Cyber threats are becoming more prevalent and are affecting organizations of all sizes and industries. With the ever-increasing amount of sensitive information being stored online, the consequences of a cyber attack can be severe for both individuals and businesses. Here are this week’s top headlines to keep you informed about the latest security incidents and data breaches.
Eurostar Forces Its Users To Do ‘Password Resets’ — Fails And Locks Them Out
Eurostar, the International high-speed rail operator, e-mailed its users this week and insisted they reset their account passwords to “upgrade” security. But users who clicked on the password reset link encountered “technical problems,” making it impossible to log in or reset their accounts. Eurostar is famous for connecting the United Kingdom to Belgium, Netherlands, and France, with most trains passing through the Channel Tunnel.
Eurostar password reset bug locks passengers out.
Eurostar e-mailed all its customers this week and forced them to reset their account passwords as the railway operator claimed it was “busy” upgrading account security for all users. “You must reset your password to continue using your Eurostar account,” reads the e-mail. “You must update your Eurostar mobile app to the latest version.”
However, following the instructions and clicking the “reset password” link does not solve anything. Instead, users receive the following error:
“Sorry, we’re facing a few technical problems and cannot send the e-mail currently. Please try again.”
Attackers Launch a Backdoor Attack Targeting 11,000 WordPress Sites
Sucuri researchers reported a backdoor that successfully infected about 11,000 websites in recent months. Following are the details shared by the researchers in their technical report. Sucuri researchers identified over 75 pseudo-short URL domains in the past two months and linked them with redirected traffic.
They noted that most malicious URLs belonged to the same URL-shortening service, and some mimicked the names of popular link-shortening services like Bitly.
The visitors get redirected to a few low-quality websites designed on the Question2Answer CMS, discussing cryptocurrency or blockchain-related topics.
Backdoor Redirect Victims to Hacked Sites
Sucuri’s researchers say the backdoor redirects victims to sites showing fraudulent views of Google AdSense ads. Sucuri’s SiteCheck remote scanner detected over 10,890 infected sites, and the researchers claimed the activity intensified recently, with hackers disguising 70 new malicious domains as legitimate in 2023.
Sucuri’s researchers said all the infected websites were using WordPress CMS.
Hackers Target Bahrain Airport, News Agencies to Mark Uprising
A group labeling itself Al-Toufan, or “The Flood” in Arabic, said they hacked the airport’s website, which was down for about half an hour during the day. Furthermore, the group claimed responsibility for targeting the state-run Bahrain News Agency.
The group said the hacking was to support the revolution of Bahrain’s oppressed people and posted images with 504 Gateway Timeout Errors. The same attackers’ group hacked and altered articles on Akhbar Al Khaleej’s website (Bahrain’s pro-government newspaper) hours earlier.
The authorities refused any immediate comment. Bahrain’s Shiite majority started long-running protests against the Sunni monarchy on February 14, 2011. Bahrain took the support of the United Arab Emirates and Saudi Arabia to quash the rebellion, but the movement has not died down.
Authorities have deported Shiite activists, imprisoned others, stripped many of their citizenship, and shut down a leading independent newspaper.
Pepsi Bottling Ventures Becomes a Data Breach Victim, and Hackers Download Confidential Information.
Pepsi Bottling Ventures LLC became the latest victim of a data breach resulting from a network intrusion that led to the installation of information-stealing malware.
The hackers then extracted crucial data from its IT systems. Pepsi Bottling Ventures, the largest Pepsi-Cola beverages bottler in the United States, manufactures, distributes, and sells popular consumer brands. It operates 18 bottling facilities across Virginia, Maryland, North, South Carolina, and Delaware.
27-day exposure window The company filed a security incident notice with Montana’s Attorney General’s office explaining that the company’s systems were breached on December 23, 2022. But, it discovered the breach on January 10, 2023, or 18 days later, and the remediation took even longer.
The notice reads, “Based on our preliminary investigation, a malicious party accessed [our internal IT systems] around December 23, 2022, installed malware, and accessed certain information on our IT systems,”.
