InfoSec and Compliance – With 20 years of blogging experience, DISC InfoSec blog is dedicated to providing trusted insights and practical solutions for professionals and organizations navigating the evolving cybersecurity landscape. From cutting-edge threats to compliance strategies, this blog is your reliable resource for staying informed and secure. Dive into the content, connect with the community, and elevate your InfoSec expertise!
In November, we discovered 81 publicly disclosed cyber security incidents, accounting for 223,615,390 breached records.
With one month left in 2021, the annual total running total of compromised records is to just shy of 5 billion.
Keep an eye out for our end-of-year report in the next few weeks, where we’ll break down the findings of these lists – or subscribe to our Weekly Round-up to get the latest news sent straight to your inbox.
In the meantime, you can find the full list of security incidents below, with those affecting UK organizations listed in bold.
A researcher at vulnerability and red-team company Rapid7 recently uncovered a pair of risky security bugs in a digital home security product.
The first bug, reported back in May 2021 and dubbed CVE-2021-39276, means that an attacker who knows the email address against which you registered your product can effectively use your email as a password to issue commands to the system, including turning the entire alarm off.
The affected product comes from the company Fortress Security Store, which sells two branded home security setups, the entry-level S03 Wifi Security System, which starts at $130, and the more expensive S6 Titan 3G/4G WiFi Security System, starting at $250.
The intrepid reseacher, Arvind Vishwakarma, acquired an S03 starter system, which includes a control panel, remote control fobs, a door or window sensor, a motion detector, and an indoor siren.
(The company also sells additional fobs and sensors, outdoor sirens, which are presumably louder, and “pet-immune” motion detectors, which we assume are less sensitive than the regular ones.)
Unfortunately, it didn’t take much for Vishwakarma to compromise the system, and figure out how to control it without authorisation, both locally and remotely.
Pwned! The home security system
Life Hacks: DIY Home Camera Security System: Protect Your Property for FREE
Fortinet addresses a command injection vulnerability that can allow attackers to take complete control of servers running vulnerable FortiWeb WAF installs.
An authenticated attacker could execute arbitrary commands as the root user on the underlying system via the SAML server configuration page. Experts pointed out that the flaw could be chained with an authentication bypass flaw that could allow an attacker
The vulnerability impacts Fortinet FortiWeb versions 6.3.11 and earlier, an authenticated attacker could exploit the issue to take complete control of servers running vulnerable versions of the FortiWeb WAF.
An authenticated attacker could execute arbitrary commands as the root user on the underlying system via the SAML server configuration page. Experts pointed out that the flaw could be chained with an authentication bypass flaw (i.e. CVE-2020-29015) to allow an unauthenticated attacker to trigger the vulnerability.
The vulnerability was reported by the researcher William Vu from Rapid7.
“An attacker, who is first authenticated to the management interface of the FortiWeb device, can smuggle commands using backticks in the “Name” field of the SAML Server configuration page. These commands are then executed as the root user of the underlying operating system.” reads the post published by Rapid7. “An attacker can leverage this vulnerability to take complete control of the affected device, with the highest possible privileges. “
The flaw could allow an attacker to deploy a persistent shell, install crypto mining software, or other malware families. If the management interface is exposed to the internet, an attacker could trigger the issue to reach into the affected network beyond the DMZ. Rapid7 researchers discovered less than three hundred devices exposing their management interfaces online. Let’s remind that management interfaces for devices like FortiWeb should not be exposed online!
Carnival Corp. this week confirmed that the data breach that took place in March might have exposed personal information about customers and employees of Carnival Cruise Line, Holland America Line, and Princess Cruises.
Carnival Corporation & plc is a British-American cruise operator, currently the world’s largest travel leisure company, with a combined fleet of over 100 vessels across 10 cruise line brands. A dual-listed company,
Carnival Corporation has over 150,000 employees and 13 million guests annually. The cruise line operates under the brands Carnival Cruise Line, Costa, P&O Australia, P&O Cruises, Princess Cruises, Holland American Line, AIDA, Cunard, and their ultra-luxury cruise line Seabourn.
The company sent a data breach notification letter to its customers to inform them that unauthorized parties might have gained access to their data, including social Security numbers, passport numbers, dates of birth, addresses and health information of people.
At the time of this writing, the number of impacted individuals was not revealed, it is also unclear if the company paid a ransom.
In 2020, the company was the victim of two distinct ransomware attacks that took place in August and December. In October, Carnival Corporation disclosed a data breach as a result of the ransomware attack that took place in August. Ransomware operators have stolen the personal information of customers, employees, and ship crews during the attack.
The recent security breach was spotted on March 19, in response to the incident, the IT staff shut down access and launched an investigation with the help of a cybersecurity.
The company announced to have implemented additional security measured to protect its infrastructure.
The cruise operator set up a call center to provide supports to its customers.
The good news is that the company is not aware of any abuse of personal information stolen during the intrusions.
Air India disclosed a data breach after personal information belonging to roughly 4.5 million of its customers was leaked two months following the hack of Passenger Service System provider SITA in February 2021.
