Last week, breaches and cyberattacks occurred across several industries from hospitality, software, aviation, pharmaceutical, to the debt collection industry. Devastating consequences have been uncovered from earlier data breaches and attacks, such as the UnitedHealthcare's CEO stating that the recent data breach may affect a third of US citizens. Additionally, Philadelphia Inquirer revealed that the May 2023 data breach have led to 25,549 individuals' personal and financial information stolen. Furthermore, new vulnerabilities and patches for GitLab and weak DMARC policies have also been found and released. It is highly recommended to not only be aware of them but to also update them as soon as possible. Read on to receive a quick summary of what happened this week in the space of cybersecurity. Panda Restaurants disclose a March data breach: Corporate systems compromised and associates’ personal information stolen. Panda Restaurant Group, the parent company of Panda Express, Panda Inn and Hibachi-San, disclosed a data breach that occurred on 10 March 2024, which compromised some of their corporate systems. However, in-store systems, operations, and guest experience were unaffected. Furthermore, current and former associates’ data were stolen. The exposed information includes victims’ names or other personal identifiers, and their driver’s licence numbers or non-driver identification card numbers. The unauthorised hacker accessed their corporate systems between 7 March - 11 March 2024. As soon as they detected the incident, the company carried out remediation and recovery efforts, and started an investigation with 3rd party cybersecurity experts and law enforcement agencies to find the nature and extent of the breach. Panda has yet to disclose the total number of individuals whose personal information was accessed or stolen in this breach. Dropbox disclose data breach: Signs’, eSignature Service, customers impacted. Dropbox disclosed on 2 May 2024 that a threat actor managed to gain access to the Sign production environment and accessed customer information. The compromised personal information includes customers’ email addresses, usernames, phone numbers, hashed passwords, data on general account settings, and authentication data such as API keys, OAuth tokens and multi-factor authentication. It is noted that even users who only received or signed a document through Sign without creating an account had their names and email addresses compromised. Fortunately, there is no indication that payment information or customers’ files (signed documents and agreements) were accessed. Investigation is currently ongoing, but so far there is no evidence that other Dropbox products were impacted. The company is notifying impacted customers, logging them out of the Sign service, and resetting their passwords. In addition, API keys and OAuth tokens are being rotated. It is also highly advised for customers that use an authenticator app for MFA to reset it, and to change passwords on other online services which use the same password as Sign. Qantas loyalty app data breach: Customers’ able to access strangers’ travel information. Australia’s Qantas Airways stated on 2 May 2024 that they are investigating issues that impacted their frequent flyer application after media reports suggested there was a data breach that allowed users to access other passengers’ travel information - this includes their names, upcoming flights plans, points balance and boarding pass. Some users can see others’ full travel information, and one was able to cancel someone else’s tickets. The airlines apologised for this issue, and stated that this technical disruption was not a cyber security incident. Rather it was caused by a technology issue that may be related to recent system changes. London Drugs closed all stores following a ‘cybersecurity incident’. Canadian pharmacy chain, London Drugs, closed all their stores - over 80 outlets - over the weekend until further notice following a “cybersecurity incident”. A London Drugs spokesperson stated that a “cybersecurity incident” was behind the store closures, and declined to answer specific questions about the incident. Furthermore, their phone lines are temporarily taken down and people should go to their stores for urgent pharmacy needs.The giant stated that they immediately took counter security measures, and has started an investigation with 3rd party cybersecurity experts. As of then, they found no evidence that customer or employee data has been compromised. FBCS, a debt collection agency, warns 1.9 million individuals impacted by a data breach. Financial Business and Consumer Solutions (FBCS), a U.S licensed debt collection agency, is notifying 1,955,385 impacted individuals in the U.S. that the company suffered a data breach after they discovered that unauthorised actors had breached its network since 14 February 2024. The threat actor was able to view or acquire certain information on the FBCS network during the period of access. The compromised data includes customers’ full name, social security number, birth date, account information, and drivers licence number or ID card. It is highly recommended that impacted individuals stay vigilant against unsolicited communications and to monitor their account statements and credit reports for any suspicious activity. Philadelphia Inquirer revealed that May 2023 data breach have led to 25,549 individuals’ personal and financial information stolen. Philadelphia Inquirer revealed that attackers behind the May 2023 data breach have stolen 25,549 individuals’ personal and financial information. The information exposed during the breach includes individuals’ names, and other personal identifiers in combination with financial account numbers or credit/debit card numbers (in combination with security code, access code, password or PIN for the accounts). It is highly recommended that impacted individuals monitor their accounts for identity theft and fraud attempts. All impacted individuals are offered 24 months of free Experian credit monitoring and identity restoration services. UnitedHealthcare’s CEO: Recent data breach may affect a third of US citizens. Change Healthcare’s parent company UnitedHealth Group’s CEO, Andrew Witty, stated during a House hearing that “maybe a third” of US citizens may be affected by the recent data breach which led to personal information being stolen. Witty stated that he was reluctant to give a more precise answer as investigations are still ongoing, and they are trying to figure out exactly how many people were affected. During the hearing, Witty stated it will probably take “several months” before the company can notify victims of the data breach. So far, the company has found no evidence of exfiltration of materials such as doctors’ charts or full medical histories among the data. It was found that hackers used compromised credentials to access a Change Healthcare Citrix portal that was not protected by MFA. Witty confirmed to senators that UnitedHealth did pay $22 million to the ransomware group. CISA: Actively exploited maximum severity GitLab vulnerability allows attackers to take over accounts. CISA warned on 1 May 2024 that attackers are actively exploiting a maximum-severity vulnerability (tracked as CVE-2023-7028) in GitLab that allows them to take over accounts via password resets. This flaw allows remote unauthenticated threat actors to send password reset emails to email accounts under their control to change the password and hijack targeted accounts without user interaction. Although, attackers are unable to exploit this vulnerability for accounts that have 2FA enabled. It is critical to patch systems where accounts are not protected with 2FA. This vulnerability impacts GitLab Community and Enterprise editions, and GitLab fixed it in 17.7.2, 16.5.6, and 16.6.4 and backported patches to versions 16.1.6, 16.2.9, and 16.3.7. Finland: Ongoing Android malware attacks attempting to breach online bank accounts. Finland’s Transport and Communications Agency (Traficom) warns of an ongoing malware attack that is attempting to breach online bank accounts. Multiple cases of attacks include SMS messages instructing users to call a number. The scammer will instruct victims to install a McAfee app for protection, which is malware that allows attackers to breach victim’s bank accounts. These messages are supposedly sent from banks or payment service providers like MobilePay. In one case, a victim lost 95,000 euros as the scammers managed to log into the victim’s banking account and transfer money. Traficom states that the campaign targets only Android devices. If you have installed the malware, immediately contact your bank for protection measures and restore “factory settings” on the infected device to erase all data and apps. NSA & FBI: North Korean hackers are exploiting weak email DMARC policies to mask attacks. The NSA and FBI jointly caution that APT43, a North Korea-linked hacking group, is exploiting weak email Domain-based Message Authentication Reporting and Conformance (DMARC) policies to mask spear phishing attacks. The attackers utilise this weakness to send spoofed emails which seems to come from credible sources such as journalists, academics, and other experts in East Asian affairs. NSA stated that these campaigns are utilised to collect intelligence on geopolitical events, adversary foreign policy strategies, and any information that affects DPRK interests by gaining illicit access to targets’ private documents, research and communications. To mitigate the threat, it is advised for defenders to update their organisation’s DMARC security policy to use “v=DMARC1; p=quarantine;” or “v=DMARC1; p=reject;” configurations. It is also recommended for organisations to set other DMARC policy fields, such as ‘rua’ to receive aggregate reports about the DMARC results for email messages from the organisation’s domain. That is all! Enjoy the rest of the week and don't forget to update your devices and systems to the latest patches! Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|