Cyber breaches abound in 2019
https://techcrunch.com/2018/12/26/cyber-breaches-abound-in-2019/
News of high-profile cyber breaches has been uncharacteristically subdued in recent quarters.
Is this a harbinger of a worse hacking landscape in 2019?
The answer is unequivocally yes. No question, cyber breaches have been a gigantic thorn in the global economy for years. But expect them to be even more rampant in this new year 2019 as chronically improving malware will be deployed more aggressively on more fronts. Also data-driven businesses simultaneously move into the “target zone” of cyber attacks.
On the cybersecurity side, a growing number of experts believe that multi-factor authentication will become the standard for all online businesses.
Here are links to some articles that can hopefully help you to handle your cyber security better:
Cybersecurity 101: Why you need to use a password manager
https://techcrunch.com/2018/12/25/cybersecurity-101-guide-password-manager/
Cybersecurity 101: Five simple security guides for protecting your privacy
https://techcrunch.com/2018/12/26/cybersecurity-101-security-guides-protect-privacy/
622 Comments
Tomi Engdahl says:
https://thehill.com/policy/cybersecurity/516331-veterans-affairs-hit-by-data-breach-impacting-46000-veterans#
Tomi Engdahl says:
Personal data from Experian on 40% of South Africa’s population has
been bundled onto a file-sharing website
https://www.theregister.com/2020/09/14/south_africa_experian_data_breach_wesendit/
August breach hadn’t been cleared up at all and regulators are
furious
Tomi Engdahl says:
Magecart Attack Impacts More Than 10K Online Shoppers
https://threatpost.com/magecart-campaign-10k-online-shoppers/159216/
Close to 2,000 e-commerce sites were infected over the weekend with a
payment-card skimmer, maybe the result of a zero-day exploit.
Tomi Engdahl says:
Razer Customer Data Exposed by Server Misconfiguration
https://www.securityweek.com/razer-customer-data-exposed-server-misconfiguration
A server misconfiguration has resulted in data pertaining to thousands of Razer customers being exposed to the Internet.
A Singaporean-American manufacturer of gaming hardware, software, and systems, Razer also provides e-sports and financial services to its customers.
The recently discovered misconfigured server, security researcher Bob Diachenko explains, contained order and shipping details for thousands of Razer’s customers.
The exposed information, he notes, was originally “part of a large log chunk stored on a company’s Elasticsearch cluster.” The cluster, which had already been indexed by search engines, became publicly accessible on August 18.
Exposed customer information includes names, email addresses, phone numbers, internal customer IDs, order numbers and details, and billing and shipping addresses. Tens of thousands of Razer customers might have been affected.
“Based on the number of the emails exposed, I would estimate the total number of affected customers to be around 100K,” Diachenko says.
Although the security researcher attempted to notify Razer through their support channel, it took three weeks before the exposure was finally addressed.
“My message never reached right people inside the company and was processed by non-technical support managers for more than 3 weeks until the instance was secured from public access,” Diachenko reveals.
Thousands of Razer customers order and shipping details exposed on the web without password
https://www.linkedin.com/pulse/thousands-razer-customers-order-shipping-details-web-diachenko/
Tomi Engdahl says:
97% of leading #cybersecurity companies have data leaks or other security incidents exposed on the #darkweb.
https://thehackernews.com/2020/09/dark-web-cybersecurity-report.html?m=1
Tomi Engdahl says:
detailing 2.4 million influential people, their kids, their addresses, and how to press their buttons revealed
Compiling using open source intel and hailed as showing extent of China’s surveillance activities
https://www.theregister.com/2020/09/15/china_shenzhen_zhenhua_database/
A US academic has revealed the existence of 2.4-million-person database he says is compiled by a Chinese company known to supply intelligence, military, and security agencies. The academic alleges the purpose of the database is enabling overseas influence operations to be conducted against prominent or influential people outside China.
That company is Shenzhen Zhenhua and the academic is Chris Balding, an associate professor at the Fulbright University Vietnam.
