Cyberattacks are never stopping, and our awareness of the latest attack trends should not stop either. Following are this week’s major cyber news headlines to help you better plan your organizational anti-phishing measures:
Unpatched Vulnerability Detected in RainLoop
The open-source RainLoop web-based email client has recently discovered a high-severity vulnerability in its application that can be exploited to access victims’ mailboxes. All the adversaries need to do is send a malicious email to any RainLoop user. Opening the email allows attackers to gain complete access to the victim’s session and steal all the emails, including sensitive information like passwords, password reset links, documents, etc.
Tracked as CVE-2022-29360, the RainLoop vulnerability affects its latest version RainLoop v1.16.0, released on 7th May, 2021. The flaw is reportedly related to a stored cross-site-scripting (XSS) vulnerability in RainLoop. These stored XSS flaws occur when adversaries inject a malicious script into a target web application’s server via user input.
The security researchers who identified the RainLoop flaw had notified the RainLoop operators of the vulnerability back in November. Still, the company failed to patch the bug until after four months. Until a patch is launched, RainLoop users are advised to switch to the RainLoop fork called SnappyMail, which stands unaffected by the cybersecurity issue.
Third-Party System Hack Affects Sunwing Airlines’ Passengers
Passengers flying with the Canadian airline Sunwing Airlines Inc had to face at least four days of flight delay recently owing to the hack of one of its third-party-owned systems. The hacked system functioned without interruptions for the longest time and was used for check-in and boarding purposes. However, the breach has left the personal information of thousands of passengers and employees at risk. The government agencies are restricting the system from resuming its operations until the breach is fixed properly.
Consequently, Sunwing passengers are facing flight delays – while some remain stranded in foreign lands, others are having to delay their vacations. Sunwing Airlines regrets the inconvenience caused to everyone and is currently checking-in passengers manually for all flights. The airline also expects more delays in the coming days and apologizes to passengers for the delay caused by the lack of phishing prevention measures with the third-party service provider.
Data Breach Hits Contra Costa County
Between July and August 2021, unauthorized parties accessed some of the Contra Costa County employee email accounts, which may have exposed citizens’ personal details. The county officials are now sending out breach notification letters to potential victims. Investigations into the breach were finally completed on 11th March 2022, and therefore the notification letters to victims were sent out from 15th April.
Reportedly, the attacker accessed the employee email accounts between 24th June and 12th August 2021. However, there is no evidence to prove whether the adversaries downloaded any emails or attachments. Since it’s most likely that the adversary downloaded the confidential information stored on those email accounts, the county is offering free credit monitoring services to eligible individuals. The compromised information could include the names, driver’s licenses, social security numbers, passport numbers, financial account numbers, health insurance details, or medical information of employees and individuals who wrote to the county’s Employment and Human Services Department. As part of its measures for protection from phishing attacks, the county has also set up a toll-free call center to address the concerns of the affected individuals.
Beanstalk Farms Loses $180 Million to DeFi Protocol Breach
The Ethereum-based stablecoin protocol, Beanstalk Farms, recently endured a loss of more than $180 million owing to a cyberattack. Consequently, the price of its native currency, BEAN, went down by over 80% in mere minutes. The attack took place within a few hours of announcing that Beanstalk Farms had attracted over $150 million in TVL. Soon after detecting the attack, Beanstalk adopted its measures to prevent phishing attacks, but the adversaries had already stolen around $80 million worth of cryptocurrencies.
The adversaries exploited a flash loan-assisted pass of BIP18 that the DeFi platform had submitted just one day ago. The adversaries deposited the stolen funds to TornadoCash and donated 250,000 USDC to the Ukraine Crypto Donation wallet. While one can’t comment on the morality of the adversaries, it is amusing to note that the BEAN currency, which once had a $1pegged price, has now been brought down to $0.2.
Data Breach at McDonald’s Costa Rica
A data breach recently hit the Costa Rica outlet of McDonald’s. Consequently, private client information of its Costa Rica customers was compromised. As part of its anti-phishing protection measures, McDonald’s informed all clients that their personal information, such as names, addresses, contact numbers, marital status, identity numbers, etc., might have been exposed.
The fast-food outlet advised customers to look out for any phishing attempts or suspicious texts from McDonald’s that may ask for additional personal details or fund transfers. In a breach notification, McDonald’s mentioned that one of its providers was compromised, which allowed adversaries to access client information. Soon after detecting the breach, McDonald’s notified local legal authorities of the violation. It is advised that customers change their passwords frequently and look out for suspicious emails.
Data Breach at Newman Regional Health
A data breach recently hit the Newman Regional Health (NRH), which compromised the sensitive information of 52,000 patients. The adversaries accessed a fixed number of employee email accounts between 26th January 2021 and 23rd November 2021. While NRH may not be a massive enterprise, it defines itself as a clinic with an excellent reputation nationally and within the state.
While an FAQ on the incident was created, it does not mention when the unauthorized access was first discovered; or why it went on for so long without detection. The stolen information may have included patients’ names, addresses, contact numbers, DOBs, medical records, email addresses, insurance information, health treatment details, etc. In the case of NRH employees, the compromised details could include their employee information or an individual’s receipt of services. Currently, NRH is in the process of notifying the affected individuals of the breach. The hospital has assured that it is taking necessary phishing attack prevention measures to prevent such attacks from happening in the future.
Cyberattack Hits Wyandotte County and Kansas City Governments
The Unified Government of Wyandotte County and Kansas City recently underwent a cyberattack that targeted its data centers. Since attacks on city governments can disrupt more operations than we can imagine, the UG is taking quick measures to contain the spread of the breach. It is working with the FBI, the U.S. Department of Homeland Security, and the Mid-America Regional Council cybersecurity task force to get to the roots of the attack.
As part of its anti-phishing solutions, the UG is trying to find the nature of the data compromised in the incident. Those interested in further details on the cyberattack are advised to call 311 or visit the UG’s website.
Hackers Exploit a Patched Windows Print Spooler Flaw
Microsoft fixed a security flaw in the Windows Print Spooler component in February 2022, and despite that, adversaries are actively exploiting the vulnerability. CISA has warned about this flaw in its Known Exploited Vulnerabilities Catalog and demands Federal Civilian Executive Branch (FCEB) agencies fix the issue by 10th May 2022.
With a CVSS score of 7.8, the security flaw (tracked as CVE-2022-22718) is one of the four privilege escalation flaws detected in the Print Spooler and patched as part of Microsoft’s Patch Tuesday updates on 8th February, 2022. The fact that a patched vulnerability is being exploited in the wild speaks a lot about whether the patches we get for our systems are effective!