Source: www.bitdefender.com – Author: Graham Cluley Nissan North America has revealed that extortionists who demanded a ransom after breaking into its external VPN and disrupted systems last year also stole the social security numbers of over 53,000 staff. The security breach occurred on November 7, 2023. Upon initial investigation, Nissan and external experts brought in […]

La entrada Nissan reveals ransomware attack exposed 53,000 workers’ social security numbers – Source: www.bitdefender.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityaffairs.com – Author: Pierluigi Paganini Electronic prescription provider MediSecure impacted by a ransomware attack Electronic prescription provider MediSecure in Australia suffered a ransomware attack likely originate from a third-party vendor. MediSecure is a company that provides digital health solutions, particularly focusing on secure electronic prescription delivery services in Australia. The company was forced to […]

La entrada Electronic prescription provider MediSecure impacted by a ransomware attack – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

A recent cyberattack on Chicago Fire FC has come to light, with the football club officially confirming the data breach. The club released a statement addressing the incident, highlighting the importance of privacy and security for all involved parties.  The Chicago Fire FC data breach, discovered on October 25, 2023, involved unauthorized access to the club's systems, potentially compromising personal information. Immediate measures were taken upon detection, including securing systems and launching an investigation with legal and forensic experts.  The unauthorized access occurred between October 22 and October 25, 2023.

Decoding the Chicago Fire FC Data Breach

According to the official press release, personal data that may have been accessed includes names, social security numbers, driver’s license and passport information, medical records (including Covid test results and injury reports), health insurance details, financial account information, and dates of birth. While there is no current indication of misuse, the club is taking proactive steps to address the Chicago Fire FC data breach. In response to the cyberattack on the football club, Chicago Fire FC has initiated several actions. These include providing affected individuals access to credit monitoring services through Cyberscout, a TransUnion company specializing in fraud assistance. Instructions for enrollment in these complimentary services have been made available, and affected individuals are encouraged to confirm eligibility by contacting the club. Individuals who believe they may have been affected but have not received notification are urged to reach out to Chicago Fire FC for assistance and to receive a credit monitoring code. Additionally, the club has reported the incident to law enforcement for further investigation.

Mitigation Against the Chicago Fire FC Cyberattack

To safeguard against potential identity theft and fraud, affected individuals are advised to monitor their accounts and credit reports for any suspicious activity. They can obtain free credit reports annually from major credit reporting bureaus and are entitled to place fraud alerts or credit freezes on their accounts. For further information and support regarding identity theft and fraud prevention, individuals can contact the credit reporting bureaus, the Federal Trade Commission (FTC), or their state Attorney General. The FTC encourages victims of identity theft to file a complaint with them and provides resources for reporting instances of misuse. Chicago Fire FC emphasizes its commitment to data security and the protection of individuals' information. The club remains dedicated to maintaining trust and providing support to those affected by the cyberattack.

Chicago Fire FC Offers Credit Monitoring Services 

[caption id="attachment_68968" align="alignnone" width="1280"] Source: Chicago Fire FC[/caption] To enroll in the Credit Monitoring services provided by Chicago Fire FC at no charge, individuals are instructed to visit https://bfs.cyberscout.com/activate and follow the provided instructions. It's essential to enroll within 90 days from the date of the notification letter to receive the monitoring services. However, minors under 18 years of age may not be eligible for this service. During the enrollment process, individuals may need to verify personal information to confirm their identity for security purposes. It's strongly advised to monitor accounts and credit reports regularly to detect any suspicious activity or errors. Under U.S. law, individuals are entitled to one free credit report annually from each of the three major credit reporting bureaus: TransUnion, Experian, and Equifax. These reports can be ordered at www.annualcreditreport.com or by calling 1-877-322-8228. Upon receiving the report, individuals should carefully review it for any discrepancies, unauthorized accounts, or inquiries. Individuals also have the right to place a fraud alert on their credit file at no cost. This alert lasts for one year and requires businesses to verify the individual's identity before extending new credit. Victims of identity theft can request an extended fraud alert lasting seven years. Alternatively, individuals can opt for a "credit freeze," which restricts access to their credit report without their explicit authorization. While this prevents unauthorized access, it may also delay or interfere with legitimate credit applications. To request a fraud alert or credit freeze, individuals need to provide specific information to the three major credit reporting bureaus, including their full name, social security number, date of birth, address history, and proof of identity. Additionally, victims of identity theft should file a police report and notify law enforcement, their state Attorney General, and the Federal Trade Commission (FTC). Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Source: www.tripwire.com – Author: Graham Cluley Law enforcement agencies worldwide have coordinated to take down one of the world’s largest hacker forums, scoring a victory against cybercrime. BreachForums, a notorious marketplace for stolen data, was seized by the authorities on Wednesday, according to a message on its website. BREACHFORUMS IS UNDER THE CONTROL OF THE […]

La entrada BreachForums seized! One of the world’s largest hacking forums is taken down by the FBI… again – Source: www.tripwire.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Nissan North America determined recently that a ransomware attack launched last year resulted in employee personal information compromise.

The post Nissan Data Breach Impacts 53,000 Employees appeared first on SecurityWeek.

Source: securityaffairs.com – Author: Pierluigi Paganini Santander: a data breach at a third-party provider impacted customers and employees The Spanish bank Santander disclosed a data breach at a third-party provider that impacted customers in Chile, Spain, and Uruguay. The Spanish financial institution Santander revealed a data breach involving a third-party provider that affected customers in […]

La entrada Santander: a data breach at a third-party provider impacted customers and employees – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

The City of Wichita says files containing personal information were exfiltrated in a recent ransomware attack.

The post Personal Information Stolen in City of Wichita Ransomware Attack appeared first on SecurityWeek.

A ransomware attack has compromised MediSecure, a leading Australian script provider facilitating electronic prescribing and dispensing of prescriptions. The MediSecure data breach was reported by the national cyber security coordinator — the healthcare provider believes that the breach stems from a third-party vendor. The Australian government, through its National Cyber Security Coordinator (NCSC), has shared updates on the MediSecure data breach, initiating a comprehensive investigation and a "whole-of-government response" to address the incident's ramifications.  Lieutenant General Michelle McGuinness, the national cyber security coordinator, confirmed MediSecure as the victim of this cyberattack in a statement on LinkedIn, describing it as a 'large-scale ransomware data breach incident.'

Government Response to MediSecure Data Breach

Authorities, including the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) and the Australian Federal Police (AFP), are actively engaged in probing the MediSecure data breach.  However, details remain scarce as investigators navigate the complexities of the incident. The absence of a known threat actor claiming responsibility further complicates the situation, heightening concerns about the sophistication of cyber threats targeting the healthcare sector.  Cyber Security Minister Clare O’Neil said the government was commited to address the breach, convening a National Coordination Mechanism to coordinate efforts and mitigate the breach's impact effectively. “I have been briefed on this incident in recent days, and the government convened a National Coordination Mechanism regarding this matter today,” Minister O’Neil said in a LinkedIn post.

“Speculation at this stage risks undermining significant work underway to support the company's response,” O'Neil added.

The Shadow Home Affairs and Cyber Security Minister James Paterson told Sky News in an interview that the latest breach was a reminder of the currently “dangerous” cyber threat landscape, especially for the health sector. Paterson said healthcare is a lucrative sector both for cybercriminals and nation-state actors.

“Criminal actors like to use it for ransomware because the health sector is often vulnerable to those targets, and sometimes they do pay. And nation state backed actors use it as an opportunity to gather intelligence and information about us,” Paterson explained.

Australia has been hit in the past few years by some of the largest data breaches in the form of Medibank and Optus data breaches, that impacted millions across Australia. The scope of the current breach is reportedly unlike the earlier ones, but it is still some of the most personally and privately significant information that exists about a person, Paterson said. “This is very distressing for Australians when it is released publicly. And it is important that the federal government get on top of this straight away and do whatever they can to stop the proliferation of this information online,” he added. MediSecure has taken proactive measures, including taking its website offline, as it works to contain the breach's fallout. In a statement, the company acknowledged the incident and stated, “We have taken immediate steps to mitigate any potential impact on our systems. While we continue to gather more information, early indicators suggest the incident originated from one of our third-party vendors”, reads the statement. The Cyber Express has reached out to MediSecure to learn more about this data breach. However, at the time of writing this, no official statement or response has been shared. The organization did share a statement on its website, stating “MediSecure understands the importance of transparency and will provide further updates via our website as soon as more information becomes available. We appreciate your patience and understanding during this time.”

