Category: Uncategorized

Jerico Pictures Inc., doing business as National Public Data (“NPD”), exposed in April 2024 the personal information of nearly 2.9 billion individuals as a result of a data breach.

NPD is background check company that allows its customers to search billions of records with instant results.

In early April, 2024, a threat actor that uses the moniker of USDoD gained access to NPD’s network, and was able to exfiltrate unencrypted PII, including full names, Social Secutiy numbers, address history, and family information, of billions of individuals whose data is stored on NPD’s network.

On April 8, 2024, USDoD announced the sale of a “National Public Data” database on a dark web forum called Breached. It offered the 2.9 billion records for $3.5 million.

Researchers from VX-underground requested and received an advance copy of the data, reviewed the massive file – 277.1GB uncompressed, and confirmed that the data present in it is real and accurate. They also noticed that the database doesn’t contain information from individuals who use data opt-out services. People who did not use data opt-out services and resided in the United States were immediately found. The archive also contains data on deceased people.

A proposed class action lawsuit was filed in U.S. District Court, Southern District of Florida, Fort Lauderdale Division, on behalf of Christopher Hofmann, who said he received a notification from his identity theft protection service provider the month before that his data was on the dark web due to a data breach.

Read more about it here.

CrowdStrike is being sued by its shareholders after a faulty update released on July 19, 2024 by CrowdStrike Falcon caused Windows systems to display the Blue Screen of Death (BSoD) screen. The flawed release caused widespread global disruptions, impacting critical infrastructure such as airports, hospitals, banks, and government services. It caused 8.5 million Microsoft Windows systems globally to crash.

The lawsuit accuses CrowdStrike executives of making “false and misleading” statements that the company’s software updates were adequately tested.

CrowdStrike denies the allegations and has announced it will oppose the proposed class action lawsuit.

“We believe this case lacks merit and we will vigorously defend the company,” a spokesperson said.

Delta Air Lines’ CEO, Ed Bastian, revealed in a recent CNBC interview that the outage caused by Crowdstrike led to $500 million in losses for the airline. Delta is now seeking compensation from CrowdStrike, as well as from Microsoft.

Both CrowdStrike and Microsoft denied any wrongdoing. CrowdStrike pointed out that “no other US airline had cancelled one-tenth as many flights”. Microsoft pointed out that Delta’s IT systems were outdated.

The company’s share price dropped 32% in the 12 days after the incident, causing a loss in market value of $25 billion.

Read more about it here.

A defective update released by CrowdStrike Falcon is causing Windows systems to display the Blue Screen of Death (BSoD) screen. The incident is causing widespread global disruptions, impacting critical infrastructure such as banks, airports and hospitals.

The company stated that they have identified the content deployment related to this issue and reverted those changes.

The bad release, containing an invalid Windows driver, was published just after midnight Eastern time on July 19, 2024, and rolled back an hour and a half later, at 1:27 AM Eastern, CrowdStrike said. But by then millions of computers had already automatically downloaded the faulty update. When Windows devices using CrowdStrike’s cybersecurity tools tried to access the flawed file, it caused an “out-of-bounds memory read” that “could not be gracefully handled, resulting in a Windows operating system crash,” CrowdStrike said. The issue affected only Windows devices, not Mac or Linux machines, and only those that were switched on and able to receive updates during those early morning hours.

IT giants Google and Microsoft were also impacted by the incident: Virtual machines using the CrowdStrike agent experienced serious problems.

What’s been described as the largest IT outage in history will cost Fortune 500 companies alone more than $5 billion in direct losses, according to one insurer’s analysis.

CrowdStrike Falcon detects and blocks hacking threats. The company confirmed that the incident was not a result of a cyber attack.

Read more about it here.

French cloud computing provider OVHcloud revealed in the beginning of July 2024 that it had mitigated in April 2024 the largest ever distributed denial-of-service (DDoS) attack in terms of packet rate, amid an overall increase in DDoS attack intensity. This is just above the previous record of 809 million Mpps reported by Akamai as targeting a large European bank in June 2020.

The analysis of the malicious traffic revealed that most of the source IPs are known as Internet-facing MikroTik routers, specifically cloud core routers CCR1036-8G-2S+ and CCR1072-1G-8S+.

99% of the malicious traffic were TCP ACK flood, originating from around 5,000 source IPs. The remaining 1% was a DNS reflection attack that involved about 15,000 DNS servers, to amplify the traffic, which is not really efficient when trying to achieve high packet rate attacks.

The experts at OVHcloud speculate that the use of MikroTik devices in coordinated DDoS attacks might be due to the “Bandwidth test” feature in RouterOS, which allows administrators to test router throughput by crafting packets and performing stress tests. For versions after 6.44beta39, this feature uses all available bandwidth by default, potentially impacting network usability. Most of the offending IPs identified were running RouterOS v6.44 or above.

Read more about it here.

Prudential Financial, a global financial services company, has disclosed that over 2.5 individuals people had their personal information compromised in a February 2024 data breach.

