Industry News: ESG5

The Target: Software bug-tracking company Rollbar

The Take: Sensitive customer information, including usernames and email addresses, account names, and project information, such as environment names and service link configuration.

The Vector: The security breach was discovered by Rollbar on September 6 when reviewing data warehouse logs showing that a service account was used to log into the cloud-based bug monitoring platform. Once inside Rollbar's systems, the threat actors searched the company's data for cloud credentials and Bitcoin wallets.

This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture, and more critically, ensuring these controls are in place on all third-party vendors which have access to a firm’s data.

Read more...

The Target: The European aerospace giant Airbus

The Take: The hacker claimed to have details on thousands of Airbus vendors, including names, addresses, phone numbers and emails.

The Vector: Hackers breached an “IT account associated with an Airbus customer” and the company then investigated the incident. This account was used to download business documents dedicated to this customer from an Airbus web portal, the company said.

This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.

Read more...

The Target: Curaçao-headquartered Stake.com offers casino and sports betting for players using cryptocurrency.

The Take: Over $40m in cryptocurrency.

The Vector: In crypto, hot wallets are less secure than cold wallets because public and private keys can be reached from the internet, enabling remote access and unauthorized activity. This appears to be what happened to Stake.com, although the firm has revealed few other details.

This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture, and more critically, ensuring these controls are in place on all third-party vendors which have access to a firm’s data.

Read more...

The Target: TMX Finance Corporate Services, the parent company of lender TitleMax. TMX, which also operates the brands TitleBucks, InstaLoan and EquityAuto Loan, has more than 1,000 locations in 18 U.S. states.

The Take: A revised data breach notification sent to victims by TMX stated that beyond the raft of personal information that it previously stated had been stolen - including passport and Social Security numbers - attackers may have also stolen their credit/debit card number in combination with security code, access code, password or PIN for the account.

The Vector: TMX previously reported detecting suspicious activity on their systems on Feb. 13. A third-party incident response firm called in to investigate found the intrusion appeared to have started in early December 2022.

This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture, and more critically, ensuring these controls are in place on all third-party vendors which have access to a firm’s data.

Read more...

The Target: The German Federal Bar (BRAK) Association, an umbrella organization overseeing 28 regional bars across Germany and representing about 166,000 lawyers nationally and internationally.

The Take: The organization is still trying to figure out how much information was taken involving communications from people contacting the Brussels office.

The Vector: The hackers encrypted BRAK’s mail server and exfiltrated 160 gigabytes of data.

This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture. As phishing actors continue to explore every potential abuse opportunity on legitimate service providers, novel security gaps constantly threaten to expose users to severe risks. It is essential not to rely solely on email protection solutions, and also scrutinize every email that lands on your inbox, look for inconsistencies, and double-check all claims made in those messages.

Read more...

The Target: Discord.io is not an official Discord site but a third-party service allowing server owners to create custom invites to their channels. Most of the community was built around the service's Discord server, with over 14,000 members.

The Take: The most sensitive information in the breach is a member's username, email address, billing address (small number of people), salted and hashed password (small number of people), and Discord ID.

The Vector: A person known as 'Akhirah' began offering the Discord.io database for sale on the new Breached hacking forums. As proof of the theft, the threat actor shared four user records from the database.

This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture. In particular, the information exposed here is perfect for crafting highly believable phishing campaigns as it would allow push notifications. Access monitoring and testing for every public-facing webpage is a key strategy to mitigate these kinds of breaches to protect a firm’s customer base.

Read more...

The Target: Salesforce, Inc., an American cloud-based software company headquartered in San Francisco, California

The Take: The goal of the phishing kit employed in this campaign was to steal Facebook account credentials, even featuring two-factor authentication bypassing mechanisms.

The Vector: The attackers chained a flaw dubbed "PhishForce," to bypass Salesforce's sender verification safeguards and quirks in Facebook's web games platform to mass-send phishing emails.

As phishing actors continue to explore every potential abuse opportunity on legitimate service providers, novel security gaps constantly threaten to expose users to severe risks. It is essential not to rely solely on email protection solutions, and also scrutinize every email that lands on your inbox, look for inconsistencies, and double-check all claims made in those messages.

Read more...

The Target: Sixty-two clients of Big Four accounting firm Ernst & Young

The Take: 3 terabytes of critical information about Ernst & Young clients including financial reports and accounting documents in client folders, passport scans, Visa scans, risk and asset management documents, contracts and agreements, credit agreements, audit reports and account balances.

The Vector: The hacking campaign came to light after the Russian-speaking cybercrime group Clop began targeting a previously unknown vulnerability in MOVEit around May 27 and May 28.

This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

Read more...

The Target: U.S. healthcare giant HCA Healthcare, an American for-profit operator of healthcare facilities that was founded in 1968.

The Take: Patient names; address data, such as city, state and ZIP code; patient email addresses; phone numbers; dates of birth; gender; and patient service dates, such as locations, and details about next appointments.

The Vector: DataBreaches.net first reported the seller’s forum post on July 5, in which the seller claimed to have 27 million rows of information. Some of the column headers in the stolen file include data that HCA says was stolen, such as names, gender and dates of birth.

This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture. In particular, the information exposed here is perfect for crafting highly believable phishing campaigns as it would allow push notifications. 

Read more...

The Target: Senior Choice, Inc., which manages and does business as three (3) residential facilities, The Atrium (216 Main Street, Johnstown, PA 15901), Beacon Ridge (1515 Wayne Ave, Indiana, PA 15701), and The Patriot (495 W Patriot St, Somerset, PA 15501).

The Take: Personal information including names and dates of birth, medical information including diagnosis and treatment information.

The Vector: There is evidence that unauthorized actors accessed some internal systems used for business operations during the period between April 18, 2023, and April 24, 2023.

This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture, and more critically, ensuring these controls are in place on all third-party vendors which have access to a firm’s data. 

Read more...