Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label PII. Show all posts
Social Security Numbers
141 Million File Leak CyberCrime Cybersecurity CyberThreat Data Breach Financial Breach intellectual property ITRC PII Social Security Numbers

Cybercriminals Exploit Unprecedented Data Exposure in 141 Million File Leak



Digital transformation has transformed cybersecurity from a technical safeguard to a strategic imperative for business continuity, consumer trust, and national security, particularlyin an era wofrapid digital transformation  With the rise of digital infrastructure and the advent of data as the new currency, cyber threats have increased in scale, frequency, and sophistication, placing significant pressure on public and private sectors to reassess their cybersecurity strategies. 

The Identity Theft Resource Center (ITRC) reported that the United States had experienced the most data breaches in its history in 2021, or 1,862 breaches compared to 2020. These breaches disrupted a wide range of industries, including healthcare, finance, retail, and energy. It is anticipated that in 2023 and beyond, artificial intelligence, nation-state actors, and global cybercrime syndicates will be the driving force behind even more advanced attack vectors. In order to prevent these threats, cybersecurity frameworks need to be proactive, resilient, and adaptive. 

A growing dependence on digital ecosystems has resulted in cybersecurity becoming an essential business enabler, impacting risk management, compliance, innovation, and investor confidence across a broad range of industries. There is no denying that the security landscape has reached an important inflexion point amid the growing complexity of digital technology. Earlier this year, 141 million compromised files were linked to 1,297 distinct ransomware and data breach incidents, which underscored the sobering inflexion point in the cybersecurity landscape. 

There is a staggering amount of sensitive, unstructured data being stolen in modern cyberattacks, causing the attention to shift from conventional credential theft to a wider range of sensitive, unstructured data as a result of this groundbreaking study. As opposed to previous breach assessments, which focused on structured databases and login information, this study examines the unstructured files in corporate systems, often the most valuable and vulnerable assets. 

It is believed that these files contain financial records, personally identifiable information (PII), internal communications, and cryptographic security keys, which give cybercriminals an insight into how organisations operate. These findings demonstrate not only the extent to which data is exposed in a variety of sectors, but also the inadequacy of traditional security postures when it comes to securing today’s data-rich environment as it pertains to data security. 

Cyberattacks are becoming more surgical and data-centric as they become increasingly sophisticated. To keep their businesses safe, enterprises must implement advanced threat intelligence, encryption, and zero-trust architectures into their cybersecurity strategies at the core. According to our investigation, there is a very alarming degree of personal data exposure in the current breach landscape, with four out of five incidents having compromised personal data, including information about individual customers and business entities. 

Especially troubling is the discovery that 67% of the data analysed originated from routine customer service interactions. This underscores the fact that everyday communications have been exposed as being extremely vulnerable. A major weakness was identified as email correspondence, with over half of the breaches (51%) involving emails containing Social Security numbers (highly sensitive identifiers that, once exposed, created enduring risks because of their immutability and centrality to a wide range of financial and governmental systems created enduring risks. 

 As a matter of concern, cryptographic keys were detected in 18% of analysed breaches. When these keys, which underpin security protocols such as encryption and authentication, are compromised, they can provide an unprecedented amount of risk for the organisation. This can result in the degradation of digital trust and the enabling of unauthorised access to protected systems as a result. Since cryptographic keys are more difficult to replace than passwords and often require systemic overhauls to be properly maintained, their exposure is a critical security risk. 

Increasingly, attackers are shifting from encrypting files to stealing and exchanging sensitive data in order to compound these risks as ransomware tactics evolve. Among the major threat groups, data exfiltration has increased by 92% year-over-year, and the number of ransomware attacks blocked has increased by 146%, thus signalling a shift towards monetising breached information as opposed to traditional ransom demands. 

Cybercriminals are embarking on a profound shift in their playbook of cybercriminals, which leaves organisations under pressure to cope with both operational disruptions as well as the reputational consequences. There was 17% of exposed data consisting of source code and other intellectual property. This posed a serious risk to innovation-driven businesses. When proprietary code is leaked, not only does it undermine competitive advantage, but it also gives adversaries a deep understanding of the vulnerabilities within an application, compromising years of strategic development for an adversary. 

Cybercriminals are targeting a trove of unstructured, public, and sensitive data in the modern day, which represents an increasingly sophisticated trove of data, far more sensitive than the traditional theft of usernames and passwords. According to a comprehensive analysis of 141 million compromised files resulting from nearly 1,300 ransomware and breach incidents, cyberattackers are increasingly targeting confidential business documents, financial records, internal communications, and source code—assets that can offer exponentially more value than just login credentials alone—as assets that are extremely valuable. In the majority of these cases, financial documents were found in 93% of the incidents, with 41% of the exposed material consisting of these files. 

