In summary, the article is about the company Drizly, which is an online alcohol marketplace, that had poor data security practices. The FTC filed a complaint against the company. The company’s security failures led to a data breach, which affected 2.5 million individuals. The company was informed of security issues two years prior. The FTC is now requiring Drizly to destroy unnecessary data and collect less customer information. The FTC wants to send the message that if you ignore data breach issues and have poor data security practices, then companies will face consequences from the FTC. These consequences are separate and/or in addition the SEC consequences and any criminal consequences.
An employee posted a set of credentials on Github in 2018. Two years later, a hacker compromised an employee’s account and stole customer data. FTC said that the company failed to implement basic security protections for collected data. They didn’t use MFA, didn’t restrict personal data, and didn’t develop adequate security policies. The company also used an unsecure platform, didn’t monitor for security threats and exposed customers to identity theft. The FTC is requiring that the fix and implement the necessary security measures to prevent this happening in the future.
The article I have chosen to highlight this week speaks to 5 android apps that were available for download on Google’s Play Store. The app’s when downloaded would release known banking trojans such as SharkBot and Vultur. These trojan’s would steal financial data as well as perform on-device fraud. The article goes on to state “Targets included were 231 banking and cryptocurrency wallet apps from financial institutions in Italy, the U.K., Germany, Spain, Poland, Austria, the U.S., Australia, France, and the Netherlands.”
The list of malicious apps, four of which are still available on the digital marketplace, is below –
Hackers used ransomware to target a communications platform that the Australian military uses but luckily no data has said to have been compromised. The only information said to have been stolen was some private information such as DOB and some enlistment details. So far they have only advised those who use the platform to change their passwords.
A new report is showing that hackers are selling access to 576 corporate networks worldwide for a total cumulative price of $4 million. In Q2 2022, the total value of initial access listings was $660,000 with the summer ransomware hiatus that hurt demand. This is due to initial access brokers (IABs) who sell access to corporate networks through means such as credential theft, webshells, or vulnerabilities in publicly exposed hardware. After getting initial access, the threat actors sell this access to other hackers who then can steal data, deploy ransomware, or other malicious activities. IABs choose not to leverage their access for various reasons, such as not wanting increased legal trouble. The average selling price of each listing for the corporate networks was $2,800 while the median was $1,350.. The average selling time was 1.6 days while most were of RDP and VPN type-access. As such, it is essential to properly secure networks from intrusion through VPNs, restricting access to public devices, MFA, and phishing training.
Chegg has once again fallen victim to another data breach recently, its 4th major breach in the past 3 years. The US Federal Trade Commission has finally stepped in and is suing the educational tech company. Under the FTC’s order, Chegg would have to improve data security, enable multi-factor authentication, limit collected and stored data, and allow customers to access and delete data. The Director of the FTC’s bureau of Consumer protection is quoted as “Chegg took shortcuts with millions of students’ sensitive information”. Chegg’s first breach in 2017, was the result of a phishing attack launched on multiple employees. Then again in 2018 when a former contractor gained access to Chegg’s AWS S3 bucket containing the data of millions of users. The data was later found for sale online along with nearly 25 million passwords in plaintext, forcing the company to reset the password of around 40 million users. One year later, a Chegg executive’s credentials were compromised in another phishing attack, the attacker had gained access to their inbox containing medical and financial information of users and employees. In the most recent breach, a Chegg employee fell victim to phishing allowing the attacker access to their payroll system compromising hundreds of employees’ W-2 forms containing birth dates and social security numbers.
The FTC is accusing Chegg of poor security practices, including Cheggs lack of MFA support, the use of a single login for all databases, and hiring contractors without phishing awareness training. The FTC also noted the theft of customers’ medical and financial data was particularly concerning given the value of the information on the open market used to commit identity theft and fraud.
HENSOLDT Group, headquartered in Germany, focuses “on sensor technologies for protection and surveillance missions in the defense, security and aerospace sector.” It has over 6,000 employees and nearly $1.5 billion yearly revenue. It has contributed to the protection of Ukrainian cities. In October, with Airbus and general contractor Diehl Defence, the company delivered a combat unit of the ground-based air defense system IRIS-T SLM to Ukraine.