“This is to inform that SITA PSS our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers,” Air India said in a breach notification sent over the weekend.Â
“This incident affected around 4,500,000 data subjects in the world.”
The airline added that the breach impacted the data of passengers registered between August 2011 and February 2021.
Nevertheless, after investigating the security incident, it was found that no credit card information or password data was accessed during the breach.
However, Air India urges its passengers to change their credentials to block potential breach attempts and ensure their data security.
“The breach involved personal data registered between 26th August 2011 and 3rd February 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance, and Air India frequent flyer data (but no passwords data were affected) as well as credit cards data,” Air India added [PDF].
“However, in respect of this last type of data, CVV/CVC numbers are not held by our data processor.”
The protection of our customers’ personal data is of highest importance to us and we deeply regret the inconvenience caused and appreciate the continued support and trust of our passengers. — Air India
Data breach impacts Star Alliance members
Almost a dozen more air carriers besides Air India informed passengers that some of their data was accessed during a breach of SITA’s Passenger Service System (PSS), which handles transactions from ticket reservations to boarding.
SITA also confirmed the incident saying that it reached out to affected PSS customers and all related organizations in early March.
At the time, a SITA spokesperson told BleepingComputer that the breach impacts data of passengers from multiple airlines, including:
Lufthansa – combined with its subsidiaries, it is the second-largest airline in Europe in terms of passengers carried; Star Alliance member and Miles & More partner
Air New Zealand – flag carrier airline of New Zealand
Singapore Airlines – flag carrier airline of Singapore
Finnair – flag carrier and largest airline of Finland
Some of these air carriers (including Air India) are part of the Star Alliance, a global airline network with 26 members, including Lufthansa, the largest in Europe.
Star Alliance told BleepingComputer that its members also share customer details relevant to awarding traveling benefits.
The information is limited to membership names, frequent flyer program membership numbers, and program tier status.
As many as 4.5 million Air India customers were affected in the data breach
The airlines assured its passengers that there was no evidence of any “misuse” of the datahttps://t.co/ixRCDFTbtt
List of data breaches and cyber attacks in April 2021 – 1 billion records breached – It was another busy month in the cyber security sector, as we discovered 143 incidents that resulted in 1,098,897,134 breached records.
Ransomware was again one of the biggest contributors to that total, accounting for almost one in three data breaches.
As always, you can find the full list of incidents below, with those affecting UK organizations listed in bold.
It includes year-on-year comparisons in the number of incidents that were detected, a review of the most frequently breached sectors and a running total of incidents for the year.
Don’t be fooled by the fact that we only recorded 20,995,371 breached records in March; it was one of the leakiest months we’ve ever seen, with 151 recorded incidents.
By comparison, there was a seemingly Lilliputian 82 recorded breaches in January and 118 in February.
The issue is that in far more cases than we’d expect, the number of breached records wasn’t included in the notification, so we can’t include it here.
We typically expect ambiguity when it comes to ransomware, because organisations are locked out of their files and can’t calculate what’s been affected. But there were dozens of other cyber attacks and data breaches where the organisation either didn’t know or reveal the extent of the damage.
You can find our full list of incidents below, with those affecting UK organizations listed in bold.
The hackers’ methods were unsophisticated: they gained access to Verkada through a “Super Admin” account, allowing them to peer into the cameras of all of its customers. Kottmann says they found a user name and password for an administrator account publicly exposed on the internet.
News outlet Bloomberg has gone public with a dramatic cybersecurity news story about surveillance.
Bloomberg claims that an “international hacker collective” was responsible for breaking into a network of 150,000 surveillance cameras and accessing private footage from live video feeds.
According to Bloomberg, one of the hacking crew, Tillie Kottmann, claimed to have accessed cloud-based camera surveillance company Verkada and found themselves face-to-face with a huge swathe of internal data.
This data apparently included real-time feeds from up to 150,000 surveillance cameras at Verkada customer sites, as well as other real-time information such as access control data from Verkada customers.
Car maker Tesla, internet provider Cloudflare and numerous health and law enforcement organisations are claimed in Bloomberg’s piece as some of those customers.
Singapore telco says it has pulled back all use of Accellion’s file-sharing system FTA and is investigating the impact of a cybersecurity attack, having ascertained on February 9 that “files were taken” and customer data “may have” been compromised.
Singtel says it is investigating the impact of a cybersecurity breach that may have compromised customer data, after it ascertained on February 9 that “files were taken”. The attack had affected a file-sharing system developed two decades ago by a third-party vendor Accellion, which the Singapore telco had used internally and with external stakeholders.
Singtel revealed in a statement Thursday it was notified by Accellion that the file-sharing system, called FTA (File Transfer Appliance), had been breached by unidentified hackers. The telco said the tool was deployed as a standalone system and used to share information within the organisation and with external stakeholders.
