Cyber breaches abound in 2019

Cyber breaches abound in 2019
https://techcrunch.com/2018/12/26/cyber-breaches-abound-in-2019/

News of high-profile cyber breaches has been uncharacteristically subdued in recent quarters.

Is this a harbinger of a worse hacking landscape in 2019?

The answer is unequivocally yes. No question, cyber breaches have been a gigantic thorn in the global economy for years. But expect them to be even more rampant in this new year 2019 as chronically improving malware will be deployed more aggressively on more fronts. Also  data-driven businesses simultaneously move into the “target zone” of cyber attacks.

On the cybersecurity side, a growing number of experts believe that multi-factor authentication will become the standard for all online businesses.

Here are links to some articles that can hopefully help you to handle your cyber security better:

Cybersecurity 101: Why you need to use a password manager
https://techcrunch.com/2018/12/25/cybersecurity-101-guide-password-manager/

Cybersecurity 101: Five simple security guides for protecting your privacy
https://techcrunch.com/2018/12/26/cybersecurity-101-security-guides-protect-privacy/

622 Comments

  1. Tomi Engdahl says:

    Personal data from Experian on 40% of South Africa’s population has
    been bundled onto a file-sharing website
    https://www.theregister.com/2020/09/14/south_africa_experian_data_breach_wesendit/
    August breach hadn’t been cleared up at all and regulators are
    furious

    Reply
  2. Tomi Engdahl says:

    Magecart Attack Impacts More Than 10K Online Shoppers
    https://threatpost.com/magecart-campaign-10k-online-shoppers/159216/
    Close to 2,000 e-commerce sites were infected over the weekend with a
    payment-card skimmer, maybe the result of a zero-day exploit.

    Reply
  3. Tomi Engdahl says:

    Razer Customer Data Exposed by Server Misconfiguration
    https://www.securityweek.com/razer-customer-data-exposed-server-misconfiguration

    A server misconfiguration has resulted in data pertaining to thousands of Razer customers being exposed to the Internet.

    A Singaporean-American manufacturer of gaming hardware, software, and systems, Razer also provides e-sports and financial services to its customers.

    The recently discovered misconfigured server, security researcher Bob Diachenko explains, contained order and shipping details for thousands of Razer’s customers.

    The exposed information, he notes, was originally “part of a large log chunk stored on a company’s Elasticsearch cluster.” The cluster, which had already been indexed by search engines, became publicly accessible on August 18.

    Exposed customer information includes names, email addresses, phone numbers, internal customer IDs, order numbers and details, and billing and shipping addresses. Tens of thousands of Razer customers might have been affected.

    “Based on the number of the emails exposed, I would estimate the total number of affected customers to be around 100K,” Diachenko says.

    Although the security researcher attempted to notify Razer through their support channel, it took three weeks before the exposure was finally addressed.

    “My message never reached right people inside the company and was processed by non-technical support managers for more than 3 weeks until the instance was secured from public access,” Diachenko reveals.

    Thousands of Razer customers order and shipping details exposed on the web without password
    https://www.linkedin.com/pulse/thousands-razer-customers-order-shipping-details-web-diachenko/

    Reply
  4. Tomi Engdahl says:

    97% of leading #cybersecurity companies have data leaks or other security incidents exposed on the #darkweb.

    https://thehackernews.com/2020/09/dark-web-cybersecurity-report.html?m=1

    Reply
  5. Tomi Engdahl says:

    detailing 2.4 million influential people, their kids, their addresses, and how to press their buttons revealed
    Compiling using open source intel and hailed as showing extent of China’s surveillance activities
    https://www.theregister.com/2020/09/15/china_shenzhen_zhenhua_database/

    A US academic has revealed the existence of 2.4-million-person database he says is compiled by a Chinese company known to supply intelligence, military, and security agencies. The academic alleges the purpose of the database is enabling overseas influence operations to be conducted against prominent or influential people outside China.

    That company is Shenzhen Zhenhua and the academic is Chris Balding, an associate professor at the Fulbright University Vietnam.

