What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-06-02 16:00:00 | Scripps Notifying 147K People of Data Breach (lien direct) | Healthcare provider shares news of ransomware attack that exposed patient data | Ransomware Data Breach | ||
|
2021-06-01 15:19:00 | Model Sues Law Firm Over Data Breach (lien direct) | Goldberg Segalla accused of leaking fashion model's personal information on PACER | Data Breach | ||
 |
2021-05-29 21:57:58 | FBI will share compromised passwords with HIBP Pwned Passwords (lien direct) | The FBI is going to share compromised passwords discovered during investigations with Have I Been Pwned (HIBP)’s ‘Pwned Passwords’ service. The FBI will share compromised passwords that were discovered during investigations with the ‘Pwned Passwords‘ service implemented by the data breach notification site Have I Been Pwned (HIBP). The Pwned Passwords service allows users to search […] | Data Breach | ★★ | |
 |
2021-05-27 17:59:19 | Japanese Ministries Confirm Impact from Fujitsu Data Breach (lien direct) | Japan's Ministry of Foreign Affairs and Ministry of Land, Infrastructure, Transport and Tourism this week confirmed impact from a data breach at service provider Fujitsu Limited. | Data Breach | ||
|
2021-05-27 16:42:00 | (Déjà vu) Data Breach at Canada Post (lien direct) | Malware attack on third-party supplier leads to data breach at Canada Post | Data Breach Malware Guideline | ||
 |
2021-05-27 14:38:13 | Canada Post Discloses Data Breach (lien direct) | BACKGROUND: It has been reported that Canada Post has informed 44 of its large business customers that information relating to more than 950,000 customers was compromised after one of its… | Data Breach | ||
 |
2021-05-27 14:08:26 | Canada Post hit by data breach after supplier ransomware attack (lien direct) | Canada Post has informed 44 of its large commercial customers that a ransomware attack on a third-party service provider exposed shipping information for their customers. [...] | Ransomware Data Breach | ||
 |
2021-05-25 15:00:00 | Anomali Cyber Watch: Bizzaro Trojan Expands to Europe, Fake Call Centers Help Spread BazarLoader Malware, Toshiba Business Reportedly Hit by DarkSide Ransomware and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: BazarCall, DarkSide, Data breach, Malware, Phishing, Ransomware and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Air India passenger data breach reveals SITA hack worse than first thought
(published: May 23, 2021)
Adding to the growing body of knowledge related to the March 2021 breach of SITA, a multinational information technology company providing IT and telecommunication services to the air transport industry, Air India announced over the weekend that the personal information of 4.5 million customers was compromised. According to the airline, the stolen information included passengers’ name, credit card details, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data. The compromise included data for passengers who registered with Indian Airlines between 26 August 2011 and 3 February 2021; nearly a decade. Air India adds to the growing list of SITA clients impacted by their data breach, including Malaysia Airlines, Finnair, Singapore Airlines, Jeju Air, Cathay Pacific, Air New Zealand, and Lufthansa.
Analyst Comment: Unfortunately, breaches like this are commonplace. While customers have no control over their information being included in such a breach, they can and should take appropriate actions once notified they may be impacted, Those actions can include changing passwords and credit cards associated with the breached accounts, engaging with credit reporting agencies for enhanced credit monitoring or freezing of credit inquiries without permission, and reaching out to companies that have reportedly been breached to learn what protections they may be offering their clients.
Tags: Data Breach, Airline, PII
BazarCall: Call Centers Help Spread BazarLoader Malware
(published: May 19, 2021)
Researchers from PaloAlto’s Unit42 released a breakdown of a new infection method for the BazarLoader malware. Once installed, BazarLoader provides backdoor access to an infected Windows host which criminals can use to scan the environment, send follow-up malware, and exploit other vulnerable hosts on the network. In early February 2021, researchers began to report a “call center” method of distributing BazarLoader. Actors would send phishing emails with trial subscription-based themes encouraging victims to phone a number to unsubscribe. If a victim called, the actor would answer the phone and direct the victim through a process to infect the computer with BazarLoader. Analysts dubbed this method of infection “BazarCall.”