Cyberattacks on the Healthcare Sector

This cyberattack on MediSecure echoes previous breaches in Australia's healthcare sector, including the 2022 data breach involving Medibank, which compromised the personal data of millions of Australians. In 2023, healthcare organizations globally faced an unprecedented wave of cyberattacks, affecting over 116 million individuals in the US alone, more than double the previous year's count.  Notable incidents include data breaches at Delta Dental of California, Fred Hutch Cancer Center, Norton Healthcare, and HCA Healthcare, among others. German hospitals also fell victim to ransomware attacks, disrupting medical services.  The European Union Agency for Cybersecurity reported that the majority of attacks targeted healthcare providers, with financial motives driving 83% of incidents. India witnessed a surge in cybercrime, with significant financial losses and high-profile attacks during the G20 summit.  The recurrence of such incidents highlights the persistent cybersecurity vulnerabilities plaguing the healthcare industry, necessitating comprehensive strategies to fortify defenses against evolving cyber threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Following the massive Nissan data breach from November last year that exposed the Social Security numbers of thousands of former and current employees, the Japanese automaker has shared new updates on the cybersecurity incident.  In a new letter sent on May 15, 2024, Nissan shared details of the cyberattack, stating the incident has affected Nissan North America. The letter disclosed that a threat actor targeted the company's virtual private network, demanding payment. Nissan has not confirmed whether it acquiesced to the ransom demands.

Nissan Data Breach Update: 53,000 Employees Affected

Upon discovering the Nissan data breach, the Japanese automaker notified law enforcement and engaged cybersecurity experts to contain and neutralize the threat. The company also conducted an internal investigation, informing employees during a town hall meeting held in December 2023, a month after the Nissan cyberattack. To mitigate potential harm, Nissan is offering complimentary identity theft protection services for two years to those impacted by the breach. The company's positive response to safeguarding employee privacy is highlighted by these proactive measures. The official communication emphasized Nissan's dedication to reinforcing its security infrastructure and practices. Following the incident, the company has implemented additional security measures and enlisted cybersecurity specialists to conduct a thorough review, ensuring enhanced protection against future threats. Despite the Nissan breach, the automotive maker has not detected any instances of fraud or identity theft resulting from the incident. Nonetheless, as a precautionary measure, affected individuals are urged to take advantage of the complimentary credit monitoring services provided by Experian IdentityWorks.

No Identity Fraud Detected

“This is in addition to the employee benefit you may have elected with Nissan. These complimentary credit services are being provided to you for 24 months from the date of enrollment. Finally, Nissan is providing you with proactive fraud assistance to help with any questions you might have or if you become a victim of fraud. These services are provided by Experian, a company specializing in fraud assistance and remediation services”, said Nissan. To activate the identity protection service, recipients are instructed to enroll by a specified deadline and utilize the provided activation code. Additionally, individuals are encouraged to remain vigilant against potential fraud by monitoring their credit reports and promptly reporting any suspicious activity. Recipients are assured of assistance for 90 days from the letter's date in enrolling for the complimentary credit monitoring services. They are encouraged to contact the dedicated helpline at 833-931-6266, with the engagement number B120412 ready for reference.  Nissan highlights its commitment to employee welfare and the seriousness with which it regards the protection of personal information, expressing regret for any inconvenience caused by the incident. The letter concludes with signatures from Leon Martinez, Vice President of Human Resources, and William Orange, Vice President of IS/IT and Chief Information Officer. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

The Spanish bank Santander said customers in Chile, Spain and Uruguay are affected by a data breach at a third-party provider.

The post Santander Data Breach Impacts Customers, Employees appeared first on SecurityWeek.

Singing River Health System says the personal information of roughly 900,000 individuals was stolen in an August 2023 ransomware attack.

The post 900k Impacted by Data Breach at Mississippi Healthcare Provider appeared first on SecurityWeek.

Santander, one of the largest banks in the eurozone, confirmed that an unauthorized party had gained access to a database containing customer and employee information. The Banco Santander data breach is stated to stem from the database of a third-party provider and limited to the only some of the bank's customers in specific regions where it operated, as well as some of its current and former employees. However, the bank's own operations and systems are reportedly unaffected. Banco Santander is a banking services provider founded on March 21, 1857 and headquartered in Madrid, Spain. The provider operates across Europe, North America, and South America. It's services include global payments services, online bank and digital assets.

Customer and Employee Data Compromised in Santander Data Breach

The bank reported that upon becoming aware of the data breach, it had immediately implemented measures to contain the incident, such as blocking access to its database from the compromised source as well as establishing additional fraud prevention mechanisms to protect impacted customers and affected parties. After conducting an investigation, the bank had determined that the leaked information stemmed from a thid-party database and consisted of details of customers from Santander Chile, Spain and Uruguay regions along with some data on some current and former Santander employees. Despite the third-party database breach, customer data from Santander markets and businesses operating in different regions were not affected. [caption id="attachment_68444" align="alignnone" width="2422"] Source: santander.com[/caption] The bank apologized for the incident and acknowledged concerns arising from the data breach, taking action to directly notify the affected customers and employees. The security team also informed regulators and law enforcement of the incident details, stating that the bank would continue to work with them during the investigation. Santander assured its customers that no transactional data, nor transaction-facilitating credentials such as banking details and passwords were contained in the database. The statement reported that neither the bank's operations nor systems were affected, and that customers could continue with secure transaction operations. Along with the official statement in response to the data breach, the bank had provided additional advice on its site on dealing with the data breach:

• Santander will never ask you for codes, OTPs or passwords.
• Always verify information your receive and contact us through official bank channels.
• If you receive any suspicious message, email or SMS report it to your bank directly or by contacting reportphishing@gruposantander.com.
• Never access your online banking via links from suspicious emails or unsolicited emails.
• Never ignore security notifications or alerts from Santander related to your accounts.

Financial and Banking Sector Hit By Data Breaches

Increased cyber threats or third-party database exposure as in the Santander data breach pose serious concerns for stability within the financial and banking. The International Monetary Fund noted in a blog post last months that these incidents could erode confidence in the financial system, disrupt critical services, or cause spillovers to other institutions. In March, the European Central Bank instructed banks within the European region to implement stronger measures in anticipation of cyber attacks. Earlier, the body had stated that it would conduct a  resilience stest on at least 109 of its directly supervised banks in 2024. The initiatives come as part of broader concern about the security of European banks. Last year, data from the Deutsche Bank AG, Commerzbank AG and ING Groep NV were compromised after the CL0P ransomware group had exploited a security vulnerability in the MOVEit file transfer tool. The European Central Bank's site states that its banking supervisors rely on the stress tests to gather information on and assess how well the banks would able to cope, respond to and recover from a cyberattack, rather than just their ability to prevent attacks. The response and recovery assessments are described to include the activation of emergency procedures and contingency plans as well as the restoration of usual operations. The site states that these test results would then be used to aid supervisors in identifying weaknesses to be discussed in dialogue with the banks. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

A dark web actor named DuckyMummy claimed responsibility for an alleged data breach at Frotcom International, a prominent player in vehicle tracking and fleet management based in Carnaxide, Portugal.  The Frotcom data breach, disclosed on nuovo BreachForums, exposes a vulnerability in Frotcom's internal systems, potentially compromising sensitive information including GPS IMEI numbers, real-time vehicle tracking data, billing details, and customer account information.

Alleged Frotcom Data Breach Surfaces on Dark Web

DuckyMummy's post on the forum detailed the extent of the Frotcom data breach, indicating access to internal systems across more than 40 countries and over 5,000 companies. The compromised data encompassed a wealth of information crucial to Frotcom's operations, from GPS tracking data to customer billing information.  [caption id="attachment_68365" align="alignnone" width="1732"] Source: Dark Web[/caption] As proof of their claims, the threat actor shared sample records showcasing live GPS vehicle information sorted by country and offered the compromised database for sale at a staggering price of USD 5,000.

“These days I have breached the company security, and I have dumped all information and got access to all internal systems of the company, more than 40 countries, more than 5,000 COMPANIES !”, stated the hacker. 

