A phishing attack at an organization can push all associated customers, business partners, and employees towards cyber threats that can have long-lasting and life-altering implications. Hence, it is the responsibility of business owners to ensure phishing attack prevention at all times. The following headlines are about the latest cyberattacks that have compromised the personal information of millions:

Cyber Attack Hits Swinburne University Of Technology

The Swinburne University of Technology in Australia recently discovered one of its databases online. The database contained event registration information for multiple events from 2013 to the present day. The exposed data included the names, email addresses, phone numbers of approximately 5,200 Swinburne staff and a hundred Swinburne students, and some 200 external parties and individuals who registered for the events.

As part of its phishing protection measures, the university has informed the Victorian Education Department, the Office of the Victorian Information Commissioner (OVIC), the Australian Information Commissioner (OAIC), and the Tertiary Education Quality and Standards Agency (TEQSA). Further, it has brought down the web page and is investigating other similar university sites for breaches. The university apologized and extended support to those affected by the breach and reached out to the 200 individuals outside Swinburne whose details were compromised.

 

Supply Chain Attack Hits Codecov

A supply chain attack recently hit the code statistics solutions and code testing provider Codecov. The attackers had been exploiting a vulnerability in the Docker image creation process in Codecov’s product Bash Uploader. The attackers compromised the Bash Uploader script on 31st January and added a credentials harvester to it. Consequently, the adversaries intercepted all code coverage reports submitted for analysis and extracted user credentials.

Codecov discovered the breach on 1st April and has been taking anti-phishing measures since then. It has collaborated with a forensics firm to investigate the breach and is sending out alerts and notifications to customers. The Codecov customers include GoDaddy, P&G, the Washington Post, Atlassian, Tile, Webflow, and Dollar Shave Club. While the Bash Uploader script alone is affected, the impacts can be seen in other products embedded in the script. These include the Codecov Bitrise Step, the Codecov-actions uploader for Github, and the Codecov CircleCl Orb. All Codecov customers who used these tools are advised to take measures to prevent phishing attacks.

 

Cyberattack Hits the University Of Hertfordshire 

The University of Hertfordshire recently underwent a cyberattack that brought down its entire IT system. All cloud-based services, the email system, the Wi-Fi network, and the student portal went down abruptly on 14th April. The students also complained of disruption in accessing the Office 365 services like Teams and services like Zoom and Canvas.

As part of its anti-phishing protection measures, the university published a post on its website informing everyone of the breach. It ensured students that the IT team is working hard to restore systems as soon as possible. The university also notified that all classes stand canceled for 15th April and that pending assignments and late submissions caused thereof will not affect learners’ grades.

 

Indian Company Bizongo Leaves 643 GB Data Unprotected Online

The Indian online packaging giant Bizongo recently left a misconfigured AWS S3 data bucket unprotected online. Almost anyone on the internet could easily access the vast treasure trove of customer data stored on this Bizongo bucket.

Researchers at Website Planet discovered this breach in December last year and contacted Bizongo immediately. The company took measures for protection against phishing and secured the data bucket. While the bucket remained public, it exposed over 2,532,610 files (643GB of data). The compromised details include the names, billing and delivery addresses, phone numbers, tracking ids, and user’s financial information.

 

Data Breach At Parkmobile

Popular North American mobile parking app ParkMobile underwent a cyberattack that exposed the personal information of 21 million customers. ParkMobile claims that the adversaries exploited a vulnerability in third-party software it uses because of which the license plate numbers, hashed passwords, and other user details have been exposed. The app clarified that basic account information of users, such as their license plate numbers, and optional information such as email addresses, phone numbers, and vehicle nicknames (if provided by users) were leaked in the breach.

The app announced that it takes phishing prevention very seriously and doesn’t store passwords, social security numbers, driver’s license numbers, or parking and user’s location history. It uses a one-way password hashing algorithm called bcrypt to protect user passwords, and it’s only the bcrypt keys that the hackers could access. While there is no immediate risk for users, ParkMobile still advises them to take measures to protect themselves from phishing and change their account passwords.

 

Ransomware Hits Albert Heijn’s Key Logistics Supplier

Albert Heijn – the largest supermarket chain in the Netherlands, recently experienced a shortage of supplies caused by a ransomware attack on its key logistics supplier Bakker Logistiek. The adversaries reportedly exploited the ProxyLogon vulnerability in Bakker Logistiek’s Microsoft Exchange Server.

The attack brought down Bakker Logistiek’s IT system, and it had to resort to pen and paper to fulfill pending orders. With reduced efficiency owing to manual maintenance, food supplies were greatly affected. There was a particular disruption in the delivery of packaged cheese.  Albert Heijn informed customers of the security incident by posting about it on its website. It ensured them that the logistics service provider (Bakker Logistiek) was adopting the phishing prevention best practices to try and restore availability at the earliest. Bakker Logistiek hasn’t disclosed its intentions on paying the ransom; however, it notified that the systems were gradually being restored and that stocks are getting shipped again.

 

Joker Infected Malicious Apps Target Huawei Android Users

Until recently, ten apps infected with the Joker malware were actively running on the official Android store applications for Huawei users. Consequently, over 538,000 Huawei users downloaded these seemingly harmless apps from the AppGallery that let the adversaries use command and control servers to download configurations and additional components on user devices.

The malicious apps were not discovered because they retained their advertised functionality while subscribing to premium mobile services. The malicious apps requested access to SMS and notifications and intercepted all confirmation codes sent by the subscription service to evade anti-phishing tools. The infected apps included the New 2021 Keyboard, Super Keyboard, All-in-One Messenger, Color RollingIcon, Fun Color, Happy Colour, Funney Meme Emoji, BeautyPlus Camera, Camera MX – Photo Video Camera, and Happy Tapping. These apps could subscribe users to a maximum of five services. While Huawei has removed these apps, all users who have downloaded the app(s) already need to run a manual cleanup for security.