Analyst Comment: This exemplifies social engineering tactics threat actors employ to trick users into installing malware on their machines. All social media users should be cautious when accepting unknown requests to connect, and particularly cautious when receiving communication from unknown users. Even if cal |
Ransomware Data Breach Malware Hack Tool Vulnerability Threat Guideline | ||
|
2021-05-25 14:37:16 | Domino\'s India discloses data breach after hackers sell data online (lien direct) | Domino's India has disclosed a data breach after a threat actor hacked their systems and sold their stolen data on a hacking forum. [...] | Data Breach Threat | ||
|
2021-05-25 12:20:42 | (Déjà vu) Expert Commentary on Audio Maker Bose Recent Data Breach (lien direct) | Bose Corporation (Bose) has disclosed a data breach following a ransomware attack that hit the company’s systems in early March. The Attorney General of Bose released the below statement: “experienced… | Ransomware Data Breach | ||
|
2021-05-25 09:03:00 | GDPR Anniversary: Security Leaders More Concerned About Litigation Than Fines (lien direct) | 90% of security leaders are concerned about data breach litigation because of GDPR | Data Breach Guideline | ||
 |
2021-05-25 07:59:31 | (Déjà vu) Bose reports data breach following ransomware attack (lien direct) | Bleeping Computer has reported that audio maker Bose disclosed a data breach after ransomware attack that hit the company’s systems in early March. A breach notification letter filed with New Hampshire’s Office of the Attorney General by Bose stated the company “experienced a sophisticated cyber-incident that resulted in the deployment of malware/ransomware across” its “environment.” | Ransomware Data Breach | ★★★★ | |
|
2021-05-24 19:47:00 | Audio maker Bose discloses data breach after ransomware attack (lien direct) | Bose Corporation (Bose) has disclosed a data breach following a ransomware attack that hit the company's systems in early March. [...] | Ransomware Data Breach | ||
|
2021-05-24 07:46:47 | Damage of SITA data breach still unfolding as Air India compromised (lien direct) | Tech Crunch has reported that a recently found Air India passenger data breach indicates that the SITA hack is worse than first anticipated. Three months after air transport data giant SITA reported its own data breach, the damage is still mounting. Air India said this week that personal data of about 4.5 million passengers had […] | Data Breach Hack | ★★★★★ | |
|
2021-05-22 11:54:17 | (Déjà vu) Air India suffered a data breach, 4.5 million customers impacted (lien direct) | Air India disclosed a data breach that impacted roughly 4.5 million of its customers, two months after its Passenger Service System provider SITA was hacked. Air India has disclosed a data breach that impacted 4.5 million of its customers, exposed data includes the personal information of customers registered between August. 26, 2011 and February. 3, 2021. Customers’ […] | Data Breach | ||
 |
2021-05-21 22:01:08 | Air India Hack Exposes Credit Card and Passport Info of 4.5 Million Passengers (lien direct) | India's flag carrier airline, Air India, has disclosed a data breach affecting 4.5 million of its customers over a period stretching nearly 10 years after its Passenger Service System (PSS) provider SITA fell victim to a cyber attack earlier this year.
