Last week, more cyberattacks and data breaches occurred across several industries, with some having even more devastating consequences. Members of TrickBot/Conti ransomware sanctioned by the US and UK, and a hacking device have been found to launch iOS Bluetooth spam attacks. Furthermore, new malware variants, vulnerabilities and patches have also been found, and it is highly recommended to not only be aware of them but to also update them when possible.
Read on to receive a quick summary of what happened this week in the space of cybersecurity. Johnson & Johnson patients compromised by IBM data breach. Johnson & Johnson Health Care Systems (“Janssen”) has informed their Carepath customers that a 3rd-party data breach involving IBM has compromised their sensitive information. IBM, a technology service provider, manages Carepath application and database. Janssen stated they became aware of a security gap that could give unauthorized access to the Carepath database. Upon investigation, it showed that unauthorized users accessed sensitive information such as Carepath users’ full name, contact information, birth data, health insurance information, medication information, and medical condition information. Luckily, social security numbers and financial account data were not compromised as they were not kept in the breached database. Impacted Carepath users include users who enrolled on Janssen’s online services before 2 July 2023. The compromised data can be used for highly effective phishing and scamming attacks. Furthermore, these data could be sold on the dark market due to the high value of medical data. IBM also published a statement that there are no indications that the stolen data has been misused. IBM is offering free of charge a 1 year credit monitoring to all impacted individuals to protect them from fraud. It is highly recommended for impacted customers to remain vigilant and closely monitor their account statements for suspicious activity, and to also be vigilant against phishing and scamming attacks. Chipmaker NXP confirms data breach: Customers’ information compromised. NXP Semiconductors, a Dutch chipmaker, has alerted customers via email to a data breach that involves their personal information. Customers affected appear to be individuals with an online NXP account - which provides access to technical content and community support. NXP spokesperson confirmed in a statement that an unauthorized party had acquired “basic personal information” from a system connected to NXP’s online portal. Data compromised included customers’ full names, email addresses, postal addresses, business phone numbers, mobile phone numbers, company names, job titles and description, and communication preferences. However, NXP did decline to state how many customers were impacted, and elaborate on the nature of the breach. In the email sent to affected customers, NXP recommends users to be wary of unsolicited communications requesting personal information or containing links. Researchers fear hackers may be breaking into keys stolen in LastPass breach. Some researchers believe that hackers may have cracked into the LastPass vaults compromised in a data breach last year. An investigation showed that longtime cryptocurrency investors and security-minded individuals (about 150 in total) were collectively robbed of more than $35 million worth of cryptocurrency. Interestingly, none appeared to suffer attacks that tend to preface a high-dollar crypto heist such as the compromise of one’s email and/or mobile phone. Researchers found that the common cause among these victims was that nearly every victim had previously used LastPass to store their private key needed to unlock access to their cryptocurrency investments. Traderie, in-game trading marketplace, alerts users to data breach. Traderie, a website owned by Akrew that allows users to trade and sell in-game items from a range of games, has alerted users to a data breach that has compromised their personal information. In an email sent to affected users, the company stated that an unauthorized party had acquired “some data from your account”. The incident also affected Akrew’s Nookazon website, which allows gamers to trade and sell in-game items from Animal Crossing: New Horizons. In the email, Traderie did not state which user data had been accessed or how many individuals were impacted by the breach. A post on BreachForums - a hacking forum - claims to have more details about the breach. In a post published in early August, a user called “victim” claims that as many as 2.6 million Traderie users are impacted by the breach, and said the compromised information includes email addresses, IP addresses and online identifiers for various services such as Discord, TikTok, Roblox, Xbox Live, Apple, Google and more. The user also claims that the compromised information includes some Stripe information, which Traderie uses for processing payments, including customers’ IDs and subscription statuses. However, a statement from Traderie did note that they do not “directly store passwords and any financial information handled by payment platform Stripe.” Dymocks, Australian bookstore chain, warns customers of possible data breach. Dymocks, an Australian bookstore chain, has warned customers of a possible data breach that might lead to the exposure of their personal information on the dark web. In an email sent to members on Friday, Mark Newman, the managing director, stated that an unauthorized party was detected on Wednesday, and may have access to some of their customers’ records. Troy Hunt reports that Dymocks’ customer data has been circulated in various Telegram channels and hacking forums since at least June 2023. Customers were warned that leaked information could include their email addresses, phone numbers, postal addresses, gender, birth dates, and membership details. Newman stated that an investigation was launched as soon as the breach was detected, however cybersecurity experts have found evidence of discussions pertaining to customer records being available on the dark web. Fortunately, initial indications in their investigation shows that passwords and financial information have not been compromised. Dymocks apologized, and stated they are unsure how many customers were impacted, and promised to update those affected. However, Have I Been Pwned has