals managed to access and obtain files from its system. The data accessed included the personal information of 549,207 current and former employees. Personal information access includes their name, birth date, social security number, bank account number and information on employees’ Forever21 health plan (enrollment and premiums paid). Forever 21 also stated they had taken steps to ensure that the unauthorized 3rd party no longer has access to the data. Based on their ambiguous wording, Techcrunch said it could imply that the company paid the ransomware group in exchange for deleting the data. Callaway, a golf gear giant, suffered a data breach that exposed the information of 1.1 million. Topgolf Callaway, an American golf gear equipment maker and seller, suffered a data breach in the beginning of August, which exposed the sensitive personal and account data of 1,114,954 of their customers. In a letter sent to impacted individuals on 29 August, the company stated that an IT system incident occurred on 1 August which has affected the availability of their e-commerce services and also exposed certain customer information to the cybercriminal. The compromised customer data includes full names, shipping addresses, email addresses, phone numbers, order histories, account passwords, and answers to security questions. This data breach not only impacts customers of Callaway but also their sub-brands Odyssey, Ogio, and Callaway Gold Preowned sites. Due to the exposure of customers’ passwords and security questions, Calllaway has forced a password reset for all customer accounts to prevent unauthorized access. The notice clarified that no payment card information, government ID or social security numbers were exposed during this incident. It is highly recommended for impacted customers that use the same credentials for other sites or online services, to change their passwords to a stronger and more unique password. This will help in reducing the risk of credential stuffing attacks. Also it is highly recommended for impacted customers to be suspicious of any communications that ask you to share additional data, and treat messages from unknown senders as potentially malicious. LogicMonitor customers hacked due to default passwords. Some customers of LogicMonitor, a network security company, have been hacked due to the use of default passwords. A LogicMonitor spokesperson stated that they are currently addressing a security incident that affected a small number of customers, and they are working closely with the affected customers to mitigate the impact of this breach. According to an anonymous source, the incident occurred due to LogicMonitor assigning customers default passwords that were weak. The anonymous source also stated that LogicMonitor did not require the changes, nor were these passwords temporary until this week (whereby the setup passwords last 30 days, and must be changed on first login). Byju’s server misconfiguration exposed sensitive data of their students. Byju’s, an Indian edtech giant and startup, has fixed a server misconfiguration that exposed the sensitive data of their students. The exposed data includes students’ names, phone numbers, addresses, email IDs, loan details such as payouts, links to scanned documents and transactional information. Bob Diachenko, a security researcher, found that this was due to a misconfigured Apache Kafka server used by Byju’s to send and receive data in real time. Furthermore, there were several IP addresses with the misconfigured server, which allows anyone to access to read the records without a password. Although the exact number of students impacted is unclear, Diachenko did say that 1-2 million records were accessible due to this issue. Byju’s confirmed with TechCrunch that they had fixed the security lapse but also stated that “no data or information was exposed or compromised” during the week that the servers were exposed. However, they also did not answer if they had the technical means to determine what data, if any, was accessed during this exposure incident, and by whom. Purfood suffered a data breach: Health & payment information of 1.2 million customers affected. Purfood has notified more than 1.2 million people that their personal and medical data, which includes payment card, bank account numbers, security codes, and some protected health information, may have been stolen from their servers during a data breach earlier this year. Purfood, a health-focused food delivery company, works with more than 500 health providers to deliver meals to people covered under Medicare and Medicaid. Cybercriminals managed to access Purfoods’ network on 16 January, and encrypted some files containing customer information, and may have exfiltrated some data (this was due to the found presence of tools that could be utilized for data exfiltration. Purfood had hired a 3rd party incident response firm to help investigate this breach and the review concluded on 10 July. It was found that the potentially exfiltrated information includes names, birth dates, social security numbers, driver’s license/state identification numbers, financial account and/or payment card information in combination with security code, access code, PIN or password for the account, medical information and health information. Purfood has notified the relevant authorities, and are providing free credit monitoring to all affected individuals for 12 months. Furthermore, they are currently putting more security measures in place and employee training. Chrome extensions can steal plaintext passwords from websites. Researchers from the University of Wisconsin-Madison have uploaded to the Chrome Web Store a proof-of-concept extension that can steal plaintext passwords from a website’s source code. Researchers found that numerous websites that have millions of visitors, which included Google and Cloudflare portals, store passwords in plaintext within the HTML source code of their web pages. This allows extensions to retrieve them. More specifically, they found from the 10,000 websites, roughly 1,100 are storing user passwords in plain text form. And another 7,300 websites were deemed vulnerable to DOM API access and direct extraction of the user’s input value. The researchers explain that the source of the problem is that browser extensions are given unrestricted access to the DOM tree of sites they load on, which allows the access of potentially sensitive elements. Researchers also found that approximately 17,300 extensions (12.5%)in the Chrome Web Store had the required permissions to extract sensitive information from websites. These extensions include widely used ad blockers and shopping apps that have millions of installations. Well-known websites that lack protections of the above include: gmail.com, cloudflare.com, facebook.com, citibank.com, irs.gov, capitalone.com, usenix.org and amazon.com. Classiscam, a scam-as-a-service operation, spreads its reach globally, targeting 251 brands. The Classiscam, scam-as-a-service operation has expanded their reach globally, targeting many more brands, countries and industries. This has caused more significant financial damage than before. This Telegram-based operation recruits affiliates who use the service’s phishing kits to construct fake ads and pages to steal financial information such as credit card and banking credentials, and also money. This criminal platform has continued to grow, whereby Group-IB, has reported that Classiscam has made $64.5 million from scamming users of their money and payment card details. The number of targeted brands has grown to 251 brands this year, and there are now 393 criminal gangs targeting users in 79 countries. The number of Classiscam groups on Telegram found was 1,366, with a total of at least 38,000 participants in this scam. The key industries targeted are logistic companies, bank transfer services, classified sites, and carpooling. Group-IB also reports that Classiscam has become more automated - they use Telegram bots to create phishing and scam ad pages in mere seconds. Furthermore, the phishing sites have been greatly enhanced. They are able to mimic the login pages of 63 banks in 14 countries, including financial institutions in many countries such as Singapore, Spain and France. Furthermore, they can also perform balance checks to assess the maximum amount they can charge on a victim, as well as, feature fake bank login pages to steal victim’s e-banking account credentials. That is all! Enjoy the rest of the week and don't forget to update your devices and systems to the latest patches! Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|