Tomi Engdahl says:
Private data gone public: Razer leaks 100,000+ gamers’ personal info
No need to breach any systems when the vendor gives the data away for free.
https://arstechnica.com/information-technology/2020/09/100000-razer-users-data-leaked-due-to-misconfigured-elasticsearch/
In August, security researcher Volodymyr Diachenko discovered a misconfigured Elasticsearch cluster, owned by gaming hardware vendor Razer, exposing customers’ PII (Personal Identifiable Information).
The cluster contained records of customer orders and included information such as item purchased, customer email, customer (physical) address, phone number, and so forth—basically, everything you’d expect to see from a credit card transaction, although not the credit card numbers themselves. The Elasticseach cluster was not only exposed to the public, it was indexed by public search engines.
Tomi Engdahl says:
Tietovuoto: Kiinalaisyrityksen urkintalistalla on 799 suomalaista, joukossa poliitikkoja ja heidän lähipiiriään – Katso, miten suomalaiset on jaoteltu
Poikkeuksellinen tietovuoto kertoo, millaiset suomalaiset vaikuttajat kiinnostavat Kiinaa.
https://yle.fi/uutiset/3-11544521
Tomi Engdahl says:
5,000 schools. Five million records.
“The access I had was pretty much anything the school had.”
https://www.wired.com/story/teen-hacker-school-software-blackboard-follett/?mbid=social_facebook&utm_source=facebook&utm_brand=wired&utm_social-type=owned&utm_medium=social
Tomi Engdahl says:
LockBit ransomware launches data leak site to double-extort victims
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-launches-data-leak-site-to-double-extort-victims/
The LockBit ransomware gang has launched a new data leak site to be
used as part of their double extortion strategy to scare victims into
paying a ransom.
Tomi Engdahl says:
Chinese database details 2.4 million influential people, their kids, addresses, and how to press their buttons
Compiled using mostly open-source intel, shines a light on extent of China’s surveillance activities
https://www.theregister.com/2020/09/15/china_shenzhen_zhenhua_database/?utm_source=dlvr.it&utm_medium=facebook
A US academic has revealed the existence of 2.4-million-person database he says was compiled by a Chinese company known to supply intelligence, military, and security agencies. The researcher alleges the purpose of the database is enabling influence operations to be conducted against prominent and influential people outside China.
Tomi Engdahl says:
https://ici.radio-canada.ca/nouvelle/1734626/50-000-comptes-pirates-agence-revenu-canada
It’s in french, but in resume it’s actually close to 50 000 accounts that got hacked instead of 9000 back in august. Thats the Canadian Government Revenue Agency!
Tomi Engdahl says:
A bug in Joe Biden’s official campaign app exposed a treasure trove of voter information
https://bgr.com/2020/09/15/joe-biden-2020-campaign-app-bug-voter-data/
The bug made it possible for anyone with an unverified email address to access sensitive information –including voting history and personal addresses — from millions of users.
Tomi Engdahl says:
Hackers leak details of 1,000 high-ranking Belarus police officers
https://www.zdnet.com/article/hackers-leak-details-of-1000-high-ranking-belarus-police-officers/
A group of hackers has leaked on Saturday the names and personal
details of more than 1,000 high-ranking Belarusian police officers in
response to violent police crackdowns against anti-government
demonstrations. The leaked data included names, dates of birth, and
the officers’ departments and job titles.
Tomi Engdahl says:
Unsecured Microsoft Bing Server Exposed Users’ Search Queries and
Location
https://thehackernews.com/2020/09/bing-search-hacking.html
A back-end server associated with Microsoft Bing exposed sensitive
data of the search engine’s mobile application users, including search
queries, device details, and GPS coordinates, among others. The
logging database, however, doesn’t include any personal details such
as names or addresses.. The data leak, discovered by Ata Hakcil of
WizCase on September 12, is a massive 6.5TB cache of log files that
was left for anyone to access without any password, potentially
allowing cybercriminals to leverage the information for carrying out
extortion and phishing scams.
