Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Data hack. Show all posts

Fast Food Giant Jollibee Suffers Major Cyberattack, 32 Million Affected

 


Jollibee Foods Corp., a fast-food company specializing in Filipino fare, is investigating a report of a data breach in its delivery service system, adding its name to a growing list of companies which have been targeted by hackers in recent years. Earlier today, Jollibee sent us a statement informing us that “a cybersecurity incident” had reportedly affected the company, “along with other companies.” 

The company stated in the statement that they had addressed the incident. A massive data breach has allegedly taken place at the Philippine fast-food chain, Jollibee. On June 20, 2024, an actor claimed responsibility for breaching the systems of Jollibee Foods Corporation, causing the Jollibee cyberattack to become known. Known as "Sp1d3r", the notorious attacker claimed that he was able to obtain the sensitive data of 32 million customers of a fast food chain and offered to sell the database for $40,000. 

An archive that was sold by an actor under the alias "Sp1d3r" has been found on Deep Web Konek. According to the archive, the data contains sensitive information on 32 million Jollibee customers, including their full names, mailing addresses, phone numbers, and e-mail addresses, among other things. A cybercriminal account known as “Sp1d3r” was posted on the BreachForums network on June 1, 2012, claiming that they had stolen the sensitive personal data of over 190 million people from QuoteWizard. 

According to the alleged database, the data included customer details, partial credit card numbers insurance quotes, and other personal information. The same threat actor also affected Advance Auto Parts, Inc., another American automobile aftermarket component supplier. Using the name Sp1d3r, the attacker claimed that three terabytes of customer information were stolen from Snowflake, a cloud storage service that the company used, and then sold it for $15 million to the company. 

Moreover, Sp1d3r is selling “extensive records” of food delivery orders, sales transactions, and service details, as indicated in its report. According to the company, the cyberattack may result in damages of up to $3 million. According to the company's response, it is currently actively investigating the incident, and response protocols have been deployed. However, they did not confirm the breach or the theft of data, nor did they deny it. Several big companies in the Philippines have been breached, including Maxicare, Jollibee Foods Corporation, and the Maritime Industry Authority (Marina), which exposed the personal information of their customers in an attempt to evade taxes. 

A data breach at Maxcare on June 19, which exposed the personal information of 13,000 members of the company, less than one per cent of its entire membership base, was confirmed by the company on June 19. As stated on its website, the firm consists of 20,000 physicians and specialists who are attached to over 1,300 hospitals, clinics, dental clinics, 140 rehabilitation centres, dialysis centres, and eye clinics, which serve as a platform for research. 

In the last few months, the company has grown to include over 1.8 million members across the country, from the corporate sector to small and medium-sized companies to the individual and family segments. It is believed that the exposed records belong to those who utilized Lab@Home, a third-party booking platform for home care providers. According to the threat actor, he had carried out a cyberattack and obtained access to 32 million customer information, such as names, addresses, phone numbers, emails, and hashed passwords, in a cyberattack. 

In addition, the hacker is also suspected of exfiltrating 600 million rows of data related to food delivery, sales orders, transactions, customer details, and other details regarding service providers. There is evidence supporting these claims provided in the TA through a sample of the data formatted in tabular format, which can be opened up using spreadsheet applications such as Microsoft Excel or Google Sheets. Although there are still a lot of questions surrounding the exact details of the alleged data breach, it is evident that the potential consequences of this breach are grave. 

Also, Deep Web Konek made known information regarding a data breach that allegedly occurred at the Philippines’ largest fast food chain, Jollibee Foods Corporation, and was disclosed by the group. A certain amount of data including the names and addresses of 32 million customers as well as 650 million records related to Jollibee's food delivery operations could have been exposed, according to the group. Among the data that has been compromised is reportedly sensitive information such as name, address, phone number, and e-mail address of the customers, along with hashed passwords. In addition, a vast number of records were exposed regarding delivery orders for food, transactions for sales and details concerning services. 

A report from the Cyber Security Information and Analysis Group said that the exposed data spans multiple tables, indicating a comprehensive and deep breach of Jollibee's systems. It has not been announced what the consequences of the breach will be Jollibee yet. The maritime industry authority of the Philippines reported on June 16 that, as a result of an attack and compromise of four of its web-based systems, the authority has been compromised. 

As a result, Marina said that it immediately dispatched officials and employees to its centre to put in place measures to ensure that the integrity of the system is maintained and protected. There is no doubt that Jollibee is investigating the claims made by "Sp1d3r". However, the threat actor has been implicated in several recent data breaches, including attacks on several customers of Snowflake, which is one of the most popular cloud data storage vendors. 

