Last week was overrun by data breaches from a range of sectors. In particular, government agencies have been hit hard by these data breaches. New vulnerabilities and patches have also been found, and it is highly recommended to update them.
Read on to receive a quick summary of what happened this week in the space of cybersecurity. U.S. government contractor, Serco Inc, disclosed data breach from MOVEit theft-attack - over 10,000 people personal information stolen. Serco Inc, Americas division of multinational outsourcing company Serco Group, disclosed a data breach after attackers stole the personal information of over 10,000 individuals. This data breach occurred due to their 3rd party vendor. CBIZ, being one of the many victims of the MOVEit attack. Personal information compromised included any combination of these: name, social security number, birth date, mailing address, Serco and/or personal email address, and selected health benefits for the year. Serco is collaborating with CBIZ to investigate the breach and the extent of its impacts, as well as focusing on implementing security measures that would prevent such incidents from happening again. Rilide, malicious Chrome malware. new campaign targeting crypto users and enterprise employees. The Rilide Stealer Chrome browser extension has returned with new campaigns that now targets crypto users and enterprise employees to steal their credentials and crypto wallets. The first discovered version of Rilide browser extension impersonates legitimate Google Drive extensions to hijack the browser, monitor all user activity and steal information such as email account credentials or cryptocurrency assets. Now, Trustwave Spiderlabs, discovered a new version of Rilide, that can overcome restrictions from Google’s new extension specifications and has added additional code to evade detection. Furthermore, this malware extension also now targets banking accounts. Trustwave researchers have found that Rilide is gaining popularity among hackers with the use of multiple droppers for Rilide and the fact that there were several potentially authentic Rilide source code leaks which exposed the source code to many hackers. Furthermore, with this malicious Chrome extension being continuously improved on by threat actors, Rilide’s activity in the wild is unlikely to decrease. Hackers posed as technical support staff on Microsoft Teams to breach government agencies. Microsoft security researchers stated last Wednesday that the Russian state-sponsored hacking group, APT29, posed as technical support staff on Microsoft Teams to compromise dozens of global organizations, including government agencies. This social engineering campaign was carried out via the usage of previously compromised Microsoft 365 accounts to create new technical support-themed domains. Via these domains, hackers sent Microsoft Teams messages that manipulate users to grant approval for multi-factor authentication, which allows them to gain access to victim’s user accounts and exfiltrate sensitive information. This campaign has targeted or breached fewer than 40 unique global organizations, which included government agencies, non-governmental organizations, IT services, technology, discrete manufacturing, and media sectors. Mondee security lapse exposed database with sensitive customer information. Anurag Sen, a good-faith security researcher found Mondee’s exposed database that contains 1.7 terabytes of sensitive customer information which included names, gender, birth dates, home addresses, passport numbers, detailed flight and hotel itineraries, ticket and booking details, and unencrypted credit card numbers and expiry dates. To add on, the database also contained non-customer testing data generated by Mondee developers. TechCrunch, via Sen’s alert, found that the database was also accessible from an easily guessable domain of a Mondee subsidiary’s website.Much of the data appears to relate to Mondee subsidiary, TripPro, a travel agent platform. Although when reached by email, Mondee spokesperson did not acknowledge the incident or provide comment. The database became inaccessible a short time after TechCrunch contacted Mondee - meaning that they secured the exposed database. 1.7 million Oregon residents’ health data accessed by MOVEit hackers. Hackers behind the MOVEit attack have accessed the health data of 1.7 million Oregon citizens via Performance Health Technology (PH Tech). PH Tech have confirmed the attack, and stated that the compromised information includes patients’ names, birth date, Social Security numbers, email address, postal address, member and plan ID numbers, insurance authorizations, diagnosis and procedure codes, and claims information. Salesforce zero-day exploited by Hackers in Facebook phishing attack. Hackers have exploited a zero-day vulnerability in Salesforce’s email services and SMTP servers to launch a phishing campaign that targets Facebook accounts. Hackers are able to bypass Salesforce’s sender verification safeguards and quirks in Facebook’s web games platform to mass-send these malicious emails. Through the use of Salesforce, a reputable email gateway, hackers are able to evade email gateways and filtering rules. This ensures that malicious emails will reach the target’s inbox. Guardio Labs analysts discovered the campaign and have helped Salesforce with