Author: VictorAdmin5

Texas-based mortgage and loan company Mr. Cooper has disclosed that almost 14.7 million people’s private information, including addresses and bank account numbers, were stolen in an earlier IT security breach.

In a filing with Maine’s attorney general’s office, Mr. Cooper said the hackers stole customer names, addresses, dates of birth and phone numbers, as well as customer Social Security Numbers and bank account numbers.

The number of affected victims is significantly higher than the 4 million existing customers that Mr. Cooper claims on its website, likely because the company stores historical data on mortgage holders. Mr. Cooper had acquired Nationstar Mortgage LLC, Centex Home Equity, and sister brands RightPath Servicing, Rushmore Servicing, Greenlight Financial Services, and Champion Mortgage.

The company refused to provide further detail about the cyberattack that hit its systems.

This is expected to cost the business at least $25 million to clean up for providing identity protection services for two years.

Read more about it here.

Mint Mobile, a mobile virtual network operator in the US, has notified its customers of a personal information leak. Mint Mobile is a mobile virtual network operator (MVNO) that offers prepaid mobile phone services. As an MVNO, Mint Mobile doesn’t own its own wireless infrastructure. In March 2023, T-Mobile US announced it would acquire the mobile virtual network operator for up to $1.35 billion.

Mint chose not to publicly disclose the security breach. Instead, it sent personal notification letters to affected individuals. The Verge journalists were the first to notice a Reddit thread where a customer shared details about the email they received.

“We are writing to inform you about a security incident we recently identified in which an unauthorized actor obtained some limited types of customer information. Our investigation indicates that certain information associated with your account was impacted,” the email reads. Customers names, numbers, email addresses, SIM Serial Numbers, IMEI numbers and service plan information were leaked.

No further details regarding the breach have been provided but Mint Mobile

Read more about it here.

Toyota Financial Services (TFS) is warning its customers it has suffered a data breach that exposed sensitive personal and financial data.

Toyota Financial Services, a subsidiary of Toyota Motor Corporation, is a global entity with a presence in 90% of the markets where Toyota sells its cars, providing auto financing and insurance solutions to its customers.

Due to an attack on the systems, unauthorized persons gained access to personal data. Affected customers have now been informed. Toyota Kreditbank’s systems have been gradually restarted since December 1st.” reads a statement published by the company on its website.

German news outlet Heise received a sample of the notices sent by Toyota to German customers, informing that the following data has been compromised:

• Full name
• Residence address
• Contract information
• Lease-purchase details
• IBAN (International Bank Account Number)

Read more about it here.

The European Union Agency for Cybersecurity, ENISA, has published a report on the state of the cybersecurity threat landscape for DoS attacks. The report covers the period of January 2022 to August 2023.

The main highlights of the report are the following:

• A novel classification scheme to categorize DoS attacks based on information about the attacks and the targets, allowing a more systematic analysis approach.
• An analysis of DoS attacks’ motivations and goals as part of the proposed classification, making it possible to analyze not only the technical evolution of the attacks but also the changes in the roots of what triggers the attacks in the first place.
• An analysis of a total of 310 verified DoS incidents – from January 2022 to August 2023. This is not the total number of incidents during that period, however.
• The most affected sector was the public administration sector, receiving 46% of attacks.
• It is estimated that 66% of the attacks were motivated by political reasons or activist agendas.
• Overall, 50% of the incidents were found to be related to the Russian war of aggression against Ukraine.
• The study shows that 56.8% of the attacks caused total disruption in the target.
• This report also highlights the importance of cyber as a force multiplier or supporting vector in warfare, the changes that this brings to the landscape, and that it is vital that organizations prepare prevention and remediation strategies. Furthermore, this report raises awareness of the lack of maturity when it comes to reporting DoS attacks, which have not reached the same level as other types of cybersecurity threats.

Read more about it here.

iOS 17.1 and watchOS 10.1 allow NameDrop to quickly share contact information with a nearby iPhone or Apple Watch.

What is NameDrop?
NameDrop is a feature that allows owners of iPhones or Apple Watches to share their contact information with other Apple devices, when they come in close contact with.

How does the NameDrop feature work?
Users need to hold their phones screen close to the top of another person’s iPhone, about 1 inch apart, which will cause both devices to vibrate. Once the devices link, a NameDrop prompt appears on both phone screens, allowing users to choose if they want to share their contact cards or only receive the contact card of the other user.

iPhone users can select what contact information they wish to share, such as phone numbers and email addresses.

Is it safe?
Sort of. The 2 devices need to be about 1 inch apart to be able to share the contact card, and both users need to unlock their devices and approve the sharing of contact details. This won’t share photos or the entire contact list. Users who still aren’t comfortable with this, can easily turn this feature off.