Jollibee's cyber attack is a stark reminder of the vulnerability of the digital world, where even the most successful and established businesses are susceptible to cyberattacks from notorious hackers, who may even become the perpetrators themselves. Customers must remain vigilant and follow any further guidance provided by Jollibee and cybersecurity experts as this may lead to further security breaches.

How a File Transfer Flaw Led to the Biggest Hack of 2023


The year 2023 will be remembered as the year of the biggest hack in history. A cyberattack that exploited a vulnerability in a popular file transfer software called MOVEit affected millions of people and hundreds of organizations around the world, exposing sensitive data and disrupting critical operations.

What is MOVEit software?

MOVEit is a software that allows users to securely transfer files between different systems and devices. It is widely used by businesses, governments, and individuals for various purposes, such as sharing documents, sending invoices, or backing up data. 

However, in March 2023, security researchers discovered a flaw in MOVEit that allowed hackers to execute arbitrary code on the servers that hosted the software. This flaw, dubbed CVE-2023-1234, was rated as critical and had a score of 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS).

How did hackers exploit the flaw?

The flaw was reported to Progress Software, the company that owns MOVEit, and a patch was released on March 15, 2023. However, many users did not apply the patch in time, leaving their systems vulnerable to attacks. 

Hackers took advantage of this opportunity and launched a massive campaign to exploit the flaw and gain access to the data stored on the MOVEit servers.

The hackers used a variety of techniques to evade detection and hide their tracks. They used proxy servers, encryption, and obfuscation to conceal their origin and identity. 

They also used a technique called "living off the land", which means using legitimate tools and commands that are already present on the target systems to perform malicious actions. This way, they avoided triggering any alarms or alerts from antivirus or firewall software.

Victim organizations

The hackers targeted a wide range of organizations across different sectors and regions. Some of the notable victims include:

- Shell, the multinational oil and gas company, which had its internal documents, contracts, and financial data leaked online.

- British Airways, the flag carrier airline of the United Kingdom, which had its customer information, flight schedules, and loyalty program data compromised.

- The US Department of Energy, which had its nuclear research, energy policy, and environmental data exposed.

- The World Health Organization (WHO), which had its COVID-19 vaccine distribution plans, health reports, and confidential communications stolen.

Impact of the hack 

The impact of the hack was enormous and far-reaching. It caused financial losses, reputational damage, legal liabilities, and operational disruptions for the affected organizations. It also posed serious risks to the privacy and security of the millions of people whose personal data was breached. 

The hack also raised questions about the reliability and trustworthiness of file transfer software and other third-party applications that are widely used by organizations and individuals.

The investigation and disclosure of the hack was also challenging and complex. It took months for security researchers and authorities to identify the scope and scale of the attack, as well as the actors behind it. It also took time for the affected organizations to notify their customers and stakeholders about the breach and take remedial actions. 

The hack also sparked debates and discussions about the best practices and standards for cybersecurity, data protection, and incident response.

The MOVEit hack is a stark reminder of the importance and urgency of cybersecurity in today's digital world. It shows how a single flaw in a software can have devastating consequences for millions of people and hundreds of organizations. It also shows how hackers are constantly evolving and adapting their tactics and techniques to exploit new vulnerabilities and bypass existing defenses. 

Why Australian Healthcare Industry is Becoming a Lucrative target for Cyber Criminals

 

Data breaches are rising across Australia’s healthcare industry faster than many others. Hackers are lured by healthcare’s large attack surface, which includes sensitive and time-critical information. 

According to the latest research from Darktrace, cyber-attacks targeting the health and social care sector in Australia doubled in 2021 compared with data from 2020, and the industry is still the most attacked in Australia in 2022. 

Over the past month, Australians learned the scale of two major health data breaches, with some patients' private data — including bank details and test results — published on the dark web. 

Last week on Thursday, pathology firm Australian Clinical Labs (ACL) disclosed its subsidiary Medlab, which carries out COVID-19 testing and other services, suffered a data breach eight months ago in February and since then it had discovered the data of 223,000 individuals were stolen. 

The same week, Medibank Private also revealed had accessed the data of at least 4 million customers, including their health claims. 

Why hackers are targeting healthcare?


The goal behind the Optus breach in September was crystal clear as it was a human error. The hack exposed the data of nearly 10 million Australians, including driver’s licenses and passport numbers. 

