SecureFact - Cyber Security News - Week of August 26, 2024
Data Breaches
1. European Parliament Faces Data Breach: Noyb Files Complaints with EDPS Over GDPR Violations
The European Parliament is facing significant scrutiny following a data breach that compromised the personal information of over 8,000 current and former employees. The breach occurred in the Parliament's recruitment platform, known as "PEOPLE," and involved sensitive data such as ID cards, passports, and even marriage certificates, which could expose applicants' sexual orientations. Privacy advocacy group noyb has filed two complaints with the European Data Protection Supervisor (EDPS), citing violations of the EU General Data Protection Regulation (GDPR) and calling for corrective actions and potential fines.
2. CannonDesign confirms Avos Locker ransomware data breach
CannonDesign, a prominent architectural and engineering firm, has confirmed a data breach that occurred in early 2023 due to an Avos Locker ransomware attack. The breach resulted in the theft of 5.7 TB of data, including names, addresses, social security numbers, and driver's license numbers of over 13,000 clients. The attack took place between January 19-25, 2023, but CannonDesign only discovered the intrusion on January 25 and completed the investigation on May 3, 2024. The stolen data was subsequently published online multiple times by various hacker groups, including Dunghill Leaks in September 2023 and on dark web forums in February and July 2024. CannonDesign is offering 24-month credit monitoring through Experian to affected individuals to mitigate the risks associated with the data exposure, although the notification comes with a significant delay.
3. US oil giant Halliburton confirms cyberattack behind systems shutdown
Halliburton, a major player in the energy sector, confirmed that it was the target of a cyberattack that led to the shutdown of some of its systems on August 21, 2024. The company reported to the U.S. Securities and Exchange Commission (SEC) that an unauthorized third party gained access to its systems, prompting an immediate activation of its cybersecurity response plan and an internal investigation, supported by external advisors. To contain the breach, Halliburton proactively took certain systems offline and notified law enforcement.
4. Toyota confirms third-party data breach impacting customers
Toyota has confirmed a data breach involving customer information due to a third-party incident. A hacker group known as ZeroSevenGroup leaked 240GB of stolen data on a hacking forum, claiming to have accessed a U.S. branch of Toyota. The leaked data includes sensitive information about employees and customers, financial documents, and network infrastructure details. Toyota stated that while they are aware of the situation, their own systems were not compromised. The breach appears to have originated from a third-party entity misrepresented as Toyota, although the company has not disclosed the name of this entity.
5. Data leak affecting everyone in the US, UK, and Canada was even worse than we thought
A significant data leak has exposed the personal information of nearly everyone in the US, UK, and Canada, revealing around 2.7 billion records that include names, mailing addresses, and social security numbers. Alarmingly, this data was not encrypted, making it highly vulnerable. Recent reports indicate that the situation worsened when a partner company accidentally published its own login credentials on its homepage, allowing unrestricted access to the sensitive data. Additionally, another data broker inadvertently disclosed its database passwords in a publicly accessible file. The exposed records suggest that users were assigned a common six-character password, many of whom failed to change it, further increasing the risk of unauthorized access.
6. FlightAware configuration error leaked user data for years
A configuration error at FlightAware, a major flight tracking platform, has led to the exposure of user data for over three years, from January 1, 2021, until its discovery on July 25, 2024. The error may have compromised personal information, including user IDs, passwords, email addresses, and potentially other sensitive data such as full names, addresses, IP addresses, and Social Security numbers. In response, FlightAware is requiring affected users to reset their passwords upon their next login and is offering a 24-month identity protection package through Equifax.
Malware and Vulnerabilities
1. Critical Flaw in WordPress LiteSpeed Cache Plugin Allows Hackers Admin Access
Cybersecurity researchers have disclosed a critical security flaw (CVE-2024-28000, CVSS score: 9.8) in the LiteSpeed Cache plugin for WordPress that could permit unauthenticated users to gain administrator privileges. The vulnerability, which has been patched in version 6.4 of the plugin released on August 13, 2024, impacts all versions of the plugin, including and prior to 6.3.0.1. The vulnerability allows an unauthenticated attacker to spoof their user ID and register as an administrative-level user, effectively granting them privileges to take over a vulnerable WordPress site
2. GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges
GitHub has addressed three security vulnerabilities in its Enterprise Server (GHES) product, including a critical flaw (CVE-2024-6800) that allows attackers to gain site administrator privileges through SAML single sign-on (SSO) authentication. This vulnerability has a CVSS score of 9.5 and affects instances using specific identity providers with publicly exposed signed federation metadata XML. In addition to the critical issue, GitHub also patched two medium-severity flaws
3. CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw impacting Jenkins to its Known Exploited Vulnerabilities (KEV) catalog, following its exploitation in ransomware attacks. The vulnerability, tracked as CVE-2024-23897 (CVSS score: 9.8), is a path traversal flaw that could lead to code execution. It was first disclosed by Sonar security researchers in January 2024 and addressed in Jenkins versions 2.442 and LTS 2.426.3 by disabling the command parser feature
4. Microsoft Copilot Studio Exploit Leaks Sensitive Cloud Data
A vulnerability identified as CVE-2024-38206 in Microsoft Copilot Studio has been exploited, leading to the leakage of sensitive cloud data. This flaw allows attackers to manipulate HTTP requests to gain unauthorized access to cloud resources, potentially compromising confidential information. The exploit primarily affects users of Microsoft 365 Copilot and Azure OpenAI Service, enabling attackers to extract sensitive data from cloud environments.