Daily Cybersecurity Wire – January 25, 2024
| Daily Cybersecurity Wire |
| January 25, 2024 |
NEW DEVELOPMENTS
| Global Retailer BuyGoods.com Leaks 198GB of Internal and User PII, KYC data |
| Source: Hack Read |
| A misconfigured cloud database on BuyGoods.com, a worldwide e-commerce marketplace and business management platform, unintentionally exposed 198.3 gigabytes of sensitive data. Invoices, refund transactions, affiliate payouts, and extremely sensitive Know Your Customer (KYC) and Personally Identifiable Information (PII) were among the exposed data. Customers’ passports, licenses, selfies, and unredacted credit card information were all included in the records. The database’s open access without security authentication could lead to identity theft and financial fraud for impacted users. |
| Article Link |
| HPE: Russian hackers breached its security team’s email accounts |
| Source: Bleeping Computer |
| Hewlett Packard Enterprise (HPE) revealed a breach by suspected Russian hackers, Midnight Blizzard (APT29), who gained unauthorized access to HPE’s Microsoft Office 365 email environment in May 2023. The breach, discovered on December 12, 2023, affected a small percentage of mailboxes, including those in cybersecurity and business segments. While the incident reportedly had no operational impact, HPE is working with experts and law enforcement. Midnight Blizzard, associated with the SolarWinds attack, is known for cyber espionage. HPE experienced similar breaches in 2018 and 2021. |
| Article Link |
| Jason’s Deli says customer data exposed in credential stuffing attack |
| Source: Bleeping Computer |
| American restaurant chain Jason’s Deli issued a data breach warning to customers, revealing that their data was exposed in a credential stuffing attack. The attack occurred on December 21, 2023, and reportedly used credentials obtained from other sources. The exposed information includes names, addresses, phone numbers, birthdays, and more–depending on the customer’s online profile. While Jason’s Deli detected various account access attempts, the number of impacted accounts remains unknown. The company advises affected users to reset their passwords and encourages password uniqueness across online platforms. |
| Article Link |
| Tesla hacked, 24 zero-days demoed at Pwn2Own Automotive 2024 |
| Source: Bleeping Computer |
| Security researchers demonstrated 24 zero-day exploits and successfully hacked a Tesla Modem on the first day of Pwn2Own Automotive 2024, earning awards totaling $722,500. The Synacktiv Team showcased their expertise by exploiting three zero-day bugs on the Tesla Modem and two unique two-bug chains on other EV stations. The contest focuses on various automotive technologies, including in-vehicle infotainment systems, electric vehicle chargers, and car operating systems. |
| Article Link |
| A ransomware attack against the Finnish IT services provider Tietoevry disrupted the services of some Swedish government agencies and shops. |
| Source: Security Affairs |
| Tietoevry, a Finnish IT services provider, experienced a ransomware attack affecting services for Swedish government agencies and businesses. The Akira ransomware incident targeted a data center in Sweden, impacting the managed Payroll and HR system and leading to disruptions in online services. Tietoevry is actively addressing the incident, notifying affected parties, and working to restore services. The complete restoration process may extend over several days or weeks. |
| Article Link |
VULNERABILITIES TO WATCH
| Over 5,300 GitLab servers exposed to zero-click account takeover attacks |
| Source: Bleeping Computer |
| Over 5,300 GitLab servers are exposed to a critical zero-click account takeover flaw (CVE-2023-7028), allowing attackers to manipulate password reset emails. Despite GitLab’s patches, these instances are at risk of supply chain attacks, code disclosure, API key leaks, etc. Most vulnerable servers are in the United States, Germany, Russia, and China. Admins are urged to patch immediately, rotate credentials, enable two-factor authentication, and check for signs of compromise. |
| Article Link |
SPECIAL REPORTS
| Organizations invest more in data protection but recover less |
| Source: Help Net Security |
| According to Veeam Software, organizations will raise data protection investment in 2024 to improve cyber resilience in the face of escalating threats like ransomware. Despite increased investment, a poll found that just a small minority of businesses feel they can recover from a crisis, even a minor one, in under a week. Cyberattacks remain the leading cause of business interruptions, with 76% of firms reporting attacks in the previous year. While this figure has fallen from 85% in 2023, recovery concerns remain, with only 13% confidence in orchestrating recovery amid a crisis. |
| Article Link |
| WaterISAC: 15 Security Fundamentals You Need to Know |
| Source: Tripwire |
| WaterISAC has issued 15 security fundamentals for water utilities in response to recent cyberattacks. These fundaments emphasize proactive measures, which include: asset inventory, risk assessment, control system exposure reduction, user access controls, physical access restriction, cyber-physical safety systems, vulnerability management, digital security culture, security policies, threat detection, incident response plans, insider threat management, supply chain security, smart device configuration, and participation in information-sharing communities. |
| Article Link |