The Cyber Express has reached out to Frotcom for official confirmation and further details regarding the breach. However, as of the time of writing, no official statement or response has been received, leaving the claims surrounding the Frotcom data leak unverified.

Cyberattacks on Freight Companies 

The Frotcom data leak is not an isolated event and is a reminder of the growing threats faced by the transportation sector in an increasingly digitized world. With transportation systems becoming more reliant on interconnected digital technologies, they have become lucrative targets for cyber threat actors seeking to disrupt operations, extort sensitive data, or inflict financial harm. The ramifications of cyberattacks on transportation infrastructure are profound, ranging from supply chain disruptions to the compromise of sensitive passenger data. Recent incidents such as the ransomware attack on Japan's Port of Nagoya, which halted operations for two days, highlight the real-world impact of such breaches on global trade and commerce. Moreover, the nature of cyber threats poses a significant challenge to the transportation sector. Attack vectors are becoming increasingly diversified, with intrusions often originating from third-party supply chain partners or software vendors. Additionally, the rise of politically motivated threat actors further complicates the domain, as evidenced by the DDoS attacks on US airports claimed by Russian-speaking hackers. Looking back at historical events, cyber incidents targeting transportation infrastructure have resulted in widespread disruption and societal harm. From DDoS attacks on Czech railways and airports to ransomware incidents affecting Italian State Railways, these incidents highlight the vulnerability of transportation systems to malicious cyber activity. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Source: www.exponential-e.com – Author: Graham Cluley Security agencies in the United States have issued a new warning about the Black Basta ransomware group, in the wake of a high-profile attack against the healthcare giant Ascension. The cyber attack last week forced the Ascension computer systems offline, and caused some hospital emergency departments to turn away […]

La entrada Black Basta ransomware group’s techniques evolve, as FBI issues new warning in wake of hospital attack – Source: www.exponential-e.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

A threat actor using the alias qpwomsx has claimed responsibility for an alleged data breach affecting the popular Indian online shopping platform, Meesho. However, the legitimacy of this Meesho data breach is under scrutiny, as the threat actor seems to have reposted data from 2020 and only joined the platform in May 2024, raising questions about their credibility. On Nuovo BreachForums, qpwomsx displayed what they claimed was a database from Meesho, presenting snippets of data as proof. These excerpts, which included names, email addresses, and phone numbers, initially raised concerns. However, upon closer examination, a twist emerged: the sample records provided were identical to those from the 2020 IndiaMART database leak, which affected about 38 million user records. This discovery casts significant doubt on the credibility of qpwomsx's claims about a Meesho data breach.

Unconfirmed Meesho Data Breach Surfaces on Dark Web

[caption id="attachment_68336" align="alignnone" width="1333"] Source: Dark Web[/caption] The discrepancies didn't end there. The Cyber Express further analyzed the claims and found inconsistencies within the data itself. Specifically, discrepancies between names and associated phone numbers raised red flags. Given qpwomsx's brief tenure on the platform and apparent credibility issues, discerning the authenticity of the Meesho data breach becomes a daunting task. However, examining the stolen data paints a perplexing situation as the majority of the email addresses are valid and deliverable. Along with the emails, the data appears to be a compilation of personal information belonging to individuals, predominantly based in India.  Alongside names, email addresses, and phone numbers, additional details such as location and workplace affiliations were also included. However, the presence of "null" values suggests potential gaps or inaccuracies within the dataset.

The IndiaMART Data Breach Link

The Cyber Express has reached out to the e-commerce giant to learn more about this alleged Meesho data leak. However, at the time of writing this, no official statement or response has been shared, leaving the claims for the data breach unverified.  Moreover, parallels emerge between the purported Meesho breach and the 2020 IndiaMART data leak, which exposed sensitive information from over 40,000 suppliers. IndiaMART, a prominent business-to-business e-commerce platform, was also targeted in a cyberattack in 2020. Despite assertions from the company that only basic contact information is publicly available, cybersecurity researchers found an extensive exposure of sensitive data. Interestingly, the stolen data from the IndiaMART data leak is similar to the current Meesho data breach, raising concerns about the authenticity of the leak and the motives behind it.  This is an ongoing story and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the alleged Meesho data breach or any official confirmation from the Indian e-commerce giant. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

The City of Helsinki says usernames, email addresses, and personal information was stolen in a recent cyberattack.

The post Student, Personnel Information Stolen in City of Helsinki Cyberattack appeared first on SecurityWeek.

Source: securityaffairs.com – Author: Pierluigi Paganini City of Helsinki suffered a data breach The City of Helsinki suffered a data breach that impacted tens of thousands of students, guardians, and personnel. The Police of Finland is investigating a data breach suffered by the City of Helsinki, the security breach occurred during the night of 30 […]

La entrada City of Helsinki suffered a data breach – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityaffairs.com – Author: Pierluigi Paganini Australian Firstmac Limited disclosed a data breach after cyber attack Firstmac Limited disclosed a data breach after the new Embargo extortion group leaked over 500GB of data allegedly stolen from the company. Firstmac Limited, one of the largest non-bank lenders in Australia, disclosed a data breach. Firstmac Limited is an […]

La entrada Australian Firstmac Limited disclosed a data breach after cyber attack – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Zscaler has completed its investigation into the recent hacking claims and found that only an isolated test environment was compromised.

The post Zscaler Confirms Only Isolated Test Server Was Hacked appeared first on SecurityWeek.

The IntelBroker hacker has allegedly leaked a database belonging to the National Parent Teacher Association (PTA), a cornerstone of child advocacy in America since its establishment in 1897. The National Parent Teacher Association breach, which occurred in March, was posted by the threat actor on May 13, 2024.  Over 70,000 records of registered users, comprising a wealth of sensitive data, were reportedly compromised in this PTA data breach. The leaked data, disclosed on nuovo BreachForums, includes a trove of information ranging from personal identifiers to financial details. 

Dark Web Hacker Discloses National Parent Teacher Association Breach 

Among the exposed data are insured data, college information, client lists, medical insurance records, and payment information. This PTA data breach not only poses a threat to the privacy and security of individuals but also raises concerns about the misuse of such sensitive information. [caption id="attachment_68309" align="alignnone" width="861"] Source: X[/caption] The impact of this breach extends beyond the confines of the PTA itself, affecting individuals across the United States, particularly in the North American region. With PTA.org being the primary platform for engagement, the breach, if true, can have severe consequences.  The post on BreachForums by the IntelBroker hacker, titled "Parent Teacher Association Database, Leaked - Download!" and timestamped May 13, 2024, provides insights into the extent of the PTA data breach. The threat actor proudly claims responsibility for the breach alongside an entity named GodLike. The data dump shared by IntelBroker reveals intricate details, including identifiers, addresses, contact information, and policy-related data.

Cyberattack on Educational Institutions

The Cyber Express reached out to the National Parent Teacher Association for clarification and response regarding the breach. However, at the time of writing this, no official statement or response has been received. Moreover, this isn’t the first time a student-centric organization was targeted in a cyberattack. Educational institutions, from K-12 schools to universities, store vast amounts of personal data, making them prime targets for cyberattacks. The educational sector witnessed a 258% surge in incidents in 2023, with 1,537 confirmed data disclosures, often attributed to vulnerabilities like MOVEit. Ransomware remains a major external threat, while internal risks stem from uninformed users and overworked staff.  Attacks, primarily financially motivated, exploit the emotionally fraught nature of personal data exposure. Common attacks include data breaches, ransomware, BEC, DDoS, and online invasions. Recent high-profile attacks, like those on the University of Manchester and the University of California, highlight the urgent need for enhanced cybersecurity measures in educational institutions. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Hackers exploited an unpatched remote access server vulnerability in the Helsinki education division data breach to scour through records of 80,000 students, their guardians, and all of administrative personnel. The City of Helsinki detected the data breach on April 30, promptly initiating an investigation that found the hacker had gained access to student and personnel usernames and email addresses. Hannu Heikkinen, the chief digital officer of the City of Helsinki, in a Monday press conference said, “Further investigation has shown that the perpetrator has gained access to the usernames and email addresses of all city personnel, as well as the personal IDs and addresses of students, guardians and personnel from the Education Division.”

“Additionally, the perpetrator has also gained access to content on network drives belonging to the Education Division,” Heikkinen said.