    Reply
  6. Tomi Engdahl says:

    Private data gone public: Razer leaks 100,000+ gamers’ personal info
    No need to breach any systems when the vendor gives the data away for free.
    https://arstechnica.com/information-technology/2020/09/100000-razer-users-data-leaked-due-to-misconfigured-elasticsearch/

    In August, security researcher Volodymyr Diachenko discovered a misconfigured Elasticsearch cluster, owned by gaming hardware vendor Razer, exposing customers’ PII (Personal Identifiable Information).

    The cluster contained records of customer orders and included information such as item purchased, customer email, customer (physical) address, phone number, and so forth—basically, everything you’d expect to see from a credit card transaction, although not the credit card numbers themselves. The Elasticseach cluster was not only exposed to the public, it was indexed by public search engines.

    Reply
  7. Tomi Engdahl says:

    Tietovuoto: Kiinalaisyrityksen urkintalistalla on 799 suomalaista, joukossa poliitikkoja ja heidän lähipiiriään – Katso, miten suomalaiset on jaoteltu
    Poikkeuksellinen tietovuoto kertoo, millaiset suomalaiset vaikuttajat kiinnostavat Kiinaa.
    https://yle.fi/uutiset/3-11544521

    Reply
  8. Tomi Engdahl says:

    LockBit ransomware launches data leak site to double-extort victims
    https://www.bleepingcomputer.com/news/security/lockbit-ransomware-launches-data-leak-site-to-double-extort-victims/
    The LockBit ransomware gang has launched a new data leak site to be
    used as part of their double extortion strategy to scare victims into
    paying a ransom.

    Reply
  9. Tomi Engdahl says:

    Chinese database details 2.4 million influential people, their kids, addresses, and how to press their buttons
    Compiled using mostly open-source intel, shines a light on extent of China’s surveillance activities
    https://www.theregister.com/2020/09/15/china_shenzhen_zhenhua_database/?utm_source=dlvr.it&utm_medium=facebook

    A US academic has revealed the existence of 2.4-million-person database he says was compiled by a Chinese company known to supply intelligence, military, and security agencies. The researcher alleges the purpose of the database is enabling influence operations to be conducted against prominent and influential people outside China.

    Reply
  10. Tomi Engdahl says:

    https://ici.radio-canada.ca/nouvelle/1734626/50-000-comptes-pirates-agence-revenu-canada

    It’s in french, but in resume it’s actually close to 50 000 accounts that got hacked instead of 9000 back in august. Thats the Canadian Government Revenue Agency!

    Reply
  11. Tomi Engdahl says:

    A bug in Joe Biden’s official campaign app exposed a treasure trove of voter information
    https://bgr.com/2020/09/15/joe-biden-2020-campaign-app-bug-voter-data/

    The bug made it possible for anyone with an unverified email address to access sensitive information –including voting history and personal addresses — from millions of users.

    Reply
  12. Tomi Engdahl says:

    Hackers leak details of 1,000 high-ranking Belarus police officers
    https://www.zdnet.com/article/hackers-leak-details-of-1000-high-ranking-belarus-police-officers/
    A group of hackers has leaked on Saturday the names and personal
    details of more than 1,000 high-ranking Belarusian police officers in
    response to violent police crackdowns against anti-government
    demonstrations. The leaked data included names, dates of birth, and
    the officers’ departments and job titles.

    Reply
  13. Tomi Engdahl says:

    Unsecured Microsoft Bing Server Exposed Users’ Search Queries and
    Location
    https://thehackernews.com/2020/09/bing-search-hacking.html
    A back-end server associated with Microsoft Bing exposed sensitive
    data of the search engine’s mobile application users, including search
    queries, device details, and GPS coordinates, among others. The
    logging database, however, doesn’t include any personal details such
    as names or addresses.. The data leak, discovered by Ata Hakcil of
    WizCase on September 12, is a massive 6.5TB cache of log files that
    was left for anyone to access without any password, potentially
    allowing cybercriminals to leverage the information for carrying out
    extortion and phishing scams.

