This week has been overrun by ransomware attacks, and data breaches globally, and in various sectors. From the government, to the education sector, to the food and automotive industries, to the technological sector.
237,000 US government employees data breached. The US Transportation Department (USDOT) disclosed the personal information of 237,000 current and former federal employees has been exposed in a data breach on their systems used to process TRANServe transit benefits. It is unclear if any of the information exposed had been used for criminal purposes. USDOT stated that the breach did not affect any transportation safety systems. As of now, USDOT is investigating the breach, and has frozen access until the transit benefit system has been secured and restored. Britain’s largest private pension scheme, USS, reveals data on 470,000 members may have been accessed. Universities Superannuation Scheme (USS) revealed that Capita's most recent breach by Black Basta, may have resulted in access of 470,000 of their members' data. The data possibly accessed includes title, names, birth dates, National Insurance number and US member number. It dates from early 2021, and potentially covers 470,000 active, deferred and retired members. 2 million of Toyota customers’ location data exposed for 10 years. Toyota revealed a data breach on their cloud resulted in the exposure of car-location information of 2,150,000 customers for 10 years. Data breach resulted from a database misconfiguration that allowed anyone to access the contents without a password. Information exposed included in-vehicle GPS navigation terminal ID number, chassis number, and vehicle location with time data. Also possibly, video recordings taken outside the vehicle have been exposed. Whizcomm, a broadband service provider, data breach led to 50% of their customers’ data stolen. About 24,000 of their customers (50% of their customer base) had their personal information stolen by the attackers during the data breach. Information stolen were scanned images of customers’ NRIC, work permits, visa approval documents and tenancy agreements. Whizcomm had notified affected customers last Wednesday about the breach. FBI & CISA: Bloody ransomware gang actively exploiting education organizations in PaperCut attacks The FBI and CISA issued a joint advisory warning that the Bloody Ransomware gang is actively exploiting a PaperCut vulnerability to gain access to networks. They have gained access to networks across the Education Facilities Subsector, which has led to data exfiltration and encryption of their system in some operations. CISA reported that the Education Facilities is responsible for about 68% of the internet-exposed PaperCut servers. Sysco, food distribution giant, confirms data breach after cyber attack. Sysco confirmed that their network was breached earlier this year by threat actors who stole sensitive data which includes business, customer and employee data. In an internal memo, Sysco revealed that customer and supplier data in the US and Canada, and personal information of US employees may have been compromised. According to the 10-Q SEC filing, this data breach has not impacted their business operations and customer service. Attempted extortion attack on Dragos, a cybersecurity firm. Dragos announced that a ransomware group attempted to extort money in a cyber attack. Attackers gained access to SharePoint and Dragos contract management system via compromising the personal email address of a new sales employee, prior to the start date. Attackers used the stolen information to impersonate the employee and carry out initial steps in Dragos’ employee-onboarding process. After the failed attempt, the attackers attempted to “extort Dragos to avoid public disclosure” by threatening Dragos executives via direct messaging them. The attackers even made references to the family members and personal contacts of Dragos, and sent emails to senior Dragos employees’ personal accounts to provoke a response. ABB, a multinational tech company, suffered a Black Basta ransomware attack. ABB, a leading electrification and automation technology provider, has been hit by a Black Basta ransomware attack. It is reported that this attack has impacted their business operation, delayed projects and impacted factories. BleepingComputer learned from multiple employees that the ransomware attack has affected the company’s Windows Active Directory, impacting hundreds of devices. To prevent further spread of the ransomware, ABB terminated VPN connections with its customers. White Phoenix, new ransomware decryptor that recovers partially encrypted files. A new ‘White Phoenix' ransomware decryptor helps victims to recover intermittent encrypted files encrypted by ransomware strains. Intermittent encryption tactics have been gaining traction in the ransomware space, as reported by Sentinel Labs. However, this decryptor may not work for all files, only “some” data from critical files would be able to be recovered. White Phoenix is developed by CyberArk, and they have invited all security researchers to download and try the tool, and join efforts to improve and help extend its support to more file types and ransomware strains. New ransomware operation, Cactus, detected Cactus has been found to exploit vulnerabilities in VPN appliances to access large corporate networks. They use the usual tactics in ransomware attacks, but additionally they use encryption to protect the ransomware binary. Researchers said that this is to prevent the detection of ransomware encryptor, and hence security researchers, but to also prevent detection by antivirus software. Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|