Hundreds of data breaches manage to steal confidential information from companies every day. The adversaries seem to be a step ahead of even the phishing prevention best practices. Hence, learning from past security incidents and improving one’s cyber defense is the key to a safe digital environment. The following are this week’s top cyber headlines
Data Breach At Razer Exposes 100,000 Customers Records
A recent data breach at Razer exposed the records of an estimated 100,000 of its customers. The breach was discovered by cybersecurity researcher Bob Diachenko who said that the data was publicly available on Razer’s Elasticsearch cluster since 18th August 2020. The exposed details included the full name, email, phone number, internal customer ID, order number, order details, and billing and shipping address.
It was after three weeks of Diachenko’s notification that Razer had fixed the server misconfiguration. They said that no credit card information, passwords, or other sensitive data were exposed. Razer claims to have taken measures for protection against phishing and soon reviewed its IT security and systems.
Ransomware Hits Fairfax County Public Schools (FCPS)
One of the largest school districts of the US – Fairfax County Public Schools (FCPS), recently underwent a ransomware attack that has affected the records of a majority of its students and employees. Although the school’s distance learning and remote learning program have not been affected, attacks on schools have become rampant and dangerous.
However, the FCPS has reassured everyone of its approach to such adversities and vows to adopt all necessary anti-phishing solutions to prosecute the guilty. The institute has collaborated with the FBI and hopes to revive from the attack soon. Maze ransomware operators have claimed ownership for the attack on FCPS.
Ransomware Hits Development Bank of Seychelles (DBS)
The Central Bank of Seychelles (CBS) was notified on 9th September of a ransomware attack that the Development Bank of Seychelles (DBS) recently underwent. Although CBS hasn’t informed much about the nature of the attack or the types of customer information compromised, it has urged DBS to keep its clients and stakeholders updated about the incident.
DBS has launched an investigation and adopted necessary anti-phishing measures. It shall disclose further details as soon as the investigations uncover more information.
Data Breach Hits Retail Giant Staples
Ever since a security incident in 2014, the retail giant Staples has managed to keep out of headlines for similar incidents. However, a recent data breach at the company has affected some of its customers’ order information. Staples hasn’t released any public notice about the same and has sent out individual emails to those affected by its system’s unauthorized access.
The breach occurred around 2nd September and affected a limited amount of customer data, which Staples categorizes as non-sensitive customer order data. This is to say that the names, addresses, email addresses, phone numbers, last four digits of credit card, order details, etc., have been stolen, and account or payment details remain unaffected. But the adversaries can still use these details to launch spear-phishing attacks on individuals with poor knowledge of phishing prevention.
Public Health Wales Accidently Makes COVID Patients’ Details Public
The Public Health Wales recently notified of its security blunder, which exposed the personal data of around 18,105 Welsh COVID patients. The data was uploaded online (due to a human error) on the afternoon of 30th August and remained online for 20 hours before it was finally deleted on 31st August. The exposed data included the initials, dates of birth, geographical area, and gender for 16,179 people, and the names of the nursing homes occupied for 1,926 people.
Although not much can be done with these details, the data was viewed 56 times by unknown users in the 20 hours that it was online. All Wales residents who tested Covid-19 positive between 27th February and 30th August had their details posted online. Public Health Wales is full of regret for its failure in protecting the interests of the citizens of Wales and is taking necessary anti-phishing protection measures to prevent such incidents in the future.
Data Breach Hits Department Of Veterans Affairs (VA)
The Department of Veterans Affairs (VA) recently underwent a data breach which affected the details of about 46,000 veterans. The adversaries used social engineering techniques to illegally access the application of the VA Financial Services Center (FSC). They then diverted the VA payments of healthcare providers for the US veterans’ medical treatment and possibly compromised the Social Security numbers and other veterans’ details.
The FSC is adopting phishing attack prevention measures and has notified individuals about the breach. They have also extended free credit monitoring services to victims. Besides, they have brought down the compromised FSC app and shall reinstate it only after reviewing its security.
Zoom Introduces Two-Factor Authentication (2FA)
The video calling platform Zoom, which was banned for its security concerns, has been working on its phishing protection service ever since, and its newest development is the two-factor authentication (2FA).
Zoom’s 2FA is available to all users across its web, desktop, and mobile applications, irrespective of whether they own paid or free accounts. The 2FA enables admins and organizations to protect their users from adversaries online. The following are the features available for users:
- Use of authentication apps supporting Time-Based One-Time Password (TOTP) protocol (Google Authenticator, Microsoft Authenticator, FreeOTP, etc.).
- Automated codes are sent by Zoom via SMS or phone call.
- Use of recovery codes to access accounts in case of stolen or lost devices.
Lockbit Launches Data-Leak Site
What ransomware operators are doing these days is to steal the data encrypted in their attacks and sell it later on the dark web, even after their ransom has been paid. The LockBit ransomware gang has recently launched its data leak site to host similar sellings of data stolen from attacks.
The data leak site currently contains two victims’ data – an automation parts manufacturer and a shipping company.
Major Automated Hack On Magento Stores
Magento stores running its first version for which End-of-Life (EoL) was announced back in June 2020, are undergoing an automated Magecart hack. In one of the most massive hacks, thousands of e-commerce stores with Magento are facing a unique skimmer.
Ten stores were infected with the credit card skimming script on 11th September 11, followed by 1,058 site hacks on the second day, 603 hacks on the third, and 233 on 14th September. The adversaries used the Magento Connect feature for downloading and installing malicious files. As per reports, the hack was facilitated by a zero-day vulnerability sold online by a threat actor named z3r0day in August.