Cyber-Attack on Payment Gateway Exposes 1.7 million Credit Card Details | 9 Sep 2024 | James Coker
This article is about how an electronic payment gateway named Slim CD had its data breached by cyber attackers. The data breach led to the exposure of credit card details of 1.7 million individuals granting the attackers access to credit card numbers, expiration dates, names, and addresses.
Investigations indicate that an attacker was able to view and or obtain the credit card information between June 14, 2024, and June 15, 2024, even though the attacker obtained system access between August 17, 2023, and June 15, 2024.
Slim CD informs affected individuals about the data breach and encourages them to take steps to ensure they are protected from fraud or identity theft.
Mastercard set to acquire threat intelligence company Recorded Future from private equity firm Insight Partners for $2.65 billion, as confirmed earlier on 12th September.
The acquisition will bring expanded threat intelligence capabilities to Mastercard, which recorded $9 trillion in gross dollar volumes last year, a metric that represents the total dollar value of all transactions processed.
The New York-based payments firm currently offers cybersecurity services such as threat intelligence products, managed security services, identity fraud prevention, real-time decision-making, among others, to its clients.
Securing the Digital Landscape: Organizations Must Address Third-Party Risk Head-On
The article asserts the importance of third-party collaboration to organizations and the need for organizations to implement third-party risk management to help pick the right kind of service provider and safeguard their data in compliance with rules. Organizations that regulate standards for third parties include the US State of California Consumer Privacy Act (CCPA), HIPAA, HITRUST Common Security Framework (CSF), EU General Data Protection Regulation (GDPR), and Payment Card Industry Data Security Standard (PCI DSS). Internal challenges mostly make the organization struggle to implement and maintain third-party risk management (TPRM). Third parties create the risk, so data-driven due diligence and monitoring programs need to be part of broader resilience and enterprise risk management strategies to improve their risk management and decision-making as well as reduce costs. Organizations need to factor ongoing planning and assessment, quarterly performance reviews, annual compliance audits, and regular reporting as an effective way to build robust third-party risk management leveraging frameworks like NIST Cybersecurity Supply Chain Risk Management Practices, NIST IR 8374 Ransomware Risk Management, COSOs Enterprise Risk Framework, and Shared Assessments Standardized Information.
British authorities on Thursday announced the arrest of a 17-year-old male in connection with a cyber attack affecting Transport for London. The teenager, who’s from Walsall, is said to have been arrested on September 5, 2024, following an investigation that was launched in the incident’s aftermath.
TfL has confirmed that the security breach has led to the unauthorized access of bank account numbers and sort codes for around 5,000 customers and the number could be still growing. Although there has been very little impact the customers so far, the situation is evolving and investigations have identified that certain customer data has been accessed. This includes some customer names and contact details, including email addresses and home addresses where provided.
National Public Data Breach: Only 134 Million Unique Emails Leaked and Company Acknowledges Incident
In August 2024, National Public Data experienced a massive data breach, with 2.7 billion records, including Social Security numbers, leaked onto a dark web forum. The company acknowledged the incident, attributing it to a third-party hacker in December 2023. Security expert Troy Hunt’s analysis revealed 134 million unique email addresses and 70 million U.S. criminal records in the dataset, with no emails linked to SSNs. The breach may be connected to a cybercriminal group, USDoD, which claimed to have data on 2.9 billion people and was selling it for $3.5 million. National Public Data’s sister property, RecordsCheck, might have provided an entry point for hackers due to its insecure storage of source code and default passwords. While not all leaked records are accurate or unique, the breach has raised serious concerns about data privacy and security. Affected individuals are advised to monitor their credit reports and be vigilant against phishing attempts, while businesses are urged to enhance data protection measures.