“This is a very serious data breach, with possible, unfortunate consequences for our customers and personnel,” said City Manager Jukka-Pekka Ujula. “We regret this situation deeply.”

Helsinki Education Division Data Breach Linked to Remote Access Bug

The preliminary investigation found out that the Helsinki Education Division data breach was possible due to a vulnerability in a remote access server.

“The server had a vulnerability which the culprit was able to exploit to connect to the Education Division network.”

The city authorities did not reveal the name of the remote access server but said a hotfix patch was available at the time of exploitation, but why it was not installed on the server is currently unknown.

“Our security update and device maintenance controls and procedures have been insufficient,” said Heikkinen.

The breach targeted an extensive group, with most of the network drive data – comprising of tens of millions of files - containing non-identifying information or ordinary personal data, minimizing potential abuse, according to the city authorities. However, some files include confidential or sensitive personal data such as fees for early childhood education customers, children's status information like information requests by student welfare or information about the need of special support and medical certificates regarding the suspension of studies for upper secondary students, and sick leave records of Education Division personnel. The data breach also includes historical customer and personnel data. Meaning, even if an individual is not currently a customer or a member of staff at the Education Division, the hacker may still have accessed their data.

“Considering the number of users in the city’s services now and in previous years, in the worst case, this data breach affects over 80,000 students and their guardians,” Ujula said.

Satu Järvenkallas, executive director of the Education Division, said the authorities are currently unable to provide an accurate assessment of what data the hacker may have accessed as “the volume of data under investigation is significant.”

VPN Gateways, Network Edge Devices Need ‘Special Attention’

The City officials immediately notified the Data Protection Ombudsman, the Finnish Police, and Traficom’s National Cyber Security Centre after the discovery of the data breach at the Helsinki’s Education Division. Traficom’s cybersecurity center acknowledged the notification and said it was supporting the City of Helsinki in investigating the case. “The data breach that targeted the City of Helsinki is exceptionally large for its size in the municipal sector. The case affects many Finns and causes great concern,” it said on platform X (formerly known as Twitter). Critical vulnerabilities in network edge devices like this pose a risk to organizations' cybersecurity, said Traficom’s NCSC. Exploiting the vulnerabilities of VPN products intended for establishing secure remote connections, it is also possible for parties outside the organization to gain access to the internal networks, “especially if other measures to limit the attack are not in use,” it added.

“Severe and easy-to-exploit vulnerabilities have been detected in the network edge devices of many major device manufacturers, such as VPN gateways, in the past six months,” said Samuli Bergström, the director of the cybersecurity center. “That is why it is important that special attention is paid to resources and expertise in organizations.”

A very recent example of one such VPN appliance abuse is the zero-day exploitation in Ivanti VPN products, Ivanti Connect Secure (formerly Pulse Secure) and Ivanti Policy Secure gateways. Chinese state-backed hackers used two zero-day vulnerabilities in these products: an authentication bypass (CVE-2023-46805) and a command injection (CVE-2024-21887) bug to compromise several organizations including MITRE. “Reaction to the data breach has been quick and all the necessary resources are being and will be used on protective measures. This is the highest priority for the city’s senior management,” Ujula said. “After the breach, we have taken measures to ensure that a similar breach is no longer possible,” Heikkinen added.

“We have not discovered evidence that the perpetrator would have accessed the networks or data of other divisions. However, we are monitoring all City of Helsinki networks closely.”

Information for affected individuals is available via the Traficom’s Cybersecurity Centre website, data breach customer service, crisis emergency services and MIELI Mental Health Finland. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Europol is investigating a data breach, but says no core systems are impacted and no operational data has been compromised.

The post Europol Investigating Breach After Hacker Offers to Sell Classified Data appeared first on SecurityWeek.

Financial Business and Consumer Solutions (FBCS) says the personal information of 2.7 million was impacted in the recent data breach.

The post FBCS Collection Agency Data Breach Impacts 2.7 Million appeared first on SecurityWeek.

A dark web hacker, known as "makishimaaaa," has recently advertised a significant data breach on the Nuovo BreachForums. The compromised data originates from Hosocongty, a prominent Vietnamese job search platform. According to makishimaaaa's post on May 12, 2024, the hacker claims to have exfiltrated a PII (Personally Identifiable Information) database from the Hosocongty data breach in 2024. The database, offered for sale at the price of $320, contains approximately 160,000 records. These records include sensitive information such as company names, passwords, contact details, and various other personal identifiers. Interested buyers are instructed to contact the hacker privately, with the option of using escrow systems for transactions.

Hosocongty Data Breach Exposes Thousands of Job Seekers

Hosocongty.vn, the affected platform, serves as a crucial link between job seekers and employers across Vietnam. Its rapid growth highlights its significance in the country's job market. However, this data breach raises concerns about the security and privacy of the platform's users. [caption id="attachment_68133" align="alignnone" width="1622"] Source: Dark Web[/caption] Makishimaaaa's relatively low ransom demand and status as a new member of the hacking forum suggest a developing situation. The hacker joined the platform in March 2024 and has since posted 38 times. This calculated move indicates a deliberate attempt to minimize suspicion while maximizing profits from the stolen data. The compromised database contains a wealth of personal information, including company details, contact numbers, email addresses, and more. Makishimaaaa emphasizes the quality and active rate of the data, reassuring potential buyers of its reliability. However, the ethical implications of purchasing stolen data remain a cause for concern. The Cyber Express has reached out to the recruitment firm to learn more about this Hosocongty data breach. However, at the time of writing this, no official statement or response has been released, leaving the claims for the Hosocongty data leak unverified. 

Cyberattack on the Recruitment Sector

The Hosocongty data breach is indicative of a broader trend of increasing cyberattack on the recruitment sector. In February 2024, Das Team Ag, a prominent job placement agency in Switzerland and Liechtenstein, fell victim to the Black Basta ransomware group, highlighting the vulnerability of recruitment platforms.  Cyber risks in the digital hiring process have intensified over the years, with cybercriminals targeting sites housing sensitive data, such as employment platforms. The surge in digitalization has exacerbated these threats, necessitating enhanced security measures across industries.  Polymorphic attacks, phishing, and malware are among the most prevalent cyber threats facing the recruitment sector, posing risks to both job seekers and companies. As such, users of Hosocongty are urged to exercise vigilance and implement necessary security measures to safeguard personal information.  This is an ongoing story and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the Hosocongty data breach or any official confirmation from the Vietnamese job portal.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Source: securityaffairs.com – Author: Pierluigi Paganini Pro-Russia hackers targeted Kosovo’s government websites  |  Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION  |  As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide  |  Ohio Lottery data breach impacted over 538,000 individuals  |  Notorius threat actor IntelBroker claims the hack […]

La entrada Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

An unidentified threat actor known as "pwns3c" has offered access to a database purported to contain sensitive data and documents from a City of New York data breach for sale on BreachForums. The City of New York website offers official digital representation of the city's government as well as access to related information such as alerts, 311 services, news, programs or events with the city. The claims made in the post, despite its alleged nature raises significant concerns about the extent of the data breach as well as the security practices followed by the government office.