    Reply
  14. Tomi Engdahl says:

    Unprotected Server Leaks Data of Microsoft Bing Mobile App Users
    https://www.securityweek.com/unprotected-server-leaks-data-microsoft-bing-mobile-app-users

    WizCase experts have identified an unprotected Elasticsearch server that contained terabytes of data pertaining to users of Microsoft’s Bing mobile application.

    The database was supposed to be password protected. On September 12, however, the WizCase online security team discovered that authentication had been removed from the database roughly two days before, exposing its content to everyone on the Internet.

    White hat hacker Ata Hakcil, who identified the leak, was able to confirm that the Elasticsearch server belonged to Microsoft’s Bing mobile app by installing the application and running a search for WizCase.

    “While looking through the server, he found his information, including search queries, device details, and GPS coordinates, proving the exposed data comes directly from the Bing mobile app,” WizCase’s experts reveal.

    Data Leak: Unsecured Server Exposed Bing Mobile App Data
    https://www.wizcase.com/blog/bing-leak-research/

    Reply
  15. Tomi Engdahl says:

    Data breach at New York Sports Clubs owner exposed customer data
    https://tcrn.ch/3cmuTJU

    Town Sports International, the parent company of New York Sports Clubs and Christi’s Fitness gyms, is mopping up after a security lapse exposed customer data.

    Security researcher Bob Diachenko received a tip from a contact, Sami Toivonen, about an unprotected server containing almost a terabyte of spreadsheets representing years of internal company data, including financial records and personal customer records. But because there was no password on the server, anyone could access the files inside.

    The server was exposed for almost a year, Diachenko told TechCrunch.

    Town Sports pulled the server offline a short time after Diachenko contacted the company. He shared his findings exclusively with TechCrunch, which independently verified the authenticity of the data by confirming with customers details found in the spreadsheets.

    Gym chain Town Sports exposes 600,000 records of members and staff
    https://www.comparitech.com/blog/information-security/gym-chain-town-sports-exposes-personal-details-of-600000-members-staff-online-report/?=tuesday-september-22-2020

    Timeline of the exposure
    When Toivonen alerted Diachenko to the exposed database, he said the database was first seen in the wild 11 months ago on November 30, 2019.

    Diachenko sent a responsible disclosure notice to Town Sports on September 21, 2020.

    The database was secured one day later on September 22, 2020.

    We do not know if any unauthorized parties accessed the data while it was exposed, but affected customers and staff could assume as much. Our research indicates unsecured databases can be found, stolen, and attacked within just a few hours of exposure.

    Reply
  16. Tomi Engdahl says:

    DHS Admits Facial Recognition Photos Were Hacked, Released on Dark Web
    https://www.vice.com/en_us/article/m7jzbb/dhs-admits-facial-recognition-photos-were-hacked-released-on-dark-web

    Traveler’s faces, license plates, and care information were hacked from a subcontractor called Perceptics and released on the dark web.

    The Department of Homeland Security (DHS) finally acknowledged Wednesday that photos that were part of a facial recognition pilot program were hacked from a Customs and Border Control subcontractor and were leaked on the dark web last year.

    Among the data, which was collected by a company called Perceptics, was a trove of traveler’s faces, license plates, and care information. The information made its way to the Dark Web, despite DHS claiming it hadn’t. In a newly released report about the incident, the DHS Office of Inspector General admitted that 184,000 images were stolen and at least 19 of them were posted to the Dark Web.

    Reply
  17. Tomi Engdahl says:

    Even cybersecurity companies spill data and passwords
    Nobody is immune to data breaches and hacking, not even the professionals
    https://www.zdnet.com/article/even-cybersecurity-companies-spill-data-and-passwords/

    Reply
  18. Tomi Engdahl says:

    SFU ransomware attack exposed data from 250,000 accounts, documents show
    https://www.cbc.ca/news/canada/british-columbia/sfu-ransomware-attack-1.5732027

    Officials didn’t disclose number in March when personal data of students, faculty, alumni were compromised

    Reply
  19. Tomi Engdahl says:

    Blackbaud: Ransomware gang had access to banking info and passwords
    https://www.bleepingcomputer.com/news/security/blackbaud-ransomware-gang-had-access-to-banking-info-and-passwords/
    Blackbaud, a leading cloud software provider, confirmed that the
    threat actors behind the May 2020 ransomware attack had access to
    unencrypted banking and login information, as well as social security
    numbers.

