SecureFact - Cyber Security News - Week of June 10, 2024

Data Breach

1. The Snowflake Attack May Be Turning Into One of the Largest Data Breaches Ever

A recent data breach at Snowflake, a cloud storage company, has the potential to become one of the largest data breaches ever. The breach began when hackers attempted to access Snowflake customer accounts using stolen login details. Initially, Snowflake reported that a "limited number" of accounts were accessed, but since then, cybercriminals have claimed to be selling stolen data from two major firms, allegedly taken from Snowflake accounts. Hundreds of Snowflake customer passwords have been found online and are accessible to hackers. The scope and scale of the attack are still unclear, but it has been linked to data breaches at Ticketmaster and Santander. Two additional companies, Advance Auto Parts and LendingTree, have been implicated in the breach, with claims of 380 million and 190 million customer details being stolen, respectively.

2. Collection agency FBCS ups data breach tally to 3.2 million people

Collection agency Financial Business and Consumer Solutions (FBCS) has updated the number of people affected by a data breach that occurred in February. Initially, the agency reported that approximately 1.9 million people were impacted, but it has now been confirmed that over 3.2 million individuals have been compromised. The stolen data includes full names, Social Security Numbers, dates of birth, account information, and driver's license numbers or ID cards.

3. Corse GSM Data Breach: 200,000 Customer Details of French Telecom Giant Allegedly Compromised

Corse GSM, a major French telecommunications company, has allegedly suffered a data breach that compromised the personal details of around 200,000 customers. The breach was attributed to a hacker known as 'ShopifyGUY' who claimed to have infiltrated Corse GSM's systems. The exposed customer data is believed to include sensitive information like names, addresses, phone numbers, and other personal details. The incident has raised serious concerns about data security practices in the telecom industry and the need for companies to prioritize cybersecurity investments.

4. Major ransomware attack strikes busy hospital system, prompting canceled operations and appointments

A major ransomware attack has struck a busy hospital system, causing significant disruptions to operations and appointments. The attack targeted Synnovis, a leading provider of lab services, which resulted in interruptions to numerous services and a ripple effect on the delivery of healthcare services. The impact was felt at several London hospitals, including Guy's and St Thomas', King's College Hospital NHS Foundation Trusts, and primary care services in southeast London. The attack led to blood transfusions being particularly affected, and patients were informed that operations and appointments were being canceled due to the incident. These attacks are the costliest and most disruptive form of cybercrime, affecting local governments, court systems, hospitals, schools, and businesses worldwide

5. PandaBuy Allegedly Hacked: 17 Million Users’ Data Exposed, Hackers Demand $40,000

PandaBuy, a UK-based e-commerce platform known for selling counterfeit products, has suffered a data breach affecting over 17 million user records. The breach was claimed by a threat actor named Sanggiero, who operates on BreachForums and posted an advertisement offering the stolen data for sale. The compromised data includes sensitive information such as first names, last names, user IDs, email addresses, order data, order IDs, login IP addresses, countries, employee names, and hashed passwords. Sanggiero shared a screenshot of the compromised JSON file and the total number of records to prove the authenticity of the breach. The threat actor claims to have obtained the data by exploiting critical vulnerabilities in PandaBuy's platform and plans to publicly disclose these weaknesses on their blog soon.

6. Australian mining company discloses breach after BianLian leaks data

Australian mining company Northern Minerals disclosed a cybersecurity breach after the BianLian ransomware group leaked some of the stolen data on the dark web. The company, which focuses on the exploration and development of heavy rare earth elements like dysprosium and terbium, was targeted in late March 2024. The leaked data included corporate, operational, financial information, and details related to current and former personnel, as well as some shareholder information. Northern Minerals notified the Australian Cyber Security Centre, the Office of the Australian Information Commissioner, and impacted individuals about the incident.

7. Google collected children’s voices, license plate numbers and car pool routes, privacy breach leak reveals: report

A recent report by 404 Media has revealed several alarming privacy breaches by Google between 2013 and 2018. These incidents include the collection of children's voice data, logging of car pool routes with home addresses, and the exposure of email addresses, geolocation information, and IP addresses of one million users. The first reported incident involved the speech command function of the YouTube Kids app, which logged approximately 1,000 children's voice utterances. Google claimed it was a bug within the Google Assistant feature that was soon rectified. The leaked report stated that the logged speech data was deleted from the affected time period. children, after acquiring the company Socratic.org .

Malware and Vulnerabilities

1. Microsoft announces first Windows 10 Beta build since 2021

Microsoft has reopened the Windows 10 beta channel, allowing Insiders to join or switch to receive a new beta build in the coming weeks. This marks the first Windows 10 beta build since 2021. The move aims to provide a platform for active feature development and testing with Windows Insiders before releasing new features to all Windows 10 customers.

2. 7-year-old Oracle WebLogic bug under active exploitation

A seven-year-old Oracle WebLogic vulnerability, identified as CVE-2017-3506, has been added to the Known Exploited Vulnerability (KEV) catalog by the Cybersecurity and Infrastructure Security Agency (CISA). This vulnerability allows for remote command execution on affected operating systems and carries a severity rating of 7.4.

?3. New Fog ransomware targets US education sector via breached VPNs

A new ransomware operation named "Fog" has been targeting educational organizations in the United States through compromised VPN credentials. The operation was discovered by Artic Wolf Labs and has not set up an extortion portal yet, but it was observed stealing data for double-extortion attacks. The ransomware uses compromised VPN credentials to breach networks, disables Windows Defender, and encrypts files with extensions like ".FOG" or ".FLOCKED."

4. Researchers Urge Immediate Action on New EmailGPT Vulnerability Exposing Users to Data Breach

Researchers at CyRC have identified a critical security flaw in EmailGPT, an AI-powered email writing assistant and Google Chrome extension. The vulnerability, known as prompt injection (CVE-2024-5184), allows malicious actors to manipulate the service, potentially leading to the compromise of sensitive data. The core of this vulnerability is the exploitation of the API service, which enables attackers to inject direct prompts, gaining control over the service's logic.