In almost half of these breaches, bank statements were found in the datasets, and International Bank Account Numbers (IBANs) were present in 36% of the datasets, which clearly indicated that the information stolen was both accurate and useful. Unstructured data, such as contracts, meeting notes, configuration files, and emails, is often not encrypted or protected in a way that makes them prime targets for hackers, as opposed to structured databases. 

Approximately 82% of breaches involved personally identifiable information (PII), most of which was embedded in customer service communication, which often contained detailed information about verifications and complaint histories. There were a number of breaches analysed that also exposed emails with Social Security Numbers, and 18% of those contained cryptographic keys that could undermine authentication systems and enable persistence of access to the data. 

In addition to the threat, there are now cybercrime as-a-service platforms that allow the users to rent information-stealing malware for a very low price and then use it to harvest vast amounts of data from unprotected systems, compounding the threat. The dark web market is rumoured to be flooded with billions of login credentials, yet analysts believe the most valuable commodities in this century are source code, legal contracts, business plans, and sensitive client records, all of which are often hidden in cloud repositories or inadequately secured file-sharing drives. 

A cybercriminal can adapt to the new climate by adapting their methods accordingly, operating more like a data scientist, sorting, categorising, and exploiting leaked information in a calculated manner so that they can infiltrate, steal information, commit fraud, and sabotage operations for the long run. In light of these findings, organisations must adopt holistic data protection strategies that go beyond the traditional perimeter-based security models in order to protect their data from threats. 

The threat of cyberattacks is increasing, and businesses must prioritise the implementation of advanced data classification systems that can accurately identify and categorise high-value information to protect themselves from cybersecurity threats. Whenever sensitive documents are being transferred, it is extremely important to apply rigorous encryption to ensure they are protected from unauthorised access, both at rest and during transit. 

Continuous monitoring solutions are equally important in shared environments where visibility is often limited, and it is imperative that continuous monitoring solutions detect anomalous data access patterns. As part of a security assessment, it is essential to perform a detailed inventory of all data repositories, focusing in particular on unstructured files that often fail to attract traditional security oversight, but contain critical business information. 

The use of cryptographic keys and other foundational security assets requires strict access controls and dedicated monitoring to prevent unauthorised use or exposure. Human error is still the greatest vulnerability; therefore, it is necessary to enhance employee awareness programs in order to highlight the risks associated with embedding sensitive information in routine communications, such as emails, meeting notes, and unsecured attachments, so that this vulnerability does not occur. 

Organizations can mitigate the increasing risks associated with today's data-centric threat landscape by cultivating a culture of security-conscious behavior and strengthening the governance of data lifecycle management as well as fostering a culture of security-conscious behavior. In light of the rapid growth and complexity of the digital threat environment, the cybersecurity community has reached an inflexion point that is requiring a more forward-looking approach to cybersecurity rather than reactive band-aid solutions. 

A fundamental shift in mindset is needed at this transformative moment. Cybersecurity is no longer viewed as just another compliance checkbox; it is an integral component of digital infrastructure and enterprise risk management. In order for cybersecurity to be a tool of growth instead of a constraint, board members, CISOs, and IT leaders must collaborate across functional lines to align security priorities with company goals, ensuring that cybersecurity is a tool to enable growth, not a hindrance. Investing in cyber resilience cannot be limited to technology alone, but should also include vendor risk management, incident response readiness, and strategic threat models as well.

In today's world, new technologies exist that provide new avenues for the detection and neutralisation of threats before they become an epidemic, including AI-powered behavioural analytics, deception-based defences, and cloud-native security platforms. As regulatory frameworks tighten around the world, companies have to demonstrate transparency, accountability, and proactive data governance in order to meet the demands of these regulators. 

It is clear that organisations operating in today’s volatile cyberscape need to embrace the lessons learned from the past: protecting their digital environment is no longer just about building taller walls, but also cultivating intelligence, adaptability, and resilience at every level. When organisations fail to evolve, they risk more than just operational disruptions; they also risk compromising their reputations, stakeholder trust, and long-term viability in this age of data becoming a permanent weapon in the hands of adversaries, once breached. In this climate of cybercrime, cybersecurity is no longer just a defensive function but a core business necessity to be able to survive and grow.