The breach involves personal data registered between Aug. 26, 2011 and Feb. 3, 2021, including details such as names, dates of birth, contact |
Data Breach Hack | ||
|
2021-05-21 19:47:00 | Indonesia \'s government confirms social security data breach for some citizens (lien direct) | Indonesia has launched an investigation into a possible security incident that caused the leak of social security data for more than 270 million citizens. Indonesia’s Communication and Information Ministry has confirmed a leak of social security data, it attempted to downplay the incident explaining that it only impacted a small portion of the population. The authorities […] | Data Breach | ||
|
2021-05-21 14:48:50 | Air India data breach impacts 4.5 million customers (lien direct) | Air India disclosed a data breach after personal information belonging to roughly 4.5 million of its customers was leaked two months following the hack of Passenger Service System provider SITA in February 2021. [...] | Data Breach Hack | ||
|
2021-05-21 05:26:06 | E-commerce giant suffers major data breach in Codecov incident (lien direct) | E-commerce platform Mercari has disclosed a major data breach incident that occurred due to exposure from the Codecov supply-chain attack. Mercari is a Japanese public company and an online marketplace that has recently expanded its operations to the United States and United Kingdom. [...] | Data Breach | ||
 |
2021-05-20 16:44:17 | Mandatory opt-out, data breach notification part of new privacy bill (lien direct) | Senators reintroduce bill as scrutiny of social media ramps up. | Data Breach | ||
|
2021-05-19 17:35:00 | UHS Data Breach Lawsuit Proceeds (lien direct) | Data breach lawsuit against healthcare provider gets the go-ahead but only for one patient | Data Breach | ||
|
2021-05-18 19:26:00 | #RSAC: Does the US Need a National Breach Reporting Law? (lien direct) | Panelists at the RSA Conference 2021, including the FBI and US Department of Justice, make a case for a national standard for data breach reporting | Data Breach | ||
|
2021-05-18 13:33:06 | (Déjà vu) Experts Reaction on guard.me Data Breach (lien direct) | The student health insurance carrier guard.me has taken their website offline after a vulnerability allowed a threat actor to access policyholders’ personal information. The website is one of the largest insurance providers… | Data Breach Vulnerability Threat | ||
|
2021-05-17 20:57:51 | Student health insurance carrier Guard.me suffers a data breach (lien direct) | Student health insurance carrier guard.me has taken their website offline after a vulnerability allowed a threat actor to access policyholders' personal information. [...] | Data Breach Vulnerability Threat | ||
 |
2021-05-14 19:18:41 | Verizon\'s 2021 DBIR: Phishing and ransomware threats looming ever larger (lien direct) | The report provides unique insights into how the COVID-19 pandemic affected the data breach landscape | Ransomware Data Breach | ||
 |
2021-05-14 13:26:48 | Verizon: Pandemic Ushers in ⅓ More Cyber-Misery (lien direct) | The DBRI – Verizon's 2021 data breach report – shows spikes in sophisticated phishing, financially motivated cyberattacks and a criminal focus on web-application servers. | Data Breach | ||
 |
2021-05-14 10:33:26 | 2021 Verizon Data Breach Investigations Report Proves That Cybercrime Continued to Thrive During the Pandemic (lien direct) |  Verizon recently published its 2021 Data Breach Investigations Report (DBIR). This year, Verizon analyzed 79,635 incidents, of which 29,207 met their quality standards and 5,258 were confirmed data breaches, from 88 countries around the world.
Despite the global pandemic, the DBIR uncovered that cybercrime continued to thrive. Like previous years, the majority of breaches were financially motivated, and most were caused by external actors illegally accessing data.
Phishing, ransomware, and web app attacks ??ヲ Oh my!
Phishing and ransomware attacks, along with the continued high number of web application attacks, dominated the data breaches for 2021. Phishing attacks were present in a whopping 36 percent of breaches in this year???s dataset, representing an 11 percent increase from last year.
Ransomware attacks increased by 6 percent, accounting for 10 percent of breaches. This increase can likely be attributed to new tactics where ransomware now steals the data as it encrypts it. Ransomware has also proven to be very efficient for cybercriminals. It doesn???t take a lot of hands on keyboards and it???s a relatively easy way for cybercriminals to make a quick buck.
Web applications made up 39 percent of all data breaches. Most of the web applications attacked were cloud-based, which isn???t surprising giving the increased shift to digital during the pandemic. The majority of web application attacks were through stolen credentials or brute-force attacks. 95 percent of organizations that suffered a credentials management attack experienced between 637 to 3.3 billion malicious login attempts throughout the year.
If you look at breaches by region, EMEA ??? comprised of Europe, the Middle East, and Africa ??? had the highest proportion of web application attacks. This is the second year in a row that web applications accounted for the majority (54 percent) of breaches in EMEA. Not surprisingly, the most commonly breached data type in EMEA was credentials ??? which goes hand-in-hand with web attacks.ツ?