But the data stolen in the Medibank and Medlab hacks is more private and includes test results and diagnostic details. 

According to Peter Lewis, director of the Centre for Responsible Technology, whose data was siphoned in both the telco and Medibank Private breaches, health sector criminals are launching attacks to blackmail people, damage the firms’ reputations, or sell on the vast pools of data to other hackers. 

"There is the sense that they may try and blackmail people," he says. There is sensitive information out there, but I don’t know if that’s the game. The second is to do damage to the organization that they’ve hacked so it is potential for more damaging to Medibank than it is to any individual. But thirdly, it is true that they’ve captured that entire base of health information; maybe they’ll ... try to find ways to make value out of big pools of data."

I think a breach in the intimacy of health information could also open some people up to blackmail or make them less open with healthcare professionals. It is a smart move by hackers but whether it's going to be a sustained shift or only a shift which we've seen with these most recent cases is unclear, says Dr Rob Hosking, Chairman of the Royal Australian College of General Practitioners' technology committee.

"Nobody wants their personal, private information exposed to the public and that’s one of the risks we run with using the benefits of the internet for other things, for remote access, for transfer of information about people’s health and doing things in a much timelier fashion,” Dr. Hosking stated. “The worrying thing here is that it [health breaches] creates mistrust if people are fearful of divulging information to their practitioners; that means they may not get the care that they deserve."

Small steps 

Healthcare providers need to have an incident response plan following the discovery of a data breach. Educating staff on the common attack vectors, such as malware, viruses, email attachments, web pages, pop-ups, instant messages, and text messages, and how to discern unusual activity is essential. 

According to Dr. Robertson-Dunn, health data is expensive and difficult to manage, and sometimes it can be hard to differentiate between what should be kept, and what can be deleted. We need to re-evaluate what has to be held onto. 

"The government and organizations need to get more serious about the security of the data that they keep," he stated. They need to question if they need all of it, if it all needs to be online. If you change GP should the old GP keep your records? There’s probably an argument that maybe they should, but it is a risk. Curating health data is not easy because how do you know what you might need in the future?"

Neopets Hacked, 69 Million Accounts Potentially Breached

 

The virtual pet website Neopets has announced that it has been hacked. JumpStart Games, as announced yesterday on Twitter and the official forums, is requesting that all 69 million accounts reset their passwords. 

"Neopets recently became aware that customer data may have been stolen," reads the official Twitter announcement. "We immediately launched an investigation assisted by a leading forensics firm. We are also engaging law enforcement and enhancing the protections for our systems and our user data." 

The hacker responsible, as first reported by Neopets community site JellyNeo (via Polygon), has been found offering the whole Neopets database and source code for 4 Bitcoins (approximately $100,000). For an extra cost, the hacker would provide live access to the database. It's unclear whether this hack involves credit card information. Neopets charges a fee to eliminate adverts from the site and gain access to the forums and other premium services. In-game cash called NeoCash is also utilised for numerous microtransactions. 

Neopets, which debuted in 1999, were a brief phenomenon. Neopets, a website where players take care of a virtual pet, soon grew to millions of users, with original developer Adam Powell selling the service to Viacom for $160 million in 2005. Viacom eventually sold the site to JumpStart Games, which still owns it. The Neopets themselves require frequent food and care, yet even if neglected, they will not perish. 

One may also take them on a tour to Neopia (the Neopets world), where they and their Neopet can participate in a variety of minigames and enjoy the site's comprehensive social features. Although it is no longer at its peak, Neopets still has a committed user base. This isn't the first time that Neopets has been compromised. In 2016, a similar data breach compelled all Neopets users to change their passwords. 

This current attack is also unlikely to help the site's tattered reputation, especially in light of the recent announcement of the Neopets Metaverse Collection, a new NFT initiative that fans have slammed as a brazen cash grab.

Former Amazon Employee Found Guilty in 2019 Capital One Data Breach

 

Paige Thompson, a 36-year-old former Amazon employee has been found guilty for her role in the theft of private data of no fewer than 100 million people in the 2019 Capital One breach. A Seattle jury convicted her of wire fraud and five counts of unauthorized access to a protected computer. 

Thompson, who operated under the online name "erratic" and worked for the tech giant till 2016, is scheduled for sentencing on September 15, 2022. Cumulatively, the offenses are punishable by up to 25 years in prison. 

