Last week, breaches and cyberattacks occurred across several industries from the public, technology, watch, physical security to the healthcare sector. Devastating consequences have been uncovered from earlier data breaches and attacks, such as the University System of Georgia determined that the 2023 Clop Moveit breach led to 800,000 individuals’ data stolen, and that the Ohio Lottery ransomware attack has led to over 500,000 individuals’ data compromised. Additionally, a massive webshop fraud ring has stolen credit card information from over 850,000 people. Furthermore, new vulnerabilities and patches for Citrix have also been found and released. It is highly recommended to not only be aware of them but to also update them as soon as possible. Read on to receive a quick summary of what happened this week in the space of cybersecurity. Dell data breach: 49 million customers’ personal data exposed. Dell disclosed via emails to their customers of a data breach that potentially exposed the personal information of approximately 49 million customers. The emails come after a threat actor, Menelik, claimed the breach on BreachForums and offered to sell the stolen data of 49 million customers and other information systems purchased from Dell between 2017-2024. In the email, Dell stated that an investigation is underway. The personal information stolen is believed to include customers’ name, physical address, and purchase order details. Menelik listed the stolen data which included customers’ full name, address, city, province, postal code, warranty plan, company name, Dell order number, Dell customer number, system shipped data, and unique 7-digit service tag of the system. However, the stolen information did not include any highly sensitive information such as financial information, email address and telephone number. Furthemore, the threat actor disclosed that the stolen database also contains entries from enterprise clients, partners, educational institutions, and other entries. It was also said that the top 5 countries with systems in the leaked database are the US, China, India, Australia and Canada. An investigation is currently underway, and have notified the relevant law enforcement. City of Witchia suffers a ransomware attack and is forced to shut down their IT network. The City of Wichita, Kansas, disclosed that they were forced to shut down some of their network after suffering a weekend ransomware attack. The City confirmed that they suffered an attack on 5 May 2024, whereby their IT systems were encrypted with ransomware. At this time, it’s unknown whether data has been stolen. As of now, Wichita continues to face disruption, with the latest status update saying the following services remain unavailable: autopayments for water bills, public Wi-Fi at certain locations, the Library’s online catalog, databases and some digital services, email communications for Library staff, self-service print release stations and self-check stations at the Library, automated materials handler at the Advanced Learning Library, most incoming phone call capability for the Library, Wi-Fi and phone services at neighborhood resource centers, public services including golf courses, parks, courts, and the water district, require residents to pay in cash or check while online payment platforms are shut down. In addition, some public safety services like the WFD and WPD have resorted to using “pen and paper” reports, and the Wichita Transit buses and landfill services can only accept cash payments. The LockBit ransomware gang has claimed responsibility for the attack as they have added Wichita to their extortion portal. They are threatening to publish all stolen files on the site by 15 May unless the City pays the ransom. Ascension suffers from a major cyberattack: Some of their systems were taken offline. Ascension, a U.S. healthcare provider, suffered a cyberattack that took down multiple essential systems including electronic health records, the MyChart platform for patient communication, and certain medication and test-ordering systems. Ascension disclosed the attack on 8 May, and stated that an investigation into the attack is underway. The provider has temporarily paused non-emergency medical procedures and appointments, and some hospitals are diverting emergency medical services. Patients were advised to bring relevant medical information to appointments due to system limitations. The company stated that investigation is currently underway to determine if any sensitive information was affected, and will notify and support impacted individuals according to all regulatory and legal guidelines. DocGo confirmed they suffered a cyberattack and patient health data were stolen. DocGo, a mobile medical care firm, confirmed that they suffered a cyberattack after threat actors breached their systems and stole patient health data. In a 8-K filing filed with the SEC, DocGo stated that they recently suffered a cyberattack, and are working with 3rd party cybersecurity experts to assist in the investigation. They have also notified relevant authorities. As part of their investigation, it was determined that hackers stole protected health information from a “limited number of healthcare records”. The company stresses that no other business units have been affected, and they have found no evidence of continued unauthorized access. Singapore’s watchdog investigating Citizen Watches data breach: Customers’ personal details stolen. The Personal Data Protection Commission (PDPC) is investigating a data breach that has resulted in the personal data of Citizen Watches customers stolen. In an email sent to impacted customers on 30 April, notified them of the 24 April 2024 breach that the company discovered on 25 April. The company stated that the attacker had stolen personal data from their remote server. The personal information stolen included customers’ name, contact details, email address, password, birth date, country/region, occupation, and income range. Citizen Watches stated that they had taken steps to prevent “any potential harm” to their customers, and had identified the root cause of the breach. MoD data breach: UK armed forces’ personal details compromised. A payroll system used by the UK’s Ministry of Defence has suffered from a data breach, which led to the personal information of an unknown number of current and past serving UK military personnel being compromised. The personal information compromised includes names and bank details. For a very small number of cases, the compromised data includes their personal addresses. The data relates to current