the remediation process. This vulnerability was solved a month later on 28 July. Meta have removed the violating pages, however Meta engineers are still trying to figure out why the existing protections failed to stop these attacks. It is highly recommended to not fully depend on email protection solutions, but to also double-check every email you receive to prevent falling for these phishing attacks. U.S. & Norwegian cybersecurity agencies: Hackers exploited Ivanti zero-day flaw since April. The U.S. and Norwegian cybersecurity agencies, CISA and NCSC-NO respectively, have warned that hackers have exploited the zero-day flaw in Invanti’s mobile endpoint management software undetected for at least 3 months (since April). It was confirmed last week that 12 Norwegian ministries have been exploited via this zero-day flaw. Both agencies have also urged agencies to search their systems for potential compromise using their catalog of Known Exploited Vulnerabilities and immediately report any issues. Ivanti released a patch for its 1st vulnerability (CVE-2023-35078) on 23 July, and another for the 2nd vulnerability (CVE-2023-35081) on 28 July. According to Shodan, more than 2,200 MobileIron user portals are currently exposed online, including over a dozen connected to U.S. government agencies. At least 640 Citrix servers have been breached and backdoored with web shells in ongoing attacks. Shadowserver Foundation security researchers have disclosed that attackers had deployed web shells on at least 640 Citrix Netscaler ADC and Gateway servers in a series of attacks that was targeting a critical RCE vulnerability (CVE-2023-3519). This vulnerability was previously exploited to breach the network of a U.S. critical infrastructure organization. Citrix released security updates on 18 July to address the RCE vulnerability. They have acknowledged that vulnerable appliances have been exploited, and urge customers to install the patches immediately. The vulnerability mainly impacts unpatched Netscaler appliances configured as gateways (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or authentication virtual servers (AAA server). Hot Topic notifies customers on data breach that resulted in sensitive information being compromised. Hot Topic, an American apparel retailer, notifies customers about multiple cyberattacks that occurred between 7 February and 21 June, that resulted in their sensitive information being exposed to hackers. The company stated that hackers used stolen account credentials and accessed the Rewards platform multiple times, potentially stealing customer data as well. The information that may have been exposed includes customers’ full name, email address, order history, phone number, birth date, shipping address, and the last 4 digits of saved payment cards. Hot Topic highly recommends customers to reset their account passwords, and utilize a strong and unique password. It is also highly recommended to reset your account credentials on other platforms where you might have used the same credentials. Canon warns of Wi-Fi security risks of inkjet printers if memory is not wiped before discarding. Canon is warning users of their inkjet printers that others can gain access to the data stored in the printers if their Wi-Fi connection settings that are stored in the devices’ memories are not wiped during initialization. This flaw could help malicious third-party gain unauthorized access to a Canon printer user’s network that the printer was connected to. This would allow them to access shared resources, steal data or even launch other privacy-invading attacks through the use of other vulnerabilities. The vendor has published a document to help users to check if this flaw impacts their printer models. Canon highly recommends owners of impacted printers to wipe their Wi-Fi settings before a third party has access to the printer. The Colorado Department of Higher Education disclosed a massive data breach. The Colorado Department of Higher Education (CDHE) stated they suffered a ransomware attack on 19 June 2023, and this data breach impacts on students, past students, and teachers. The data stolen from CDHE’s systems spanned 13 years between 2004 and 2020. It includes full names, social security numbers, birth dates, addresses, proof of addresses (statements/bills), photocopies of government IDs, and for some, police reports or complaints regarding identity theft. Due to this, the CDHE is providing free access to identity theft monitoring for 24 months to those impacted. Impacted students and teachers may include those who: attended a public institution of higher education in Colorado between 2007-2020, attended a Colorado public high school between 2004-2020, had a Colorado K-12 public school educator license between 2010-2014, participated in the Dependent Tuition Assistance Program from 2009-2013, participated in Colorado Department of Education’s Adult Education Initiatives programs between 2013-2017, and those who obtained a GED between 2007-2011. It is highly recommended for those impacted to be careful of phishing emails that attempt to gain more information such as your financial information, account numbers or passwords. That is all! Enjoy the rest of the week and don't forget to update your devices and systems to the latest patches! Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|