Read more »
ticketing
Cybersecurity Data Breach Digital Security Encryption event tickets Fraud Hacking Identity Theft PII Privacy ticketing

Massive Data Leak Exposes 520,000+ Ticket Records from Resale Platform 'Ticket to Cash'

 

A critical security lapse at online ticket resale platform Ticket to Cash has led to a major data breach, exposing over 520,000 records, according to a report by vpnMentor. The leak was first uncovered by cybersecurity researcher Jeremiah Fowler, who found the unsecured and unencrypted database without any password protection.

The database, weighing in at a massive 200 GB, contained a mix of PDFs, images, and JSON files. Among the leaked files were thousands of concert and live event tickets, proof of transfers, and receipt screenshots. Alarmingly, many documents included personally identifiable information (PII) such as full names, email addresses, physical addresses, and partial credit card details.

Using the internal structure and naming conventions within the files, Fowler traced the data back to Ticket to Cash, a company that facilitates ticket resale through over 1,000 partner websites. “Despite contacting TicketToCash.com through a responsible disclosure notice,” Fowler reported, “I initially received no response, and the database remained publicly accessible.” It wasn’t until four days later, following a second notice, that the data was finally secured. By then, an additional 2,000+ files had been exposed.

The responsible party behind maintaining the database—whether Ticket to Cash or a third-party contractor—remains uncertain. It’s also unknown how long the database was left open or whether it had been accessed by malicious actors. “Only a thorough internal forensic investigation could provide further clarity,” Fowler emphasized.

Ticket to Cash enables users to list tickets without upfront fees, taking a cut only when sales occur. However, the company has faced criticism over customer service, particularly regarding payment delays via PayPal and difficulty reaching support. Fowler also noted the lack of prompt communication during the disclosure process.

This breach raises serious concerns over data privacy and cybersecurity practices in the digital ticketing world. Leaked PII and partial financial information are prime targets for identity theft and fraud, posing risks well beyond the original ticketed events. As online ticketing becomes more widespread, this incident serves as a stark reminder of the need for strong security protocols and rapid response mechanisms to safeguard user data.
Read more »
Starlink
Automakers Cyber Attacks data security internet-connected cars PII Security flaw Smart Cars Starlink

Subaru Starlink Security Flaw Exposes Risks of Connected Cars

 

As vehicles become increasingly connected to the internet, cybersecurity threats pose growing risks to drivers. A recent security flaw in Subaru’s Starlink system highlights the potential dangers, allowing hackers to remotely control vehicles and access sensitive data. This incident is part of a broader trend affecting the automotive industry, where weaknesses in connected car systems expose users to financial loss, privacy breaches, and safety concerns. 

Researchers found that with just a license plate number and basic owner details, attackers could exploit Subaru’s Starlink system to start or stop the car, lock or unlock doors, and track real-time locations. More alarmingly, hackers could extract personally identifiable information (PII), including billing details, emergency contacts, and historical location data accurate within five meters. The vulnerability stemmed from weak security in the Starlink admin portal, including an insecure password reset API and insufficient protection against two-factor authentication (2FA) bypass. 

Subaru quickly patched the issue within 24 hours of its discovery, but the incident underscores the risks associated with connected vehicles. This is not an isolated case. Other automakers have faced similar security lapses, such as a flaw in Kia’s dealer portal that allowed hackers to track and steal vehicles. Common security issues in connected car systems include weak authentication, improper encryption, centralized storage of sensitive data, and vulnerabilities in third-party integrations. Delayed responses from automakers further exacerbate these risks, leaving vehicles exposed for extended periods. 

Beyond direct system hacks, connected cars face a range of cybersecurity threats. Attackers could remotely hijack vehicle controls, steal onboard financial and personal data, or even deploy ransomware to disable vehicles. GPS spoofing could mislead drivers or facilitate vehicle theft, while compromised infotainment systems may leak personal details or spread malware. While automakers must strengthen security measures, consumers can take steps to protect themselves. Regularly updating vehicle firmware and connected apps can help prevent exploits. 

Using multi-factor authentication (MFA) for connected car accounts and avoiding weak passwords add an extra layer of security. Limiting the amount of personal data linked to vehicle systems reduces exposure. Disabling unnecessary connectivity features, such as remote start or location tracking, also minimizes risk. Additional precautions include avoiding public Wi-Fi for accessing connected car systems, using a virtual private network (VPN) when necessary, and carefully vetting third-party apps before granting permissions. Traditional security tools like steering wheel locks and GPS trackers remain valuable backup measures against cyber threats. 

