Last week, breaches and cyberattacks occurred across several industries from the public sector, clothing, electronic manufacturing, tourism, banking, mortgage to the healthcare industry. Devastating consequences have been uncovered from earlier data breaches and attacks, with millions of individual's personal data exposed. Furthermore, new vulnerabilities and patches have also been found and released. It is highly recommended to not only be aware of them but to also update them as soon as possible.
Read on to receive a quick summary of what happened this week in the space of cybersecurity. Halara investigates a breach after data of 950,000 customers was leaked. Halara, a popular Hong Kong athleisure clothing company, is investigating a potential data breach after the alleged data of almost 950,000 customers was leaked on a hacking forum. This comes after a person named ‘Sanggiero’ claimed to have breached Halara earlier this month, and shared a text file that contains the stolen customer data on a hacking forum and a Telegram channel. Over 1 million rows of data from Halara was posted. The data posted contained a unique address id, full names, phone numbers, country, home address, zip, province, city, and iso. BleepingComputer reviewed the leaked data, they found that the text file only contains 941,910 records. Although BleepingComputer has not been able to confirm if all the data is accurate, however they did contact multiple people listed in the file, and confirmed that they are all Halara customers, and that their listed names, phone numbers, and addresses are accurate. Sanggerio stated that data was stolen via exploiting a bug in an API on Halara’s website, which is still unfixed. Sanggiero stated they did not contact Halara and decided to release the stolen data for free as selling it would not have a lot of value. Halara customers should be vigilant against targeted SMS phishing that will attempt to steal other personal info such as passwords. Framework discloses data breach after its accounting service provider fell victim to a phishing attack. Framework Computer, a laptop computer manufacturer, disclosed a data breach that exposed the personal information of an undisclosed number of customers after their accounting service provider, Keating Consulting Group, fell victim to a phishing attack. The company stated in a data breach notification letters sent to affected individuals, that an accountant from Keating Consulting Group was tricked on 11 January by a threat actor impersonating Framework’s CEO into sharing a spreadsheet that contains customers’ personally identifiable information (PII) that is “associated with outstanding balances for Framework purchases”. Exposed PII includes full name, email address and balance owed. The company also warned affected customers of phishing attacks, and stated that they only send emails from ‘[email protected]’ for customers to update their information when a payment has failed, and will never ask for payment information via email. Customers are highly encouraged to contact the company’s support team if they receive any suspicious emails. HMG Healthcare hit by data breach: Data from 40 nursing facilities compromised. HMG Healthcare, a Texas-based healthcare services provider, was hit by a cyberattack on their server that led to data from residents and employees across 40 nursing facilities being compromised. The hackers were able to exfiltrate unencrypted files that contain personal information. Personal information compromised includes individuals’ names, birthdates, social security numbers, contact details, employee records, and medical treatment information. HMG has not disclosed the nature of the attack nor the number of people affected by the breach, but did dismiss the possibility of further compromise. As stated by the health provider, they “worked diligently to ensure that the stolen files were not further shared by the hackers to other sources.” HMG highly recommends affected individuals to be vigilant of any suspicious activity in their credit reports and account statements. Inspiring Vacations, an Australian travel agency, hit by data breach: More than 112k records such as passport and travel details exposed. Inspiring Vacations, an Australian travel agency, has fallen victim to a data breach. It has resulted in thousands of customers’ passports and travel details being compromised. Jeremiah Fowler, a cybersecurity researcher that discovered the data breach, reported that the publicly exposed database totaled 112,605 records and 28.6 GB in size. The exposed database includes high-resolution passport images, travel visa certificates, and itineraries or ticket files.Majority of the affected individuals in this data breach are Australian citizens, however identification documents from New Zealand, the United Kingdom and Ireland were also present. There are an estimated 1,000 identification documents in a limited sample, along with additional files that contain passport numbers, and other personally identifiable information. Notably, passport document names included individuals’ names in plain text. Furthermore, the breach revealed 48 spreadsheets that had information of about 13,684 customers. The exposed information includes travellers’ names, email addresses, trip costs, destinations, and internal details. To add on, approximately 24,000 itinerary and e-ticket pdf documents were exposed, some even displaying partial credit card numbers.The database also had internal documents - 17,000 tax invoices to partners and affiliates specifying gross costs and commissions paid. Oregon Pacific Bank hit by data breach: Consumers’ sensitive information compromised. Oregon Pacific Bank (OPB), a financial institution based out of Florence, Oregon, filed a notice of data breach with the Attorney General of Oregon after they discovered that an unauthorised party accessed consumers’ sensitive information. Upon discovery of this data breach, OPB conducted an investigation to determine the type of information, and which consumers were impacted. However, OPB did not state the specific data types that were compromised. OPB has begun to send out data breach notification letters to all individuals affected by this data breach. Hathway suffers from alleged massive data breach: 