In Asia, web application attacks fell second to social engineering attacks and in North America, web application attacks fell third ??? behind social engineering and system intrusion.
Web application threats were also prevalent across the 11 examined industries, especially in the information industry. The retail industry, which has notoriously been susceptible to web application attacks, has decreased its proportion of web application breaches.
What can organizations do to prevent web application attacks? |
Ransomware Data Breach | ||
|
2021-05-13 11:07:13 | Experts Responses on Verizon DBiR Findings (lien direct) | Today, Verizon has released its Data Breach Investigation Report (DBiR). With 29,207 quality incidents analysed, of which 5,258 were confirmed breaches, the DBiR provides a comprehensive snapshot of the state of… | Data Breach | ||
|
2021-05-11 18:04:00 | Kansas Identity Theft Spike Could Be Linked to Data Breach (lien direct) | Alleged data breach at Kansas Department of Labor may account for state leading national unemployment fraud stats | Data Breach Guideline | ||
|
2021-05-11 15:11:30 | Expert Commentary: CaptureRx Data Breach (lien direct) | BACKGROUND: CaptureRx is notifying healthcare providers’ clients that unauthorized access to certain files could have exposed patient details like medical records, name, date of birth, and prescription information. CaptureRx recently… | Data Breach | ||
|
2021-05-10 11:06:17 | City of Chicago Hit by Data Breach at Law Firm Jones Day (lien direct) | The city of Chicago on Friday said that employee emails were compromised in a Jones Day data breach involving Accellion's FTA file sharing service. | Data Breach | ||
|
2021-05-07 16:25:00 | Lawsuit Filed Over Contact Tracing Data Breach (lien direct) | State of Pennsylvania and Insight Global accused of cybersecurity failures after PHI exposed | Data Breach | ||
|
2021-05-07 15:41:46 | Three US healthcare providers suffer data breach (lien direct) | Following a ransomware attack on the administrative services company, CaptureRx, at least three US healthcare providers suffered a data breach. The attach occurred on February 6, and an investigation was launched almost two weeks later, discovering that several files had been accessed by an unauthorised user. The personal health information (PHI) of more than 24,000 […] | Ransomware Data Breach | ||
 |
2021-05-07 14:00:00 | 3 Ways to Reduce the Cost of a Government Data Breach (lien direct) | As a government agency or jurisdiction, one of your goals is to build trust with the citizens you serve. You earn that trust by protecting their information from a government data breach. This also helps by making efficient use of taxpayer dollars. When a data breach does hit, both pillars are eroded. Your organization can […] | Data Breach | ||
|
2021-05-06 16:05:00 | CaptureRx Data Breach Impacts Healthcare Providers (lien direct) | US healthcare providers affected by cyber-attack on third-party administrative services vendor | Data Breach | ||
 |
2021-05-06 10:00:00 | Password security tips and best practices for enterprises (lien direct) | In honor of World Password Day, we’re doing our part to help keep your business secure by discussing the good, the bad, the ugly and the critical about passwords. Let’s face it: between all the logins we need for work and all the accounts we use in our personal lives, there are too many passwords to remember. So many of us do what seems natural—use the same password for multiple accounts. After all, especially with corporate password policies, most employees use strong passwords with a mix of numbers, lowercase and uppercase letters, and special characters. Still, what about all those sticky notes we have “secretly” hidden in locations probably not far away from our devices? That security risk is only the tip of the iceberg. Because according to a 2019 Lastpass survey, US employees working in mid-sized corporate businesses must manage approximately 75 passwords for work. Unsurprisingly, employees recycle passwords 13 times on average. In other words, employees are using the same passwords over and over. And in many cases, especially for corporate applications and resources that lack strong password requirements, some passwords just aren’t strong enough. Cybercriminals know this, and it’s why breaches happen. If hackers get access to your trusted data, the ramifications can be dire. The costs of a data breach go well beyond financial, and include damage to your company’s brand, trust and reputation. Why do we need stronger and longer passwords? As malware, phishing, and ransomware continue to skyrocket, we must understand that the password is the primary method for attackers to gain access to corporate systems. Phishing passwords may be the easiest method, but passwords can also be cracked. The stronger the password, the harder it is for cybercriminals to decode. In a typical attack—the brute force password attack—attackers will use software that quickly attempts every possible