Tomi Engdahl says:
Unprotected Server Leaks Data of Microsoft Bing Mobile App Users
https://www.securityweek.com/unprotected-server-leaks-data-microsoft-bing-mobile-app-users
WizCase experts have identified an unprotected Elasticsearch server that contained terabytes of data pertaining to users of Microsoft’s Bing mobile application.
The database was supposed to be password protected. On September 12, however, the WizCase online security team discovered that authentication had been removed from the database roughly two days before, exposing its content to everyone on the Internet.
White hat hacker Ata Hakcil, who identified the leak, was able to confirm that the Elasticsearch server belonged to Microsoft’s Bing mobile app by installing the application and running a search for WizCase.
“While looking through the server, he found his information, including search queries, device details, and GPS coordinates, proving the exposed data comes directly from the Bing mobile app,” WizCase’s experts reveal.
Data Leak: Unsecured Server Exposed Bing Mobile App Data
https://www.wizcase.com/blog/bing-leak-research/
Tomi Engdahl says:
Data breach at New York Sports Clubs owner exposed customer data
https://tcrn.ch/3cmuTJU
Town Sports International, the parent company of New York Sports Clubs and Christi’s Fitness gyms, is mopping up after a security lapse exposed customer data.
Security researcher Bob Diachenko received a tip from a contact, Sami Toivonen, about an unprotected server containing almost a terabyte of spreadsheets representing years of internal company data, including financial records and personal customer records. But because there was no password on the server, anyone could access the files inside.
The server was exposed for almost a year, Diachenko told TechCrunch.
Town Sports pulled the server offline a short time after Diachenko contacted the company. He shared his findings exclusively with TechCrunch, which independently verified the authenticity of the data by confirming with customers details found in the spreadsheets.
Gym chain Town Sports exposes 600,000 records of members and staff
https://www.comparitech.com/blog/information-security/gym-chain-town-sports-exposes-personal-details-of-600000-members-staff-online-report/?=tuesday-september-22-2020
Timeline of the exposure
When Toivonen alerted Diachenko to the exposed database, he said the database was first seen in the wild 11 months ago on November 30, 2019.
Diachenko sent a responsible disclosure notice to Town Sports on September 21, 2020.
The database was secured one day later on September 22, 2020.
We do not know if any unauthorized parties accessed the data while it was exposed, but affected customers and staff could assume as much. Our research indicates unsecured databases can be found, stolen, and attacked within just a few hours of exposure.
Tomi Engdahl says:
DHS Admits Facial Recognition Photos Were Hacked, Released on Dark Web
https://www.vice.com/en_us/article/m7jzbb/dhs-admits-facial-recognition-photos-were-hacked-released-on-dark-web
Traveler’s faces, license plates, and care information were hacked from a subcontractor called Perceptics and released on the dark web.
The Department of Homeland Security (DHS) finally acknowledged Wednesday that photos that were part of a facial recognition pilot program were hacked from a Customs and Border Control subcontractor and were leaked on the dark web last year.
Among the data, which was collected by a company called Perceptics, was a trove of traveler’s faces, license plates, and care information. The information made its way to the Dark Web, despite DHS claiming it hadn’t. In a newly released report about the incident, the DHS Office of Inspector General admitted that 184,000 images were stolen and at least 19 of them were posted to the Dark Web.
Tomi Engdahl says:
The Windows XP source code was allegedly leaked online
https://www.bleepingcomputer.com/news/microsoft/the-windows-xp-source-code-was-allegedly-leaked-online/#:~:text=Lawrence%20Abrams&text=The%20source%20code%20for%20Windows,torrent%20on%20the%204chan%20forum%20
Tomi Engdahl says:
https://komonews.com/news/consumer/widespread-data-breach-affects-millions-who-donated-to-charity
Tomi Engdahl says:
Even cybersecurity companies spill data and passwords
Nobody is immune to data breaches and hacking, not even the professionals
https://www.zdnet.com/article/even-cybersecurity-companies-spill-data-and-passwords/
Tomi Engdahl says:
SFU ransomware attack exposed data from 250,000 accounts, documents show
https://www.cbc.ca/news/canada/british-columbia/sfu-ransomware-attack-1.5732027
Officials didn’t disclose number in March when personal data of students, faculty, alumni were compromised
Tomi Engdahl says:
Blackbaud: Ransomware gang had access to banking info and passwords
https://www.bleepingcomputer.com/news/security/blackbaud-ransomware-gang-had-access-to-banking-info-and-passwords/
Blackbaud, a leading cloud software provider, confirmed that the
threat actors behind the May 2020 ransomware attack had access to
unencrypted banking and login information, as well as social security
numbers.