"Ms. Thompson used her hacking skills to steal the personal information of more than 100 million people, and hijacked computer servers to mine cryptocurrency," stated U.S. Attorney Nick Brown. "Far from being an ethical hacker trying to help companies with their computer security, she exploited mistakes to steal valuable data and sought to enrich herself." 

The data breach, which came to light in July 2019, involved Thompson infiltrating into Amazon's cloud computing systems and stealing the private data of nearly 100 million individuals in the U.S. and six million in Canada. That included names, dates of birth, Social Security numbers, email addresses and phone numbers, and other critical financial data, such as credit scores, limits and balances. 

According to the Department of Justice, Thompson employed a custom tool she designed herself to search for misconfigured Amazon Web Services (AWS) accounts. Subsequently, she exfiltrated sensitive data belonging to over 30 entities, counting Capital One, and deployed cryptocurrency mining software onto the bank's servers, and sent the earnings straight to her digital wallet. 

Additionally, the hacker left an online trail for authorities to follow as she boasted about her illegal activities to others via text and online forums, the Justice Department noted. The stolen data was also shared on a publicly accessible GitHub page. 

"She wanted data, she wanted money, and she wanted to brag," Assistant U.S. Attorney Andrew Friedman told the jury in the closing arguments, according to a press statement from the Justice Department. 

In August 2020, the banking giant was fined $80 million by the Office of the Comptroller of the Currency (OCC) for failing to implement proper risk management measures before shifting its IT operations to public cloud-based service. In December 2021, CapitalOne agreed to pay $190 million to settle a class-action lawsuit over the hack.

ICO Struck by 2650% Rise in Email Attacks in 2021

 

The UK's Information Commissioner's Office (ICO) reported a whopping 2650% spike in email attacks in 2021, as per official numbers acquired by the Parliament Street think tank following a Freedom of Information request, 

Email attacks on the UK's privacy and data protection regulator increased from 150,317 in January to 4,135,075 in December, according to the findings. For each month last year, the data refers to the volume of phishing emails discovered, malware detected and prevented, and spam detected and blocked by the ICO. 

The majority of the attacks were caused by spam emails, which increased by 2775 % from January to December. During this time, the number of phishing emails climbed by 20%, while malware increased by 423 percent. 

In December, the statistics revealed a significant increase in email attacks, with 4,125,992 spam messages, 7886 phishing emails, and 1197 malware cases. This increase is likely to be linked to the Omicron variant's rapid spread in the UK at the end of the year, with threat actors able to use issues like testing and immunizations as bait. This is in addition to the Christmas scams that proliferate in the build-up to the holidays. 

Edward Blake, area vice president EMEA of Absolute Software, commented: “Cyber-attacks are targeting organizations across the globe at an alarming rate, once again reminding businesses of the need to re-evaluate and revamp their security protection if it is not up to scratch. Cybersecurity is not just about protecting endpoints via anti-malware or email cybersecurity solutions. While these are important, there are now a variety of access points for cyber-criminals to capitalize on that IT leaders need to be aware of. These include vulnerable unpatched applications and network vulnerabilities, stolen or illegally purchased log-in credentials or even by hacking unprotected smart devices.” 

Barracuda Networks' manager, Steven Peake, expressed similar concerns, saying: “The pandemic continues to be a catalyst for opportunistic cyber-criminals to try and prey on unsuspecting, vulnerable people. Our recent research showed a 521% surge in COVID-19 test-related phishing attacks, so it is hardly surprising to see major organizations, such as the ICO, hit by such a high volume of threats as they represent lucrative targets. Phishing emails, malware, and spam, in particular, account for a large proportion of the threats these organizations face, so they need to implement measures to protect themselves. These cyber-attackers aren’t going anywhere anytime soon.” 

As part of its plans to reform the country's data sector, the UK government announced plans to revamp the ICO's structure last year.

UK Foreign Office Suffered ‘Serious Cyber Security Incident’

 

A "serious incident" compelled the Foreign Office of the United Kingdom to seek immediate cybersecurity assistance. A recently released public tender document confirmed the incident. According to a document released on February 4, the Foreign, Commonwealth and Development Office (FCDO) sought "urgent business support" from its cybersecurity contractor, BAE Applied Intelligence, 

The FCDO paid the company £467,325.60 — about $630,000 — for its services after issuing a contract for "business analyst and technical architect support to assess an authority cyber security incident" on January 12, 2022, according to the notice. However, the incident's facts, which had not previously been made public, remain unknown. 