password combination of numbers, letters, and symbols. These software programs get better as computing power increases. For example, an eight-character strong password was not long ago considered secure and difficult to crack. Today, it can be cracked in eight hours. But if we tack on two more characters to make it ten-character, cracking the password can take approximately five years. Why do we need unique passwords for every login? As mentioned above, phishing is one of the simplest ways for hackers to steal our passwords. If you think your company has been victimized by phishing, malware, or ransomware, perhaps you’ve taken steps to reset those passwords. But the security risk here is if employees are using the same passwords for different apps, sites or resources. Have you heard about credential stuffing? With credential stuffing, attackers take username and password combinations they already know (which have been stolen or paid for on the dark web) and try them everywhere they can. Use of credential stuffing is escalating, and businesses of all sizes should take note. This type of attack is only successful if and when employees use the same password for different logins. What about password managers? Managing all those passwords doesn’t have to be complicated. A password management system is software that keeps an up-to-date list of all your passwords and logins, using a master password to access the password “vault”. That master password is the only one you need to remember. What if a hacker accesses your vault? Isn’t that riskier? Sure, there is undoubtedly an element of risk, but it’s critical to think in terms of relative safety. As a general rule, using some type of password | Ransomware Data Breach Hack | LastPass | |
|
2021-05-04 19:54:24 | U.S. Agency for Global Media data breach caused by a phishing attack (lien direct) | The U.S. Agency for Global Media (USAGM) has disclosed a data breach that exposed the personal information of current and former employees and their beneficiaries. [...] | Data Breach | ||
|
2021-05-04 15:25:00 | Anomali Cyber Watch: Microsoft Office SharePoint Servers Targeted with Ransomware, New Commodity Crypto-Stealer and RAT, Linux Backdoor Targeting Users for Years, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Data Theft, Backdoor, Ransomware, Targeted Ransomware Attacks and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Python Also Impacted by Critical IP Address Validation Vulnerability
(published: May 1, 2021)
Researchers have recently discovered that a bug previously discovered in netmask (a tool to assist with IP address scoping) is also present in recent versions of Python 3. The bug involves the handling of leading zeroes in decimal represented IP addresses. Instead of interpreting these as octal notation as specified in the standard, the python ipaddress library strips these and interprets the initial zero and interprets the rest as a decimal. This could allow unauthenticated remote attackers to perform a number of attacks against programs that rely on python's stdlib ipdaddress library, including Server-Side Request Forgery (SSRF), Remote File Inclusion (RFI), and Local File Inclusion (LFI).
Analyst Comment: Best practices for developers include input validation and sanitization, which in this case would avoid this bug by validating or rejecting IP addresses. Additionally regular patch and update schedules will allow for rapid addressing of bugs as they are discovered and patches delivered. Proper network monitoring and policies are also an important part of protecting against these types of attacks.
Tags: CVE-2021-29921, python
Codecov Begins Notifying Affected Customers, Discloses IOCs
(published: April 30, 2021)
Codecov has disclosed multiple IP addresses as IOCs that were used by the threat actors to collect sensitive information (environment variables) from the affected customers. The company disclosed a supply-chain breach on April 15, 2021, and has now begun notifying customers. The breach went undiscovered for 2 months, and leveraged the Codecov Bash Uploader scripts used by a large number of projects.
Analyst Comment: In light of the increasing frequency and sophistication of supply chain attacks, companies should carefully audit, examine, and include in their threat modelling means of mitigating and detecting third party compromises. A resilient and tested backup and restore policy is an important part of the overall security strategy.
Tags: North America, Codecov, supply chain
FBI Teams up with ‘Have I Been Pwned’ to Alert Emotet Victims
(published: April 30, 2021)
The FBI has shared more than 4.3 million email addresses with data breach tracking site Have I Been Pwned. The data breach notification site allows you to check if your login credentials may have been compromised by Emotet. In total, 4,324,770 email addresses were provided which span a wide range of countries and domains. The addresses are actually sourced from 2 separate corpuses of data obtained by the agencies.