As connected cars become more common, cybersecurity will play a crucial role in vehicle safety. Automakers must prioritize security by implementing robust encryption, strong authentication, and rapid vulnerability response. At the same time, consumers should stay informed and take proactive steps to safeguard their vehicles and personal data from evolving digital threats.
Read more »
SQL
2FA CVE CVE vulnerability CVEs Cyber Security E-Commerce Websites Patchstack PII Plugin Plugin Flaws SQL

Critical Vulnerability in TI WooCommerce Wishlist Plugin Exposes 100K+ Sites to SQL Attacks

 

A critical vulnerability in the widely-used TI WooCommerce Wishlist plugin has been discovered, affecting over 100,000 WordPress sites. The flaw, labeled CVE-2024-43917, allows unauthenticated users to execute arbitrary SQL queries, potentially taking over the entire website. With a severity score of 9.3, the vulnerability stems from a SQL injection flaw in the plugin’s code, which lets attackers manipulate the website’s database. This could result in data breaches, defacement, or a full takeover of the site. As of now, the plugin remains unpatched in its latest version, 2.8.2, leaving site administrators vulnerable. 

Cybersecurity experts, including Ananda Dhakal from Patchstack, have highlighted the urgency of addressing this flaw. Dhakal has released technical details of the vulnerability to warn administrators of the potential risk and has recommended immediate actions for website owners. To mitigate the risk of an attack, website owners using the TI WooCommerce Wishlist plugin are urged to deactivate and delete the plugin as soon as possible. Until the plugin is patched, leaving it active can expose websites to unauthorized access and malicious data manipulation. If a website is compromised through this flaw, attackers could gain access to sensitive information, including customer details, order histories, and payment data. 

This could lead to unauthorized financial transactions, stolen identities, and significant reputational damage to the business. Preventing such attacks requires several steps beyond removing the vulnerable plugin. Website administrators should maintain an updated security system, including regular patching of plugins, themes, and the WordPress core itself. Using a Web Application Firewall (WAF) can help detect and block SQL injection attempts before they reach the website. It’s also advisable to back up databases regularly and ensure that backups are stored in secure, off-site locations. Other methods of safeguarding include limiting access to sensitive data and implementing proper data encryption, particularly for personally identifiable information (PII). 

Website administrators should also audit user roles and permissions to ensure that unauthorized users do not have access to critical parts of the site. Implementing two-factor authentication (2FA) for site logins can add an extra layer of protection against unauthorized access. The repercussions of failing to address this vulnerability could be severe. Aside from the immediate risk of site takeovers or data breaches, businesses could face financial loss, including costly recovery processes and potential fines for not adequately protecting user data. Furthermore, compromised sites could suffer from prolonged downtime, leading to lost revenue and a decrease in user trust. Rebuilding a website and restoring customer confidence after a breach can be both time-consuming and costly, impacting long-term growth and sustainability.  

In conclusion, to safeguard against the CVE-2024-43917 vulnerability, it is critical for website owners to deactivate the TI WooCommerce Wishlist plugin until a patch is released. Administrators should remain vigilant by implementing strong security practices and regularly auditing their sites for vulnerabilities. The consequences of neglecting these steps could lead to serious financial and reputational damage, as well as the potential for legal consequences in cases of compromised customer data. Proactive protection is essential to maintaining business continuity in the face of ever-evolving cybersecurity threats.
Read more »
Stolen Data
Dark Web Data Breach data stealing Information Leak Phishing Attack PII Stolen Data

Massive Data Breach Exposes Personal Information of 2.9 Billion People Worldwide

 

No matter how cautious you are online, your personal data can still be vulnerable, as demonstrated by a recent data breach that exposed the information of 2.9 billion people. This alarming incident was brought to light as part of a class action lawsuit filed earlier this month. The lawsuit, submitted to the U.S. District Court for the Southern District of Florida, claims that the personal data, including full names, addresses, and Social Security Numbers, was compromised by a public records data provider named National Public Data, a company specializing in background checks and fraud prevention.  

The stolen data, which includes detailed personal information dating back 30 years, was taken by a cybercriminal group known as USDoD. According to the complaint, these hackers attempted to sell the vast collection of data on the dark web for $3.5 million. Given the enormous number of people affected, it is likely that the data includes individuals not only from the U.S. but from other countries as well. National Public Data allegedly obtained this massive amount of personal information through a process known as scraping, a technique used to collect data from websites and other online sources. The troubling aspect of this case is that the company reportedly scraped personally identifiable information (PII) from non-public sources, meaning many of the individuals affected did not voluntarily provide their data to the company. 