    Reply
  20. Tomi Engdahl says:

    Two North American hospitality merchants hacked in May and June
    https://www.zdnet.com/article/two-north-american-hospitality-merchants-hacked-in-may-and-june/
    Visa did not share the name of the two victims but said that one
    company had three different strains of point-of-sale (POS) malware on
    its network.

    Reply
  21. Tomi Engdahl says:

    Blackbaud Says Bank Account Data, SSNs Impacted in Ransomware Incident
    https://www.securityweek.com/blackbaud-says-bank-account-data-ssns-impacted-ransomware-incident

    Documents filed by cloud software provider Blackbaud with the United States Securities and Exchange Commission (SEC) this week reveal that bank account details and social security numbers might have been affected in a ransomware attack earlier this year.

    In June 2020, Blackbaud, which is mainly known for the fundraising suites employed by charities and educational institutions, but which also offers payment services, announced publicly that it managed to stop a ransomware attack, but not before some data was stolen.

    Reply
  22. Tomi Engdahl says:

    Internet Engineering Task Force Proposes Standard for Network Time Security
    https://www.securityweek.com/internet-engineering-task-force-proposes-standard-network-time-security

    IETF Publishes New Proposal to Add Security to Network Timing

    The Internet Engineering Task Force (IETF) has published RFC8915, its proposed standard for network time security (NTS). It has been five years in the making and is designed to remedy the issues and vulnerabilities that exist in the current network time protocol (NTP).

    Accurately synchronized time between different computers over packet-switched, variable-latency data networks is essential. This becomes even more critical in the age of the fourth industrial revolution, where the accurate timing and sequence of different processes is vital. Since its launch in 1985, NTP has served this purpose well. However, over the last 35 years it has become apparent that various vulnerabilities and issues in NTP demonstrate that it requires an increased level of security. NTS is designed to provide that security.

    The existing issues affecting basic NTP include DDoS amplification, packet manipulation, and replay attacks — the last two being implemented by man-in-the-middle (MiTM) attacks that can forge messages and falsify the time.

    Reply
  23. Tomi Engdahl says:

    Internet Engineering Task Force Proposes Standard for Network Time Security
    https://www.securityweek.com/internet-engineering-task-force-proposes-standard-network-time-security

    IETF Publishes New Proposal to Add Security to Network Timing

    The Internet Engineering Task Force (IETF) has published RFC8915, its proposed standard for network time security (NTS). It has been five years in the making and is designed to remedy the issues and vulnerabilities that exist in the current network time protocol (NTP).

    Accurately synchronized time between different computers over packet-switched, variable-latency data networks is essential. This becomes even more critical in the age of the fourth industrial revolution, where the accurate timing and sequence of different processes is vital. Since its launch in 1985, NTP has served this purpose well. However, over the last 35 years it has become apparent that various vulnerabilities and issues in NTP demonstrate that it requires an increased level of security. NTS is designed to provide that security.

    The existing issues affecting basic NTP include DDoS amplification, packet manipulation, and replay attacks — the last two being implemented by man-in-the-middle (MiTM) attacks that can forge messages and falsify the time.

    Reply
  24. Tomi Engdahl says:

    Food Delivery Service Chowbus Hacked
    https://www.securityweek.com/food-delivery-service-chowbus-hacked

    Hackers compromised mobile-based Asian food delivery service Chowbus, stole customer data, and emailed victims a link pointing to the stolen data.

    Many of those who received the emails posted on Reddit, revealing that the hackers exported the database to comma-separated values (CSV) files and sent links to these CSV files to Chowbus customers.

    The service, which operates in Australia, Canada and the United States, has several hundreds of thousands of customers, all of whom appear to have been affected.

