Global Cyber News Digest

Daily News Digest

Stay current on the global cyber threat landscape and industry developments with CCOE’s daily digest and library of cybersecurity news and articles.

  • Clubhouse confirms data spillage of its audio streams

    • The app allows users to join and participate in pop-up public or private audio chatrooms, promising that conversations are not recorded and have to be experienced live.
    • But US cyber-security researchers tweeted that a user had found a way to stream audio to another website.
    • Stanford's cyber-security researchers discovered several security flaws, including the fact that the users' unique ID numbers and the ID numbers of the Clubhouse chatrooms they created were being transmitted in plaintext and it could be possible connect IDs to specific user profiles.
    • The researchers were also concerned that the Chinese government could gain access to the raw audio files on Clubhouse's servers, because its back-end infrastructure is provided by a real-time engagement API firm called Agora, which has offices in both Shanghai and San Francisco.
    • While it might sound alarming to hear that audio conversations on Clubhouse can be taken out of the app, this isn't exactly new.
    • Users are already using the video and audio recording functions on their devices to capture conversations had by celebrities like Elon Musk and Kevin Hart, and uploading them to YouTube.
    - Mary-Ann Russon | February 23, 2021
    hak-iq.us20.list-manage.comFebruary 23, 2021
  • Toledo Public School students seeing effects of massive data breach

    • We're now seeing the first real signs of the fallout from that massive Toledo Public Schools’ data breach in October 2020.
    • Parents say they’re being notified about accounts trying to be opened in their kids’ names.
    • Here are some of the messages he’s received about his elementary schooler:
      • The first one was for denial for a credit card.
      • Another one happened when the child was denied for a car loan because it said the reason was because of his income ratio.
      • One of the last ones was to have fixed electric rates.
      • The family got a flier talking about the student’s Toledo Edison account and the gift card he could get by switching suppliers.
    • Parents need to be vigilant about what notices or letters they get and act quickly to shut anything down.
    - Shaun Hegarty | February 22, 2021
    hak-iq.us20.list-manage.comFebruary 22, 2021
  • Kroger reports data breach from third-party file transfer service

    • Kroger said late Friday that it received notification from Palo Alto, Calif.-based Accellion that an unauthorized person had gained access to certain Kroger files by exploiting a vulnerability in Accellion’s secure file-transfer appliance product, Accellion FTA.
    • Based on information from Accellion and its own investigation, Kroger estimated that fewer than 1% of customers — specifically, from Kroger Health and Kroger Money Services — had data exposed, including certain pharmacy and money services records.
    • Accellion reported that an investigation by cybersecurity firm Mandiant identified “UNC2546” as the criminal hacker behind the cyberattacks and data breach involving Accellion FTA. Some FTA customers attacked by UNC2546 had received “extortion emails” threatening to publish stolen data, Accellion said.
    - Russell Redman | February 22, 2021
    hak-iq.us20.list-manage.comFebruary 22, 2021
  • Sequoia Capital says it was hacked

    • Sequoia Capital told its investors on Friday that some of their personal and financial information may have been accessed by a third party, after a Sequoia employee's email was successfully phished.
    • Sequoia told investors that it's been monitoring the dark web, and has not yet seen any indication that compromised information is being traded or otherwise exploited.
    • "Our security team responded promptly to investigate, and we contacted law enforcement and engaged leading outside cybersecurity experts to help remediate the issue and maintain the ongoing security of our systems...we regret that this incident has occurred and have notified affected individuals. We have made considerable investments in security and will continue to do so as we work to address constantly evolving cyber threats."
    - Kia Kokalitcheva | February 22, 2021
    hak-iq.us20.list-manage.comFebruary 22, 2021
  • New malware found on 30,000 Macs has security pros stumped

    • A previously undetected piece of malware found on almost 30,000 Macs worldwide is generating intrigue in security circles, which are still trying to understand precisely what it does and what purpose its self-destruct capability serves.
    • Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute.
    • Also curious, the malware comes with a mechanism to completely remove itself, a capability that’s typically reserved for high-stealth operations. So far, though, there are no signs the self-destruct feature has been used, raising the question why the mechanism exists.
    • The malware has been found in 153 countries with detections concentrated in the US, UK, Canada, France, and Germany. Its use of Amazon Web Services and the Akamai content delivery network ensures the command infrastructure works reliably and also makes blocking the servers harder.
    • Researchers from Red Canary, the security firm that discovered the malware, are calling the malware Silver Sparrow.
    - Dan Goodin | February 20, 2021
    hak-iq.us20.list-manage.comFebruary 20, 2021
  • Healthcare Data Breaches Halved in January