All use of the system had been pulled back and relevant authorities, including Singapore’s Cyber Security Agency and local police, were notified. Singtel added that it currently was assessing the nature and impact of the breach, and the extent of data that might have been illegally accessed.Â
“Customer information may have been compromised,” the telco said. “Our priority is to work directly with customers and stakeholders whose information may have been compromised to keep them supported and help them manage any risks. We will reach out to them at the earliest opportunity once we identify which files relevant to them were illegally accessed.”
The cybersecurity company said the attack compromised its software tools used to test the defenses of its thousands of customers.
“I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities,” Kevin Mandia, the chief executive at FireEye and a former Air Force officer, said in a blog post published Tuesday. “The attackers tailored their world-class capabilities specifically to target and attack FireEye.”
The company said the attacker also accessed some internal systems and primarily sought information about government clients. FireEye said it has seen no evidence so far that data belonging to its customers had been compromised from the primary systems used to store it.
FireEye declined to comment on who it believed was behind the breach of its hacking tools, which experts said could potentially be leveraged in future attacks against its customer base, including a diverse array of U.S. and Western national-security agencies and businesses.
PickPoint says this is the world’s first targeted cyberattack against a post-gateway network.
The attack, which took place on Friday afternoon, December 4, targeted the network of PickPoint, a local delivery service that maintains a network of more than 8,000 package lockers across Moscow and Saint Petersburg.
Russians can order products online and choose to have any of their orders delivered to a PickPoint locker instead of their home address.
Once the package arrives, users receive an email or mobile notification, and they can show up and pick up their orders using the PickPoint app.
A smart lockers terminal “PickPoint” in Moscow was hacked to unlock the storage boxes with goods
httpv://www.youtube.com/watch?v=shtcOIeiz_c&ab_channel=AmazingVideosOfTheWorld
We recorded 103 data breaches and cyber attacks in November, which accounted for 586,771,602 leaked records.
ITG recorded 103 cyber security incidents in November, which accounted for 586,771,602 leaked records.
The majority of those came from a credential-stuffing attack targeting Spotify and a data leak at the messaging app GO SMS Pro, which you can learn more about below.
Here is ITG complete list of November’s cyber attacks and data breaches.
Biggest Data Breaches of October 2020
httpv://www.youtube.com/watch?v=aB0PB5B266w
Self-assessment to help you achieve your cybersecurity or information security goals. ITG is offering 15% off selected toolkits and self-assessment tools until December 4 to help you achieve your cybersecurity or information security goals. Use promo code THANKFUL at checkout to receive the offer
In a recent attack, cybercrime group TeamTNT relied on a legitimate tool to avoid deploying malicious code on compromised cloud infrastructure and still have a good grip on it.
Misusing tool of the trade
Analyzing the attack, researchers at Intezer discovered that TeamTNT installed Weave Scope open-source tool to gain full control of the victim’s cloud infrastructure.
According to them, this may be the first time a legitimate third-party tool is abused to play the part of a backdoor in a cloud environment, also indicating the evolution of this particular group.
Weave Scope integrates seamlessly with Docker, Kubernetes, and the Distributed Cloud Operating System (DC/OS), and AWS Elastic Compute Cloud (ECS). It provides a complete map of processes, containers, and hosts on the server and control over installed applications.
“The attackers install this tool in order to map the cloud environment of their victim and execute system commands without deploying malicious code on the server,” Intezer notes in a report today.
According to the ad, the hacker is selling the details of 142,479,937 MGM hotel guests for a price just over $2,900. The hacker claims to have obtained the hotel’s data after they breached DataViper, a data leak monitoring service operated by Night Lion Security.
MGM Exposes over 10,000,000 Profiles to Hackers – Feb 21, 2020
httpv://www.youtube.com/watch?v=vlPE-4Tjnrc
Protect Your Organization Against Massive Data Breaches and Their Consequences
3somes, Gay Daddy Bear, and Herpes Dating are among the nine services that leaked the data of hundreds of thousands of users. Researchers find a developer running multiple dating services left 845GB of explicit photos, chats, and more exposed in AWS buckets
More than two dozen SQL databases stolen from online shops in various countries are being offered for sale on a public website. In total, the seller provides over 1.5 million rows of records but the damage is likely much larger.
More than two dozen SQL databases stolen from online shops in various countries are being offered for sale on a public website. In total, the seller provides over 1.5 million rows of records but the amount of stolen data is much larger.
The attacker is hacking into insecure servers that are reachable over the public web, copies the databases, and leaves a note asking for a ransom in return of the stolen data.
Money made
Victims have 10 days to pay BTC 0.06 ($525 at current price) a wallet provided in the ransom note, else the hacker makes the database public or uses it as they please.
Hacked! What to do with an extortion email
httpv://www.youtube.com/watch?v=CQS-fSsIQbo
![Life Hacks: DIY Home Camera Security System: Protect Your Property for FREE by [Tam S.]](https://m.media-amazon.com/images/I/51jUIZj0h0L.jpg)
![OWASP WEB APPLICATION SECURITY THREATS – MARKET INTEREST TREND : FULL REPORT PACKAGE by [CURIOSITY PUBLISHERS]](https://m.media-amazon.com/images/I/41MW20-YgdL.jpg)