Read more about it here.

Cybernews researchers discovered that Vietnam Post Corporation, a Vietnamese government-owned postal service, left its security logs and employee email addresses accessible to outside cyber snoopers for 87 days. The exposed sensitive data could spell trouble if accessed by bad actors.

Unprotected databases are common in the wild. They are usually the result of carelessness. For example, database admins may remove credentials to make it easier to connect via the internet, and then forget to put them back.

When the Cybernews team found the open database, it had more than 226 million logged events and measured 1.2 Terabytes in size. It contained device usernames with employee names or emails. This information enables potential cyber criminals to identify which employees were working at a given time and which devices they were using.

The database exposure began on July 8, 2023, and access to the database was evantually cut on October 6, 2023.

Read more about it here.

The UK division of Samsung Electronics has allegedly alerted customers of a year-long data security breach – the third such incident the South Korean giant has experienced around the world in the past two years.

A spokesperson from Samsung said that the company was “recently alerted to a security incident” that “resulted in certain contact information of some Samsung UK e-store customers being unlawfully obtained”. The incident was limited to the UK region and does not affect data belonging to customers in the US, its employees, or retailers.

In a statement posted on X (formerly Twitter), Samsung said:
“On 13 November 2023, it was determined that an unauthorised individual exploited a vulnerability in a third-party business application we use, and that some personal information of certain customers who made purchases on SEUK’s eCommerce site between July 1, 2019 and June 30, 2020, was affected”.

Samsung told affected customers that hackers may have accessed their names, phone numbers, postal addresses and email addresses. “No financial data, such as bank or credit card details or customer passwords, were impacted,” Samsung’s spokesperson said.

Read more about it here.

In early October 2023, Resecurity’s HUNTER (HUMINT) unit identified millions of personally identifiable information (PII) records, including Aadhaar card numbers, belonging to Indian residents, being offered for sale on the Dark Web.

An Aadhaar is a unique, 12-digit individual identification number issued by the Government of India. Beyond the PII found on traditional ID documents, Aadhaars include “core biometrics,” including 10 fingerprints and two iris scans. There are roughly 1.4 billion Aadhaars issued since this ID service launched in 2009.

On October 9, 2023, a threat actor going by the alias ‘pwn0001’ posted a thread on Breach Forums brokering access to 815 million “Indian Citizen Aadhaar & Passport” records. This represents about 55% of India’s total population. The entire dataset was offered for sale for $80,000.

The leak of PII data containing Aadhaar and other details of Indian residents on the Dark Web creates a significant risk of digital identity theft. Threat actors leverage stolen identity information to commit online banking theft, tax refund frauds, and other cyber-enabled financial crimes. Resecurity observed a spike in incidents involving Aadhaar IDs and their leakage on underground cybercriminal forums by threat actors looking to harm Indian nationals and residents. To mitigate this risk, Resecurity acquired the published data set on Dark Web and notified victims of the leaked identities.

Read more about it here.

Flagstar Bank has warned that 837,390 US customers had their personal information stolen by cybercriminals due to a breach at a third-party service provider.

Flagstar, now owned by the New York Community Bank, is a Michigan-based financial services provider that, before its acquisition in 2022, was one of the largest banks in the United States, having total assets of over $31 billion.

The breach occurred between May 27 and 31, 2023. It exposed the personal information of a substantial number of customers. It was traced back to vulnerabilities in MOVEit Transfer, a file transfer software used by Fiserv for payment processing and mobile banking services.

In June 2022, Flagstar Bank disclosed another data breach that impacted roughly 1.5 million of its customer in the US, but the company did not share details about the attack. The security breach took place in early December 2021.

On March 2021, the bank was the victim of another attack conducted by the Clop ransomware gang.

Read more about it here.

Researchers disclosed a new zero-day DDoS attack technique, called ‘HTTP/2 Rapid Reset’, that was exploited since August 2023 in record-breaking attacks. These attacks have been observed on Amazon Web Services (AWS), Cloudflare and Google.

The attack peaked at 155 million requests per second (Amazon), 201 million rps (Cloudflare), and a record-breaking 398 million rps (Google).

The attack method abuses HTTP/2’s stream cancellation feature to continuously send and cancel requests, overwhelming the target server or application and imposing a DoS state.

The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled, by sending a RST_STREAM frame. The protocol allows the client to unilaterally request a cancelation. It “makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open”, continues the Google post. This can be mitigated by having entire TCP connection needs to closed when abuse is detected.

Amazon Web Services (AWS), Cloudflare and Google said on October 10, 2023 they took steps to mitigate these record-breaking Distributed Denial-of-Service (DDoS) attacks

Read more about it here.