The following information may have been impacted:
- Full name
- Home address
- Financial account information (passwords, PINs, access numbers)
- State and Federal driver’s license numbers and government-issued ID numbers
- ID cards
- Social Security Numbers (SSNs)
- Passport information
- Digital signatures
- Information linked to benefits and employment (medical history and health insurance claims)
Indian Social Media App Slick Exposes Children’s Data
An emerging Indian social media app left an internal database publicly exposed to the internet for months. The database contained users’ personal information, including details of school-going children.
Since December 11, a database containing full names, dates of birth, mobile numbers, and profile pictures of Slick users has been available online without a password. Slick, available on Android and iOS, works like Gas, a popular US compliments-based app. It also allows school and college-going students to talk with and about their friends anonymously.
Security researcher Anurag Sen working with CloudDefense.ai discovered the exposed database and approached TechCrunch to help report the incident to the social media startup.
After TechCrunch reached out to Slick on Friday, it secured the database. Due to a misconfiguration, any user familiar with the database’s IP address could access it, which contained entries of over 153,000 users. TechCrunch also discovered that hackers could access the database through an easy-to-guess subdomain on Slick’s website.
Android Mobile Devices From Top Chinese Vendors Coming With Preinstalled Malware – A Study
Today, China has the largest number of Android device users. However, a recent study by researchers from the Trinity College of Dublin and the University of Edinburgh revealed that popular Android devices sold in the country come loaded with spyware.
The researchers performed static and dynamic code analysis to study the data transmitted by Android smartphones’ pre-installed system apps. The experts analyzed three of the most popular Chinese vendors – Xiaomi, OnePlus, and Oppo Realme and discovered several systems, third-party and vendor apps with dangerous privileges.
The apps could stealthily exfiltrate user and device information, including system info, user profiles, social relationships, geolocation, and call history.
The researchers observed that the analyzed smartphones sent data to the Chinese mobile network operators (China Mobile and China Unicom) and device vendors. Additionally, the smartphones were beaming the data even if the listed operators did not provide any service to the device.
Thus, the experts concluded that malicious software puts users’ privacy at risk, and one can use it to spy on users and unmask their identities. Furthermore, they pointed out that the preinstalled software exposes users who leave the country to surveillance.
Mount Saint Mary College Confirms Ransomware Attack
Mount Saint Mary College – a New York liberal arts college– acknowledged it suffered a ransomware attack in December after attackers publicly shared the incident’s details this week. The Vice Society ransomware group, famous for various attacks on K-12 schools, colleges, and universities, claimed they attacked the school on Wednesday.
When asked for comment, a Mount Saint Mary College representative directed The Record to a recent statement where the school mentions it detected and stopped an attack on December 20, 2022.
The cybercriminals accessed and disabled some of the school’s systems, leading to officials disconnecting part of the affected network before hiring phishing protection specialists to guide with the response.
“After learning about the incident, the college notified law enforcement quickly, including the FBI. Furthermore, following recommendations from the FBI, the college refused to comply with a ransom demand from the group,” the school said.
Hackers Abuse PayPal And Twitter in Turkey Relief Donation Scams
Scammers are exploiting the current humanitarian crisis in Turkey and Syria – stealing donations by abusing legitimate PayPal and Twitter.
Recently, high-magnitude earthquakes claimed over 15,000 lives, disrupted network connectivity, and caused extensive infrastructural damage across the Middle East and Mediterranean region. As the government, charity organizations, and businesses stepped up to raise funds and aid victims, threat actors wasted no time in targeting unsuspecting donors.
Fundraising scam abuses PayPal.com.
BleepingComputer identified multiple scams on Twitter abusing legitimate platforms like PayPal’s fundraising pages. The attackers create convincing scam websites and target donors hoping to aid earthquake victims.
One of the scams labels itself on Twitter as a “Turkey Earthquake Relief.” The account frequently retweets updates from government officials and established news outlets to lend itself credibility. Such scams are especially convincing because cybercriminals use trustworthy payment platforms like PayPal instead of a separate scam or phishing domain.