One of the plaintiffs, a California resident, became aware of the breach after receiving a notification from an identity theft protection service that his information had been leaked on the dark web. As part of the lawsuit, this plaintiff is seeking a court order for National Public Data to securely dispose of all the personal information it acquired through scraping. Additionally, the plaintiff is asking for financial compensation for himself and other victims, along with the implementation of stricter security measures by the company. In the wake of such a breach, the exposed data could be used by hackers to commit various forms of identity theft and fraud. While National Public Data has yet to issue a formal statement, it is likely that the company will be required to notify affected individuals of the breach. These notifications are expected to arrive by mail, so it is important to monitor your mailbox closely. 

Typically, companies responsible for data breaches offer affected individuals free identity theft protection or credit monitoring for a period of time. Until such services are offered, it is crucial to be vigilant in checking your emails and messages, as hackers may use the stolen data to conduct phishing attacks. Additionally, carefully monitoring your bank and financial accounts for any signs of unauthorized activity is recommended. 

This breach, which is nearly as significant as the 2013 Yahoo! breach that exposed the data of 3 billion people, is likely to have far-reaching consequences. Tom’s Guide has reached out to National Public Data for further information and will provide updates as the situation develops.
Read more »
Ransomware attack
Ascension Ascension Health cyberattack Ascensions Health System Data Breach Data Recovery PHI PII Ransomware attack

Ascension Ransomware Attack: Worker Error Leads to Data Breach and Recovery Efforts

 

Ascension, one of the largest health systems in the country, recently revealed that a ransomware attack on its systems was due to a worker accidentally downloading a malicious file. The health system emphasized that this was likely an honest mistake. Importantly, Ascension noted there is no evidence that data was taken from their Electronic Health Records (EHR) or other clinical systems, where full patient records are securely stored. 

However, the attackers managed to access files containing Protected Health Information (PHI) and Personally Identifiable Information (PII) for certain individuals. With the help of third-party cybersecurity experts, Ascension has gathered evidence indicating that the attackers extracted files from a small number of file servers used primarily for daily tasks by its associates. These servers represent seven out of approximately 25,000 servers across Ascension’s network. 

Currently, Ascension is uncertain about the specific data affected and the identities of the impacted patients. To determine this, a comprehensive review and analysis of the compromised files is underway. Ascension has started this process, but it is a substantial task that will require significant time to complete. As a precaution, Ascension is offering complimentary credit monitoring and identity theft protection services to any patient or associate who requests it. Those interested can call the dedicated call center at 1-888-498-8066. 

The cyberattack, reported on May 8, caused significant disruptions, including shutting down access to electronic health records across Ascension’s 140 hospitals and leading to delays in patient care. On a positive note, Ascension announced on Friday that EHR access has been restored across its hospitals. This restoration means that clinical workflows in their hospitals and clinics are functioning similarly to pre-attack conditions, improving efficiencies in appointment scheduling, wait times, and prescription fulfillment. However, medical records and other information collected between May 8 and the date of local EHR restoration may be temporarily inaccessible.  

Despite this progress, the investigation into the incident is ongoing, along with efforts to remediate additional systems. The cyberattack on Ascension is part of a larger trend of ransomware attacks targeting healthcare systems. In a related incident, Change Healthcare, affiliated with UnitedHealthcare, faced a ransomware attack on February 21. UnitedHealth Group CEO Andrew Witty disclosed to a House subcommittee that he paid $22 million in bitcoin to protect patient information during this attack. 

Ascension has not made any statements about ransom payments but confirmed last month that the attack was ransomware-related, with class action lawsuits citing a Black Basta ransomware attack. As Ascension continues its recovery and investigation, it underscores the need for heightened cybersecurity measures and vigilance to protect sensitive health information from cyber threats.
Read more »
Plugins
ChatGPT Data Breach Online Security PII Plugins

Security Flaws Discovered in ChatGPT Plugins

 


Recent research has surfaced serious security vulnerabilities within ChatGPT plugins, raising concerns about potential data breaches and account takeovers. These flaws could allow attackers to gain control of organisational accounts on third-party platforms and access sensitive user data, including Personal Identifiable Information (PII).

According to Darren Guccione, CEO and co-founder of Keeper Security, the vulnerabilities found in ChatGPT plugins pose a significant risk to organisations as employees often input sensitive data, including intellectual property and financial information, into AI tools. Unauthorised access to such data could have severe consequences for businesses.

In November 2023, ChatGPT introduced a new feature called GPTs, which function similarly to plugins and present similar security risks, further complicating the situation.

In a recent advisory, the Salt Security research team identified three main types of vulnerabilities within ChatGPT plugins. Firstly, vulnerabilities were found in the plugin installation process, potentially allowing attackers to install malicious plugins and intercept user messages containing proprietary information.