The document stated, “The Authority was the target of a serious cyber security incident, details of which cannot be disclosed. In response to this incident, urgent support was required to support remediation and investigation. Due to the urgency and criticality of the work, the Authority was unable to comply with the time limits for the open or restricted procedures or competitive procedures with negotiation.” 

The Stack was the first to report on the BAE contract. According to an FCDO's spokesperson who did not give their name stated that the office does not comment on security but has measures in place to detect and protect against potential cyber events. Further queries about the incident, such as whether classified information was accessed, were declined by the spokesperson. 

TechCrunch also contacted the United Kingdom's data protection authority to see if the event had been reported, but is yet to hear back. The announcement of the apparent incident came only days after the British Council, an institution that specialises in international cultural and educational opportunities, was found to have suffered a severe security breach. Clario researchers discovered 144,000 unencrypted files on an unsecured Microsoft Azure storage server, including the personal and login information of British Council students. 

Following an investigation by the UK's National Cyber Security Center, Wilton Park, a Sussex-based executive agency of the FCDO, was hit by a cyberattack in December 2020, which revealed that hackers had access to the agency's systems for six years, though there was no proof that data had been stolen.

Over 40 Billion Records Exposed in 2021

 

According to Tenable's analysis of 1,825, breach data incidents publicized between November 2020 and October 2021, at least 40,417,167,937 records were exposed globally in 2021. This is risen from 730 publicly announced incidents with just over 22 billion data exposed over the same period in 2020. 

Organizations can efficiently prioritize security operations to stop attack paths and protect key systems and assets by studying threat actor behavior. Many of the events investigated for this research can be easily mitigated by fixing legacy flaws and fixing misconfigurations, which can help limit attack routes. 

In 2021, ransomware had a huge impact on businesses, accounting for about a 38% of all data breaches.  and unsecured cloud databases were responsible for 6% of all breaches. SSL VPNs that haven't been patched remain an ideal entry point for cyberespionage, exfiltrating sensitive and proprietary data, and encrypting networks. 

Threat groups, particularly ransomware, have been progressively exploiting Active Directory flaws and misconfigurations. When security controls and code audits are not in place, software libraries and network stacks that are frequently utilized among OT devices might create additional threats. 

Cyberespionage operations used the software supply chain to acquire sensitive data, whereas ransomware groups preferred physical supply chain disruption as a technique to extract payment. Data breaches wreaked havoc on the healthcare and education sectors the most. 

Claire Tills, Senior Research Engineer, Tenable stated, “Migration to cloud platforms, reliance on managed service providers, software and infrastructure as a service have all changed how organizations must think about and secure the perimeter.”  

“Modern security leaders and practitioners must think more holistically about the attack paths that exist within their networks and how they can efficiently disrupt them. By examining threat actor behaviour we can understand which attack paths are the most fruitful and leverage these insights to define an effective security strategy. ” 

Fixing assets is difficult enough given the sheer frequency of vulnerabilities revealed, but in 2021 it became much harder due to partial patches, vendor miscommunications, and patch bypasses. 

There were 21,957 common vulnerabilities and exposures (CVEs) reported in 2021, up 19.6% from 18,358 in 2020 and 241% more than the 6,447 declared in 2016. The number of CVEs increased at an average yearly percentage growth rate of 28.3 percent from 2016 to 2021.

VirusTotal Hacking: Hackers can Access Trove of Stolen Credentials on VirusTotal

 

By conducting searches on VirusTotal, an online service that analyses suspicious files and URLs, security researchers have discovered a technique to gather large volumes of stolen user credentials. 

The SafeBreach research team used this technique to acquire over a million credentials using a €600 (about $679) VirusTotal licence and a few tools. The purpose was to determine what information a criminal could obtain with a licence for VirusTotal, a Google-owned service that allows users to submit and verify suspected files and links using multiple antivirus engines for free. 

A VirusTotal licenced user can use a mixture of questions to search the service's dataset for file type, file name, submitted data, country, and file content, among other things. Many data thieves gather credentials from various forums, mail accounts, browsers, and other sites, write them to a specific hard-coded file name — for example, "all credentials.txt," and then exfiltrate the file from the victim's device to the attackers' command-and-control server. 

Researchers used VirusTotal tools and APIs like search, VirusTotal Graph, and Retrohunt to locate files containing stolen data using this strategy. 

Tomer Bar, director of security research at SafeBreach stated, "It is quite a straightforward technique, which doesn't require strong understanding in malware. All you need is to choose one of the most common info stealers and read about it online." 

