A quick summary of what happened this week in the space of cyber security: Hyundai data breach exposed Italian and French car owners details. Hyundai has disclosed a data breach that exposed the personal data of Italian and French car owners, and those who had booked a test drive. Personal data exposed were: telephone numbers, physical address, email address and vehicle chassis numbers. Luckily, no financial information or identification numbers were stolen. Hyundai Italia did respond that they “had immediately informed the authorities and contacted the persons concerned beforehand”. Additionally, they also had engaged with IT experts, who took the impacted systems offline till they implemented more security measures. Capita ransomware attack by Black Basta ransomware group, data found to be on sale. Black Basta, an extortion group who holds companies’ data for ransom, has listed Capita as a recent victim on their platform - advertising their data for sale. Exfiltrated data includes primary and secondary school job applications with applicants personal information, BACS payment details for Capita Nuclear, confidential Capita documents, passport scans, security vetting for customers and internal building floor plans. Yum!Brand data breach after ransomware attack. Yum!Brands, Inc, the parent company of Pizza Hut, KFC, Taco Bell and The Habit Burger Grills, disclosed a data breach, which occurred in mid-January 2023. This breach caused Yum to take their systems offline to mitigate the cyber attack, and forced them to close roughly 300 UK restaurants for a day. Affected data include corporate data, and people’s personal information such as names, driver’s license information and other ID card details. Although Yum! Brands have noted that with the stolen data, there is “no indication of identity theft or fraud”. Furthemore, the company stated this incident would not affect operations or financial performance, but this data breach will cost. Kodi announced a data breach after their forum database was found for sale online. The Kodi Foundation, a cross-platform open-source media player, organizer and streaming suite, admitted a data breach after hackers stole their MyBB forum database, which contains user’s data and private messages, and attempted to sell it online. Kodi announced that the hackers used an inactive staff member’s credentials to gain access to the admin panel. They then downloaded and then deleted the database backups, which contained public and staff forum posts, user’s private messages, their usernames, email address and encrypted (hashed and salted) passwords. It is highly recommended for users to change their passwords, especially if the same username and password are used on other sites, as a safety precaution. Although the upside is that the site where the hackers tried to sell the data has been shut down and the founder and owner of the site has been arrested by the FBI. Western Digital breached, hackers demand ransom for data. Data storage company, Western Digital, suffered a security breach, which caused them to temporarily deny customers access to their cloud data as they had to turn off their servers. Hackers involved in this breach, claimed to have stolen around 10 terabytes of data from the company, including customers' data. To not publish the exfiltrated data, the hackers are demanding a “minimum 8 figures”. Western Digital has declined to comment about the hacker’s claims. Compromised websites spreading malware via fake Chrome updates. It has been found that hackers are compromising websites to display fake Google Chrome automatic update errors that distribute malware to unsuspecting visitors. NTT’s security analyst stated that after February 2023, this campaign has been expanding their target scope to cover users who speak Japanese, Korean and Spanish. It has also been uncovered that numerous sites have been hacked in this malware distribution campaign, which includes blogs, news sites and online stores. The malicious scripts are delivered through the Pinata InterPlanetary File system service, which obscure the origin server, hence making blocklisting ineffective and are resistant to takedowns. DDoS shifts to leveraging breached VPS for increased power. According to Cloudflare, high-volumetric DDoS (distributed denial of service) attacks have shifted from relying on IoT devices to leveraging breached Virtual Private Servers (VPS). As a result, this will help cyber attackers to build higher performance botnets much easier, quicker and stronger (up to 5,000 times more) than IoT-based botnets. Attackers can gain access to VPS via unpatched servers and using leaked API credentials to hack into management consoles. Cloudflare reports that in the first quarter of 2023, there was a 60% year-on-year increase in the random DDoS attacks, which represents only 16% of reported/recorded DDoS attacks. Furthermore, the number of larger attacks are growing, compared to the previous quarter, there was about a 6.5% increase. Cloudflare also reported the most targeted country by DDoS attacks in the first quarter of 2023 was Israel, the United States, Canada and Turkey. The most targeted sectors were internet services, software, marketing and gaming/gambling. Vice Society, deploys new PowerShell script to automate data theft. The Vice society, a ransomware gang, deploys a new fully automated data exfiltrator and basically uses tools that can evade detection from most security softwares, keeping them in stealth mode till the data encryption stage of the ransomware attack (the final step). Important Updates to Software You Need To Download
Links
https://apps.web.maine.gov/online/aeviewer/ME/40/b85bfcfb-4ff7-419e-8dd2-95e8f41a5ad1.shtml https://doublepulsar.com/black-basta-ransomware-group-extorts-capita-with-stolen-customer-data-capita-fumble-response-9c3ca6c3b283 https://www.thetimes.co.uk/article/capita-it-outsourcer-reels-from-being-locked-out-of-its-own-it-dhk9lgnd6 https://securityaffairs.com/144676/data-breach/yum-brands-data-breach.html https://www.bleepingcomputer.com/news/security/hacked-sites-caught-spreading-malware-via-fake-chrome-updates/ https://insight-jp.nttsecurity.com/post/102ic6o/webgoogle-chrome https://kodi.tv/article/important-kodi-forum-data-breach/ https://blog.cloudflare.com/ddos-threat-report-2023-q1/ https://www.bleepingcomputer.com/news/security/ddos-attacks-shifting-to-vps-infrastructure-for-increased-power/ https://twitter.com/squallstar/status/1646088736873107456 https://www.bleepingcomputer.com/news/security/hyundai-data-breach-exposes-owner-details-in-france-and-italy/ https://www.theregister.com/2023/04/10/apple_fix_ios_macos/ https://support.microsoft.com/en-us/topic/april-11-2023-kb5025221-os-builds-19042-2846-19044-2846-and-19045-2846-b00c3356-baac-4a41-8342-7f97ec83445a https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5025221-and-kb5025229-updates-released/ https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html https://unit42.paloaltonetworks.com/vice-society-ransomware-powershell/ https://www.bleepingcomputer.com/news/security/vice-society-ransomware-uses-new-powershell-data-theft-tool-in-attacks/ https://www.cpomagazine.com/cyber-security/storage-giant-western-digital-suffers-a-security-breach-denying-cloud-customers-access-to-their-data/ https://techcrunch.com/2023/04/13/hackers-claim-vast-access-to-western-digital-systems/?guccounter=1 Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|