Five Eyes breach, cancer center breach, Pixel zero-day flaw
Classified Five Eyes data theft announced
A threat actor going by the name of IntelBroker is claiming to be in possession of documents belonging to the Five Eyes Intelligence Group. According to a post made by the group on a darkweb forum, the data stolen allegedly includes “full names, government and military email addresses, office and personal phone numbers, and classified information and communications between the Five Eyes, 14 Eyes and U.S. allies.” The group states that they breached a Virginia-based federal technology consultancy named Acuity Inc., which works directly with the U.S. government and its allies, and which claims to have “deep expertise” in areas such as IT modernization, DevSecOps, cybersecurity, data analytics, and operations support.
Cancer center data breach affects 800,000
City of Hope, a cancer treatment and research center based in Duarte, California, and with a network of clinical practice locations and offices across the U.S., is now sending out breach notifications. This is in relation to an incident that occurred between September 19 and October 12, 2023. The center says the data stolen data includes names, dates of birth, email addresses, phone numbers, driver’s license numbers, ID numbers, Social Security numbers, bank account numbers, credit card details, health insurance information, and medical information. Some of these individuals had been notified in December but not all had been identified until late March 2024, the center said.
Android Pixel phone zero-day flaws being exploited by forensic companies
Google is warning of two high-severity zero-day vulnerabilities that may be under what they describe in an April 2 advisory as limited, targeted exploitation. Numbered CVE-2024-29745 and 29748, the maintainers of the open-source Android operating system GrapheneOS stated, “”Forensic companies are rebooting devices in After First Unlock state into fastboot mode on Pixels and other devices to exploit vulnerabilities there and then dump memory.”
Proton accuses Outlook of spying on customers and selling their data
Calling Outlook for Windows “a surveillance tool for targeted advertising,” Edward Komenda of Proton Mail describes how European users of Outlook for Windows are being offered an accept/reject modal that describes how Microsoft shares user information with 801 of its closest partners. Such notifications are not offered to U.S. users, he says, due to a lack of similar cohesive privacy legislation. The messaging includes a listing of advertising partners who will have access to the data. Komenda points out that some of these ads are already appearing as inbox messaging. He adds that Microsoft does offer opt-out choices, but the techniques for doing so vary with each advertising partner.
(Proton)
领英推荐
Huge thanks to this week’s episode sponsor, Vanta
New HTTP/2 vulnerability exposes web servers to DoS attacks
Security researcher Bartek Nowotarski reported the issue to the CERT Coordination Center in late January. His research shows that “the CONTINUATION frame in the HTTP/2 protocol can be exploited to conduct denial-of-service (DoS) attacks.” Codenamed HTTP/2 CONTINUATION Flood, the vulnerability deal with incorrect handling of HEADERS and multiple CONTINUATION frames that make a DoS condition possible.
Ivanti pledges security overhaul
Following numerous breaches that have been traced back to Ivanti products, the company’s CEO, Jeff Abbott, has published an open letter along with a 6-minute video in which he pledges to overhaul how his company “builds its products and how it communicates with customers about vulnerabilities.” The breaches in question occurred at CISA and government agencies in Norway. Abott adds that Ivanti plans to adhere to a Secure-By-Design ethos, embedding security “into every stage of the software development lifecycle.”??
Leicester City council confirms ransomware attack
The UK city, about 100 miles north of London, has confirmed that confidential data has been published online following an incident that was identified on March 7. Three TB of data was lifted by the Inc Ransom Group, and these include “including rent statements, applications to purchase council housing and personal identification documents such as passport information.” The group has posted examples of the stolen data on its data leak site. Oliver Spence, CEO of UK security firm Cybaverse, suggested a ransom payment is unlikely given the UK government’s opposition to making ransom payments, meaning the group may be “motivated by damage, rather than money, which means more public bodies could be on its target list.”
Japanese lens manufacturer Hoya suffers cyberattack
The Tokyo headquartered manufacturer of eyeglass lenses, contact lenses, intraocular lenses, and medical equipment lenses has halted production at some plants, following an incident affecting central IT operations that was “was likely the result of unauthorized access to its systems.” Internal investigations are still being conducted and the company has not yet elaborated on the nature of the attack.