What caught my attention about this article is that this not the first time HENSOLDT falls victim to ransomware. Also in January, it confirmed that some of its UK subsidiary’s systems were infected with Lorenz ransomware. To me it proves that there is bad governance in this enterprise. They must treat IT Security as vital part to their services and business not as a burden. Deploy proper defense mechanisms to protect from these attacks and stay out of the media. This enterprise generates sufficient revenues and must able to afford to fund IT Security projects.
My article is about the recent announcement of vulnerabilities in the OpenSSL library commonly used to encrypt and decrypt communications. The vulnerabilities are not in the ciphers used to perform the encryption and decryption, but in the supporting code. Triggering buffer overflows could cause denial of service or potentially (but no evidence yet seen in the wild) a remote code execution. This is a case where the reporting of the vulnerability sounds much scarier than the actual issue due to the incredibly robust nature of modern cryptography.
I chose this article because it showcases how the private health information of more than 4,000 patients was left exposed for 16 years by a US medical transplant center. Virginia Commonwealth University Health System (VCU) announced that sensitive data belonging to both transplant donors and recipients was available to view by others on a patient portal since 2006. I find this article interesting because these data were left exposed for 16 years, and nothing was done to detect or prevent it. Some of the questions i asked myself was do they even have a functioning IT department, or they don’t have mechanisms in place to detect and prevent intrusion that it took them 16 years of exposure. It’s unbelievable.
https://www.securityweek.com/ftc-targets-drizly-and-its-ceo-over-cybersecurity-failures-led-data-breach
In summary, the article is about the company Drizly, which is an online alcohol marketplace, that had poor data security practices. The FTC filed a complaint against the company. The company’s security failures led to a data breach, which affected 2.5 million individuals. The company was informed of security issues two years prior. The FTC is now requiring Drizly to destroy unnecessary data and collect less customer information. The FTC wants to send the message that if you ignore data breach issues and have poor data security practices, then companies will face consequences from the FTC. These consequences are separate and/or in addition the SEC consequences and any criminal consequences.
An employee posted a set of credentials on Github in 2018. Two years later, a hacker compromised an employee’s account and stole customer data. FTC said that the company failed to implement basic security protections for collected data. They didn’t use MFA, didn’t restrict personal data, and didn’t develop adequate security policies. The company also used an unsecure platform, didn’t monitor for security threats and exposed customers to identity theft. The FTC is requiring that the fix and implement the necessary security measures to prevent this happening in the future.
https://thehackernews.com/2022/10/these-dropper-apps-on-play-store.html
The article I have chosen to highlight this week speaks to 5 android apps that were available for download on Google’s Play Store. The app’s when downloaded would release known banking trojans such as SharkBot and Vultur. These trojan’s would steal financial data as well as perform on-device fraud. The article goes on to state “Targets included were 231 banking and cryptocurrency wallet apps from financial institutions in Italy, the U.K., Germany, Spain, Poland, Austria, the U.S., Australia, France, and the Netherlands.”
The list of malicious apps, four of which are still available on the digital marketplace, is below –
Codice Fiscale 2022 (com.iatalytaxcode.app) – 10,000+ downloads
File Manager Small, Lite (com.paskevicss752.usurf) – zero downloads
My Finances Tracker (com.all.finance.plus) – 1,000+ downloads
Recover Audio, Images & Videos (com.umac.recoverallfilepro) – 100,000+ downloads
Zetter Authenticator (com.zetter.fastchecking) – 10,000+ downloads
https://www.reuters.com/technology/ransomware-hackers-hit-australian-defence-communications-platform-2022-10-31/
Hackers used ransomware to target a communications platform that the Australian military uses but luckily no data has said to have been compromised. The only information said to have been stolen was some private information such as DOB and some enlistment details. So far they have only advised those who use the platform to change their passwords.
https://www.bleepingcomputer.com/news/security/hackers-selling-access-to-576-corporate-networks-for-4-million/
A new report is showing that hackers are selling access to 576 corporate networks worldwide for a total cumulative price of $4 million. In Q2 2022, the total value of initial access listings was $660,000 with the summer ransomware hiatus that hurt demand. This is due to initial access brokers (IABs) who sell access to corporate networks through means such as credential theft, webshells, or vulnerabilities in publicly exposed hardware. After getting initial access, the threat actors sell this access to other hackers who then can steal data, deploy ransomware, or other malicious activities. IABs choose not to leverage their access for various reasons, such as not wanting increased legal trouble. The average selling price of each listing for the corporate networks was $2,800 while the median was $1,350.. The average selling time was 1.6 days while most were of RDP and VPN type-access. As such, it is essential to properly secure networks from intrusion through VPNs, restricting access to public devices, MFA, and phishing training.