Tomi Engdahl says:
Two North American hospitality merchants hacked in May and June
https://www.zdnet.com/article/two-north-american-hospitality-merchants-hacked-in-may-and-june/
Visa did not share the name of the two victims but said that one
company had three different strains of point-of-sale (POS) malware on
its network.
Tomi Engdahl says:
Blackbaud Says Bank Account Data, SSNs Impacted in Ransomware Incident
https://www.securityweek.com/blackbaud-says-bank-account-data-ssns-impacted-ransomware-incident
Documents filed by cloud software provider Blackbaud with the United States Securities and Exchange Commission (SEC) this week reveal that bank account details and social security numbers might have been affected in a ransomware attack earlier this year.
In June 2020, Blackbaud, which is mainly known for the fundraising suites employed by charities and educational institutions, but which also offers payment services, announced publicly that it managed to stop a ransomware attack, but not before some data was stolen.
Tomi Engdahl says:
Internet Engineering Task Force Proposes Standard for Network Time Security
https://www.securityweek.com/internet-engineering-task-force-proposes-standard-network-time-security
IETF Publishes New Proposal to Add Security to Network Timing
The Internet Engineering Task Force (IETF) has published RFC8915, its proposed standard for network time security (NTS). It has been five years in the making and is designed to remedy the issues and vulnerabilities that exist in the current network time protocol (NTP).
Accurately synchronized time between different computers over packet-switched, variable-latency data networks is essential. This becomes even more critical in the age of the fourth industrial revolution, where the accurate timing and sequence of different processes is vital. Since its launch in 1985, NTP has served this purpose well. However, over the last 35 years it has become apparent that various vulnerabilities and issues in NTP demonstrate that it requires an increased level of security. NTS is designed to provide that security.
The existing issues affecting basic NTP include DDoS amplification, packet manipulation, and replay attacks — the last two being implemented by man-in-the-middle (MiTM) attacks that can forge messages and falsify the time.
Tomi Engdahl says:
Internet Engineering Task Force Proposes Standard for Network Time Security
https://www.securityweek.com/internet-engineering-task-force-proposes-standard-network-time-security
IETF Publishes New Proposal to Add Security to Network Timing
The Internet Engineering Task Force (IETF) has published RFC8915, its proposed standard for network time security (NTS). It has been five years in the making and is designed to remedy the issues and vulnerabilities that exist in the current network time protocol (NTP).
Accurately synchronized time between different computers over packet-switched, variable-latency data networks is essential. This becomes even more critical in the age of the fourth industrial revolution, where the accurate timing and sequence of different processes is vital. Since its launch in 1985, NTP has served this purpose well. However, over the last 35 years it has become apparent that various vulnerabilities and issues in NTP demonstrate that it requires an increased level of security. NTS is designed to provide that security.
The existing issues affecting basic NTP include DDoS amplification, packet manipulation, and replay attacks — the last two being implemented by man-in-the-middle (MiTM) attacks that can forge messages and falsify the time.
Tomi Engdahl says:
Food Delivery Service Chowbus Hacked
https://www.securityweek.com/food-delivery-service-chowbus-hacked
Hackers compromised mobile-based Asian food delivery service Chowbus, stole customer data, and emailed victims a link pointing to the stolen data.
Many of those who received the emails posted on Reddit, revealing that the hackers exported the database to comma-separated values (CSV) files and sent links to these CSV files to Chowbus customers.