    Information in the CSV files included names, email addresses, phone numbers, addresses (city, state, zip code), rates, and addresses for the Chowbus partner restaurants.

    A total of 4,300 records were reportedly included in the CSV file for restaurants, while the file for users had 803,350 entries. The information has already been uploaded to data breach notification website Have I Been Pwned, which noted that the database included a total of 444,224 Chowbus accounts.

    Chowbus is Hacked & Leaks 800,000+ entries of Personal Data
    https://www.reddit.com/r/UIUC/comments/j5fcjp/chowbus_is_hacked_leaks_800000_entries_of/

    Reply
  25. Tomi Engdahl says:

    Ubisoft, Crytek data posted on ransomware gang’s site
    Details about hackers obtained the files remain unclear. Ransomware gang also threatened to leak the source code of Watch Dogs: Legion, an upcoming Ubisoft game.
    https://www.zdnet.com/article/ubisoft-crytek-data-posted-on-ransomware-gangs-site/?fbclid=IwAR0wmQ6rmAMl-YCklOnHjuTT_08aWKPyHIZ1HInj5k1Ae12l1x5TQCnVWYo

    Reply
  26. Tomi Engdahl says:

    Our investigations team found out that Miami-based tech company Intcomex has suffered a major data breach, with nearly 1 TB of its users’ data leaked. It was likely following a botched ransom negotiation. The leaker promised to release the rest of the stolen database over an undisclosed period of time.

    Miami-based tech company suffers massive 1TB customer and business data leak
    https://cybernews.com/security/miami-based-tech-company-suffers-massive-1tb-data-leak/?utm_source=facebook&utm_medium=cpc&utm_campaign=rm&utm_content=miami_data_leak&fbclid=IwAR0BHbgLnQm0dgcvifGprum6r-OeAUUsjEPnWmISml7NN6zBHbmlFRT75ow

    Reply
  27. Tomi Engdahl says:

    Catalin Cimpanu / ZDNet:
    Report: payment card details of 3M+ Dickey’s Barbecue Pit customers, stolen in a POS breach between July 2019 and Aug. 2020, were posted on a fraud marketplace

    Card details for 3 million Dickey’s customers posted on carding forum
    https://www.zdnet.com/article/card-details-for-3-million-dickeys-customers-posted-on-carding-forum/

    Dickey’s Barbecue Pit, the largest barbecue restaurant chain in the US, suffered a POS breach between July 2019 and August 2020.

    The card details of more than three million customers of Dickey’s Barbecue Pit, the largest barbecue restaurant chain in the US, have been posted this week on a carding and fraud marketplace known as Joker’s Stash.

    The discovery was made by Gemini Advisory, a cyber-security firm that tracks financial fraud.

    The company said it discovered the breach earlier this week after cybercriminals began advertising a massive collection of payment card details named “Blazing Sun.”

    After analyzing the data together with its financial partners, Gemini said the data appears to had been obtained after hackers compromised the in-store Point-of-Sale (POS) system used at Dickey’s restaurants.

    Gemini says hackers appear to have compromised 156 of Dickey’s 469 location

    Reply
  28. Tomi Engdahl says:

    Ubisoft, Crytek data posted on ransomware gang’s site
    https://www.zdnet.com/article/ubisoft-crytek-data-posted-on-ransomware-gangs-site/

    Details about hackers obtained the files remain unclear. Ransomware gang also threatened to leak the source code of Watch Dogs: Legion, an upcoming Ubisoft game.

    Reply
  29. Tomi Engdahl says:

    Dickey’s Barbecue Pit Investigating Possible Breach Affecting 3M Payment Cards
    https://www.securityweek.com/dickeys-barbecue-pit-investigating-possible-breach-affecting-3m-payment-cards

    A data set of millions of payment card records apparently stolen from US-based restaurant franchise Dickey’s Barbecue Pit has emerged on a Dark Web marketplace, Gemini Advisory reports.