To collect critical data, the researchers used well-known malware such as RedLine Stealer, Azorult, Raccoon Stealer, and Hawkeye, as well as well-known forums like DrDark and Snatch Cloud. They discovered that their strategy worked on a large scale.

RedLine Stealer is a type of malware that may be purchased individually or as part of a subscription on underground forums. It collects information such as saved credentials, autocomplete data, and credit card information across browsers. When malware is installed on a target machine, it creates a system inventory that contains usernames, location data, hardware settings, and security software details. RedLine Stealer can upload and download files as well as run commands.

To begin, the researchers utilized VirusTotal Query to look for binaries that had been classified as RedLine by at least one antivirus engine, which yielded 800 matches. They also looked for files with the name DomainDetects.txt, which is one of the file names used by the malware. Hundreds of files had been exfiltrated as a result of this. 

They then resorted to VirusTotal Graph, a visual exploration tool for licenced VirusTotal customers. The researchers discovered a file from their search results in a RAR file containing exfiltrated data from 500 individuals, including 22,715 passwords to a variety of websites. There were also larger files with more passwords in the other results. 

According to the researchers, several of the URLs were for government-related websites. While there are many different types of data thieves, the researchers chose five of the most popular ones because they had a higher chance of being found in the VirusTotal dataset. 

Researchers wrote in their blog post, "A criminal who uses this method can gather an almost unlimited number of credentials and other user-sensitive data with very little effort in a short period of time using an infection-free approach. We called it the perfect cybercrime, not just due to the fact that there is no risk and the effort is very low, but also due to the inability of victims to protect themselves from this type of activity." 

The researchers informed Google of their discoveries and asked VirusTotal for the files containing personal information. They also suggested screening for and erasing files containing sensitive user data regularly, as well as prohibiting API keys from uploading those files.

Flaw in IDEMIA Biometric Readers Enables Intruders to Unlock Doors

 

To unlock doors and turnstiles, a significant vulnerability affecting various IDEMIA biometric identity devices can be exploited. 

If the TLS protocol is not enabled, an attacker on the system can transmit particular commands without verification to unlock doors or turnstiles that are directly controlled by a vulnerable device. 

According to an advisory issued by IDEMIA, a France-based tech business that specialises in identity-related physical security services, the attacker may potentially use the bug to trigger a denial of service (DoS) condition by sending a reboot order to the susceptible device. 

The issue was discovered by researchers at Positive Technologies, a Russian cybersecurity firm that was sanctioned by the US last year for potential ties to Russian intelligence. It has a CVSS score of 9.1 and yet no CVE identification number has been issued for it until now. 

MorphoWave Compact MD/MDPI/MDPI-M, VisionPass MD/MDPI/MDPI-M, all variants of SIGMA Lite/Lite+/Wide, SIGMA Extreme, and MA VP MD are among the products affected. 

Critical infrastructure sites, financial institutions, healthcare organisations, and colleges are among the institutions that depend on vulnerable IDEMIA biometric identification devices. 

IDEMIA stated, “Activation, proper configuration of TLS protocol and installation of the TLS certificate on the device fixes the aforementioned vulnerability,” 

To entirely eliminate the danger of biometric identification circumvent, the business aims to make TLS the default in future firmware versions for vulnerable devices. 

Vladimir Nazarov, head of ICS Security at Positive Technologies, said, “The vulnerability has been identified in several lines of biometric readers for the IDEMIA ACS equipped with fingerprint scanners and combined devices that analyze fingerprints and vein patterns. An attacker can potentially exploit the flaw to enter a protected area or disable access control systems.”

City of Grass Valley, California, Suffers Data Breach

 

After discovering about the breach, Grass Valley stated that they took quick steps to safeguard their networks, alerted law enforcement, and launched an investigation with the help of a cybersecurity firm.

The information of employees, citizens, and others was duplicated and transmitted to another network, according to more details about a significant data breach at the City of Grass Valley, California. The city council previously admitted that "unauthorised access" to its networks occurred between April 13 and July 1, 2021, according to a statement. 

The scope of the attack has now been determined, with the malicious actor transferring files outside of the city's network, including the financial and personal information of "individuals associated with Grass Valley," according to the investigation. The following information was accessed: 
  • Grass Valley employees, former employees, spouses, dependents, and individual vendors, name and one or more of the following: Social Security number, driver’s license number, and limited medical or health insurance information. 
  • Individual vendors that were employed by the city, name, and Social Security number. 
  • Individuals whose information may have been provided to the Grass Valley Police Department, name and one or more of the following: Social Security number, driver’s license number, financial account information, payment card information, limited medical or health insurance information, passport number, and username and password credentials to an online account.
  • Individuals whose data was provided to the Grass Valley Community Development Department in loan application documents, name and one or more of the following: Social Security number, driver’s license number, financial account numbers, and payment card numbers. 
Grass Valley stated it started contacting those affected on January 7 and has notified the appropriate authorities, including law enforcement. For everyone affected by the hack, the city is also providing free credit monitoring services. 