Alleged City of New York Data Breach Claimed to Include Sensitive Data

The stolen database is allegedly stated to include 199 PDF files, approximately 70MB in size in total. The exposed data includes a wide range of personally identifiable information (PII), such as: Licensee Serial Number, Expiration Date, Applicant or Licensee Name, Trade Name, Street Address, City, Zip Code, Phone Number of Applicant, and Business Email of Applicant. Moreover, the data also reveals sensitive details about building owners, attorneys, and individuals, including their EIN, SSN, and signature. The threat actor is selling this sensitive information for a mere $30, and interested buyers are instructed to contact them through private messages within BreachForums or through their Telegram handle. The post seemingly includes links to download samples of the data allegedly stolen in the attack. [caption id="attachment_68084" align="alignnone" width="1872"] Source: BreachForums[/caption] The alleged data breach has far-reaching implications, as it puts the personal information of numerous individuals at risk. The leak of personally identifiable information (PII) and sensitive documents exposes individuals to potential risks of identity theft, fraud, and other malicious activities. The Cyber Express team has reached out to the New York City mayor's official press contact email for confirmation. However, no response has been received as of yet.

pwns3c Earlier Claimed to have Hacked Virginia Department of Elections

In an earlier post on BreachForums, pwns3c claimed an alleged data breach against the Virginia Department of Elections, compromising of at least 6,500 records. The earlier stolen data was also offered for USD 30 in Bitcoin (BTC), Litecoin (LTC), or Monero (XMR) on the dark web. The Virginia Department of Elections is responsible for providing and overseeing open and secure elections for the citizens of the Commonwealth of Virginia. It is responsible for voter registration, absentee voting, ballot access for candidates, campaign finance disclosure and voting equipment certification in coordination with about 133 of Virginia's local election offices. The compromised data was allegedly stated to have included sensitive information such as timestamps, usernames, election data, candidate information, and voting method details. However, there has been no official confirmation of the stated incident as of yet. The breaches claimed by pwns3c, despite their alleged nature highlight the persistent challenges of securing the websites of government institutions. The sensitive nature of the stolen data that may allegedly include Social Security Numbers (SSNs), contact information, election-related details, and signatures, underscores the urgency for government websites to strengthen their security measures. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Source: securityaffairs.com – Author: Pierluigi Paganini Ohio Lottery data breach impacted over 538,000 individuals The cyber attack on the Ohio Lottery on Christmas Eve exposed the personal data of over 538,000 individuals. On Christmas Eve, a cyberattack targeting the Ohio Lottery resulted in the exposure of personal data belonging to 538,959 individuals. The organization is […]

La entrada Ohio Lottery data breach impacted over 538,000 individuals – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityaffairs.com – Author: Pierluigi Paganini Notorius threat actor IntelBroker claims the hack of the Europol Notorius threat actor IntelBroker claims that Europol has suffered a data breach that exposed FOUO and other classified data. The threat actor IntelBroker announced on the cybercrime forum Breach the hack of the European law enforcement agency Europol. The […]

La entrada Notorius threat actor IntelBroker claims the hack of the Europol – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityboulevard.com – Author: Jeffrey Burt Dell is sending emails to as many as 49 million people about a data breach that exposed their names, physical addresses, and product order information. According to the brief message, bad actors breached a Dell portal that contains a database “with limited types of customer information related to purchases […]

La entrada Dell Data Breach Could Affect 49 Million Customers – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.techrepublic.com – Author: Fiona Jackson TechRepublic consolidated expert advice on how businesses can defend themselves against the most common cyberthreats, including zero-days, ransomware and deepfakes. Today, all businesses are at risk of cyberattack, and that risk is constantly growing. Digital transformations are resulting in more sensitive and valuable data being moved onto online systems […]

La entrada How Can Businesses Defend Themselves Against Common Cyberthreats? – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityaffairs.com – Author: Pierluigi Paganini Dell discloses data breach impacting millions of customers Dell disclosed a security breach that exposed millions of customers’ names and physical mailing addresses. IT giant Dell suffered a data breach exposing customers’ names and physical addresses, the company notified impacted individuals. The company launched an investigation into the incident […]

La entrada Dell discloses data breach impacting millions of customers – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.bitdefender.com – Author: Graham Cluley Boeing has confirmed that it received a demand for a massive $200 million after a ransomware attack by the notorious LockBit hacking group in October 2023. The company confirmed its link to the indictment of Dmitry Yuryevich Khoroshev, who was identified this week by the US Department of Justice […]

La entrada Boeing refused to pay $200 million LockBit ransomware demand – Source: www.bitdefender.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.tripwire.com – Author: Graham Cluley The FBI has issued a warning to US retailers about a financially-motivated malicious hacking ring that has been targeting employees with phishing attacks in an attempt to create fraudulent gift cards. Staff at the corporate offices of US retail companies have been the target of highly-sophisticated email phishing and […]

La entrada FBI warns US retailers that hackers are targeting their gift card systems – Source: www.tripwire.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

The tech giant says the information stolen doesn't represent a significant risk to users, but cybersecurity experts disagree.

The post Dell Data Breach Could Affect 49 Million Customers appeared first on Security Boulevard.

Insight #1

The Cybersecurity and Infrastructure Security Agency’s (CISA’s) Known Exploited Vulnerabilities (KEV) list is shown to increase speed of fixing vulnerabilities, but Verizon’s  Data Breach Investigations Report (DBIR) also shows that remediation is still taking much longer than it should. Does “improvement” mean we will continue to improve, or just that these vulnerabilities change priority and still get fixed as slowly as before? Only time will tell.  

The post Cybersecurity Insights with Contrast CISO David Lindner | 5/10/24 appeared first on Security Boulevard.

The Ohio Lottery cyberattack conducted by the DragonForce ransomware group has impacted more than 500,000 individuals.

The post 500,000 Impacted by Ohio Lottery Ransomware Attack appeared first on SecurityWeek.

Dell has issued a warning to its customers regarding a data breach following claims by a threat actor of pilfering information for roughly 49 million customers. In an email sent to customers, the computer manufacturer disclosed that a Dell portal containing customer data associated with purchases had been compromised. "We are presently investigating an incident involving a Dell portal, housing a database containing limited types of customer information linked to Dell purchases," stated a Dell data breach notification. Dell clarified that the accessed information encompassed:

• Names
• Physical addresses
• Dell hardware and order details, comprising service tags, item descriptions, order dates, and relevant warranty information

The company said the stolen data did not encompass financial or payment data, email addresses or phone numbers. Dell assured customers that they are collaborating with law enforcement and a third-party forensics firm to probe the matter. [caption id="attachment_67595" align="aligncenter" width="687"] Dell data breach notification[/caption] Dell Technologies is a publicly traded company that operates in 180 countries and is headquartered in Round Rock, Texas. Dell is the third-largest personal computer vendor in the world by unit sales, behind Lenovo and HP and serves more than 10 million small and medium-sized businesses and receives 500 million annual eCommerce visits. The tech giant generated a revenue of $102.3 billion in 2023 and has over 500,000 commercial customers and 2,500 enterprise accounts.

Dell Data Breach Set Appeared on Dark Web

Despite Dell's reassurances, the breach data was purportedly put up for sale on an underground hacker forum by a threat actor named “Menelik” on April 28. The threat actor claimed this data set contained an up-to-date details of registered Dell servers including vital personal and company information such as full names, addresses, cities, provinces, postal codes, countries, unique 7-digit service tags of systems, system shipment dates (warranty start), warranty plans, serial numbers (for monitors), Dell customer numbers and Dell order numbers. The threat actor asserted that he was the sole possessor of this data that entailed approximately 7 million records of individual/personal purchases, while 11 million belong to consumer segment companies. The remaining data pertained to enterprise, partners, schools or unidentified entities. The threat actor also highlighted the top five countries with the most systems represented in the database, which included the United States, China, India, Australia and Canada. The data, claimed to be sourced from Dell and containing 49 million customers and other systems details between 2017 and 2024, aligned with the details outlined in Dell's breach notification. However, The Cyber Express could not confirm if the two data sets are the same as Dell did not immediately respond to our request for confirmation. Although the sale of the database appears to have ceased, the possibility of further exploitation remains. Although Dell refrained from disclosing the specific impact of the breach, it remains vigilant about potential risks associated with the stolen information. While the compromised data lacks email addresses, threat actors could exploit it for targeted phishing and smishing attacks against Dell customers. They could contact Dell customers as fake customer service executives and lead them into downloading malware or infostealers as is seen in many previous campaigns. Dell advises customers to exercise caution regarding any communications purportedly from Dell, especially those urging software installations, password changes or other risky actions and encourages customers to verify the legitimacy of such communications directly with Dell. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

The International Baccalaureate Organization (IBO) confirmed a hacking incident, while clarifying that no ongoing exam papers were leaked despite claims online of a wider cheating scandal. The IB found students sharing exam details online before the completion of their ongoing tests globally, and simultaneously observed increased malicious activity targeting its computer networks. On investigating the online claims, IB found that the leaked data set appeared to be limited to earlier data from 2018, while the ongoing exam paper leaks could be a result of some students sharing exam papers online rather than a hack. Founded in 1968, the International Baccalaureate is a non-profit educational organization based in Geneva, Switzerland. It aims to provide high quality international education free of regional, political or educational agendas.

