📊 2023 OpenText Cybersecurity Threat Report
News, Announcements, Tech Discussions
The hijacked data includes driver’s license numbers and/or social security numbers from a Caesars Entertainment loyalty database. September 14, 2023 By Ryan Naraine Caesars Entertainment, Inc., a well-known global hospitality brand, has been hacked by a cybercrime gang that stole a vast chunk of data, including the company’s loyalty program database.In a filing with the SEC, Caesars said the hijacked data includes driver’s license numbers and/or social security numbers for a significant number of members in the database and provided a hint that a ransomware demand was paid to minimize the damage.“We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result,” Caesars said in the 8-K filing. We are monitoring the web and have not seen any evidence that the data has been further shared, published, or otherwise misused.” >> Full Article <<
The ransomware group is a collection of young adults who also recently breached Caesars Entertainment and made a ransom score in the tens of millions. September 14, 2023 By Becky Bracken A threat group called "Scattered Spider" is reportedly behind the Sept. 10 MGM Resorts cyberattack, which days later is still keeping systems offline across the conglomerate's more than 30 hotels and casinos scattered around the globe.According to a Reuters report that attributes the attack, citing sources familiar with the matter, the Scattered Spider ransomware group is believed to be made up of young adults in the US and UK. The group is known for using social engineering schemes to trick users into handing over their login credentials and is tracked as an affiliate for the BlackCat/ALPHV ransomware. >> Full Article <<
September 14, 2023 By Mark Stockley The consequences of last year's LastPass breach continue to be felt, with the latest insult to users coming in the form of a highly convincing phishing email.Although the "unauthorized party" that compromised LastPass users' data was able to steal password vaults, it's likely that they are having a hard time cracking them open. LastPass's own assessment was that "it would be extremely difficult to attempt to brute force guess master passwords for those customers who follow our password best practices."Brute force guessing techniques may be successful for some weak passwords, but it's an approach that quickly runs out of steam. The frequency with which passwords are uncovered diminishes exponentially, and the cost per password increases in the same way. So while some passwords will be so strong they are effectively uncrackable, many weaker ones are likely to be safe simply because they're too costly to uncover.However, there is another, far easier wa
Firefox is opened in a sandbox (Sandboxie) with Webroot SecureAnywhere running. When Firefox is updated I go through a 4 minute process that allows this. Sometimes Firefox will not open. I would View Status on Webroot, click “Identity Protection” and select tab “Application Protection”. Firefox would be set to “Protect”. Changing that to “Allow” resolved the issue.Recently Firefox was updated, then Webroot was updated, Firefox would not load. No problem…. However, now “Application Protection” no longer exists so, to run Firefox I must shut down Webroot. In Running Processes, Firefox is marked “Allow” but that has always been the case when Firefox was running. Customer Support has not responded to my query. I’m hoping there is a solution.
