Fortinet breach, RansomHub extorts Kawasaki, TfL password resets
Subscribe to Cyber Security Headlines podcast
Spotify, Apple Podcasts, RSS link, add as an Alexa Skill, or search "Cyber Security Headlines" on your favorite podcast app.
In today’s cybersecurity news…
Fortinet confirms customer data breach
Cybersecurity giant Fortinet has confirmed it suffered a data breach after a threat actor claimed to steal 440 GB of files from the company’s Microsoft Azure Sharepoint server. Early Friday morning, a threat actor said they moved the trove of stolen data to an S3 bucket where other threat actors can now download it. The threat actor (known as “Fortibitch”) claims they tried to extort Fortinet but the company refused to pay the ransom. Fortinet confirmed customer data was stolen from a “third-party cloud-based shared file drive” but said the incident affected less than 0.3% of its customer base. The company also said the incident did not involve any data encryption, ransomware, or access to Fortinet’s corporate network.
RansomHub threatens to leak stolen Kawasaki data
Kawasaki Motors Europe (KME) has announced that it is working to recover from a cyberattack that targeted its EU headquarters. KME initially indicated the attack was unsuccessful and that its servers had been isolated until a strategic recovery plan was initiated. However, the RansomHub gang subsequently added Kawasaki to its dark web extortion portal on September 5, 2024, claiming that it stole 487 GB of Kawasaki data from its networks. RansomHub gave KME a deadline of this past Saturday to pay a ransom after which they planned to publish the stolen data. KME estimates that 90% of its server infrastructure will have been restored by the start of this week.
Update: Transport for London requires in-person password resets
Cyber Security Headlines has been covering the incident that affected Transport for London (TfL) two weeks ago.[1][2] TfL initially indicated there was ‘no evidence’ that customer data was affected by the incident before removing that statement from its website. TfL now says that all staff (roughly 30,000 employees) must attend in-person appointments to verify their identities and reset their passwords. On Thursday, UK authorities arrested a 17-year-old male from Walsall in connection with the TfL incident, but later released him on bail. Back in July, a 17-year-old male from Walsall was also arrested for possible ties to the MGM Resorts ransomware attack
Record settlement reached for hacked patient photos
A case involving hacked medical records affecting patients and employees at Lehigh Valley Health Network (LVHN), an independent healthcare network based in Pennsylvania, has been settled for a record-breaking $65 million. The case was filed in March 2023 and involved nearly 135,000 patients and employees. The exposed data included home addresses, email addresses, dates of birth, Social Security numbers and passport info and various medical data including nude photos of cancer patients. Victims named in the settlement will receive payments ranging from $50 to $70,000 with maximum amounts going to individuals who had their hacked photos published online.
领英推荐
Thanks to today’s episode sponsor, Conveyor
23andMe reaches $30 million breach settlement
And in other data breach settlement
Port of Seattle refuses to pay ransom
In an update to a story we brought to you earlier this month on Cyber Security Headlines, on Friday, officials confirmed that the Port of Seattle refused to pay a ransom to cybercriminals after a cyberattack caused issues at the city’s airport and seaport ahead of the Labor Day holiday. Steve Metruck, executive director of the Port of Seattle, said they are making progress in restoring affected systems but “paying the criminal organization would not reflect Port values or our pledge to be a good steward of taxpayer dollars.” The attack has been attributed to the Rhysida ransomware group, the same group that is responsible for recent attacks on the city of Columbus, Ohio and several leading hospitals.?
Over 1 million Android-based TV boxes backdoored
On Thursday, Security firm Doctor Web reported that malware named “Android.Vo1d” has backdoored nearly 1.3 million Android-based streaming boxes across nearly 200 countries. The malware resides in the system storage area of infected devices where it can be updated at any time by command-and-control servers. Google said the infected devices are running operating systems based on the Android Open Source Project, a version overseen by Google but distinct from Android TV, a proprietary version that is restricted to licensed device makers. The researchers now have a thorough understanding of how the malware operates but are still not clear what attack vector led to the infections.
Cybersecurity documentary premieres as study shows why people should watch it
Cyber Florida at USF, in partnership with Cisco and WiCyS (Women in Cybersecurity), hosted the premiere of the cybersecurity documentary entitled ‘Do We Belong Here?’. The documentary highlights inspirational stories of perseverance and success shared by women and other underrepresented groups in the cybersecurity industry. The documentary is available on the Cyber Florida at USF YouTube channel. This comes just as the Washington Post reported on new analysis (from the Equal Employment Opportunity Commission) showing that the share of women in the high-tech industry has barely budged over the past two decades even as the number of lucrative jobs in the field has soared over that same period. In 2022, women made up just 22.6 percent of workers in high-tech roles, just over a half percent rise versus 2005, when women filled 22 percent of tech roles.
(Dark Reading and WaPo)