SecureFact - Cyber Security News - Week of December 02, 2024

Data Breaches

1. Facebook users affected by data breach eligible for compensation, German court says

A German court has ruled that Facebook users affected by a major data breach are eligible for compensation. The Federal Court of Justice (BGH) determined that victims can claim damages based on the loss of control over their personal data, without needing to prove specific financial losses or misuse of their data. This ruling stems from a 2018-2019 incident where hackers accessed data from approximately 533 million users through a loophole in Facebook's search function, leading to a leak in April 2021. The court's decision overturned a previous dismissal by a lower court, which required proof of tangible harm for compensation claims.The BGH suggested that compensation could be around €100 ($105) per user, significantly impacting Meta Platforms Inc., given that about six million German users were affected.

2. Bologna FC confirms data breach after RansomHub ransomware attack

Bologna Football Club 1909 has confirmed a data breach following a ransomware attack by the RansomHub group, which occurred on November 19, 2024. The attackers have leaked sensitive data online, including personal information of players, financial records, sponsorship contracts, and medical records. Bologna FC issued a warning against downloading or sharing the stolen data, highlighting the legal consequences of such actions. RansomHub claimed that the club's management failed to secure the confidential data, leading to the publication of the complete dataset on the dark web after a ransom demand was not met.

3. Chinese hackers breached T-Mobile's routers to scope out network

Chinese hackers, identified as part of the "Salt Typhoon" group, successfully breached T-Mobile's routers to probe the company's network. T-Mobile reported that the attack before it could escalate or compromise customer data, thanks to their cybersecurity measures, including proactive monitoring and network segmentation. The breach was detected when suspicious commands associated with reconnaissance activities were executed on T-Mobile's routers. Jeff Simon, T-Mobile's Chief Security Officer, emphasized that no sensitive customer information, such as calls or texts, was accessed during this incident. The attack originated from a connected wireline provider's network, which T-Mobile quickly disconnected due to security concerns.

4. Zello asks users to reset passwords after security incident

Zello has issued a warning to its users, advising them to reset their passwords if their accounts were created before November 2, 2024, following a potential security incident. This alert comes after many users received notifications on November 15, urging them to change their passwords as a precautionary measure. The company has not confirmed whether this situation stems from a data breach or a credential stuffing attack, but it suggests that unauthorized individuals may have gained access to user passwords. Zello, which serves around 140 million users primarily in emergency services and communication sectors, has not provided further details regarding the incident. Users have been encouraged to also update passwords for other online services if they share the same credential.

5. New York fines Geico $9.8 million over data breach

New York's Attorney General has imposed a $9.75 million fine on Geico due to significant data breaches that compromised the personal information of approximately 116,000 drivers in the state. The breaches occurred during the COVID-19 pandemic, when cyberattacks targeting sensitive data surged, particularly for fraudulent unemployment claims. Both Geico and Travelers Indemnity Company were found to have violated state data protection regulations by failing to implement adequate security measures. Travelers was fined $1.55 million for a separate breach affecting around 4,000 individuals24. The investigations revealed that attackers exploited vulnerabilities in Geico's insurance quoting tools and Travelers' agent portal, which lacked multifactor authentication, leading to unauthorized access and data theft

Malware and Vulnerabilities

1. Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint

Microsoft is addressing a widespread outage affecting Microsoft 365 services, including Exchange Online, Microsoft Teams, and SharePoint Online. The disruption began approximately six hours prior to the company's acknowledgment and has led to thousands of user reports regarding connectivity issues with additional services like OneDrive and Outlook. The company confirmed that the outage is preventing access to Exchange Online through various platforms, including Outlook on the web and desktop. Microsoft attributed the issue to a "recent change" and has initiated a fix, which is currently being deployed across the affected infrastructure. They are also performing manual restarts on some systems that are not functioning properly. As of now, about 60% of the impacted environments have received the fix, and Microsoft is actively monitoring the situation

2. Critical Flaw in Oracle Agile PLM Framework Exposes Sensitive Data: Patch Now

CERT-In (Computer Emergency Response Team – India) has flagged a significant security vulnerability (CVE-2024-21287) in Oracle’s Agile Product Lifecycle Management (PLM) software, specifically affecting version 9.3.6. Identified on November 26, 2024, this vulnerability is categorized as a high-risk Information Disclosure Vulnerability, which could allow authenticated remote attackers to access sensitive data within Oracle Agile PLM systems. The flaw arises from improper authentication mechanisms, enabling attackers to exploit the system via HTTP connections without needing valid user credentials. This poses a serious risk of data breaches, intellectual property theft, and unauthorized manipulation of product lifecycle management data.

3. Novel phising campaign uses corrupted Word documents to evade security

A new phishing campaign has emerged that exploits Microsoft Word's file recovery feature by sending intentionally corrupted Word documents as email attachments. These documents, which appear to originate from payroll and human resources departments, are designed to bypass security software due to their damaged state while remaining recoverable by the application. The corrupted files prompt users with a message indicating unreadable content, offering a recovery option. Once recovered, the documents instruct users to scan a QR code, which redirects them to a phishing site mimicking a Microsoft login page to steal credentials.