The company did not share details of the cyber attack, however, notorious ALPHV/BlackCat ransomware gang claimed responsibility for the security breach.

Initially, in March 2024, the company revealed in a filing with the Maine Attorney General’s Office that it notified over 36,000 people whose personal information (including names, driver’s license numbers, and non-driver identification card numbers) was stolen during the breach. The company then stated that “a small percentage of company user accounts associated with employees and contractors” were breached.

However, in the end of June, the company updated the information shared with the Maine Attorney General’s Office regarding the February data breach and said that the incident impacted 2,556,210 individuals.

Prudential is the second largest life insurance company in the US, with 40,000 employees worldwide, revenues of $54 billion in 2023, and managing $1.45 trillion in assets.

Read more about it here.

Giant semiconductor manufacturer Advanced Micro Devices, Inc. (AMD) has apparently been breached by IntelBroker, a notorious hacker from the Breach Forums, and is working with law enforcement to further investigate. The hack may have uncovered future product details, customer databases, and employee details. The breach emerged on June 18, 2024 at The Cyber Express.

The hacker claims to have accessed information related to the following records:

• ROMs
• Firmware
• Source code
• Property files
• Employee databases
• Customer databases
• Financial information
• Future AMD product plans
• Technical specification sheets

as well as the following sensitive personal information of AMD employees:

• User IDs
• Job functions
• Email addresses
• Employment status
• First and last names
• Business phone numbers

The hacker is selling the data exclusively for XMR (Monero) cryptocurrency, accepting a middleman for transactions.

AMD hasn’t yet confirmed the breach publicly.

Read more about it here.

British auction house Christie’s has been hit with a class action lawsuit over a May 2024 data breach that compromised the personal information of approximately 500,000 current and former customers. According to the lawsuit, an email Christie’s sent to victims on May 30, 2024 reported that the compromised data included full names, genders, dates of birth, passport numbers and expiration dates, countries of birth, ID numbers and Machine Readable Zone along the bottom of a passport’s identity page.

The lawsuit further claims that Christie’s customers are now threatened by multiple forms of identity theft. These range from the obvious, such as the prospect of bad actors opening fraudulent financial accounts and taking out loans in the names of the exposed clients, to the less intuitive, including using the exposed parties’ data to illegally secure government benefits, obtain driver’s licenses pairing Christie’s clients’ names with alternate photographs and “giving false information to police during an arrest”.

Read more about it here.

TikTok accounts of CNN, Sony, and Paris Hilton were reportedly breached on June 4, 2024. While it doesn’t appear that the hackers have posted anything to the accounts, the method reportedly didn’t include the targets doing anything more than opening a direct message.

Semafor first reported that CNN’s TikTok account had been hacked, forcing the broadcaster to take down its account for several days.

The company did not share technical details about the vulnerability exploited by the attackers.

Read more about it here.

UC Santa Cruz students Alexander Sherbrooke and Iakov Taranenko told TechCrunch that they discovered a security bug that allows anyone to remotely send commands to laundry machines run by CSC and operate laundry cycles for free.

Sherbrooke said he was sitting on the floor of his basement laundry room in January 2024, and was able to run a script of code with instructions telling the machine in front of him to start a cycle, despite having $0 in his laundry account. The machine immediately woke up with a loud beep and flashed “PUSH START” on its display, indicating the machine was ready to wash a free load of laundry.

In another case, the students were able to add a balance of several million dollars into one of their laundry accounts, which reflected in their CSC Go mobile app as an entirely normal amount of money for a student to spend on laundry.

The two discovered that CSC’s servers could be tricked into accepting commands that modify their account balances, because any security checks are done by the CSC Go app on the user’s device and are automatically trusted by CSC’s servers.

CSC ServiceWorks is a large laundry service company, having a network of over a million laundry machines installed in hotels, university campuses and residences across the US, Canada and Europe.

Sherbrooke and Taranenko sent the company several messages through its online contact form in January 2024, but heard nothing back. A phone call to the company landed them nowhere either, they said. They first disclosed their research in a presentation at their university cybersecurity club earlier in May.

Days after the story was published, CSC provided a statement thanking the security researchers and promising to fix the bug.

Read more about it here.

Giant computer maker Dell faced a huge data breach after a cyber attacker stole information for approximately 49 million customers. Dell confirmed that the information stolen includes people’s names, postal addresses, and “Dell hardware and order information, including service tag, item description, date of order and related warranty information.” Dell did not disclose whether the incident was caused by malicious outsiders or inadvertent error.

According to Dell, the breached data did not include email addresses, telephone numbers, financial or payment information, or “any highly sensitive customer information.”

Dell seemes to have downplayed the impact of the breach in the message.

“We believe there is not a significant risk to our customers given the type of information involved,” Dell wrote in the email sent to affected customers.

As first reported by Daily Dark Web, a threat actor named Menelik tried to sell a Dell database on the Breach Forums hacking forum on April 28, 2024.

The threat actor said they stole data from Dell for “49 million customer and other information systems purchased from Dell between 2017-2024.”.

Read more about it here.