Analyst Comment: Frequently updated endpoint detection policies as well as network security |
Ransomware Data Breach Malware Tool Vulnerability Threat Patching Guideline | ||
 |
2021-05-04 11:00:00 | Then a Hacker Began Posting Patients\' Deepest Secrets Online (lien direct) | A family-run psychotherapy startup grew into a health care giant. It was a huge success-until the data breach and the anonymous ransom notes sent to clients. | Data Breach | ★★★★★ | |
|
2021-05-03 14:42:52 | Most Common Causes of Data Breach and How to Prevent It (lien direct) | Which are the most common causes of a Data Breach and how to prevent It? How can organizations prevent it? Data breaches are highly damaging and equally embarrassing for businesses andconsumers. If you look at Verizon's 2020 Data Breach Investigations Report, you canfind some of the most common causes of data breaches. However, you will also […] | Data Breach | ||
|
2021-04-30 07:57:44 | Dorset police investigating data breach (lien direct) | ITV reports on how Dorset police are investigating a “serious data breach” involving pupils from two schools in Christchurch. This is after information about an alleged race hate crime was sent by mistake to a man from Wimborne who had initially emailed the police about a separate incident. Dorset police insist it was human error […] | Data Breach | ||
 |
2021-04-30 07:30:29 | DigitalOcean admits data breach exposed customers\' billing details (lien direct) | DigitalOcean, the popular cloud-hosting provider, has told some of its customers that their billing details were exposed due to what it described as a "flaw." Read more in my article on the Hot for Security blog. | Data Breach | APT 32 | |
|
2021-04-30 00:24:38 | Passwordstate Warns of Ongoing Phishing Attacks Following Data Breach (lien direct) | Click Studios, the Australian software firm which confirmed a supply chain attack affecting its Passwordstate password management application, has warned customers of an ongoing phishing attack by an unknown threat actor.
"We have been advised a bad actor has commenced a phishing attack with a small number of customers having received emails requesting urgent action," the company said in an |
Data Breach Threat | ||
|
2021-04-29 15:22:48 | FBI teams up with \'Have I Been Pwned\' to alert Emotet victims (lien direct) | The data breach notification site now allows you to check if your login credentials may have been compromised by Emotet | Data Breach | ||
|
2021-04-28 17:52:18 | Etsy-owned musical instrument marketplace Reverb suffers data breach (lien direct) | The online musical instrument marketplace Reverb has suffered a data breach which has exposed the personal details of 5.6 million users. Read more in my article on the Hot for Security blog. | Data Breach | ||
|
2021-04-28 16:09:13 | DigitalOcean data breach exposes customer billing information (lien direct) | Cloud hosting provider DigitalOcean has disclosed a data breach after a flaw exposed customers' billing information. [...] | Data Breach | APT 32 | |
|
2021-04-27 16:23:00 | Online Music Marketplace Suffers Data Breach (lien direct) | Cybersecurity researcher finds millions of Reverb.com records on unprotected server | Data Breach | ||
|
2021-04-27 10:46:26 | (Déjà vu) MangaDex discloses data breach after stolen database shared online (lien direct) | Manga scanlation site MangaDex disclosed a data breach last week after learning that the site's user database was privately circulating among threat actors. [...] | Data Breach Threat | ||
|
2021-04-27 10:46:26 | MangaDex discloses data breach after stolen data gets shared online (lien direct) | Manga scanlation site MangaDex disclosed a data breach last week after learning that the site's user database was privately circulating among threat actors. [...] | Data Breach Threat | ||
|
2021-04-26 17:10:48 | Reverb discloses data breach exposing musicians\' personal info (lien direct) | Popular musical instrument marketplace Reverb has suffered a data breach after an unsecured database containing customer information was exposed online. [...] | Data Breach |
To see everything:
Our RSS (filtrered)