    Reply
  30. Tomi Engdahl says:

    Barnes & Noble hit by Egregor ransomware, strange data leaked
    https://www.bleepingcomputer.com/news/security/barnes-and-noble-hit-by-egregor-ransomware-strange-data-leaked/
    The Egregor ransomware gang is claiming responsibility for the
    cyberattack on U.S. Bookstore giant Barnes & Noble on October 10th,
    2020. The attackers state that they stole unencrypted files as part of
    the attack.

    Reply
  31. Tomi Engdahl says:

    Pharma Giant Pfizer Leaks Customer Prescription Info, Call Transcripts
    https://threatpost.com/pharma-pfizer-leaks-prescription-call-transcripts/160354/
    Hundreds of medical patients taking cancer drugs, Premarin, Lyrica and
    more are now vulnerable to phishing, malware and identity fraud.

    Reply
  32. Tomi Engdahl says:

    Miami-based tech company suffers massive 1TB customer and business data leak
    https://cybernews.com/security/miami-based-tech-company-suffers-massive-1tb-data-leak/?utm_source=facebook&utm_medium=cpc&utm_campaign=rm&utm_content=miami_data_leak&fbclid=IwAR3ywNDF8qcQN1zb2xtGY-Qkxynj5Z_VrOw0FFkBgdkIQnNmnZtl_3t1FqQ

    The Miami-based “value-added solutions and technology products” company Intcomex has suffered a major data breach, with nearly 1 TB of its users’ data leaked. The leaked data includes credit cards, passport and license scans, personal data, payroll, financial documents, customer databases, employee information and more.

    Parts of the data were leaked on a popular Russian hacker forum for free, with the first part made available on September 14, 2020, and the second part on September 20. The leaker originally promised to release the entire stolen database over an undisclosed period of time.

    Reply
  33. Tomi Engdahl says:

    Psykoterapiakeskus Vastaamon kiristäjä julkaisi yöllä lisää erittäin
    arkaluontoisia potilaskertomuksia
    https://yle.fi/uutiset/3-11606925
    Psykoterapiakeskus Vastaamoa kiristävä henkilö on julkaissut yöllä
    Tor-verkossa lisää varastamiaan potilastietoja. Potilastiedoista
    ilmenee Vastaamon asiakkaiden nimet, osoitteet, henkilötunnukset ja
    potilaskertomukset.. katso myös
    https://www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/poliisi_jatkaa_epaillyn_torkean_tietomurron_tutkintaa_uhreja_pyydetaan_tekemaan_rikosilmoitus_94140?language=fi

    Reply
  34. Tomi Engdahl says:

    COVID-19 Vaccine-Maker Hit with Cyberattack, Data Breach
    https://threatpost.com/covid-19-vaccine-cyberattack-data-breach/160495/
    COVID-19 vaccine manufacturer Dr. Reddy’s Laboratories has shut down
    its plants in Brazil, India, Russia, the U.K. and the U.S. following a
    cyberattack, according to reports. In addition to shutting down
    plants, the drug-maker has isolated all data center services in order
    to apply remediations, The Economic Times reported. Citing sources, ET
    said that the company was victimized by a data breach.

    Reply
  35. Tomi Engdahl says:

    Fragomen, a law firm used by Google, confirms data breach
    https://techcrunch.com/2020/10/26/fragomen-data-breach-google-employees/?tpcc=ECFB2020

    Immigration law firm Fragomen, Del Rey, Bernsen & Loewy has confirmed a data breach involving the personal information of current and former Google employees.

    Reply
  36. Tomi Engdahl says:

    Massive Nitro data breach impacts Microsoft, Google, Apple, more
    https://www.bleepingcomputer.com/news/security/massive-nitro-data-breach-impacts-microsoft-google-apple-more/
    A massive data breach suffered by the Nitro PDF service impacts many
    well-known organizations, including Google, Apple, Microsoft, Chase,
    and Citibank. Claimed to be used by over 10 thousand business
    customers and 1.8 million licensed users, Nitro is an application used
    to create, edit, and sign PDFs and digital documents. Cybersecurity
    intelligence firm Cyble has told BleepingComputer that a threat actor
    is selling the user and document databases, as well as 1TB of
    documents, that they claim to have stolen from Nitro Software’s cloud
    service. This data is now being sold in a private auction with the
    starting price set at $80, 000. Cyble states that the
    ‘user_credential’ database table contains 70 million user records
    containing email addresses, full names, bcrypt hashed passwords,
    titles, company names, IP addresses, and other system-related data.