confirmed that the data leaked online consists of 1.2 million user records for 836,120 unique Dymocks accounts. W3LL phishing kit that can bypass MFA compromised more than 8,000 365 corporate accounts. Security researchers found that W3LL’s custom phishing kit that consists of 16 tools that allows attackers to carry out phishing attacks, were used to conduct about 850 phishing campaigns between October 2022 and July alone that targeted credentials for more than 56,000 Microsoft 365 accounts. And via this phishing kit, which can bypass MFA (multi-factor authentication) compromised more than 8,000 Microsoft 365 corporate accounts. Some have deemed the W3LL Panel one of the most advanced phishing kits. Not only in their technicality but also their service covers almost the entire BEC (business email compromise) chain of operations - this means that they offer solutions for BEC attacks from the initial stage of selecting victims and phishing baits to the launching of phishing emails to the victims’ inboxes. The Coffee Meets Bagel cyberattack caused recent worldwide outrage. The Coffee Meets Bagel, a dating platform, confirmed that last week’s worldwide outrage was because of cybercriminals breaching the company’s systems and deleting the company’s data. This led to their production servers no longer able to operate correctly. The outrage resulted in users being able to coordinate planned dates or continue communication with their matches. The service has been back online since 3 September, with the company extending chats by 7 days and subscriptions by 14 days. They have also notified relevant law enforcement about this cyberattack. The company has warned all users to log back into the systems as they had automatically logged all users out of the system at the time of the attack. Sabre data breach: Dunghill Leak group claims responsibility. Sabre, a travel booking giant, stated they are aware of the data exfiltration claims made, and are currently investigating to determine the validity. The Dunghill Leak group claimed responsibility for the apparent cyberattack by listing it on their data leak site, and claimed to have taken about 1.3 terabytes of data, which includes databases on ticket sales, passenger turnover, employees’ personal data and corporate financial information. The group also posted some of the files they allegedly stole, and claimed that the full cache will be made “available soon”. From some of the screenshots seen by TechCrunch, there were several database names relating to booking details and billing which contain tens of millions of records. Furthermore, there were screenshots containing records of employees, which include email addresses and their work locations. One screenshot contained employee names, nationalities, passport numbers, and visa numbers. Other screenshots also show several US I-9 forms of employees. US and UK sanctioned 11 members of Trickbot and Conti ransomware group. The US and UK sanctioned 11 Russian nationals associated with the TrickBot and Conti ransomware cybercrime operations. The group’s cybercrime activities led to the theft of $180million globally, and targeted hospitals, schools, local authorities and businesses. These sanctions are in addition to the 7 Trickbot/Conti members sanctioned in February. As part of these sanctions, all US and UK organizations are banned from conducting financial transactions with these individuals. This includes paying ransom demands. New Mirai variant spotted infecting low-cost Android TV set-top boxes. A new Mirai malware botnet variant has been discovered to infect inexpensive Android TV set-top boxes used by millions for media streaming. Primary targets are low cost Android TV boxes such as Tanix TX6 TV Box, M10 Pro 6K and H96 MAX X3, which are capable of launching powerful DDoS attacks even in small swarm sizes. Dr Web reports that the malware is introduced on the devices either via a malicious firmware update signed with publicly available test keys or via malicious apps on domains targeting users interested in pirated content. They also report that the malware can perform DDoS attacks, open a reverse shell, mount system partitions for modifications, and more. Google: State hackers targeting security researchers using zero-day flaw. Google’s Threat Analysis Group (TAG) states North Korean state hackers are targeting security researchers using at least 1 zero-day flaw in an undisclosed popular software. It is currently undisclosed as it is likely the vendor is still in the process of patching the vulnerability. Researchers attacked in this campaign are involved in vulnerability research and development. Attackers utilize Mastodon and Twitter to contact targets, and after establishing a relationship and moving to secure communications (such as Signal, Wire or WhatsApp), the attackers will send them malicious files designed to exploit the zero-day. This will lead to the sending of collected information (including screenshots) to the attackers’ command and control servers. Flipper Zero, a hacking device, can be utilized to launch iOS Bluetooth spam attacks. Flipper Zero, a small device that can perform wireless attacks on devices in its range, such as iPhones, car keyfobs, contactless and RFID cards.This attack essentially a denial-of-service, whereby hackers can use this device to spam your iPhone with annoying pop-ups to connect to a nearby AirTag, Apple TV, AirPods and other Apple devices, which can make an iPhone nearly unusable. The exploits worked on iPhones when Bluetooth was both enabled or switched-off in the Control Center, but did not work when Bluetooth was fully switched off from the Settings. Apple fixes zero-day bugs used to plant Pegasus spyware. Apple released security patches on Thursday to patch 2 zero-day exploits whereby victims don't have to tap or click anything for the malware to be introduced to their devices. Citizen Lab, an internet watchdog group that investigates government malware, also found that the vulnerability was used to deliver NSO Group’s malware (known as Pegasus). They stated that the exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim. It is highly recommended for all iPhone users to update their phones. That is all! Enjoy the rest of the week and don't forget to update your devices and systems to the latest patches! Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|