The service, which operates in Australia, Canada and the United States, has several hundreds of thousands of customers, all of whom appear to have been affected.
Information in the CSV files included names, email addresses, phone numbers, addresses (city, state, zip code), rates, and addresses for the Chowbus partner restaurants.
A total of 4,300 records were reportedly included in the CSV file for restaurants, while the file for users had 803,350 entries. The information has already been uploaded to data breach notification website Have I Been Pwned, which noted that the database included a total of 444,224 Chowbus accounts.
Chowbus is Hacked & Leaks 800,000+ entries of Personal Data
https://www.reddit.com/r/UIUC/comments/j5fcjp/chowbus_is_hacked_leaks_800000_entries_of/
Tomi Engdahl says:
Ubisoft, Crytek data posted on ransomware gang’s site
Details about hackers obtained the files remain unclear. Ransomware gang also threatened to leak the source code of Watch Dogs: Legion, an upcoming Ubisoft game.
https://www.zdnet.com/article/ubisoft-crytek-data-posted-on-ransomware-gangs-site/?fbclid=IwAR0wmQ6rmAMl-YCklOnHjuTT_08aWKPyHIZ1HInj5k1Ae12l1x5TQCnVWYo
Tomi Engdahl says:
Our investigations team found out that Miami-based tech company Intcomex has suffered a major data breach, with nearly 1 TB of its users’ data leaked. It was likely following a botched ransom negotiation. The leaker promised to release the rest of the stolen database over an undisclosed period of time.
Miami-based tech company suffers massive 1TB customer and business data leak
https://cybernews.com/security/miami-based-tech-company-suffers-massive-1tb-data-leak/?utm_source=facebook&utm_medium=cpc&utm_campaign=rm&utm_content=miami_data_leak&fbclid=IwAR0BHbgLnQm0dgcvifGprum6r-OeAUUsjEPnWmISml7NN6zBHbmlFRT75ow
Tomi Engdahl says:
Catalin Cimpanu / ZDNet:
Report: payment card details of 3M+ Dickey’s Barbecue Pit customers, stolen in a POS breach between July 2019 and Aug. 2020, were posted on a fraud marketplace
Card details for 3 million Dickey’s customers posted on carding forum
https://www.zdnet.com/article/card-details-for-3-million-dickeys-customers-posted-on-carding-forum/
Dickey’s Barbecue Pit, the largest barbecue restaurant chain in the US, suffered a POS breach between July 2019 and August 2020.
The card details of more than three million customers of Dickey’s Barbecue Pit, the largest barbecue restaurant chain in the US, have been posted this week on a carding and fraud marketplace known as Joker’s Stash.
The discovery was made by Gemini Advisory, a cyber-security firm that tracks financial fraud.
The company said it discovered the breach earlier this week after cybercriminals began advertising a massive collection of payment card details named “Blazing Sun.”
After analyzing the data together with its financial partners, Gemini said the data appears to had been obtained after hackers compromised the in-store Point-of-Sale (POS) system used at Dickey’s restaurants.
Gemini says hackers appear to have compromised 156 of Dickey’s 469 location
Tomi Engdahl says:
Ubisoft, Crytek data posted on ransomware gang’s site
https://www.zdnet.com/article/ubisoft-crytek-data-posted-on-ransomware-gangs-site/
Details about hackers obtained the files remain unclear. Ransomware gang also threatened to leak the source code of Watch Dogs: Legion, an upcoming Ubisoft game.
Tomi Engdahl says:
Dickey’s Barbecue Pit Investigating Possible Breach Affecting 3M Payment Cards
https://www.securityweek.com/dickeys-barbecue-pit-investigating-possible-breach-affecting-3m-payment-cards
A data set of millions of payment card records apparently stolen from US-based restaurant franchise Dickey’s Barbecue Pit has emerged on a Dark Web marketplace, Gemini Advisory reports.