17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London
A 17-year-old was arrested then let go on bail after the U.K. National Crime Agency (NCA) noticed suspicious behavior affecting TfL (Transport for London). TfL quickly allowed the NCA to step in and do a through investigation. The investigation found that ~5000 customers data had been compromised including their unauthorized access of bank accounts. The NCA and TfL have not found that there is a adverse affect on customers yet, but their data, such as name, contact info, emails, and addresses have been accessed. 30,000 of TfL employees now have to go in person to change their username and password to attempt to make sure to eliminate any access points the attacker may have had. The 17 year old may have had ties with the hacker group Scattered Spider although a direct link has not been made yet. The group is made up of teenagers- 22 year olds that hack using voice phishing and text message phishing to trick users and gain access using cloud tools like “Azure’s Special Administration Console and Data Factory”.
Google Fixes GCP Composer Flaw That Could’ve Led to Remote Code Execution
In a sign of growing attention, Google recently fixed a critical security bug in Cloud Composer that could allow remote code execution through a supply chain attack technique referred to as dependency confusion. The bug, dubbed by Tenable Research as CloudImposer, was located in the way Composer handles its dependencies. In essence, the attacker would be in a position to coerce the system into using a malicious package from a public repository by exploiting an issue with versioning.
This is what makes it especially interesting, due to broader implications on security in the supply chain: this could have widely exposed cloud services through an attack by showing how the vulnerability of package management can be stretched to wide consequences. Google fixed the issue by limiting the source of packages to private repositories and performing a checksum verification for integrity.
The incident underscores the sophistication of the modern supply chain attack and most importantly the significance of secure package management practices. The most important advice now for developers is to avoid using the –extra-index-url flag, as one way of mitigating such risks, and instead use the –index-url argument. This incident has again brought to the fore the need for vigilance on two fronts of equal importance: managing dependencies and securing cloud environments.
Security researchers discovered a Vision Pro exploit, dubbed GAZEploit, that tracks users’ eye movements during video calls to steal passwords. Vision Pro uses eye-tracking to detect which key a user is looking at on a virtual keyboard. During video calls, an avatar’s eye movements mirror the user’s, allowing attackers to track gaze patterns and predict the keys being typed. Researchers used a recurrent neural network to analyze eye movements and achieved high accuracy in identifying keystrokes. GAZEploit could also spy on messages and web addresses. Apple resolved the issue by disabling avatars when the virtual keyboard is in use.
Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft
Beyond Identity is a passwordless identity access management platform that helps organizations eliminate phishing attacks through secure enclaves. Secure enclaves are hardware components that can safeguard private keys allowing Beyond Identity to prevent phishing attacks by ensuring hardware-backed credentials. Beyond Identity has found a solution to eliminate credential stuffing allowing organizations to increase their security measures. Credential stuffing is when cybercriminals test stolen username and password pairs in an attempt to gain access. Beyond Identity addresses this issue by removing passwords completely from the authentication process and instead allows users to log in using a touch (fingerprint scan) or a glance (facial recognition).
In August 2024, Avis Rent a Car reported a data breach that compromised the personal information of 299,006 customers. The breach occurred when an unauthorized third party gained access to one of Avis’s business applications between August 3 and 6. In response, Avis offered affected customers credit monitoring and took steps to secure its systems with enhanced security measures. This breach ties into cybersecurity in the idea of the CIA. Confidentiality was breached through the exposure of sensitive data, Integrity was compromised by unauthorized system access, and Availability could have been threatened too if Avis does not patch the origin of the breach.
German radio station forced to broadcast ’emergency tape’ following cyberattack
In early September 2024, Radio Geretsried, a German station, fell victim to a ransomware attack, likely of Russian origin. The attack encrypted the station’s music files, disrupting broadcasts and forcing them to rely on an emergency backup tape for transmission. This incident occurred in Geretsried, Bavaria. German cybersecurity authorities are increasingly concerned about such attacks, highlighting the growing threat to critical infrastructure. The station is now working on recovering its files and resuming normal operations.