    • The number of month-on-month healthcare data breaches of 500 or more records reported in the United States was halved in January.
    • Despite the massive decline in the number of breaches recorded in January, the total number of health records compromised in the first month of 2021—4,467,098—exceeded December's total by more than 225,000. A major data breach at Florida Healthy Kids Corporation that impacted 3.5 million individuals was key in driving January's figure past the four million mark.
    • Other notable data breaches reported in January include a ransomware attack on healthcare provider Hendrick Health that compromised 640,436 records and a phishing attack on Roper St Francis Healthcare in which 640,436 records were exposed.
    • Hacking and other IT incidents caused the majority of healthcare data breaches in January.
    - Sarah Coble | February 19, 2021
    hak-iq.us20.list-manage.comFebruary 19, 2021
  • After the SolarWinds hack, we need contact tracing for our data

    • While the attack on SolarWinds software is arguably the most significant state-sponsored hack we’ve seen in years, it’s more than an isolated incident. It is emblematic of a constant reality of the digital era: We’re all likely to get hacked at some point. Our ability to respond determines our ability to operate. Digital security is now a broad governance imperative.
    • It takes a company 207 days to identify that a breach has occurred, and another 73 days to contain it.
    • A victim’s fundamental questions are, “Who has accessed our data? Which data, when, and why?” In other words, the ability to trace all contact with sensitive data is vital.
    • Applied to digital systems, contact tracing could become a powerful security technique.
    • The idea is for organizations to be able to share details of how they were attacked and what was targeted—the who, what, and when—as quickly as possible with other organizations. 
    • This concept could help organizations identify breaches sooner and remediate faster and more effectively. Through sharing, attack techniques could be more thoroughly understood, and with the right reporting mechanism, the resulting threat intelligence could be shared to help more organizations avoid a breach in the first place.
    • Data contact tracing could dramatically shrink the “dwell time”—the period between detection of an attack or compromised system and notification to the world.
    • The technology exists to contact-trace our data and to automate the real-time extraction of insights.
    - Doug Merritt | February 18, 2021
    hak-iq.us20.list-manage.comFebruary 18, 2021
  • Data Breaches: ShinyHunters' Dominance Continues

    • The ShinyHunters cybercrime operation runs a data exfiltration and sales business that appears to be off to a roaring start again this year, following on the heels of its data breach spree last year.
    • Many of last year's biggest hits apparently trace back to one gang: ShinyHunters.
    • After nearly 50 data breaches in 2020, so far this year, the gang has already been blamed for data breaches at e-commerce site Bonobo and dating site MeetMindful.
    • Last month, ShinyHunters posted stolen Bonobo data to cybercrime forum RaidForums, including account information for nearly 2 million registered users.
    • In January, for example, a RaidForums user called "Spiral" posted what they said was the set of data exposed in the September 2020 breach of Australian PDF-creation service Nitro, which the user said had been "dumped by ShinyHunters."
    • "ShinyHunters has made a number of posts about being frustrated that people were reselling their data, so they release it for free or dirt cheap," said Zack Allen, director of threat intelligence at ZeroFOX.
    - Mathew Schwartz | February 18, 2021
    hak-iq.us20.list-manage.comFebruary 18, 2021
  • California DMV hit by data breach, exposing millions of drivers' personal information to hackers

    • The California Department of Motor Vehicles is alerting drivers of a security breach that potentially leaked millions of drivers' registration records.
    • "Approximately 38 million records have potentially been compromised," said Anita Gore, a spokeswoman for the DMV.
    • Since many drivers own multiple vehicles, the number of people possibly affected is less than the number of records compromised.
    • A billing contractor, the Seattle-based Automatic Funds Transfer Services, was hit by a ransomware attack in early February. The DMV has worked with the organization since mid-2019 "to correct and verify vehicle registration addresses," according to the department.
    • The agency has since stopped sharing data with the contractor and is investigating whether the hackers involved have used any information obtained in the attack.
    - Joshua Bote | February 18, 2021
    hak-iq.us20.list-manage.comFebruary 18, 2021
  • Manchester Schools' Internet Disruptions Caused By Outside Attack

    • Internet issues within the Manchester Township Schools that forced the district to shut down in-person classes and have teachers teach from home have been determined to be an attack on the schools' internet by outside groups.
    • The traffic was intercepted by the district's firewall, so no personal information was compromised.
    • The district's system was hit multiple times and caused the district's network to shut down.
    • To resolve the issue the district had to subscribe to an outside service to stop it from happening.
    - Karen Wall | February 17, 2021
    hak-iq.us20.list-manage.comFebruary 17, 2021