Tomi Engdahl says:
Barnes & Noble hit by Egregor ransomware, strange data leaked
https://www.bleepingcomputer.com/news/security/barnes-and-noble-hit-by-egregor-ransomware-strange-data-leaked/
The Egregor ransomware gang is claiming responsibility for the
cyberattack on U.S. Bookstore giant Barnes & Noble on October 10th,
2020. The attackers state that they stole unencrypted files as part of
the attack.
Tomi Engdahl says:
Pharma Giant Pfizer Leaks Customer Prescription Info, Call Transcripts
https://threatpost.com/pharma-pfizer-leaks-prescription-call-transcripts/160354/
Hundreds of medical patients taking cancer drugs, Premarin, Lyrica and
more are now vulnerable to phishing, malware and identity fraud.
Tomi Engdahl says:
Miami-based tech company suffers massive 1TB customer and business data leak
https://cybernews.com/security/miami-based-tech-company-suffers-massive-1tb-data-leak/?utm_source=facebook&utm_medium=cpc&utm_campaign=rm&utm_content=miami_data_leak&fbclid=IwAR3ywNDF8qcQN1zb2xtGY-Qkxynj5Z_VrOw0FFkBgdkIQnNmnZtl_3t1FqQ
The Miami-based “value-added solutions and technology products” company Intcomex has suffered a major data breach, with nearly 1 TB of its users’ data leaked. The leaked data includes credit cards, passport and license scans, personal data, payroll, financial documents, customer databases, employee information and more.
Parts of the data were leaked on a popular Russian hacker forum for free, with the first part made available on September 14, 2020, and the second part on September 20. The leaker originally promised to release the entire stolen database over an undisclosed period of time.
Tomi Engdahl says:
Psykoterapiakeskus Vastaamon kiristäjä julkaisi yöllä lisää erittäin
arkaluontoisia potilaskertomuksia
https://yle.fi/uutiset/3-11606925
Psykoterapiakeskus Vastaamoa kiristävä henkilö on julkaissut yöllä
Tor-verkossa lisää varastamiaan potilastietoja. Potilastiedoista
ilmenee Vastaamon asiakkaiden nimet, osoitteet, henkilötunnukset ja
potilaskertomukset.. katso myös
https://www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/poliisi_jatkaa_epaillyn_torkean_tietomurron_tutkintaa_uhreja_pyydetaan_tekemaan_rikosilmoitus_94140?language=fi
Tomi Engdahl says:
COVID-19 Vaccine-Maker Hit with Cyberattack, Data Breach
https://threatpost.com/covid-19-vaccine-cyberattack-data-breach/160495/
COVID-19 vaccine manufacturer Dr. Reddy’s Laboratories has shut down
its plants in Brazil, India, Russia, the U.K. and the U.S. following a
cyberattack, according to reports. In addition to shutting down
plants, the drug-maker has isolated all data center services in order
to apply remediations, The Economic Times reported. Citing sources, ET
said that the company was victimized by a data breach.
Tomi Engdahl says:
Fragomen, a law firm used by Google, confirms data breach
https://techcrunch.com/2020/10/26/fragomen-data-breach-google-employees/?tpcc=ECFB2020
Immigration law firm Fragomen, Del Rey, Bernsen & Loewy has confirmed a data breach involving the personal information of current and former Google employees.
Tomi Engdahl says:
Massive Nitro data breach impacts Microsoft, Google, Apple, more
https://www.bleepingcomputer.com/news/security/massive-nitro-data-breach-impacts-microsoft-google-apple-more/
A massive data breach suffered by the Nitro PDF service impacts many
well-known organizations, including Google, Apple, Microsoft, Chase,
and Citibank. Claimed to be used by over 10 thousand business
customers and 1.8 million licensed users, Nitro is an application used
to create, edit, and sign PDFs and digital documents. Cybersecurity
intelligence firm Cyble has told BleepingComputer that a threat actor
is selling the user and document databases, as well as 1TB of
documents, that they claim to have stolen from Nitro Software’s cloud
service. This data is now being sold in a private auction with the
starting price set at $80, 000. Cyble states that the
‘user_credential’ database table contains 70 million user records
containing email addresses, full names, bcrypt hashed passwords,
titles, company names, IP addresses, and other system-related data.