and former members of the Royal Navy, Army, and Royal Air Force over a period of several years. As the system was managed by an external contractor, no operational MoD data has been obtained. MoD has taken immediate action and the system has been taken off-line, and investigations are ongoing. British Columbia investigating multiple cyberattacks on government networks. The Government of British Columbia is investigating multiple cyberattacks that have impacted the Canadian province’s government networks. Premier David Eby stated that there is no evidence that the attackers had accessed or stolen sensitive information from the compromised networks. The government is working with the Canadian Centre for Cyber Security and other agencies to determine the extent of the incidents and to implement additional security measures. The government has yet to disclose the number of cyberattacks that impacted their networks and when they were detected. Amberstone Security exposed nearly 1.3 million documents via an unprotected database. Amberstone Security, a UK-based physical security business, exposed 1,274,086 documents due to an unprotected database, according to an infosec researcher. A researcher stated that they stumbled upon data belonging to the company, which included thousands of pictures of its guards and pictures of individuals suspected of offenses including shoplifting. Among the exposed data, which dates back to 2017, was a folder that contained 99,151 snapshots of guards checking in their shifts, either by using a picture of themselves, their ID cards or both. The pictures taken of the ID cards displayed basic information such as their name, headshot, and the card’s expiry data. In some cases, their signature was shown too. In terms of suspected offenders, images of offenders were found seemingly caught in the act via CCTV or photographed by security personnel afterward. Many images clearly depicted the suspects and were captioned with information such as their names, birthdate, and nature of their alleged offense. In some cases, detailed descriptions of how a suspect operates were found. Spreadsheets with information about offenses, how they were committed, and whether violence was used or not were found. It is unclear if the exposed data has been accessed by threat actors. A day after being alerted to the exposed database, the company revoked public access to the database, and an investigation into this incident is underway. Massive webshop fraud ring stole credit card information from over 850,000 people. A massive network of 75,000 fake online shops called ‘BogusBazaar’ has tricked over 850,000 people in the US and Europe into making purchases, allowing criminals to steal their credit card information and attempt to process an estimated $50 million in fake orders. Furthermore, millions of stolen credit card details have been resold on dark web marketplaces. This allows other threat actors to purchase them and perform unauthorised online purchases. According to SRLabs’ report, the BogusBazaar network has attempted to process an estimated $50 million in fake purchases since the operation launched 3 years ago. Most of the victims are concentrated in the US and Western Europe. It is highly recommended for consumers to check the authenticity of an online shop by reading online reviews, checking for contact information, examining the return policy, checking for trust seals, browsing the website content in general, and checking its social media presence. University System of Georgia: Clop MOVEit breach led to the exposure of 800,000 individuals’ data. The University System of Georgia (USG) is sending data breach notifications to 800,000 affected individuals whose data was exposed in the 2023 Clop MOVEit attacks. USG determined that Clop had stolen sensitive files from their systems and began notifying impacted people. The notices were sent between 15 April - 17 April 2024 and it informed affected individuals that the threat actors had accessed their full or partial (last 4 digits) of their social security number, birth date, bank account number(s), and federal income tax documents with Tax ID number. It is presumed that this breach affects current and prior students, academic staff, contractors and other personnel. Also, the entry of the Office of the Maine Attorney General portal lists as well driver’s license number or identification card number as exposed data types, although these were not mentioned in the notice. USG is offering impacted individuals 12 months of identity protection and fraud detection services, and recipients are given until 31 July 2024 to enroll. Ohio Lottery ransomware attack: Over 500,000 individuals’ data compromised. The Ohio Lottery is sending data breach notification letters to 538,959 individuals that were affected by a cyberattack that hit their internal office network on Christmas Eve. The attackers managed to access affected people’s names, social security numbers, and other personal identifiers. The Ohio Lottery stated that no evidence was found that the stolen information had been used for fraud. However, they will provide free credit monitoring and identity theft protection services to all potentially affected individuals. The breach was claimed by the DragonForce ransomware gang, and claimed that they encrypted devices and stole documents that belonged to Ohio Lottery customers and employees. Citrix warns admins to manually mitigate PuTTY SSH client vulnerability. Citrix notified customers to manually mitigate a PuTTY SSH client vulnerability (tracked as CVE-2024-31497) that could allow attackers to steal a XenCenter admin’s private SSH key. This vulnerability impacts multiple versions of XenCenter for Citrix Hypervisor 8.2 CU1 LTSR, which bundle and use PuTTY to make SSH connections to guest VMs when clicking the “Open SSH Console” button. Citrix stated that the PuTTY components have been removed starting with XenCenter 8.2.6 and any versions after 8.2.7 will no longer include it. Those who want to mitigate the vulnerability can download the latest version of PuTTY and install it in place of the version bundled with older XenCenter releases. Those who do not wish to use the “Open SSH Console” functionality can remove the PuTTY component completely. Customers who wish to maintain the existing usage of PuTTY should replace the version installed on their XenCenter system with an updated version (version number of at least 0.81). That is all! Enjoy the rest of the week and don't forget to update your devices and systems to the latest patches! Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|