Secondly, flaws were discovered within PluginLab, a framework for developing ChatGPT plugins, which could lead to account takeovers on third-party platforms like GitHub.

Lastly, OAuth redirection manipulation vulnerabilities were identified in several plugins, enabling attackers to steal user credentials and execute account takeovers.

Yaniv Balmas, vice president of research at Salt Security, emphasised the growing popularity of generative AI tools like ChatGPT and the corresponding increase in efforts by attackers to exploit these tools to gain access to sensitive data.

Following coordinated disclosure practices, Salt Labs worked with OpenAI and third-party vendors to promptly address these issues and reduce the risk of exploitation.

Sarah Jones, a cyber threat intelligence research analyst at Critical Start, outlined several measures that organisations can take to strengthen their defences against these vulnerabilities. These include:


1. Implementing permission-based installation: 

This involves ensuring that only authorised users can install plugins, reducing the risk of malicious actors installing harmful plugins.

2. Introducing two-factor authentication: 

By requiring users to provide two forms of identification, such as a password and a unique code sent to their phone, organisations can add an extra layer of security to their accounts.

3. Educating users on exercising caution with code and links: 

It's essential to train employees to be cautious when interacting with code and links, as these can often be used as vectors for cyber attacks.

4. Monitoring plugin activity constantly: 

By regularly monitoring plugin activity, organisations can detect any unusual behaviour or unauthorised access attempts promptly.

5. Subscribing to security advisories for updates:

Staying informed about security advisories and updates from ChatGPT and third-party vendors allows organisations to address vulnerabilities and apply patches promptly.

As organisations increasingly rely on AI technologies, it becomes crucial to address and mitigate the associated security risks effectively.


Read more »
WordPress
IDOR Payment Gateway Firm PII Plugin Flaws Vulnerabilities and Exploits WooCommerce Strip Payment WooCommerce WordPress Plugins WordPress

WordPress: Strip Payment Plugin Flaw Exposes Customers' Order Details


A critical vulnerability has recently been discovered in the WooCommerce Gateway plugin for WordPress. Apparently, it has compromised sensitive customer information related to their orders to unauthorized data. On WordPress e-commerce sites, the plugin supported payment processing for over 900,000 active installations. It was susceptible to the CVE-2023-34000 unauthenticated insecure direct object reference (IDOR) bug.

WooCommerce Stripe Payment

WooCommerce Strip Payment is a payment gateway for WordPress e-commerce sites, with 900,000 active installs. Through Stripe's payment processing API, it enables websites to accept payment methods like Visa, MasterCard, American Express, Apple Pay, and Google Pay.

About the Vulnerability

Origin of the Flaw

The vulnerability originated from unsafe handling of order objects and an improper access control measures in the plugin’s ‘javascript_params’ and ‘payment_fields’ functions.

Due to these coding errors, it is possible to display order data for any WooCommerce store without first confirming the request's permissions or the order's ownership (user matching).

Consequences of the Flaw

The payment gateway vulnerability could eventually enable unauthorized users access to the checkout page data that includes PII (personally identifiable information), email addresses, shipping addresses and the user’s full name.

Since the data listed above is listed as ‘critical,’ it could further lead to additional cyberattacks wherein the threat actor could attempt account hijacks and credential theft through phishing emails that specifically target the victim.

How to Patch the Vulnerability?

Users of the WooCommerce Strip Gateway plugin should update to version 7.4.1 in order to reduce the risks associated with this vulnerability. On April 17, 2023, specialists immediately notified the plugin vendor of the vulnerability, CVE-2023-34000. On May 30, 2023, a patch that addressed the problem and improved security was made available.

Despite the patch's accessibility, the concerning WordPress.org data point to risk. The truth is that unsafe plugin versions are still being used by more than half of the active installations. The attack surface is greatly increased in this situation, which attracts cybercriminals looking to take advantage of the security flaw.

Adding to this, the gateway needs safety measures to be taken swiftly like updating version 7.4.1 and ensuring that all plugins are constantly updated, and keeping an eye out for any indications of malicious activities. Website supervisors can preserve sensitive user data and defend their online companies from potential cyber threats by giving security measures a first priority.

