Search This Blog

Showing posts with label Hacking Event. Show all posts

Civicom Data Breach Disclosed 8TB of Files


Civicom, a New York City-based company that provides audio, online videoconferencing, and market analysis services, has been discovered to be giving its customers access to a goldmine of personal and sensitive data. 

Civicom excels in virtual meetings over the internet, and the files contain audio and video recordings of private customer sessions. Unfortunately, the S3 bucket was left open to the public with no password or security verification, allowing everyone with knowledge on how to discover damaged databases to access the data.

"The greatest audio and web conferencing services on the world, webinar services, global marketing research services, top transcription/CRM entry provider, general transcription service and more online jury trials." according to the company's Homepage. 

It was caused by a misconfigured AWS S3 bucket, rather than attackers intentionally hacking into the system, as is usual of this type of data breach. There were four different datasets exposed as listed below:

  • Conferences on video.
  • Highlights that have been clipped. 
  • Recordings on audio.
  • Transcripts of Audio. 

Countless hours of video and audio recordings, as well as hundreds of written transcripts, reveal Civicom's clients' private chats. Several businesses are likely to have discussed the following topics during these discussions: 
  • Sensitive business information (perhaps includes market research calls). 
  • Confidential information. 
  • Properties of the mind. 
It is worth noting that a number of client companies have employees whose personal information is visible on the bucket. Employees of Civicom clients' PII which have been exposed include complete names and photos of the faces and bodies of staff. At the time of the event, the bucket was active and being updated, and it had been active since February 2018. The management of Civicom's bucket is not Amazon's responsibility, therefore this data leak is not Amazon's fault. 

Civicom exposed 8 gigabytes of records containing more than 100,000 files, according to the Website Planet Security Team, which discovered the database. This was due to one of Civicom's unencrypted Amazon S3 buckets. The AWS S3 bucket has been active since 2018, according to the Website Planet Security Team. 

On October 28th, 2021, the researchers discovered the vulnerability and notified Civicom of the situation on October 30th, 2021.  After three months, Civicom replied to Website Planet and retrieved the bucket on January 26th, 2022. Nonetheless, the good news is, the bucket is not accessible to the general public.

Ukraine Hosts Massive Scale Simulation of Cyber-attack Against Energy Grid


Cybersecurity experts from throughout Ukraine took part in a large-scale cyber-attack simulation that echoed the destructive real-world strike on Ukraine's power infrastructure in 2015. 

With 250 participants, 49 teams battled – either digitally or in person at a Kiev venue – to earn points by resolving an attack against an imaginary energy provider after it had multiple unexpected system failures. Security experts from Ukraine's governmental and private sectors, as well as higher education institutions, worked for five and a half hours to determine the nature of a hostile network penetration before dismissing the intruder and recovering systems to normal operation. 

The winning team was Berezha Security Group from Kiev, and cybersecurity engineer Dmitry Korzhevin was the best-performing individual participant. The competition, which took place on December 2, was the latest Grid NetWars event hosted by SANS Institute, a US information security training organisation, with previous tournaments held in Singapore, India, Japan, and Australia. 

The event was also coordinated by Ukraine's National Security and Defense Council, State Service of Special Communication and Information Protection, and the Cybersecurity Critical Infrastructure project for the US Agency for International Development (USAID). 

Ihor Malchenyuk, head of cybersecurity regulatory assistance and institutional development at the USAID Cybersecurity for Critical Infrastructure in Ukraine project stated, “Every day 560,000 new malicious programs are detected in the world, therefore it is necessary to constantly improve qualifications and ‘pump’ the skills of cybersecurity specialists.” 

“Such competitions as Grid NetWars provide an opportunity to practice not only the knowledge and skills of each specialist separately but also train joint interaction. After all, the training conditions are as close to reality as possible.” 

Tim Conway, technical director of the industrial control systems (ICS) and supervisory control and data acquisition (SCADA) programs at SANS, assisted event participants with the help of two other US-based infosec experts. 

“Grid NetWars is a product that has existed for a number of years and has been used in country-level exercises since its creation,” Conway told The Daily Swig. 

“It has also been leveraged by practitioners around the world who attend critical infrastructure or industrial control system-specific events like the SANS ICS Summit where Grid NetWars competitions are conducted in the evenings after courses.” 

The latest, Ukraine-based event had successfully enabled “participants to face real-world challenges, develop skillsets, gain exposure to technical tools, and most importantly ‘practice the way they play through collaboration, and provided the opportunity to work together in teams just like they would in a real-world incident response”, he added. 

Conway assisted in the investigation of the 2015 attack on three Ukrainian power distribution centres, which knocked out power for up to six hours and left 225,000 people without power. A year later, the country's electrical grid was hit again, and Ukraine's then-president, Petro Poroshenko, said that thousands of recent cyberattacks on state institutions were proof that Russian secret agencies were waging a cyberwar against the country.