Chegg has once again fallen victim to another data breach recently, its 4th major breach in the past 3 years. The US Federal Trade Commission has finally stepped in and is suing the educational tech company. Under the FTC’s order, Chegg would have to improve data security, enable multi-factor authentication, limit collected and stored data, and allow customers to access and delete data. The Director of the FTC’s bureau of Consumer protection is quoted as “Chegg took shortcuts with millions of students’ sensitive information”. Chegg’s first breach in 2017, was the result of a phishing attack launched on multiple employees. Then again in 2018 when a former contractor gained access to Chegg’s AWS S3 bucket containing the data of millions of users. The data was later found for sale online along with nearly 25 million passwords in plaintext, forcing the company to reset the password of around 40 million users. One year later, a Chegg executive’s credentials were compromised in another phishing attack, the attacker had gained access to their inbox containing medical and financial information of users and employees. In the most recent breach, a Chegg employee fell victim to phishing allowing the attacker access to their payroll system compromising hundreds of employees’ W-2 forms containing birth dates and social security numbers.
The FTC is accusing Chegg of poor security practices, including Cheggs lack of MFA support, the use of a single login for all databases, and hiring contractors without phishing awareness training. The FTC also noted the theft of customers’ medical and financial data was particularly concerning given the value of the information on the open market used to commit identity theft and fraud.
https://www.bleepingcomputer.com/news/security/chegg-sued-by-ftc-after-suffering-four-data-breaches-within-3-years/
HENSOLDT Group, headquartered in Germany, focuses “on sensor technologies for protection and surveillance missions in the defense, security and aerospace sector.” It has over 6,000 employees and nearly $1.5 billion yearly revenue. It has contributed to the protection of Ukrainian cities. In October, with Airbus and general contractor Diehl Defence, the company delivered a combat unit of the ground-based air defense system IRIS-T SLM to Ukraine.
What caught my attention about this article is that this not the first time HENSOLDT falls victim to ransomware. Also in January, it confirmed that some of its UK subsidiary’s systems were infected with Lorenz ransomware. To me it proves that there is bad governance in this enterprise. They must treat IT Security as vital part to their services and business not as a burden. Deploy proper defense mechanisms to protect from these attacks and stay out of the media. This enterprise generates sufficient revenues and must able to afford to fund IT Security projects.
https://cybernews.com/news/hensoldt-defense-contractor-ransomware/
https://www.bleepingcomputer.com/news/security/openssl-fixes-two-high-severity-vulnerabilities-what-you-need-to-know/
My article is about the recent announcement of vulnerabilities in the OpenSSL library commonly used to encrypt and decrypt communications. The vulnerabilities are not in the ciphers used to perform the encryption and decryption, but in the supporting code. Triggering buffer overflows could cause denial of service or potentially (but no evidence yet seen in the wild) a remote code execution. This is a case where the reporting of the vulnerability sounds much scarier than the actual issue due to the incredibly robust nature of modern cryptography.
I chose this article because it showcases how the private health information of more than 4,000 patients was left exposed for 16 years by a US medical transplant center. Virginia Commonwealth University Health System (VCU) announced that sensitive data belonging to both transplant donors and recipients was available to view by others on a patient portal since 2006. I find this article interesting because these data were left exposed for 16 years, and nothing was done to detect or prevent it. Some of the questions i asked myself was do they even have a functioning IT department, or they don’t have mechanisms in place to detect and prevent intrusion that it took them 16 years of exposure. It’s unbelievable.
https://portswigger.net/daily-swig/more-than-4-000-individuals-medical-data-left-exposed-for-16-years