    Reply
  37. Tomi Engdahl says:

    EXCLUSIVE: Medical Records of 3.5 Million U.S. Patients Can be Accessed and Manipulated by Anyone
    https://www.securityweek.com/exclusive-medical-records-35-million-us-patients-can-be-accessed-and-manipulated-anyone

    More Than 2 Petabytes of Unprotected Medical Data Found on Picture Archiving and Communication System (PACS) Servers

    The results of 13 million medical examinations relating to around 3.5 million U.S. patients are unprotected and available to anyone on the internet, SecurityWeek has learned. This is despite the third week of this year’s National Cybersecurity Awareness Month (week beginning 19 October 2020) majoring on ‘Securing Internet-Connected Devices in Healthcare’.

    The details were disclosed to SecurityWeek by Dirk Schrader, global vice president at New Net Technologies (NNT — a security and compliance software firm headquartered in Naples, Florida). He demonstrated that the records can be accessed via an app that can be downloaded from the internet by anyone. The records found are in files that are still actively updated, and provide three separate threats: personal identity theft (including the more valuable medical identity theft), personal extortion, and healthcare company breaches.

    Schrader examined a range of radiology systems that include an image archive system — PACS, or picture archiving and communication system. These contain not only imagery but metadata about individual patients. The metadata includes the name, data of birth, date and reason for the medical examination, and more. Within a hospital, the imaging systems (X-rays, MRIs etc) are also stored in the PACS. The treating physician needs ready access to the images to confirm the current treatment. Schrader simply used Shodan to locate systems using the DICOM medical protocol. Individual unprotected PACS systems within the return of 3,000 servers were located manually. One, for example, contained the results of over 800,000 medical examinations, probably relating to about 250,000 different patients.

    Reply
  38. Tomi Engdahl says:

    Deloitte’s ‘Test your Hacker IQ’ site fails itself after exposing database user name, password in config file
    Security quiz site created by advisors includes inadvertent bonus round
    https://www.theregister.com/2020/11/05/deloitte_hacker_test/

    Reply
  39. Tomi Engdahl says:

    Millions of marijuana growers hit in major data breach
    https://www.techradar.com/news/millions-of-marijuana-growers-hit-in-major-data-breach

    Members of GrowDiaries may have had their credentials exposed

    Reply
  40. Tomi Engdahl says:

    23,600 hacked databases have leaked from a defunct ‘data breach index’ site
    Site archive of Cit0day.in has now leaked on two hacking forums after the service shut down in September.
    https://www.zdnet.com/article/23600-hacked-databases-have-leaked-from-a-defunct-data-breach-index-site/

    More than 23,000 hacked databases have been made available for download on several hacking forums and Telegram channels in what threat intel analysts are calling the biggest leak of its kind.

    The database collection is said to have originated from Cit0Day.in, a private service advertised on hacking forums to other cybercriminals.

    Cit0day operated by collecting hacked databases and then providing access to usernames, emails, addresses, and even cleartext passwords to other hackers for a daily or monthly fee.

    Cybercriminals would then use the site to identify possible passwords for targeted users and then attempt to breach their accounts at other, more high-profile sites.

    Reply
  41. Tomi Engdahl says:

    Billions of stolen credentials from defunct breach index site leaked online
    https://siliconangle.com/2020/11/04/billions-stolen-credentials-defunct-breach-index-site-leaked-online/

    More than 23,000 hacked databases covering billions of credentials have been leaked from a now-defunct breach index site and are being offered for download on hacking forums and Telegram.