Exam Cheating Concerns Amidst International Baccalaureate Hack

Earlier last week, the International Baccalaureate had released an update stating that it was investigating online speculation about potential cheating by some students in the ongoing exams. The organization stated that while there was no evidence of widespread cheating, some students might have engaged in "time zone cheating". The organization defined time zone cheating as an action where students "who have completed their examinations share what they can recall from memory about the exam questions on social media before other students take the examination." Citing its own academic integrity policy which forbids such behaviour, the organization stated that students engaging in such activity would not receive their Diploma certificates or grades and may potentially be banned from future exam retests. [caption id="attachment_67556" align="alignnone" width="2800"] Source: Official Update[/caption] After its initial investigations, the organization stated that it had experienced an increase in attempted malicious activity aiming to interfere with its systems. It also confirmed that some data from 2018, including employee names, positions, and emails, had been breached through a third-party vendor, and screenshots of this leaked data were shared online. However, the organization again clarified that at the time of the investigation, no recent exam material was found to be compromised. The notice further stated that IB was continuing to assess the incident and had taken steps to contain the incident. The organization mentioned that it would provide further information on the incident as the situation evolved. The Cyber Express team has reached out to the International Baccalaureate for further details, and a spokesman responded with a link to the second update notification.

Students Petition For Exam Cancellation

The exam is taken by nearly 180,000 students internationally. However, recent speculations over the hacking incident and cheating allegations have raised concerns among students and their parents, leading to an online petition demanding exam cancellation or re-test. Amidst the speculation, the International Baccalaureate took action to remove leaked content and stated that cheaters would face severe consequences. Some condemned the leaks as failures in governance and urged for improved exam security, prompting the IB to affirm its intention to stay ahead of technological threats while promoting academic integrity in the exam process. The IB further cautioned its authorized network of schools about data breaches and phishing attempts. The leaked materials from the International Baccalaureate data breach were observed to have been downloaded over 45,000 times. The leaked content, allegedly included mathematics and physics papers which were widely circulated online, further raising doubts about exam integrity. It remains to be seen, if the student petition demand's for justice or the organization's observation of increased hacking attempts will lead to a further escalation of the situation. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Medical health care provider DocGo has disclosed in a form 8-K that it experienced a cybersecurity incident involving some of the company’s systems. As part of the investigation of the incident, the company says it has determined that the attacker accessed and acquired data, including certain protected health information.

DocGo is a healthcare provider that offers mobile health services, ambulance services, and remote monitoring for patients in 30 US states, and across the United Kingdom. On its company website it touts over 7,000,000 patient interactions.

In the same form, DocGo says the breach concerns a limited number of healthcare records within the company’s US-based ambulance transportation business, and that no other business lines have been involved.

DocGo says it is actively reaching out to those individuals who had their data compromised in the attack.  

So far, we have no indication what the nature of the cyberattack was, but it is almost standard procedure nowadays for ransomware groups to use stolen data as extra leverage to get the victim to pay the ransom.

Protecting yourself from a data breach

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

• Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
• Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
• Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
• Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify any contacts using a different communication channel.
• Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
• Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

Check your digital footprint

Malwarebytes has a new free tool for you to check how much of your personal data has been exposed online. Submit your email address (it’s best to give the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report and recommendations.

Zscaler says its customer, production and corporate environments are not impacted after a notorious hacker offers to sell access.

The post Zscaler Investigates Hacking Claims After Data Offered for Sale appeared first on SecurityWeek.

IntelBroker has asserted a massive breach, and has now sold the access to a cybersecurity entity with a hefty annual revenue of USD 1.8 billion. The threat actor has traded USD 20,000 in XMR or ETH to an unknown entity on a dark web forum.  The initial offer touted access to a trove of sensitive information, including SSL keys, SMTP access, PAuth/Pointer Authentication, and various login credentials. Despite the lack of concrete evidence, a conversation surfaced on social media platforms purportedly involving IntelBroker, further fueling speculation.  While the forum post rumors hinted at the US-based cloud security giant, Zscaler Inc., the actual target remains unconfirmed due to the absence of corroborating proof. However, Zscaler's recent security update on its website hints at a possible connection between the two events. 

Alleged Zscaler Data Breach Threatens the Cybersecurity Community

[caption id="attachment_67457" align="alignnone" width="1765"] Source: Dark Web[/caption] The gravity of the alleged Zscaler data breach escalated when rumors emerged surrounding a possible breach within the organization's infrastructure. Allegations circulated that a threat actor was peddling access to the company's systems. In response, Zscaler swiftly took its "test environment" offline for analysis, aiming to ascertain the authenticity of the claims. However, the current update from the hacker stated that the unauthorized access has now been sold. Apart from the update, no further information was provided on the receiver who allegedly purchased the unauthorized access for USD 20,000. Zscaler has updated its security page, stating, "Zscaler continues to investigate and reiterates there is no impact or compromise to our customer, production, and corporate environments. During the afternoon of May 8, we engaged a reputable incident response firm that initiated an independent investigation. We continue to monitor the situation and will provide additional updates through the completion of the investigation". [caption id="attachment_67460" align="alignnone" width="1330"] Source: Zscaler[/caption] Initially, Zscaler reassured stakeholders that their investigation yielded no evidence of compromise within their customer or production environments. However, concerns persisted as discussions around the purported Zscaler data breach proliferated online. Users on various platforms debated the authenticity of the claims, with some expressing skepticism while others confirmed the breached organization is cybersecurity giant.

Zscaler Responds to the Alleged Breach Claims 

Amid the uncertainty, Zscaler remained positive, emphasizing its commitment to safeguarding customer and production environments. Updates from Zscaler's Trust site reiterated their dedication to thorough investigation and transparency. While it confirmed the discovery of an isolated test environment exposed to the internet, they highlighted its lack of connectivity to critical systems and absence of customer data. Talking about the rumors, Zscaler stated that the organization is aware of the claims and they are currently investigating the data. “Zscaler is aware of a public X (formerly known as Twitter) post by a threat actor claiming to have potentially obtained unauthorized information from a cybersecurity company. There is an ongoing investigation we initiated immediately after learning about the claims. We take every potential threat and claim very seriously and will continue our rigorous investigation”, added Zscaler. 

Who is IntelBroker?

https://www.youtube.com/watch?v=wXuurLlu25I IntelBroker is a solo hacker who gained infamy in 2023 for breaching Weee! and leaking data of 11M customers. Allegations hint at its connection to Iranian state entities, though IntelBroker denies it, claiming independence from Serbia. The hacker's focus on US defense suggests state cooperation. In an exclusive interview with The Cyber Express, the hacker shared information about these operations and himself as a person. Instead of being a full-fledged member of a ransomware group, IntelBroker has been working alone but has collaborated with other hackers in the industry. IntelBroker's targets span national security, government, critical infrastructure, and commerce sectors, executing extensive data breaches without traditional ransomware tactics. The hacker's methods include exploiting vulnerabilities and utilizing the "Endurance-wiper" tool. Transactions predominantly occur in XMR cryptocurrency, ensuring anonymity. The hacker breaches extend to companies like Razer, AT&T, and Verizon, sparking debates on corporate cybersecurity practices. Despite lucrative gains, IntelBroker advocates transparency in reporting breaches to maintain credibility. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

💾

SigningHub has denied the allegations of the cyberattack orchestrated by the IntelBroker hacker. The UK-based online document signing and digital signature creation service provider has shared a blog post, detailing the false claims made by the threat actor.  The organization stated that "this claim has been found to be 100% false", and upon analysis of the file purported to be the source code of Ascertia SigningHub, the organization denoted that the file does not include any source code or executable related to SigningHub or any other Ascertia product. The SigningHub data leak, initially posted on the nuovo BreachForums, shared insights into the operation of the organization. IntelBroker, a known entity in the hacker community, revealed the breach on May 8, 2024, shedding light on an incident that allegedly occurred in December 2023. The leaked source code encompasses crucial elements of SigningHub's infrastructure, including API services, docker container files, certificates, libraries, and other sensitive data. 