Read more »
Unauthorized access
Artificial Intelligence Chat GPT Cyber Privacy GDPR HIPAA OpenAI PII Privacy Unauthorized access

Safeguarding Your Work: What Not to Share with ChatGPT

 

ChatGPT, a popular AI language model developed by OpenAI, has gained widespread usage in various industries for its conversational capabilities. However, it is essential for users to be cautious about the information they share with AI models like ChatGPT, particularly when using it for work-related purposes. This article explores the potential risks and considerations for users when sharing sensitive or confidential information with ChatGPT in professional settings.
Potential Risks and Concerns:
  1. Data Privacy and Security: When sharing information with ChatGPT, there is a risk that sensitive data could be compromised or accessed by unauthorized individuals. While OpenAI takes measures to secure user data, it is important to be mindful of the potential vulnerabilities that exist.
  2. Confidentiality Breach: ChatGPT is an AI model trained on a vast amount of data, and there is a possibility that it may generate responses that unintentionally disclose sensitive or confidential information. This can pose a significant risk, especially when discussing proprietary information, trade secrets, or confidential client data.
  3. Compliance and Legal Considerations: Different industries and jurisdictions have specific regulations regarding data privacy and protection. Sharing certain types of information with ChatGPT may potentially violate these regulations, leading to legal and compliance issues.

Best Practices for Using ChatGPT in a Work Environment:

  1. Avoid Sharing Proprietary Information: Refrain from discussing or sharing trade secrets, confidential business strategies, or proprietary data with ChatGPT. It is important to maintain a clear boundary between sensitive company information and AI models.
  2. Protect Personal Identifiable Information (PII): Be cautious when sharing personal information, such as social security numbers, addresses, or financial details, as these can be targeted by malicious actors or result in privacy breaches.
  3. Verify the Purpose and Security of Conversations: If using a third-party platform or integration to access ChatGPT, ensure that the platform has adequate security measures in place. Verify that the conversations and data shared are stored securely and are not accessible to unauthorized parties.
  4. Be Mindful of Compliance Requirements: Understand and adhere to industry-specific regulations and compliance standards, such as GDPR or HIPAA, when sharing any data through ChatGPT. Stay informed about any updates or guidelines regarding the use of AI models in your particular industry.
While ChatGPT and similar AI language models offer valuable assistance, it is crucial to exercise caution and prudence when using them in professional settings. Users must prioritize data privacy, security, and compliance by refraining from sharing sensitive or confidential information that could potentially compromise their organizations. By adopting best practices and maintaining awareness of the risks involved, users can harness the benefits of AI models like ChatGPT while safeguarding their valuable information.
Read more »
Vulnerable
Cookies Cyber Security Cyberattacks HIPAA Meta Pixel PHI PII Potential Threats Vulnerable

Consenting to Cookies is Not Sufficient

 


While most companies are spending a great deal of their time implementing cookie consent notices, it is becoming increasingly evident that the number and size of developments and lawsuits relating to privacy are on the rise. As a result, companies and their customers are rarely protected by these notices, which is not a surprise.  

It is undeniable that transparency is a worthwhile endeavor. But, the fact remains that companies can be vulnerable to several potential threats that are often beyond their direct control.   

For example, the recent lawsuits involving the Meta Pixel, which also affect many U.S. healthcare companies and are affecting many doctors, are an ideal example of this issue.    

The issue lies in the way websites are designed and built, which contributes to the problem. Except for a few of the biggest tech companies, all of the websites are built using third-party cloud services that are hosted on the web. Among the services offered here are CRM, analytics, form builders, and also trackers for advertisers that take advantage of these functions. Various third parties have a great deal of autonomy over these decisions. However, they are not regulated properly. 

Many kinds of pixels are available on the internet, and many of them serve some purpose. Usually, marketers use this type of data when they want to target advertisements to potential customers. In addition, they want to see how effective their ads are when it comes to reaching them. It is also imperative to note that, by using these trackers, highly specific and detailed personal data is also being collected. This data is being incorporated into existing data portfolios. 

Financial and Healthcare Data are Being Misused 

In most cases, the risks associated with visiting a healthcare website are much higher than when you are visiting any other website. Facebook is not a suitable place for you to share the medical conditions that you are researching with your friends who use that service. This data is not something that you want to be included in your social graph, and you do not want it added. Therefore, the crux of the issue in these lawsuits can be summarized this way: Protected Health Information (PHI) is protected by HIPAA (Health Insurance Portability and Accountability Act), which the actions described in the preceding sentence violate. Seeing digital advertising through the lens of healthcare can also shine a light on how troubling it can be when tracking is used. This is when viewed through the lens of advertising.   

As far as financial services are concerned, the same rules apply. A similar consequence may occur if an unauthorized party gains access to personally identifiable information (PII) or financial data, such as Social Security Numbers or credit card numbers, as well as other confidential data, and it is not handled correctly. This could have dire consequences. Privacy is crucial to safety. Details about your private life should be kept private for the right reasons. Modern advertising practices do not mesh well with these aspects of our lives, which are all significant.   