    The data came from Cit0Day, a website that was offering the databases for sale to hackers for a monthly fee. Cit0Day ceased operations in September. An archived snapshot of its website showed a notice that it had been seized by the U.S. Federal Bureau of Investigation pursuant to a warrant issued in California.

    The hacked database may have been leaked by one of the operators of the site following its closure. The data from Cit0Day is said to total 50 gigabytes and 13 billion records from 23,618 databases. The majority of the databases are from companies known to have had credentials stolen previously, but cumulatively the data is arguably the biggest leak of its kind to date.

    According to TechNadu, spammers and credential-stuffing hackers have already started using the databases and the email addresses in cybercrime campaigns and it’s likely that a more sophisticated and specific-targeting cybercrime wave using the data will rise in the future.

    “The archive’s most dangerous parts are those concerning smaller sites that never bothered to disclose any security incidents or never realized them,” TechNadu noted. “These sites aren’t using strong hashing algorithms and salting for the user passwords, so the credentials are in plain-text form.”

    https://www.technadu.com/massive-breach-index-data-archive-leaked-online/222442/

    Reply
  42. Tomi Engdahl says:

    7,500 educational organizations hacked, access being sold on Russian hacker forums
    https://cybernews.com/security/7500-educational-organizations-hacked-access-being-sold-on-russian-hacker-forums/?utm_source=facebook&utm_medium=cpc&utm_campaign=rm&utm_content=hacked_7500&fbclid=IwAR32zzQCIKPHH2BP78UePYxVkmglcZm3FP1ljvQjpSOvqBHXF-xXZv9Mm8g

    Network access to 7,500 organizations is being sold by a threat actor on multiple Russian hacker forums. According to the listings posted on October 3 and October 26, these mainly include educational organizations. However, the package also appears to include access to corporate networks from other verticals, such as entertainment and the bar industry.

    The seller offers “convenient access” to the 7,500 compromised networks located in the USA, Canada, and Australia via Remote Desktop Protocol (RDP) and claims to be the sole cybercriminal in possession of the network access.

    the initial bid for the entire package starting at 25 BTC (roughly $330,000) and the “Buy now” option at 75 BTC (about $1,000,000).

    Those with the Bitcoin to spare would be able to exploit the thousands of vulnerable systems in a variety of ways. This includes using the powershell, managing files, editing the registry, and changing administrator rights, as well as planting malware or installing ransomware across the compromised networks.

    Network access listings like these are becoming increasingly popular on hacking forums as of late, with the number of similar ads effectively tripling in September 2020 alone.

    RDP: the number one intrusion vector for ransomware gangs

    Remote Desktop Protocol, a proprietary protocol designed to share files across multiple devices in a network, is infamous for being rife with security holes, including the BlueKeep vulnerability (CVE-2019-0708), that make RDP exceptionally easy to exploit for threat actors.

    BlueKeep is particularly concerning because it is “wormable,” which means that it can spread automatically, without the user initiating the process. In fact, vulnerabilities like BlueKeep put Remote Desktop Protocol as the most popular intrusion vector for attackers and “the source of most ransomware incidents in 2020,” despite the fact that this critical vulnerability was found more than a year ago.

    The cost of clicking “Remind me tomorrow” for 18 months in a row
    Between the sharp rise in attacks targeting RDPs, the surprising growth of the ransomware “industry,” and the overall surge of cybercrime over the past several years, organizations now have a rapidly dwindling supply of excuses for getting their networks compromised due to ancient vulnerabilities, which is the direct result of not keeping their systems up to date.

    Reply
  43. Tomi Engdahl says:

    BigBasket faces data breach; details of 2 crore users put on sale on dark web
    2 min read . 05:56 AM IST
    Prasoon Srivastava , PTI
    https://www.livemint.com/companies/news/bigbasket-faces-data-breach-details-of-2-crore-users-put-on-sale-on-dark-web-11604794339735.html

    BigBasket has filed a police complaint in this regard with Cyber Crime Cell in Bengaluru and is verifying claims made by cyber experts
    Cyble said that a hacker has put data allegedly belonging to BigBasket on sale for around ₹30 lakh

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*