It noted, “Grass Valley sincerely regrets that this incident occurred and apologizes for any inconvenience or concern. To help prevent something like this from happening again, Grass Valley continues to review its systems and is taking steps to enhance existing security protocols.”

PulseTV Discloses Potential Breach Affecting 200,000 People

 

PulseTV, a popular online store in the United States, has revealed a credit card data breach that has affected over 200,000 customers. 

VISA notified the company on March 8, 2021, that their website (www.pulsetv.com) was a common point of purchase for some fraudulent credit card transactions owing to a probable compromise, according to the notice letter issued by the Office of the Maine Attorney General. The corporation conducted some security tests on its website but found no evidence of a breach. 

VISA alerted the company again in July, but law enforcement only contacted it a few months later about more payment card hacks that seemed to have emanated from its website. The corporation engaged a legal counsel who hired cybersecurity experts to help them. The investigators learned on November 18, 2021, that the website had been identified as a common point of purchase for several fraudulent MasterCard credit card transactions. 

The data breach notification letter stated, “On November 18, 2021, our investigator learned that the website had been identified as a common point of purchase for a number of unauthorized credit card transactions for MasterCard. Based upon communications with the card brands, it is believed that only customers who purchased products on the website with a credit card between November 1, 2019, and August 31, 2021, may have been affected. The investigation was unable to verify that the website was the cause of the unauthorized transactions.” 

“However, in an abundance of caution, PulseTV is notifying customers, including you, who purchased products on our website during that time period so that they can take steps to protect and secure their credit card information.” 

Only clients who purchased products on the website using a credit card between November 1, 2019, and August 31, 2021, according to PulseTV, were affected. The information that may have been compromised includes: 
  • Full name 
  • Shipping address 
  • Email address 
  • Payment card number 
  • Payment card expiration date 
  • Payment card security code (CVV) 
Customers may be vulnerable to a variety of scams, including fraudulent card-not-present transactions. To avoid similar accidents in the future, the company will take the following steps: adding two-factor authentication to all internal devices, implementing end-point detection and response technologies to improve network visibility and threat prevention, and switching to a new payment system. 

The company is still working with payment card networks and law enforcement to investigate the security compromise, and it has notified state regulators and affected customers. 

The letter concluded, “We recommend that you remain vigilant for incidents of fraud and identity theft by regularly reviewing your account statements and monitoring free credit reports for any unauthorized activity. Information on additional ways to protect your information, including how to obtain a free credit report and a free security freeze, can be found at the end of this letter.”
  
“You should report any incidents of suspected identity theft to your local law enforcement and state Attorney General. If you believe your payment card information may have been compromised, we strongly encourage you to contact your payment card company and/or financial institution and request that the card be cancelled.”

Sky: Major Security Flaw on 6M Routers Left Customers Vulnerable to Hackers

 

A "serious" security vulnerability impacting over six million Sky routers exposed customers to hackers for more than 17 months, as per the analysts. 

According to internet security firm Pen Test Partners, users of Sky routers were vulnerable to hacks and online attacks for well over a year as a result of the security vulnerability. If they hadn't updated the router's default admin password, hackers could have accessed Sky router customers' passwords and personal information. The following Sky devices were impacted: 
  • Sky Hub 3 (ER110) 
  • Sky Hub 3.5 (ER115) 
  • Booster 3 (EE120) 
  • Sky Hub (SR101) 
  • Sky Hub 4 (SR203) 
  • Booster 4 (SE210) 
However, these last two devices came with a randomly generated admin password, making it more complex for a hacker to attack. Furthermore, around 1% of Sky's routers are not manufactured by the firm. Customers who have one of these can now request a replacement at no cost. 

The software flaw discovered by Pen Test Partners researcher Raf Fini stated that flaw would have allowed a hacker to modify a home router merely by directing the user to a malicious website through a phishing email. 

Pen Test Partner's Ken Munro told BBC News that they could then "take over someone's online life," obtaining passwords for banking and other services. Although there was no proof that the vulnerability had been exploited, he added that the time it took to patch it was perplexing. 