In addition to the Meta Pixel case, two other recent lawsuits provide us with a deeper understanding of how complex and broad the problem is, and how far it extends.  

Analyzing Sensitive Data From a Different Perspective 

In a recent lawsuit, Oracle was accused of trying to use the 4.5 billion records they currently hold as a proxy system for tracking sensitive consumer data. They have deliberately chosen not to share with any third parties. For comparison, the global population is 8 billion people. The concept of re-identification of de-identified data is far from an invention, but it serves as a clear example of why it matters so much to gather all these pieces of data, no matter how random they may seem. A person can infer most of the details of their life with almost astonishing accuracy. This is if they have access to enough data from Oracle, or whoever gets hold of the data. The data will end up being used in the same way in the end as this is a certainty. 

In a recent case, web testing tools were used to record the sessions of users on a website. This was so that they could see how well users navigated the site as they worked through the steps. As web developers and marketers, it is extremely common for them to use these tools to make their user interfaces more usable. 

In short, some companies are being accused of wiretapping under the Wiretap laws because they are using these tools to gather information. The reason for this is that these tools are capable of transmitting a considerable amount of information without the user's knowledge and the website owner's knowledge. It is inconceivable to believe that such a thing could happen. Even though this may seem like a minor issue, it is very clear once you look at it through the lens of sensitive data. 
Read more »
Twitter Data Breach
API API Attack API security Data Breach Hacking PII Social Engineering Attack Twitter Data Breach

Twitter Data Breach Indicates How APIs Are a Goldmine for PII and Social Engineering


A Twitter API vulnerability that was detected in June 2021, and was later patched, has apparently been haunting the organization yet again. 

In December 2022, a hacker claimed to have access to the personal data of 400 million Twitter users for sale on the dark web markets. And only yesterday, the attacker published the account details and email addresses of 235 million users. 

The breached data revealed by the hacker includes account names, handle creation data, follower count, and email addresses of victims. Moreover, the threat actors can as well design social engineering campaigns to dupe people into providing them their personal data. 

Twitter: A Social Engineering Goldmine 

Social media giants provide threat actors with a gold mine of user data and personal information that they can utilize in order to perform social engineering scams. 

Getting a hold of just a user name, email address, and contextual information of a user’s profile, available to the public, a hacker may conduct reconnaissance on their targeted user and create phishing and scam campaigns that are specifically designed to dupe them into providing personal information. 

In this case, while the exposed information was limited to users’ information available publicly, the immense volume of accounts exposed in a single location (Twitter) has in fact provided a “goldmine of information” to the threat actors. 

The Link Between Social Engineering and API Attacks 

Unsecured APIs allow cybercriminals direct access to users’ Personally Identifiable Information (PII), such as username and password, which is captured when the user connects to any third-party service API. API attack thus provides threat actors with a window to collect large amounts of personal information for scams. 

An instance of this happened just a month ago when a threat actor leveraged an API flaw to gather the data of 80,000 executives throughout the private sector and sell it on the dark web. The threat actor had applied successfully to the FBI's InfraGard intelligence sharing service. 

The data collected during the incident included usernames, email addresses, Social Security numbers, and dates of birth of victims. This highly valuable information was utilized by the threat actors for developing social engineering dupes and spear phishing attacks. 

How to Protect APIs and PII? 

One of the main challenges faced while combating API breaches is how modern enterprises need to detect and secure a large number of APIs. A single vulnerability can put user data at risk of exfiltration, therefore there is little room for error. 

“Protecting organizations from API attacks requires consistent, diligent oversight of vendor management, and specifically ensuring that every API is fit for use […] It’s a lot for organizations to manage, but the risk is too great not to,” says Chris Bowen, CISO at ClearDATA.  “In healthcare, for example, where patient data is at stake, every API should address several components like identity management, access management, authentication, authorization, data transport, exchange security, and trusted connectivity.”

It has also been advised to the security team to not rely solely on simple authentication options like username and password in order to secure their APIs. 

“In today’s environment, basic usernames and passwords are no longer enough […] It’s now vital to use standards such as two-factor authentication (2FA) and/or secure authentication with OAuth,” says Will Au, senior director for DevOps, operations, and site reliability at Jitterbit. 

Moreover, measures such as utilizing a Web Application Firewall (WAF), and monitoring API traffic in real time can aid in detecting malicious activities, ultimately minimizing the risk of compromise.  

Read more »
Subscribe to: Posts (Atom)