SecureFact - Cyber Security News - Week of March 25, 2024

Data Breach

1. Misconfigured Firebase Instances Expose 125 Million User Records

Cybersecurity researchers revealed that misconfigured Firebase instances exposed close to 19 million plaintext passwords and more than 125 million sensitive user records, including emails, names, passwords, phone numbers, and billing information with bank details. The exposed data was found on the public internet due to misconfigurations in instances of Firebase, a Google platform for hosting databases, cloud computing, and app development.

2. New Zealand media company: Hackers directly targeting individuals after alleged data breach

The data breach at MediaWorks, a New Zealand media company, involved the theft of data from over 2.4 million individuals, leading to direct extortion attempts by hackers targeting affected individuals for Bitcoin payments. The stolen data included personally identifiable information like names, addresses, dates of birth, phone numbers, and email contacts from website competition entries. MediaWorks confirmed the breach, stating that the compromised database contained various personal details but did not include financial information like card numbers or passwords.

3. Nations Direct Mortgage alerts 83,000 to personal data leaks from December cyberattack

Nevada-based Nations Direct Mortgage said more than 83,000 customers were affected by a late 2023 data breach that leaked Social Security numbers and other sensitive information.?In letters sent to victims, the company informed that an unauthorized third party obtained access to and potentially removed data of certain individuals from across the country. Based on their investigation, the company said that the victims' name, address, social security number, and unique Nations Direct loan number may have been obtained by the unauthorized third-party bad actor.

4. SCAA Suffers Cyberattack: 70,000 Members’ Data Potentially Compromised

The South China Athletic Association (SCAA) was rocked by a cyberattack as unauthorized third parties breached the organization’s computer servers, sparking concerns over the security of member data, potentially affecting the data of 70,000 members. Despite the severity of the cyberattack, there is no evidence yet of personal data compromise. The SCAA has taken immediate action to address the breach and shut down affected computer equipment.

5. Jacksonville Beach and other US municipalities report data breaches following cyberattacks

The city government of Jacksonville Beach reported that nearly 50,000 individuals had their personal information accessed during a January cyberattack. In letters to victims, the city said names and Social Security numbers were obtained by the hackers.

6. Fujitsu found malware on IT systems, confirms data breach

Japanese tech giant Fujitsu discovered malware on several of its systems, leading to a data breach where hackers stole customer data. The company confirmed the presence of malware on its business computers, which resulted in the illicit removal of files containing personal and customer information.

Malware and Vulnerabilities

1. Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own

Mozilla recently addressed two critical zero-day vulnerabilities in Firefox that were exploited during the Pwn2Own event. The first vulnerability (CVE-2024-29943) allowed an attacker to perform out-of-bounds read or write on a JavaScript object by manipulating range-based bounds check elimination. The second vulnerability (CVE-2024-29944) enabled an attacker to inject an event handler into a privileged object, leading to arbitrary JavaScript execution in the parent process. These vulnerabilities affected desktop versions of Firefox but not mobile versions.

2. Critical flaw in Atlassian bamboo data center and server must be fixed immediately

The most severe vulnerability, identified as CVE-2024-1597 with a CVSS score of 10, is a SQL injection flaw that affects the third-party dependency of Bamboo Data Center and Server. This vulnerability could allow an unauthenticated attacker to expose assets in the environment, posing high risks to confidentiality, integrity, and availability without requiring user interaction.

3. Exploit released for Fortinet RCE bug used in attacks, patch now

Security researchers have released a proof-of-concept exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, tracked as CVE-2023-48788, which is actively exploited in attacks. This vulnerability is an SQL injection flaw in the DB2 Administration Server component, allowing unauthenticated threat actors to achieve remote code execution with SYSTEM privileges on unpatched servers.