AuthorTAFA Archives
April 2024
Categories
All
|
Back to Blog
Last week, breaches and cyberattacks occurred across several industries from the streaming, business intelligence, veterinary, audio to the healthcare industry. Devastating consequences have been uncovered from earlier data breaches and attacks, such as Hoya receiving a $10 million ransomware demand for a file decryptor and for the allegedly 1.7 million stolen files to not be released. Additionally, it was found that a hacker that claimed responsibility for the Giant Tiger data breach has allegedly leaked 2.8 million customers’ records online. Furthermore, new vulnerabilities and patches have also been found and released for Microsoft, WordPressLG Smart TVs and Telegram Windows app. It is highly recommended to not only be aware of them but to also update them as soon as possible. Read on to receive a quick summary of what happened this week in the space of cybersecurity. Roku confirmed a second security incident: About 576,000 user accounts were hacked. Roku, a streaming giant, has confirmed a second security incident, in which about 576,000 user accounts were accessed via credential stuffing. However, Roku stated that fewer than 400 user accounts were breached, and where the malicious hackers made fraudulent purchases of Roku hardware and streaming subscriptions using the payment data stored in those users’ accounts. The company stated that they have refunded the affected customers. Furthermore, they emphasised that the malicious hackers did not access sensitive user information or full credit card details. Following these incidents, Roku has implemented 2-factor authentication, which helps add another layer of security to their users’ accounts. Sisense, a company that sells big-data analytic tools, suffers a data breach: CISA issues a red-alert. CISA, the US government cybersecurity agency, issued a red-alert on Thursday warning of a compromise of Sisense customer data, and highly recommended Sisense customers to immediately reset their credentials and secrets. Although the exact nature of the breach is unclear, the alert could suggest a massive supply chain security incident that exposed data from thousands of companies globally. CISA stated that they are partnering with private industry partners to respond to the incident and advised Sisense’s customers to reset their credentials and secrets, and to investigate and report to CISA if any suspicious activity has been detected. CISA is taking an active role as this data breach directly impacts critical infrastructure sector organizations. Sisense, which provides business intelligence and analytics tools that help process massive volumes of data, is involved in organizations in the U.S. healthcare, manufacturing, retail and technology sectors, hence a supply chain breach can have severe consequences. Non-profit healthcare service provider, GHC-SCW, disclosed that a ransomware gang has stolen 533,000 individuals’ health data. Group Health Cooperative of South Central Wisconsin (GHC-SCW) disclosed that a ransomware gang breached their networks on 25 January and stole 533,809 individuals’ personal and medical information. The health data stolen includes individuals’ names, birth dates and/or deaths, addresses, telephone numbers, email addresses, social security numbers, member numbers, and Medicare and/or Medicaid numbers. The attackers could not encrypt the compromised devices, which allowed GHC-SCW to secure their systems and bring them back online after they were isolated to contain the breach. GHC-SCW stated that they have added security measures to prevent such breaches from reoccurring, such as strengthening existing controls, data backup and user training. Impacted individuals are recommended to monitor all communications from healthcare providers - such as electronic messages, billing statements, and other communications, and to report any suspicious activity to GHC-SCW immediately. UK’s CVS Group suffers a cyberattack: Veterinary operations disrupted. UK veterinary services provider CVS Group disclosed that they had suffered a cyberattack which resulted in their IT services being disrupted across the country. In an announcement published on the London Stock Exchange site, CVS Group stated that threat actors gained unauthorized access to some of their IT systems. In response, the company took their IT systems offline, which disrupted their operations considerably over the past week. CVS stated that they have engaged in 3rd party specialists to help investigate the attack and to restore IT services safely across its clinics. CVS also announced that this cyberattack has sped up their plan to migrate all IT infrastructure to the cloud, which is expected to extend the period of operational disruption by several weeks for UK-based practices. BoAt, an Indian audio giant, is investigating a possible data breach of 7.5 million customers. BoAt, India’s largest audio and wearables brand, is investigating a possible data breach that may have compromised more than 7.5 million customers after hackers uploaded a sample of their alleged customer data on a known cybercrime forum. The stolen alleged data includes customers’ full name, phone number, email address, mailing address, and order numbers. TechCrunch reviewed a portion of the data, and found that the data reviewed seems genuine based on checks against exposed phone numbers. The hackers claim that the breach occurred in March. In a statement, boAt stated they have launched an investigation into recent claims of a potential customer data leak but did not disclose specifics. It was found that the leaked data also include references to Shopify. India outlet Athenil reported that the alleged hackers claimed the data was obtained via using credentials stolen from boAt’s systems. AT&T is now notifying that the data breach has actually impacted 52 million customers. AT&T is notifying 52 million former and current customers that a data breach has exposed their personal data on a hacking forum. While the leak contained the personal information of more than 70 million people, AT&T is now saying