Ascertia Denies Allegations of the SigningHub Data Leak

Following the SigningHub data leak claims, Ascertia responded to the claims via a blog post, stating the SigningHub data breach and source code leak to be false. Allegations arose on May 8th via Twitter/X, claiming unauthorized access to Ascertia's network in December 2023. After thorough investigation, Ascertia confirmed no breach or access to SigningHub's source code. The file posted online purported to be SigningHub's source code was analyzed, revealing no related content. The Ascertia IT team simultaneously began a thorough investigation of the Ascertia network security systems and logs. At this time, Ascertia can confirm that there is no unauthorised access from bad actors and has concluded that the claims of a data breach are also false", stated Ascertia. Simultaneously, Ascertia's IT team examined network security systems and logs, confirming no unauthorized access. Ascertia emphasizes its dedication to information security, GDPR compliance, and robust security measures. Ongoing analysis of network access points and systems ensures product, staff, and client data security."

IntelBroker Claims SigningHub Data Leak

[caption id="attachment_67397" align="alignnone" width="1402"] Source: Dark Web[/caption] The announcement of the SigningHub data breach paints a grim picture of the intrusion and its alleged impact. The post, titled "SigningHub - File Signing SRC Leaked, Download!", was shared by the threat actor while other users commended the hacker for this intrusion, stating the SigningHub code leak was “another great hit”, “top release” and other words of praise.  The Cyber Express has reached out to Ascertia to learn more about this SigningHub data leak. However, at the time of writing this, no official statement or response has been shared apart from the blog post by the parent company Ascertia. In an attempt to shed light on the operation associated with the hacker, The Cyber Express reached out to IntelBroker for insights into their motivations and methods. In a recent interview, IntelBroker shared details of their hacking journey, affiliations, and previous exploits, highlighting the scale and sophistication of their operations.

The IntelBroker Modus Operandi and Recent Attacks

[embed]https://youtu.be/wXuurLlu25I?si=FQYqB3byG3-0lgyr[/embed] IntelBroker's track record includes a series of high-profile breaches targeting organizations across various sectors, ranging from aviation and technology to government agencies. Notable breaches attributed to IntelBroker include infiltrations at the Los Angeles International Airport, Acuity, General Electric, DC Health Link, and others, each revealing the extent of vulnerabilities in digital infrastructure. The alleged breach at SigningHub adds another layer of complexity to the IntelBroker operations as the hacker has claimed multiple data breaches in 2024, highlighting the pressing issue of security. The Cyber Express will be closely monitoring the situation and we’ll update this post once we have more information on the SigningHub source code leak or any official confirmation from the organization. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

💾

Hackers IntelBroker and Sanggiero have claimed a data breach allegedly impacting HSBC Bank and Barclays Bank. The HSBC Bank data breach, along with the breach at Barclays reportedly occurred in April 2024, involving a security incident through a third-party contractor, ultimately leading to the leak of sensitive data.  The compromised data, which was being offered for sale on Breachforums, allegedly includes a wide array of files such as database files, certificate files, source code, SQL files, JSON configuration files, and compiled JAR files. Preliminary analysis suggests that the data may have been sourced from the services provided by Baton Systems Inc., a post-trade processing platform, potentially impacting both HSBC Bank and Barclays Bank. However, Baton Systems has not shared any update on this alleged attack or any connection with the sample data provided by the threat actor.

Hacker Duo Claims Barclays and HSBC Bank Data Breach

Barclays Bank PLC and The Hong Kong and Shanghai Banking Corporation Limited (HSBC) are the primary organizations reportedly affected by this breach. With operations spanning across the United Kingdom, United States, and regions including Europe and North America, the threat actor threatens the banking systems and probably targets customers' data, however, there has been no evidence of such data getting leaked.  [caption id="attachment_67347" align="alignnone" width="2084"] Source: Dark Web[/caption] In a post on Breachforums, one of the threat actors, IntelBroker, shared details of the Barclays and HSBC Bank data breach, offering the compromised data for download. The post, dated May 8, 2024, outlined the nature of the breach and the types of data compromised, including database files, certificate files, source code, and more. The post also provided a sample of the leaked data, revealing a mixture of CSV data representing financial transactions across different systems or entities.

While talking about the stolen data, IntelBroker denoted that he is "uploading the HSBC & Barclays data breach for you to download. Thanks for reading and enjoy! In April 2024, HSBC & Barclays suffered a data breach when a direct contractor of the two banks was breached. Breached by @IntelBroker & @Sanggiero".

A Closer Look at the Sample Data 

A closer look at the sample data reveals three distinct datasets, each containing transaction records with detailed information about financial activities. These records encompass a range of information, from transaction IDs and timestamps to descriptions and account numbers involved. The datasets provide a comprehensive view of various transactions, offering valuable insights for financial analysis and tracking. The Cyber Express has reached out to both the banks to learn more about these alleged data breaches. HSBC Bank has denied these allegations about the breach, stating, "We are aware of these reports and confirm HSBC has not experienced a cybersecurity incident and no HSBC data has been compromised.” However, at the time of writing this, no official statement or response has been shared by Barclays, leaving the claims of the data breach related to Barclays stand unverified. Moreover, the two hackers in question, IntelBroker and Sanggiero, have claimed similar attacks in the past, targeting various global organizations. In an exclusive interview with The Cyber Express, one of the hackers, IntelBroker shed light on their hacking activities and the motivations behind their operations. IntelBroker had also praised Sanggiero from BreachForums for “his exceptional intellect and understated contributions to the field are deserving of far greater recognition and respect.” Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Philadelphia-based real estate company Brandywine Realty Trust shuts down systems following a ransomware attack.

The post Brandywine Realty Trust Hit by Ransomware  appeared first on SecurityWeek.

MedStar Health, a prominent non-profit healthcare provider disclosed a data breach that impacts more than 183,000 patients from its hundreds of care locations which it operates in the Baltimore-Washington area in the U.S. The not-for-profit healthcare provider is worth $7.7 billion and is one of the largest employers in the region with more than 34,000 associates working across 300 care locations including 10 hospitals and 33 urgent care clinics, ambulatory care centers and primary and specialty care providers. They together treat hundreds of thousands of patients on a yearly basis. The impacted individuals' personal data may have been compromised when an outsider gained access to emails and files of three employees, MedStar Health said in a statement on the data breach. MedStar Health reported notifying 183,709 affected patients via letters and filed a notice with the Department of Health and Human Services. The unauthorized access occurred sporadically between January and October last year, with patient information found in breached files and emails. Although there's no indication of actual acquisition or viewing of patient data, the company couldn't rule out such access. Patient information including names, addresses, dates of birth, service dates, provider names and insurance details, were contained in the compromised emails and files, MedStar Health said. The healthcare provider urged affected patients to monitor healthcare statements for any unusual activities and assured implementation of new safeguards to prevent future breaches.

Earlier MedStar Health Data Breach

The digital woes of the healthcare provider are not new. In fact, this is the second time in a decade that MedStar Health is facing a massive data breach scare. In 2016, a virus, likely a ransomware malware infected the computer network of MedStar Health. This prompted a complete shutdown of services for the healthcare giant, which resulted in diversion of new patients to other hospitals and the care givers had to resort to pen and paper to continue regular operations. The impact was such that the FBI was called in to investigate the MedStar Health data breach, which followed similar cyberattacks on at least three other medical institutions in California and Kentucky.

Healthcare Breaches on the Rise

This incident adds to a growing list of healthcare breaches and ransomware attacks, including the Change Healthcare that caused widespread disruptions across U.S. Initially described as an “enterprise-wide connectivity issue,” the severity of the attack went a bar above when Blackcat – also known as Alphv – ransomware gang claimed responsibility for it. The Russia-based ransomware and extortion gang claimed to have stolen millions of Americans’ sensitive health and patient information, a tactic commonly employed by ransomware gangs to exert pressure on victims. However, on February 29, Blackcat withdrew its claim on the breached data of the healthcare group, raising questions if a ransom was paid. The company did confirm that is paid a $22 million ransom later but it now faces multiple lawsuits for alleged negligence in safeguarding clients' personal information. The parent company UnitedHealth has allocated over $2 billion to fight the fallout of the Change Healthcare data breach. The company last week also stated that a lack of multi-factor authentication (MFA) resulted into the massive hack. Blackcat in September 2023 claimed a similar data breach on McLaren Healthcare, where nearly 6 terabytes worth of data was siphoned. Owing to such large scale healthcare data breaches, the U.S. Cybersecurity and Infrastructure Security Agency in March unveiled a cybersecurity toolkit for healthcare sector that would help them implement advanced tools, that fortify their defenses against evolving threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

University System of Georgia says Social Security numbers and bank account numbers were compromised in the May 2023 MOVEit hack.