41.5 million customers exposed. Hathway, one of India’s largest Internet Service Providers (ISP) and cable television operators, was hit by a data breach which occurred in December 2023. The hacker called ‘dawnofdevil’ claimed responsibility for the breach. The hacker stated that a vulnerability in the Laravel framework application, the content management system used allowed them to compromise the company’s data. According to the hacker’s message, the Hathway data leak exposes over 41.5 million customers’ sensitive information. The exposed data includes names, email addresses, phone numbers, physical addresses, and other personally identifiable information. The hacker claims that 200+ GB of data has been dumped, which comprises 739 CSV files. Swiss Air Force hit by cyberattack: Documents leaked on the darknet. A US security company that provides communication technology to defence firms globally, fell victim to a cyberattack. Switzerland’s Federal Department of Defence officially confirmed that the Swiss Air Force was affected by the breach, and is currently investigating the incident. Hackers are believed to have stolen thousands of documents from the US security company. Around 30GB of partly sensitive and classified documents are believed to have ended up on the darknet, and hence are accessible to the public. The leaked documents include a contract between the Swiss Department of Defence and the US company for almost US$5 million, as well as emails and payment receipts that show when the transactions took place. Fidelity National Financial (FNF) confirmed November cyberattack exposed 1.3 million customers’ data. FNF, an American provider of title insurance and settlement services to the real estate and mortgage industries, confirmed that a November cyberattack, which has been claimed by the BlackCat ransomware gang, has exposed 1.3 million customers’ data. FNF confirmed this in an amended SEC Form 8-K filing, and confirmed that the cyberattack was successfully contained 7 days later. According to the filing, the attackers used a non-propagating malware that could exfiltrate data from the breached systems. The company is providing credit monitoring, web monitoring and identity theft restoration services to affected customers. The filing also clarified that the breach was contained on FNF systems, and the attack was not extended to any of the connected customer-owned systems. loanDepot, a U.S. mortgage lender, confirmed ransomware attack that disrupted operations. loanDepot confirmed on 8 January that the cyber incident they experienced over the weekend was a ransomware attack that led to data encryption. Customers started to encounter into issues on Saturday when trying to log into loanDepot’s payment portal or when trying to contact them via phone. Due to the attack, loanDepot had to take certain systems offline to block the attackers’a access to other devices on its network, and that they are investigating to understand the extent of the attack, and taking measures to minimise the impact. From their investigation so far, they found that the attackers had accessed some of their systems and encrypted files. The company also notified relevant authorities of the incident. Using social media, the company informed customers that recurring automatic payments would still be processed, although delayed before they appear in the payment history. However, making new payments via the servicing portal will not be possible, and advised affected customers to reach out to the call center for assistance. As ransomware gangs tend to steal corporate and customer data during breaches, it is highly recommended that customers of loanDepot to be vigilant against phishing attacks and identity theft attempts. Toronto Zoo hit by ransomware attack. Toronto Zoo, the largest zoo in Canada, stated that a ransomware attack had hit their systems, but had no impact on the animals, their website, or their day-to-day operations. The zoo stated that they do not store credit card information, and are investigating whether the attack affected their guests’, members’ or donors’ records. The attack has been reported to relevant authorityies, and the zoo is working with 3rd party cybersecurity experts, and the City of Tornonto’s Chief Information Security Office to determine the extent of the damage. 2 vulnerabilities in a plugin that are used on 150k WordPress sites can help attackers take control of sites. There are 2 vulnerabilities (CVE-2023-6875 & CVE-2023-7027) that impact the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites. These vulnerabilities can help attackers take complete control of a site authentication. CVE-2023-6875 is a critical authorisation bypass flaw, and this impacts all versions of the plugin up to 2.8.7. This vulnerability can be exploited to reset the API key and view sensitive log information, this includes password reset emails. CVE-2023-7027 is a cross-site scripting problem, and impacts all versions of the plugin up to 2.8.7. This vulnerability could let attackers inject arbitrary scripts into web pages of the affected site. On 1 January 2024, the plugin vendor published version 2.8.8 that includes security fixes for both issues. However, based on statistics, there are roughly 150,000 sites that still run a vulnerable version of the plugin. It is highly recommended to update to the latest version as soon as possible. Microsoft January 2024 Patch Tuesday fixes 49 flaws & 12 remote code execution vulnerabilities. 9 January 2024 was Microsoft’s January 2024 Patch Tuesday which includes security updates for 49 flaws and 12 remote code execution (RCE) vulnerabilities. 2 vulnerabilities were classified as critical, with one being a Windows Kerberos Security Feature Bypass and the other a Hyper-V RCE. The vulnerabilities include: 10 Elevation of Privilege Vulnerabilities, 7 Security Feature Bypass Vulnerabilities, 12 RCE Vulnerabilities, 11 Information Disclosure Vulnerabilities, 6 Denial of Service Vulnerabilities, 3 Spoofing Vulnerabilities. To access the full description of each vulnerability and the system it affects, you can view the report here. That is all! Enjoy the rest of the week and don't forget to update your devices and systems to the latest patches! Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|