September 14, 2023 By Pierluigi Paganini Researchers discovered three security flaws in Kubernetes that can lead to remote code execution on Windows endpoints.Akamai researchers recently discovered a high-severity vulnerability in Kubernetes tracked as CVE-2023-3676 (CVSS 8.8). This identification of this issue led to the discovery of two more vulnerabilities tracked as CVE-2023-3893, and CVE-2023-3955 (CVSS 8.8). All three vulnerabilities were caused by insecure function call and the lack of user input sanitization.The vulnerability can be exploited to gain remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster. An attacker can trigger the issue by applying a malicious YAML file on the cluster. >> Full Article <<
Personal details of thousands of police officers and staff from Greater Manchester Police have been hacked from a company that makes identity cards. September 14, 2023 By Associated Press Personal details of thousands of police officers and staff from Greater Manchester Police have been hacked from a company that makes identity cards, the second such cyberattack to affect a major British police force in less than a month.Details on identity badges and warrant cards, including names, photos and identity numbers or police collar numbers, were stolen in the ransomware attack, Greater Manchester Police said Thursday. The third-party supplier was not identified.The force said no home addresses of officers or any financial information about individuals was stolen. >> Full Article <<
September 13, 2023 In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle “USDoD” had infiltrated the FBI‘s vetted information sharing network InfraGard, and was selling the contact information for all 80,000 members. The FBI responded by reverifying all InfraGard members and by seizing the cybercrime forum where the data was being sold. But on Sept. 11, 2023, USDoD resurfaced after a lengthy absence to leak sensitive employee data stolen from the aerospace giant Airbus, while promising to visit the same treatment on top U.S. defense contractors.USDoD’s avatar used to be the seal of the U.S. Department of Defense. Now it’s a charming kitten.In a post on the English language cybercrime forum BreachForums, USDoD leaked information on roughly 3,200 Airbus vendors, including names, addresses, phone numbers, and email addresses. USDoD claimed they grabbed the data by using passwords stolen from a Turkish airline employee who had third-party access to Airbus’
September 13, 2023 By Bill Toulas The Agence Nationale des Fréquences (ANFR) has asked Apple to withdraw iPhone 12 smartphones from the French market because the device emits radiofrequency energy that is beyond the limit permitted to be absorbed by the human body.The agency tested over 140 mobile devices from various vendors to check for compliance with specific absorption rate (SAR) values.SAR is a a measure of the rate of RF (radiofrequency) energy absorption by the body from a source that is measured, a mobile phone in this case. It provides a means to evaluate exposure to the transfer of energy by radio waves. >> Full Article <<
September 13, 2023 By Jérôme Segura A new malvertising campaign is targeting corporate users who are downloading the popular web conferencing software Webex. Threat actors have bought an advert that impersonates Cisco's brand and is displayed first when performing a Google search.We are releasing this blog to warn users about this threat as the malicious ad has been online for almost one week. The malware being used in this campaign is BatLoader, a type of loader that is very good at evading detection.Note that Webex has not been compromised, this is a malicious campaign where threat actors are impersonating well-known brands to distribute malware.Ad campaign detailsFor the past several days, we saw the same malicious ad whenever we searched for Webex. The advert is shown to users before the organic result and yet looks even more genuine as it is displaying the brand's logo: In fact, the ad looks entirely legitimate as it not only uses the Webex logo but also shows the official website
September 13, 2023 By Pierluigi Paganini 3AM is a new strain of ransomware that was spotted in a single incident in which the threat actors failed to deploy the LockBit ransomware in the target infrastructure.Symantec’s Threat Hunter Team discovered a new ransomware family, which calls itself 3AM, that to date has only been deployed in a single incident in which the threat actors failed to deploy the LockBit ransomware.The threat actors managed to deploy the ransomware to three computers on the target organization’s network, but it was blocked on two of those three machines. >> Full Article <<
September 13, 2023 By Sergiu Gatlan Software bug-tracking company Rollbar disclosed a data breach after unknown attackers hacked its systems in early August and gained access to customer access tokens.The security breach was discovered by Rollbar on September 6 when reviewing data warehouse logs showing that a service account was used to log into the cloud-based bug monitoring platform.Once inside Rollbar's systems, the threat actors searched the company's data for cloud credentials and Bitcoin wallets."When we became aware of this access we disabled the service account and began analyzing what actions had been taken by the unauthorized party," Rollbar said in a data breach notification letter shared by Have I Been Pwned creator Troy Hunt. >> Full Article <<