Tomi Engdahl says:
Pharma Giant Pfizer Leaks Customer Prescription Info, Call Transcripts
https://threatpost.com/pharma-pfizer-leaks-prescription-call-transcripts/160354/
Tomi Engdahl says:
EXCLUSIVE: Medical Records of 3.5 Million U.S. Patients Can be Accessed and Manipulated by Anyone
https://www.securityweek.com/exclusive-medical-records-35-million-us-patients-can-be-accessed-and-manipulated-anyone
More Than 2 Petabytes of Unprotected Medical Data Found on Picture Archiving and Communication System (PACS) Servers
The results of 13 million medical examinations relating to around 3.5 million U.S. patients are unprotected and available to anyone on the internet, SecurityWeek has learned. This is despite the third week of this year’s National Cybersecurity Awareness Month (week beginning 19 October 2020) majoring on ‘Securing Internet-Connected Devices in Healthcare’.
The details were disclosed to SecurityWeek by Dirk Schrader, global vice president at New Net Technologies (NNT — a security and compliance software firm headquartered in Naples, Florida). He demonstrated that the records can be accessed via an app that can be downloaded from the internet by anyone. The records found are in files that are still actively updated, and provide three separate threats: personal identity theft (including the more valuable medical identity theft), personal extortion, and healthcare company breaches.
Schrader examined a range of radiology systems that include an image archive system — PACS, or picture archiving and communication system. These contain not only imagery but metadata about individual patients. The metadata includes the name, data of birth, date and reason for the medical examination, and more. Within a hospital, the imaging systems (X-rays, MRIs etc) are also stored in the PACS. The treating physician needs ready access to the images to confirm the current treatment. Schrader simply used Shodan to locate systems using the DICOM medical protocol. Individual unprotected PACS systems within the return of 3,000 servers were located manually. One, for example, contained the results of over 800,000 medical examinations, probably relating to about 250,000 different patients.
Tomi Engdahl says:
Deloitte’s ‘Test your Hacker IQ’ site fails itself after exposing database user name, password in config file
Security quiz site created by advisors includes inadvertent bonus round
https://www.theregister.com/2020/11/05/deloitte_hacker_test/
Tomi Engdahl says:
Millions of marijuana growers hit in major data breach
https://www.techradar.com/news/millions-of-marijuana-growers-hit-in-major-data-breach
Members of GrowDiaries may have had their credentials exposed
Tomi Engdahl says:
23,600 hacked databases have leaked from a defunct ‘data breach index’ site
Site archive of Cit0day.in has now leaked on two hacking forums after the service shut down in September.
https://www.zdnet.com/article/23600-hacked-databases-have-leaked-from-a-defunct-data-breach-index-site/
More than 23,000 hacked databases have been made available for download on several hacking forums and Telegram channels in what threat intel analysts are calling the biggest leak of its kind.
The database collection is said to have originated from Cit0Day.in, a private service advertised on hacking forums to other cybercriminals.
Cit0day operated by collecting hacked databases and then providing access to usernames, emails, addresses, and even cleartext passwords to other hackers for a daily or monthly fee.
Cybercriminals would then use the site to identify possible passwords for targeted users and then attempt to breach their accounts at other, more high-profile sites.
Tomi Engdahl says:
Hacker is selling 34 million user records stolen from 17 companies
https://www.bleepingcomputer.com/news/security/hacker-is-selling-34-million-user-records-stolen-from-17-companies/
Tomi Engdahl says:
Billions of stolen credentials from defunct breach index site leaked online
https://siliconangle.com/2020/11/04/billions-stolen-credentials-defunct-breach-index-site-leaked-online/
More than 23,000 hacked databases covering billions of credentials have been leaked from a now-defunct breach index site and are being offered for download on hacking forums and Telegram.