This article discusses a settlement the genetic testing company, 23andMe, agreed to pay as a part of a class action lawsuit over a 2023 data breach. In October 2023, reports surfaced on how information belonging to as many as 7 million 23andMe customers turned up for sale on criminal black-market sites after a credential stuffing attack on 23andMe. Credential stuffing is a cyber-attack in which credentials obtained from a data breach on one service are used to attempt to log in to another unrelated service. 23andMe reported that the criminals stole profile information that users shared including names, birth years, and ancestry information. 23andMe also admitted some health information may have been exposed in the attack as well. 23andMe has agreed to pay 30 million dollars to the affected customers. The value of the company since the breach has plummeted and revenue has declined. Many customers do not trust the organization to protect their data any longer. There are free reports online to test if your information was exposed in the breach if you are a former 23andMe customer.
The U.S. government and a coalition of international partners have officially attributed a Russian hacking group tracked as Cadet Blizzard to the General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center. https://thehackernews.com/2024/09/us-offers-10-million-for-info-on.html
A hacker named Amadon attacked ChatGPT’s defenses by presenting explosive-related queries as part of a fake game. This method allowed him to gain specific instructions for manufacturing strong explosives. Despite submitting the issue to OpenAI, he was recommended to use a separate channel for future action, as the problem was regarded linked to model safety rather than bug bounty criteria.
Clement Tetteh Kpakpah says
Cyber-Attack on Payment Gateway Exposes 1.7 million Credit Card Details | 9 Sep 2024 | James Coker
This article is about how an electronic payment gateway named Slim CD had its data breached by cyber attackers. The data breach led to the exposure of credit card details of 1.7 million individuals granting the attackers access to credit card numbers, expiration dates, names, and addresses.
Investigations indicate that an attacker was able to view and or obtain the credit card information between June 14, 2024, and June 15, 2024, even though the attacker obtained system access between August 17, 2023, and June 15, 2024.
Slim CD informs affected individuals about the data breach and encourages them to take steps to ensure they are protected from fraud or identity theft.
https://www.infosecurity-magazine.com/news/cyber-attack-exposes-credit-card/
Parth Tyagi says
Mastercard set to acquire threat intelligence company Recorded Future from private equity firm Insight Partners for $2.65 billion, as confirmed earlier on 12th September.
The acquisition will bring expanded threat intelligence capabilities to Mastercard, which recorded $9 trillion in gross dollar volumes last year, a metric that represents the total dollar value of all transactions processed.
The New York-based payments firm currently offers cybersecurity services such as threat intelligence products, managed security services, identity fraud prevention, real-time decision-making, among others, to its clients.
Read in detail at https://www.reuters.com/markets/deals/mastercard-buy-threat-intelligence-company-recorded-future-265-bln-2024-09-12/
Daniel Akoto-Bamfo says
Securing the Digital Landscape: Organizations Must Address Third-Party Risk Head-On
The article asserts the importance of third-party collaboration to organizations and the need for organizations to implement third-party risk management to help pick the right kind of service provider and safeguard their data in compliance with rules. Organizations that regulate standards for third parties include the US State of California Consumer Privacy Act (CCPA), HIPAA, HITRUST Common Security Framework (CSF), EU General Data Protection Regulation (GDPR), and Payment Card Industry Data Security Standard (PCI DSS). Internal challenges mostly make the organization struggle to implement and maintain third-party risk management (TPRM). Third parties create the risk, so data-driven due diligence and monitoring programs need to be part of broader resilience and enterprise risk management strategies to improve their risk management and decision-making as well as reduce costs. Organizations need to factor ongoing planning and assessment, quarterly performance reviews, annual compliance audits, and regular reporting as an effective way to build robust third-party risk management leveraging frameworks like NIST Cybersecurity Supply Chain Risk Management Practices, NIST IR 8374 Ransomware Risk Management, COSOs Enterprise Risk Framework, and Shared Assessments Standardized Information.
https://www.isaca.org/resources/news-and-trends/industry-news/2024/securing-the-digital-landscape-organizations-must-address-third-party-risk-head-on
Justin Chen says
Cyber Attack leads to Data Breach
British authorities on Thursday announced the arrest of a 17-year-old male in connection with a cyber attack affecting Transport for London. The teenager, who’s from Walsall, is said to have been arrested on September 5, 2024, following an investigation that was launched in the incident’s aftermath.
