Last week, breaches and cyberattacks occurred across several industries from airlines to construction to government agencies. Devastating consequences of past cyberattacks on organisations have also been reported - with Equifax being fined $13.4 million by UK regulators for the 2017 data breach, and 23andMe facing multiple class action lawsuits. Furthermore, new vulnerabilities and patches have also been found and released. It is highly recommended to not only be aware of them but to also update them when possible.
Read on to receive a quick summary of what happened this week in the space of cybersecurity. Spanish Airline, Air Europa hit by credit card system breach: Customers warned to cancel credit cards. Air Europa warned affected customers on Monday to cancel their credit cards after cybercriminals managed to breach one of their systems which consisted of customers’ bank card data. The credit card details exposed include card numbers, expiration dates, and the 3 digit CVV (Card Verification Value) code on the back of the payment cards. Affected customers were warned to cancel their cards used on their website due to the “risk of card spoofing and fraud” and to “prevent fraudulent use”. Air Europa has also said in the email that they have secured their systems, and have reported to the relevant authorities. Simpson Manufacturing, U.S. construction giant, cyberattacked: Forced to shut down their IT systems. Simpson Manufacturing Company were forced to shut down some of their IT systems to contain a cyberattack, which caused disruptions in their IT infrastructure and applications. The company has taken steps to stop and address this issue, and have also reported this incident to relevant authorities. However, Simpson also stated that this cyberattack is expected to continue to cause disruption to parts of their business operations. BlackCat ransomware gang claims Florida circuit court attack. BlackCat ransomware gang (also known as ALPHV) claimed an attack that affected state courts across Northwest Florida (which is part of the First Judicial Court) last week. The ransomware gang have allegedly acquired personal details of employees (this includes judges) such as their social security number and CVs. BlackCat also claimed that they have a comprehensive network map of the court’s systems. This includes local and remote service credentials. Based on the presence of Florida’s First Judicial Circuit on their data leak page, it can be suggested that the court has either not engaged with BlackCat on ransom negotiations or decided to not meet their demands. BianLian extortion group claims recent Air Canada breach. The BianLian extortion group claims to have breached the network of Air Canada and stole 210GB of data. Although the company stated in a statement that only “limited personal information of some employees and records” were compromised, the extortion group now claims that the stolen documents contained much more extensive information. They have also shared screenshots of the stolen data on their data leak site, and detailed description of what was stolen from the airline’s network. BianLian claimed to have stolen technical and operational data from 2008 to 2023. This includes details about the company’s technical and security challenges, SQL backups, employees’ personal information, data relating to vendors and suppliers, confidential documents, and archives from company databases. Air Canada is aware of BianLian extortion threats, but will not comment on any claims made, and will not add anything to what they had stated publicly. Air Canada also warned some of their customers in emails sent on 11 October to enable SMS multi-factor authentication on their Aeroplan accounts, and use strong passwords. UK Regulator fines Equifax $13.4 million for 2017 data breach. The UK’s Financial Conduct Authority (FCA) has fined Equifax Ltd. $13.4 million for failing to take the appropriate steps to protect the personal data of 13.8 million UK consumers that was stolen in the 2017 data breach. The personal data compromised were names, birth dates, phone numbers, residential addresses, Equifax membership login details, and partially exposed credit card details. The FCA ruled that the theft of UK consumers data was “entirely preventable” as Equifax did not treat their relationship with their parent company in the U.S. as outsourcing, hence they did not provide sufficient oversight how the data sent was managed and protected. The FCA also said that Equifax public statements on the incident’s impact “gave an inaccurate impression of the number of consumers affected.” They also added the company mishandled complaints from UK consumers as they failed to maintain quality assurance checks for the complaints. Shadow PC warns customers of data breach as cybercriminal claims to be selling stolen customers’ data. Shadow PC, a provider of high-end cloud computing services, is warning customers of a data breach that has compromised and exposed customers’ private information. This came out as a cybercriminal claims to be selling the stolen data of 533,624 Shadow customers. According to multiple tips sent to BleepingComputer, the company has begun to send data breach notifications to their customers after a successful social engineering attack which targeted one of their employees. This attack began on the Discord platform with the downloading of malware under cover of a game on the Steam platform, which was proposed by an acquaintance of the employee. The compromised customer’s information includes full name, email address, birth date, billing address and credit card expiry date. However, Shadow did clarify that no passwords or sensitive banking data were compromised. Shadow stated they had revoked the stolen authentication cookie, and that the hacker’s access to their systems has been blocked. They have also implemented additional defences to prevent similar incidents from occurring in the future. Philippine Statistics Authority says alleged data breach limited to one system. The Philippine Statistic Authority (PSA) said on Wednesday that the alleged data breach is limited to their Community-Based Monitoring System (CBMS). They are currently assessing what personal data from the CBMS has been compromised. They stated that they will share information with the relevant authorities and the public in “due course”.The PSA has also activated their Data Breach Response Team (DBRT) following the alleged data leak posted on social media. The PSA reassured that the Philippine Identification System and the Civil Registration System are not affected. The Department of Information and Communications Technology (DICT) confirmed that they are now looking at possible suspects behind this data breach. This data breach comes after the PhilHealth data breach which may have impacted millions of members. Last month, over 17,000 WordPress sites were hacked in Balada Injector campaigns. Multiple Balada Injector campaigns have compromised and infected over 17,000 WordPress sites via leveraging known flaws in premium theme plugins to inject a Linux backdoor. This backdoor redirects visitors of the compromised sites to fake tech support pages, fraudulent lottery wins, and push notification scams. It was found that more than half (9,000) were compromised via the exploitation of CVE-2023-3169, which is a cross-site scripting flaw in tagDIV Composer - a companion tool for tagDIV’s Newspaper and Newsmag themes for WordPress sites. It is highly recommended to upgrade the tagDIV Composer plugin to version 4.2. Or later as they address the mentioned vulnerability. 23andMe faces multiple class action lawsuits after hackers leaked stolen genetic data. 23andMe, a genetic testing provider, faces multiple class action lawsuits in the U.S. due to a large-scale data breach that is believed to impact millions of their customers. At least 4 class action complaints have been submitted in California that are seeking relief for the damage done by 23andMe’s failure to protect their data. The lawsuits highlight the lack of information in the official statement of the breach such as the current status of customer data safety, the breach duration, the exact mechanism of the cyberattack. They also criticise the lack of adequate security measures implemented. Especially so for a company that manages sensitive medical data. One of the complaints defines the nominal damages to $1,000 and punitive damages to $3,000 per class action lawsuit member. Unpatched WS_FTP servers are now targeted in ransomware attacks. Unpatched internet-exposed WS_FTP servers against a maximum severity vulnerability are being targeted in ransomware attacks. Sophos X-Ops incident responders have detected ransomware actors abusing the recently reported vulnerability in WS_FTP Server software, via attempts to deploy ransomware through the unpatched services. Even though Progress Software released a patch for this vulnerability in September 2023, not all of the servers have been patched. It is highly recommended for admins to upgrade to the latest version (8.8.2) as this will help to remediate the issue. That is all! Enjoy the rest of the week and don't forget to update your devices and systems to the latest patches! Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|