The data came from Cit0Day, a website that was offering the databases for sale to hackers for a monthly fee. Cit0Day ceased operations in September. An archived snapshot of its website showed a notice that it had been seized by the U.S. Federal Bureau of Investigation pursuant to a warrant issued in California.
The hacked database may have been leaked by one of the operators of the site following its closure. The data from Cit0Day is said to total 50 gigabytes and 13 billion records from 23,618 databases. The majority of the databases are from companies known to have had credentials stolen previously, but cumulatively the data is arguably the biggest leak of its kind to date.
According to TechNadu, spammers and credential-stuffing hackers have already started using the databases and the email addresses in cybercrime campaigns and it’s likely that a more sophisticated and specific-targeting cybercrime wave using the data will rise in the future.
“The archive’s most dangerous parts are those concerning smaller sites that never bothered to disclose any security incidents or never realized them,” TechNadu noted. “These sites aren’t using strong hashing algorithms and salting for the user passwords, so the credentials are in plain-text form.”
https://www.technadu.com/massive-breach-index-data-archive-leaked-online/222442/
Tomi Engdahl says:
https://threatpost.com/texas-gold-dealer-payment-data-breach/160846/
Tomi Engdahl says:
7,500 educational organizations hacked, access being sold on Russian hacker forums
https://cybernews.com/security/7500-educational-organizations-hacked-access-being-sold-on-russian-hacker-forums/?utm_source=facebook&utm_medium=cpc&utm_campaign=rm&utm_content=hacked_7500&fbclid=IwAR32zzQCIKPHH2BP78UePYxVkmglcZm3FP1ljvQjpSOvqBHXF-xXZv9Mm8g
Network access to 7,500 organizations is being sold by a threat actor on multiple Russian hacker forums. According to the listings posted on October 3 and October 26, these mainly include educational organizations. However, the package also appears to include access to corporate networks from other verticals, such as entertainment and the bar industry.
The seller offers “convenient access” to the 7,500 compromised networks located in the USA, Canada, and Australia via Remote Desktop Protocol (RDP) and claims to be the sole cybercriminal in possession of the network access.
the initial bid for the entire package starting at 25 BTC (roughly $330,000) and the “Buy now” option at 75 BTC (about $1,000,000).
Those with the Bitcoin to spare would be able to exploit the thousands of vulnerable systems in a variety of ways. This includes using the powershell, managing files, editing the registry, and changing administrator rights, as well as planting malware or installing ransomware across the compromised networks.
Network access listings like these are becoming increasingly popular on hacking forums as of late, with the number of similar ads effectively tripling in September 2020 alone.
RDP: the number one intrusion vector for ransomware gangs
Remote Desktop Protocol, a proprietary protocol designed to share files across multiple devices in a network, is infamous for being rife with security holes, including the BlueKeep vulnerability (CVE-2019-0708), that make RDP exceptionally easy to exploit for threat actors.
BlueKeep is particularly concerning because it is “wormable,” which means that it can spread automatically, without the user initiating the process. In fact, vulnerabilities like BlueKeep put Remote Desktop Protocol as the most popular intrusion vector for attackers and “the source of most ransomware incidents in 2020,” despite the fact that this critical vulnerability was found more than a year ago.
The cost of clicking “Remind me tomorrow” for 18 months in a row
Between the sharp rise in attacks targeting RDPs, the surprising growth of the ransomware “industry,” and the overall surge of cybercrime over the past several years, organizations now have a rapidly dwindling supply of excuses for getting their networks compromised due to ancient vulnerabilities, which is the direct result of not keeping their systems up to date.
Tomi Engdahl says:
BigBasket faces data breach; details of 2 crore users put on sale on dark web
2 min read . 05:56 AM IST
Prasoon Srivastava , PTI
https://www.livemint.com/companies/news/bigbasket-faces-data-breach-details-of-2-crore-users-put-on-sale-on-dark-web-11604794339735.html
BigBasket has filed a police complaint in this regard with Cyber Crime Cell in Bengaluru and is verifying claims made by cyber experts
Cyble said that a hacker has put data allegedly belonging to BigBasket on sale for around ₹30 lakh