that the data breach impacted a total of 51,226,382 customers. The reason for the large difference is that some customers had multiple accounts in the dataset. In their notification, the exposed information varied for individuals and accounts, and it may include customers’ full name, email address, mailing address, phone number, social security number, birthdate, AT&T account number and passcode. AT&T stated that for each impacted customer they will notify the type of personal information that has been stolen. However, the company has still not disclosed how the data was stolen, and why it took them 5 years to confirm that the stolen data belonged to them and alert the impacted customers. Hoya, an optic giant, received a $10 million ransomware demand. Hoya Corporation has been hit by a cyberattack recently which was conducted by the ‘Hunters International’ ransomware operation. The ransomware group has demanded a $10 million ransom for a file decryptor and for the alleged 1.7 million stolen files, which amounted to 2 TB of data, to not be released. Currently, no files have been released on the ransomware group’s site, and the threat actors have not publicly claimed responsibility for the Hoya attack. LeMagIT has posted evidence via screenshots from the ransomware operation’s negotiation panel that victims use to negotiate a ransom payment. The ransomware group has applied a “No Negotiation/No Discount policy” on Hoya. The company has not provided any update on the business status since 4 April 2024, hence it is assumed that their production remains impacted and remediation efforts are still underway. Giant Tiger data breach claimed by hacker who leaked 2.8 million records online. A threat actor has publicly claimed responsibility for the Canadian retail chain - Giant Tiger data breach that occurred in March 2024, and has claimed to have uploaded the “full” database of the stolen Giant Tiger customer records - which amounts to 2.8 million records on a hacker forum. The stolen customer records include over 2.8 million unique email addresses, names, phone numbers and physical addresses. As well as the “website activity” of Giant Tiger customers. As of 12 April, the leaked data set has been added to the “Have I Been Pwned?” database, which is a free online service that allows one to check if their data has been compromised in known data breaches. The number of breached records associated with this data breach that has been added to HIBP is 2,842,669. Microsoft resolved a security lapse that exposed internal passwords. Security researchers from SOCRader discovered an open and public storage server that was hosted on Microsoft’s Azure cloud service that stored internal information relating to Microsoft’s Bing search engine. The internal information stored included code, scripts and configuration files that contain passwords, keys and credentials used by Microsoft employees to access other internal databases and systems. However, the storage server itself was not protected with a password, and could be accessed by anyone on the internet. The exposed internal information could potentially assist malicious actors in identifying or accessing other places where Microsoft stores its internal files, and hence could result in more significant data leaks and even services being compromised. The researchers notified Microsoft of the security lapse on 6 February, and Microsoft resolved the security lapse on 5 March. 4 vulnerabilities found which could lead to over 90,000 LG Smart TVs being exposed to remote attacks. Bitdefender security researchers have found 4 vulnerabilities (CVE-2023-6317, CVE-2023-6318, CVE-2023-6319, CVE-2023-632) that impact multiple versions of WebOS, the operating system used in LG smart TVs. The vulnerabilities allow different degrees of unauthorized access and control. This includes authorization bypass, privilege escalation, and command injection. Bitdefender explains that although the vulnerable LG WebOS service is supposed to be used only in local area networks (LAN) settings, an internet scan shows that 91,000 exposed devices are potentially vulnerable to the flaws. The vulnerabilities impact webOS 4.9.7 – 5.30.40 on LG43UM7000PLA, webOS 04.50.51 – 5.5.0 on OLED55CXPUA, webOS 0.36.50 – 6.3.3-442 on OLED48C1PUB, and webOS 03.33.85 – 7.3.1-43 on OLED55A23LA. Impacted users should apply the security update by selecting “Check for Update”. Thousands of WordPress sites compromised to promote crypto drainers. It has been discovered that over 2,000 compromised WordPress websites now display fake NFT and discount pop-ups to trick visitors into connecting their wallets to crypto drainers that would automatically steal their funds. According to MalwareHunterTeam, the threat actors have begun to monetize the hacked sites to display pop-ups promoting fake NFT offers and crypto discounts. And an Urlscan search showed that over 2,000 compromised websites have been loading the malicious scripts for the past week. To prevent falling victim to crypto drainers, only connect your wallet to trusted platforms. Furthermore, it is recommended to be vigilant against any unexpected pop-up windows, especially pop-ups that do not align with the website’s primary subject or design. Telegram released security patch to fix a Windows app zero-day vulnerability that could automatically launch Python scripts. Telegram has fixed a zero-day vulnerability in their Windows desktop app that could be used to bypass security warnings and automatically launch Python scripts. In a statement to BleepingComputer, Telegram disputes the existence of zero-click vulnerabilities as inaccurate. However, they have confirmed that they fixed the “issue” in the Windows app to prevent Python scripts from automatically launching when clicked. As stated it was a server-side fix that ensures that this issue no longer occurs, whereby when clicked it will cause Windows to ask what program you wish to open rather than automatically launching in Python. That is all! Enjoy the rest of the week and don't forget to update your devices and systems to the latest patches! Comments are closed.
|