TfL has confirmed that the security breach has led to the unauthorized access of bank account numbers and sort codes for around 5,000 customers and the number could be still growing. Although there has been very little impact the customers so far, the situation is evolving and investigations have identified that certain customer data has been accessed. This includes some customer names and contact details, including email addresses and home addresses where provided.
https://thehackernews.com/2024/09/17-year-old-arrested-in-connection-with.html
Lili Zhang says
National Public Data Breach: Only 134 Million Unique Emails Leaked and Company Acknowledges Incident
In August 2024, National Public Data experienced a massive data breach, with 2.7 billion records, including Social Security numbers, leaked onto a dark web forum. The company acknowledged the incident, attributing it to a third-party hacker in December 2023. Security expert Troy Hunt’s analysis revealed 134 million unique email addresses and 70 million U.S. criminal records in the dataset, with no emails linked to SSNs. The breach may be connected to a cybercriminal group, USDoD, which claimed to have data on 2.9 billion people and was selling it for $3.5 million. National Public Data’s sister property, RecordsCheck, might have provided an entry point for hackers due to its insecure storage of source code and default passwords. While not all leaked records are accurate or unique, the breach has raised serious concerns about data privacy and security. Affected individuals are advised to monitor their credit reports and be vigilant against phishing attempts, while businesses are urged to enhance data protection measures.
https://www.techrepublic.com/article/social-security-numbers-leak/
Sarah Maher says
17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London
A 17-year-old was arrested then let go on bail after the U.K. National Crime Agency (NCA) noticed suspicious behavior affecting TfL (Transport for London). TfL quickly allowed the NCA to step in and do a through investigation. The investigation found that ~5000 customers data had been compromised including their unauthorized access of bank accounts. The NCA and TfL have not found that there is a adverse affect on customers yet, but their data, such as name, contact info, emails, and addresses have been accessed. 30,000 of TfL employees now have to go in person to change their username and password to attempt to make sure to eliminate any access points the attacker may have had. The 17 year old may have had ties with the hacker group Scattered Spider although a direct link has not been made yet. The group is made up of teenagers- 22 year olds that hack using voice phishing and text message phishing to trick users and gain access using cloud tools like “Azure’s Special Administration Console and Data Factory”.
https://thehackernews.com/2024/09/17-year-old-arrested-in-connection-with.html
Steven Lin says
Google Fixes GCP Composer Flaw That Could’ve Led to Remote Code Execution
In a sign of growing attention, Google recently fixed a critical security bug in Cloud Composer that could allow remote code execution through a supply chain attack technique referred to as dependency confusion. The bug, dubbed by Tenable Research as CloudImposer, was located in the way Composer handles its dependencies. In essence, the attacker would be in a position to coerce the system into using a malicious package from a public repository by exploiting an issue with versioning.
This is what makes it especially interesting, due to broader implications on security in the supply chain: this could have widely exposed cloud services through an attack by showing how the vulnerability of package management can be stretched to wide consequences. Google fixed the issue by limiting the source of packages to private repositories and performing a checksum verification for integrity.
The incident underscores the sophistication of the modern supply chain attack and most importantly the significance of secure package management practices. The most important advice now for developers is to avoid using the –extra-index-url flag, as one way of mitigating such risks, and instead use the –index-url argument. This incident has again brought to the fore the need for vigilance on two fronts of equal importance: managing dependencies and securing cloud environments.
https://thehackernews.com/2024/09/google-fixes-gcp-composer-flaw-that.html
Aaroush Bhanot says
Security researchers discovered a Vision Pro exploit, dubbed GAZEploit, that tracks users’ eye movements during video calls to steal passwords. Vision Pro uses eye-tracking to detect which key a user is looking at on a virtual keyboard. During video calls, an avatar’s eye movements mirror the user’s, allowing attackers to track gaze patterns and predict the keys being typed. Researchers used a recurrent neural network to analyze eye movements and achieved high accuracy in identifying keystrokes. GAZEploit could also spy on messages and web addresses. Apple resolved the issue by disabling avatars when the virtual keyboard is in use.