After Apple and Google, Mozilla has also patched an image processing-related zero-day vulnerability exploited by spyware. September 13, 2023 By Eduard Kovacs After Apple and Google, Mozilla has also released patches for an image processing-related zero-day vulnerability that has been exploited to deliver spyware. The existence of a new zero-day came to light on September 7, when Apple announced iOS and macOS updates to patch an exploited vulnerability tracked as CVE-2023-41064. The tech giant described the zero-day as a buffer overflow in the ImageIO component that can be exploited for arbitrary code execution using specially crafted images. >> Full Article <<
Officials for Sydney University in Australia recently announced that they had identified a cybersecurity incident last week that had compromised a significant amount of sensitive information on international students. The type of incident hasn’t been confirmed as a ransomware attack, but staff are working with regulatory and law enforcement agencies on the investigation to determine the initial attack vector. This is the second data breach to impact Sydney University in recent years, after the 2020 breach of the ProctorU platform, which exposed 440,000 student and staff records.Swedish insurance firm exposes client data for multiple yearsThe Swedish Authority for Privacy Protection (IMY) has imposed a $3million fine on the insurance provider, Trygg-Hansa, after it was revealed by a client that they were able to access the company’s back-end portal through customer emails. Upon further investigation, IMY was able to confirm that anyone could gain unauthenticated access to Trygg-Hansa's
Mon 11 Sep 2023 // 22:21 UTC Updated Cybercrime crew BianLian says it has broken into the IT systems of a top nonprofit and stolen a ton of files, including what the miscreants claim is financial, health, and medical data.As highlighted by VX-Underground and Emsisoft threat analyst Brett Callow earlier today, BianLian bragged on its website it had hit an organization that, based on the gang's description of its unnamed victim, looks to be Save The Children International. The NGO, which employs about 25,000 people, says it has helped more than a billion kids since it was founded in 1919.BianLian added that its victim, "the world's leading nonprofit," operates in 116 countries with $2.8 billion in revenues. The extortionists claim to have stolen 6.8TB of data, which they say includes international HR files, personal data, and more than 800GB of financial records. They claim to also have email messages as well as medical and health data.Presumably BianLian intends to leak or sell this inf
PUBLISHED 11:15 AM ET Sep. 12, 2023 Cars are becoming more reliant on computers and the internet with each passing year, providing convenience to drivers and harmony with the rest of consumers’ technology-dependent lives.But with each upgrade, automakers are garnering deeper access into, and more profit off of, the lives of their customers, a new study from an internet watchdog shows.The Mozilla Foundation, the nonprofit behind the Firefox internet browser, analyzed 25 car brands and concluded 84% share and sell customer data acquired through drivers’ use of their cars, third-party apps on the car's computer, and the car’s app itself, which can give the companies access to data on your phone.What You Need To Know The Mozilla Foundation, the nonprofit behind the Firefox internet browser, analyzed 25 car brands and concluded 84% share and sell customer data acquired through drivers’ use of their cars, third-party apps on the car's computer, and the car’s app itself The brands studied w
Attacks against critical infrastructure are becoming more commonplace and, if a recent PRC-sponsored attack is anything to go by, easier to pull off. September 12, 2023 By Nate Nelson A Chinese threat actor managed to breach the national power grid in an unnamed Asian country earlier this year, compromising multiple computers and using a popular remote access Trojan (RAT) to steal sensitive data.The perpetrator — an entity within Winnti Group, also known as APT41, Bronze Atlas — has a history of taking on some of the most high-level cyber espionage conducted by the People's Republic of China (PRC), including campaigns against hostile governments and industries abroad. Its wide-ranging and successful campaigns have earned it attention from international law enforcement to a degree matched only by the world's most prolific nation-state and cybercriminal groups. >> Full Article <<
September 12, 2023 By Helga Labus Google has rolled out a security update for a critical Chrome zero-day vulnerability (CVE-2023-4863) exploited in the wild.About the vulnerability (CVE-2023-4863)CVE-2023-4863 is a critical heap buffer overflow vulnerability in the component that handles WebP, a raster graphics file format that replaces JPEG, PNG, and GIF file formats.Buffer overflows can lead to crashes, infinite loops, and can be used to execute arbitrary code.“The Stable and Extended stable channels has been updated to 116.0.5845.187 for Mac and Linux and 116.0.5845.187/.188 for Windows, which will roll out over the coming days/weeks,” Google has informed. >> Full Article <<
