SecureFact - Cyber Security News - Week of September 02, 2024
Data Breaches
1. Park’N Fly notifies 1 million customers of data breach
Park'N Fly has notified approximately 1 million customers in Canada about a data breach that exposed personal and account information. The breach occurred between July 11 and July 13, 2024, when hackers accessed the company's network using stolen VPN credentials. On August 1, Park'N Fly confirmed that customer data had been compromised. The exposed information includes full names, email addresses, physical addresses, Aeroplan numbers, and CAA numbers, however, no financial or payment card data was affected
2. Patelco notifies 726,000 customers of ransomware data breach
Patelco Credit Union has notified 726,000 customers of a data breach following a ransomware attack attributed to the RansomHub gang. The breach occurred after unauthorized access to their network on May 23, 2024, and a subsequent ransomware attack on June 29, which led to a two-week shutdown of customer-facing systems to mitigate damage. The stolen data includes sensitive personal information such as full names, Social Security numbers, driver's license numbers, dates of birth, and email addresses.
3. Google Cloud Bucket Leak Tied to Shark Tank Contestant, Exposed Data of 83,000 People
A recent incident involving Google Cloud Storage has revealed a significant data leak due to improperly configured storage buckets. The leak exposed sensitive information belonging to various organizations, including personal data, financial records, and confidential business documents. The vulnerability stemmed from misconfigurations that allowed unauthorized access to these storage buckets. Security researchers discovered that the exposed data could be accessed without any authentication, raising serious concerns about data protection practices within cloud services.
4. Chip Giant AMD Hit by Second Alleged Cyberattack in 2024
Advanced Micro Devices (AMD) has experienced a second cyberattack in 2024, compromising sensitive internal communications and employee information. This incident is attributed to the criminal groups IntelBroker and EnergyWeaponUser, who are reportedly selling the stolen data on dark web marketplaces. The breach includes user credentials, internal resolutions, and detailed case descriptions. This attack follows a previous incident in June 2024, also linked to IntelBroker, which involved a significant data leak. AMD is currently investigating the breach and has stated they are working to understand its implications.
5. FBI: RansomHub ransomware breached 210 victims since February
Since its emergence in February 2024, the RansomHub ransomware has breached over 210 victims across various critical sectors in the U.S., including healthcare, telecommunications, and government services. This ransomware-as-a-service (RaaS) operation primarily focuses on data theft rather than file encryption, threatening to leak stolen data if victims do not comply with demands. Notable breaches include those of Patelco credit union, Rite Aid, Christie's auction house, and Frontier Communications, which exposed personal information of over 750,000 customers.
6. Durex India’s Security Lapse Reveals Personal Data of Customers
Durex India has reportedly experienced a significant data breach that exposed sensitive customer information due to inadequate security measures on its order confirmation page. Discovered in late August 2024 by security researcher Sourajeet Majumder, the breach allowed access to customers' full names, phone numbers, email addresses, shipping addresses, ordered items, and payment details. The breach raises serious concerns about data security, particularly given the intimate nature of the products involved, which could lead to social harassment or moral policing in conservative regions.
领英推荐
7. DICK'S shuts down email, locks employee accounts after cyberattack
DICK'S Sporting Goods has recently experienced a cyberattack that led to the exposure of confidential information. The breach was detected on August 21, 2024, prompting the company to shut down its email systems and lock employee accounts to contain the threat. Employees are currently unable to access their accounts and must verify their identities manually to regain access.
Malware and Vulnerability
1. Critical WPML Plugin Flaw Exposes Millions of WordPress Sites to Remote Code Execution
A critical vulnerability, identified as CVE-2024-6386, has been discovered in the WPML (WordPress Multilingual) plugin, which affects millions of WordPress websites. This flaw allows attackers with contributor-level access or higher to execute arbitrary code on the server, potentially leading to complete site takeover. The vulnerability arises from improper sanitization of user input within Twig templates used for rendering short codes, enabling server-side template injection (SSTI) attacks.
2. Cicada3301 ransomware’s Linux encryptor targets VMware ESXi systems
Cicada3301, a new ransomware-as-a-service (RaaS) operation, has emerged, specifically targeting VMware ESXi systems with its Linux encryptor. Since its promotion began on June 29, 2024, the group has already listed 19 victims on its extortion portal. The operation employs double-extortion tactics, breaching networks to steal data before encrypting it, and threatening to leak the information unless a ransom is paid.
3. GitHub comments abused to push password stealing malware masked as fixes
Cybercriminals have been exploiting GitHub comments to distribute malware that steals passwords and other sensitive information. The malware is disguised as software patches or fixes for various applications, tricking users into installing it. The malicious code is typically hidden in the comments section of GitHub repositories, where developers often share code snippets and fixes. Attackers take advantage of this by posting malicious code alongside legitimate-looking comments, making it appear as if it's a genuine fix for a software vulnerability.