https://9to5mac.com/2024/09/12/gazeploit-vision-pro-passwords/?utm_source=tldrinfosec
Lily Li says
Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft
Beyond Identity is a passwordless identity access management platform that helps organizations eliminate phishing attacks through secure enclaves. Secure enclaves are hardware components that can safeguard private keys allowing Beyond Identity to prevent phishing attacks by ensuring hardware-backed credentials. Beyond Identity has found a solution to eliminate credential stuffing allowing organizations to increase their security measures. Credential stuffing is when cybercriminals test stolen username and password pairs in an attempt to gain access. Beyond Identity addresses this issue by removing passwords completely from the authentication process and instead allows users to log in using a touch (fingerprint scan) or a glance (facial recognition).
https://thehackernews.com/2024/09/say-goodbye-to-phishing-must-haves-to.html
https://developer.beyondidentity.com/docs/overview
Haozhe Zhang says
In August 2024, Avis Rent a Car reported a data breach that compromised the personal information of 299,006 customers. The breach occurred when an unauthorized third party gained access to one of Avis’s business applications between August 3 and 6. In response, Avis offered affected customers credit monitoring and took steps to secure its systems with enhanced security measures. This breach ties into cybersecurity in the idea of the CIA. Confidentiality was breached through the exposure of sensitive data, Integrity was compromised by unauthorized system access, and Availability could have been threatened too if Avis does not patch the origin of the breach.
https://www.infosecurity-magazine.com/news/car-giant-avis-breach-300000/
Sara Sawant says
German radio station forced to broadcast ’emergency tape’ following cyberattack
In early September 2024, Radio Geretsried, a German station, fell victim to a ransomware attack, likely of Russian origin. The attack encrypted the station’s music files, disrupting broadcasts and forcing them to rely on an emergency backup tape for transmission. This incident occurred in Geretsried, Bavaria. German cybersecurity authorities are increasingly concerned about such attacks, highlighting the growing threat to critical infrastructure. The station is now working on recovering its files and resuming normal operations.
https://therecord.media/germany-cyberattack-radio-geretsried
Charles Lemon says
This article discusses a settlement the genetic testing company, 23andMe, agreed to pay as a part of a class action lawsuit over a 2023 data breach. In October 2023, reports surfaced on how information belonging to as many as 7 million 23andMe customers turned up for sale on criminal black-market sites after a credential stuffing attack on 23andMe. Credential stuffing is a cyber-attack in which credentials obtained from a data breach on one service are used to attempt to log in to another unrelated service. 23andMe reported that the criminals stole profile information that users shared including names, birth years, and ancestry information. 23andMe also admitted some health information may have been exposed in the attack as well. 23andMe has agreed to pay 30 million dollars to the affected customers. The value of the company since the breach has plummeted and revenue has declined. Many customers do not trust the organization to protect their data any longer. There are free reports online to test if your information was exposed in the breach if you are a former 23andMe customer.
https://www.malwarebytes.com/blog/news/2024/09/23andme-to-pay-30-million-in-settlement-over-2023-data-breach
Rohith says
The U.S. government and a coalition of international partners have officially attributed a Russian hacking group tracked as Cadet Blizzard to the General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center.
https://thehackernews.com/2024/09/us-offers-10-million-for-info-on.html
Yash Mane says
A hacker named Amadon attacked ChatGPT’s defenses by presenting explosive-related queries as part of a fake game. This method allowed him to gain specific instructions for manufacturing strong explosives. Despite submitting the issue to OpenAI, he was recommended to use a separate channel for future action, as the problem was regarded linked to model safety rather than bug bounty criteria.
https://securityaffairs.com/168423/hacking/chatgpt-provided-instructions-to-make-homemade-bombs.html?web_view=true