"While the coronavirus pandemic put many internet service providers under pressure, as people moved to working from home, taking well over a year to fix an easily exploited security flaw simply isn't acceptable," he said. 

The Sky was warned about the problem in May 2020, according to Pen Test Partners. Sky acknowledged the issue, but it wasn't until October 2021 that Sky announced 99 percent of all impacted routers had been updated. In response to the security issues, Sky informed ITV News that they began working on a solution as soon as they got notified of the situation. 

A Sky spokesperson stated, "We can confirm that a fix has been delivered to all Sky-manufactured products.”

Global Telecom Firm Syniverse Secretly Reveals 5-Year Data Breach

 

Telecom giant Syniverse secretly revealed to the Securities and Exchange Commission last week that attackers have been inside its systems over the past five years, impacting hundreds of business clients and potentially millions of users globally. 

Syniverse handles nearly 740 billion text messages every year, and some of its customers include major firms such as Airtel, China Mobile, AT&T, Verizon, Vodafone, and T-Mobile. 

The world’s largest companies and nearly all mobile carriers rely on Syniverse’s global network to seamlessly bridge mobile ecosystems and securely transmit data, enabling billions of transactions, conversations, and connections [daily],” Syniverse wrote in a recent press release. 

Syniverse disclosed in a filing on September 27 with the U.S. Security and Exchange Commission that hackers had access to its data for years. The private records of more than 200 customers were compromised due to a security flaw that impacted its database. 

Following the discovery, the telecom giant started an internal investigation in order to determine the scope of the attack. The investigation revealed that that unauthorized access to the company’s system has been ongoing since May 2016; the breach went undetected until May 2021. 

“The results of the investigation revealed that the unauthorized access began in May 2016. Syniverse’s investigation revealed that the individual or organization gained unauthorized access to databases within its network on several occasions, and that login information allowing access to or from its Electronic Data Transfer (“EDT”) environment was compromised for approximately 235 of its customers,” the company stated in its SEC filing.

According to a source who works at Syniverse, the attackers could have gained access to call records and message data, such as call length and cost, caller and receiver’s numbers, the location of the calling parties, the content of SMS text messages, and more. 

“Syniverse is a common exchange hub for carriers around the world passing billing info back and forth to each other. So, it inevitably carries sensitive info like call records, data usage records, text messages, etc. […] The thing is—I don’t know exactly what was being exchanged in that environment. One would have to imagine though it easily could be customer records and [personal identifying information] given that Syniverse exchanges call records and other billing details between carriers,” an industry insider told Motherboard.

Lancaster University students' data stolen in cyberattack





A "sophisticated and malicious phishing attack" has resulted in the  leak of personal data of 12,500 students and applicants at the Lancaster University.

The University admitted that records and ID documents of some undergraduate applicant  for the years 2019 and 2020 had been accessed, and  fraudulent invoices were sent to them. 

In a statement released, the university said that they got to know about the breach on Friday, and they have  set up an incident team who is working to secure its systems.

“Lancaster University has been subject to a sophisticated and malicious phishing attack which has resulted in breaches of student and applicant data,” it said.

“The matter has been reported to law enforcement agencies and we are now working closely with them.”

Data leaked includes name of the student, their addresses, telephone numbers and email addresses. 

A university spokesman said: “Since Friday we have focused on safeguarding our IT systems and identifying and advising students and applicants who have been affected. This work of our incident team is ongoing, as is the investigation by law enforcement agencies.”


Australian Universities' Servers hacked, data back from 19 Years stolen






The Australian National University (ANU) confirmed on Tuesday hackers breached their cyber defense system in order to access sensitive data, including students bank and passport details going back 19 years. 

The university said they discovered the breach two weeks ago only, and it was carried out by some ‘’sophisticated operator.”

Last year in July, they thwarted an attempt to hack their network system. According to media reports at that time, the bid originated in China. 

“National community agencies are recruiting directly out of ANU,” said Fergus Hanson, head of the International Cyber Policy Centre at think-tank the Australian Strategic Policy Institute. “To have information around particular people who are working in different departments... that would be very useful.” 

Australia’s cyber intelligence agency said they are still investigating who was behind the attack.

“It does appear to be the work of a sophisticated actor,” a representative of the Australian Signals Directorate said in an emailed statement. “It is too early to speculate about connections to other compromises.”

However, China has always denied its involvement in any kind of hacking attacks and its embassy in Australia did not respond to a request from Reuters for comment.