The post University System of Georgia Says 800,000 Impacted by MOVEit Hack appeared first on SecurityWeek.

A class action lawsuit has been filed against J.P. Morgan Chase & Co., alleging that the financial giant failed to implement adequate security measures, leading to the exposure of sensitive personal data of its clients. Benjamin Valentine, a former employee of the Long Island Railroad, filed a complaint alleging that his personal information was improperly obtained in a recent J P Morgan data breach that compromised the accounts of thousands of users.

J P Morgan Data Breach Compromised Thousands of Users

[caption id="attachment_67262" align="alignnone" width="971"] Source: Chase[/caption] According to documents filed in the U.S. District Court for the Southern District of New York on May 3, Valentine's case is detailed in a Class Action Complaint (Case 1:24-cv-03438-JLR). The lawsuit contends that J.P. Morgan, a significant player in the financial industry offering a wide array of services to millions of customers, failed to adequately safeguard the personal information of its clients' employees, resulting in substantial harm. Valentine's complaint outlines how J.P. Morgan collected and maintained sensitive personally identifiable information (PII) of its clients' employees, including names, addresses, payment details, and Social Security numbers. This information, crucial for financial transactions and security, was compromised in the J P Morgan data breach and fell into the hands of cybercriminals. The lawsuit asserts that as a consequence of the breach, Valentine and approximately 451,000 other affected individuals suffered tangible damages, including invasion of privacy, identity theft, and the loss of trust and value in their personal information. Moreover, the breach exposed them to ongoing risks of fraud and further misuse of their data.

The Legal Action on J P Morgan

The legal action further alleges that J.P. Morgan's failure to implement adequate cybersecurity measures and its reckless handling of sensitive data contributed directly to the breach. Despite claims by J.P. Morgan that the breach was not the result of a cyberattack, the lawsuit argues that the company's negligence made it a target for such malicious activities. Valentine's complaint highlights J.P. Morgan's purported lack of transparency and timely notification regarding the breach, leaving affected individuals uninformed about the root cause and remedial actions taken. This, the lawsuit claims, exacerbates the emotional and financial distress experienced by victims. The Cyber Express has reached out to the organization to learn more about this J P Morgan data leak. However, J.P. Morgan has not provided an official statement regarding the cyber incident. Following the incident, a regulatory filing revealed that the breach stemmed from a software issue, which the company addressed promptly upon discovery. Valentine seeks various forms of relief through the lawsuit, including compensation for damages, injunctive relief, and reimbursement of legal fees. He is represented by the law firm Milberg Coleman Bryson Phillips Grossman LLC, based in Garden City, New York. As the legal proceedings unfold, The Cyber Express will be closely monitoring the situation and we’ll update this post once we have more information on the data breach or any new updates about the lawsuit.   Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

The Hong Kong fire department uncovered a recent breach in its computer system that exposed the personal information of over 5,000 department personnel and hundreds of residents. The Hong Kong Fire Department data breach, the third incident involving government data in less than a week, stems from an unauthorized change in privileged access rights during a data migration procedure by an outsourced contractor, according to a statement from the Fire Services Department (FSD). The Hong Kong Fire Services Department is an emergency firefighting government service that conducts rescue operations on land and sea. The department is also responsible for providing emergency ambulance service for sick and injured as well in providing fire protection advice to the general public. However, there is no evidence that the leaked data from the Hong Kong Fire Department data breach had been published online.

Systems Suspended Following Hong Kong Fire Department Data Breach

[caption id="attachment_67236" align="alignnone" width="1000"] Source: Shutterstock[/caption] Following the discovery of the intrusion, the fire department suspended the affected system and launched an investigation along with the third-party contractor. The department immediately revoked the contractor's access rights to prevent further data leakage and implemented enhanced security measures to prevent similar incidents. The compromised data included the last names and phone numbers of approximately 480 individuals who reported tree collapse incidents during the Super Typhoon Saola in September 2023. Additionally, personal details such as names, phone numbers, and ranks of around 5,000 FSD staff were at risk, with 960 personnel having their incomplete identity card numbers exposed in the breach. Details regarding the breach were notified to the relevant authorities including the Police, Security Bureau, Privacy Commissioner for Personal Data, and Government Chief Information Officer. "The FSD believes that the incident happened when the outsourced contractor handled the data migration procedure. During the process, the access right of the data was found altered without authorisation, posing a potential risk of data leakage," a Fire Services Department spokesperson stated. The Hong Kong Fire Services Department apologised for the incident and notified those affected through text messages or phone calls. However the department assured the public that there was no evidence that the data had been leaked as of yet.

Data Breach Follows Two Cyber-Incidents within the Same Week

This Hong Kong Fire Department data breach follows similar data breach incidents involving the Electrical and Mechanical Services Department (EMSD) and the Companies Registry last week, where data stored on their servers had been compromised. Lawmaker Elizabeth Quat who heads the Panel on Information Technology and Broadcasting has called for improved data security measures and a punishment mechanism for future incidents and similar blunders. The Electrical and Mechanical Services Department (EMSD) system glitch last Tuesday allowed for unauthorized access to the names, telephone numbers, identity card numbers and addresses of around 17,000 individuals through the server platform without requiring a password. The Companies Registry stated last Friday that security flaws in its online e-Services Portal developed by a third-party contractor resulted in the transmission of additional personal data beyond what was requested by the client computer during searches. While this additional data was not displayed directly, it could be obtained through the use of web developer tools. The additional data was estimated to affect about 110,000 data subjects and included their names, full passport numbers, identity card numbers, residential addresses, telephone numbers and email addresses. The city's privacy watchdog reported a significant increase in data breach notifications last year, signaling a growing concern for data protection. In a recent case involving Cyberport, a government-owned tech hub, the watchdog identified lapses in security audits and unnecessary retention of personal data, highlighting the need for better oversight in handling sensitive information. The string of government-related data breaches highlights the possibility of security weaknesses introduced through dependence on external third-party contractors. This weakness remains a major problem globally as observed in the recent incident UK Ministry of Defense data breach stemming from an external payroll provider. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Brandywine Realty Trust issued a recent filing to the US Securities And Exchange Commission (SEC), where it confirmed that an unauthorized third-party had gained access to portions of its internal network. The Brandywine Realty Trust data breach is stated to have affected the functioning of some of its internal systems, following preventative measures as part of the firm's incident response plan. Brandywine Realty Trust is one of the largest publicly traded real estate companies in the United States with a primary focus in the Philadelphia, Texas and Austin markets. The firm is organized as a real estate investment trust and manages 69 properties comprising of 12.7 million square feet in land spanning multiple states. Upon detecting the intrusion, the trust initiated its response protocols and took steps to contain affected systems, assess the extent of the attack and move towards remediation. Investigative efforts were held together with external cybersecurity professionals, while details were shared with law enforcement.

Brandywine Realty Trust Data Breach Disrupted Trust's Operations

The filing reveals that along with unauthorized access to its internal systems, the attack also involved the  encryption of some of the company's internal resources. The encryption process disrupted access to portions of the company’s business applications responsible for several of the company's internal and corporate functions, including its financial and reporting systems. The company disclosed that certain files were stolen during the attack, but that it is still working on determining the extent of sensitive and confidential information accessed during the intrusion into its IT systems, and establishing if any personal information had been accessed. However, the company believes that the intrusion had been been contained from spreading further into its systems and stated that it is working diligently to restore its IT systems back online. The Company is also  evaluating if any additional regulatory and legal notifications are required after facing the incident and will issue appropriate notifications according to its findings.

Perpetrator Behind Brandywine Realty Trust Data Breach Unknown

The company is known to have rented out commercial properties to various prominent firms, with its biggest tenants including IBM, Spark Therapeutics, Comcast, and the FMC Corporation. However, the attack comes during a recent period of increased ongoing volatility in the office commercial space with  Brandywine recently cutting down its quarterly dividend, from 19 cents to 15 cents a share, for the first time since 2009. In an recent interview, the company's CEO acknowledged “turbulent times” in commercial real estate space and the company aimed at covering its “danger points.” He added the company has plenty of cash and available credit, while noting that compared to its peers, the firm had a substantially lower number of leases set to expire over the next few years.