Italian supercar manufacturer Ferrari disclosed on March 20, 2023 that it was recently the victim of a ransomware attack that may have disclosed certain personal information about its clients. The company said it was “recently contacted by a threat actos with a ransom demand related to such customer data. As a policy, Ferrari will not be held to ransom”.
The car make said that hackers accessed customers’ names, addresses, email addresses and telephone numbers. Based on its investigation so far, Ferrari said no payment information, bank account numbers or details of Ferrari cars owned or ordered had been stolen.
Ferrari hasn’t disclosed how many customers were impacted by the breach or how or when the company was compromised.
AT&T is notifying 9 million customers of data breach after a third-party vendor hack
Telecom giant AT&T is notifying 9 million of its customers that some of their information was exposed after a third-party vendor was hacked. “We recently determined that an unauthorized person breached a vendor’s system and gained access to your “Customer Proprietary Network Information (CPNI)”, reads the data breach communication sent by AT&T to the impacted customers. “However, please rest assured that no sensitive personal or financial information such as Social Security number or credit card information was accessed”, continues the communication. Passwords or personal information wasn’t breached either.
Exposed CPNI data includes customer first names, wireless account numbers, wireless phone numbers, and email addresses. “A small percentage of impacted customers also had exposure of rate plan name, past due amount, monthly payment amount, various monthly charges, and/or minutes used. The information was several years old”, said AT&T.
In its email to the affected customers, AT&T confirmed that the marketing vendor has fixed the vulnerability. The company has also notified the federal law enforcement agencies about the incident.
Customers are advised to toggle off CPNI data sharing on their accounts, by making a CPNI Restriction Request to reduce exposure risks in the future if AT&T uses it for third-party vendor marketing purposes.
Password management giant LastPass revealed more information on a “coordinated second attack,” where a threat actor accessed and stole data from the Amazon AWS cloud storage servers for two and a half months.
This saga started in August 2022, when LastPass CEO, Karim Toubba, confirmed that an “unauthorized party gained access to portions of the LastPass development environment,” and “took portions of source code and some proprietary LastPass technical information.” This incident had not compromised master passwords. Toubba updated the LastPass incident statement in September 2022 with further details of what the attacker had accessed. On November 30, 2022, Toubba updated that statement again: Company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service were accessed by the attacker. The attacker accessed both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields, such as website usernames and passwords, secure notes, and form-filled data. This meant that the attacker now had customer password vaults but not the means to open them, unless they tried known passwords from other breaches or weakly constructed master passwords.
On March 1, 2023, the company published another update, saying that threat actor breached “DevOps engineer’s home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware. The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer’s LastPass corporate vault.”
LastPass ultimately detected the anomalous behavior through AWS GuardDuty Alerts, when the threat actor attempted to use Cloud Identity and Access Management (IAM) roles to perform unauthorized activity.
The complete list of the customer data that was breached is posted on this support page.
The European Commission (EC) and the European Council, the two largest policy bodies in the EU, are the latest government entities to implement a TikTok ban for their staff. The EU bodies requested that their staff remove the TikTok app from their work devices, as well as from their personal devices that contain work-related apps installed. An alternative option that was offered to the staff is to delete work-related apps from their personal phones if they want continues to use TikTok.
A similar move was adopted by the US Government, banning the use of TikTok on all government devices by the end of February 2023 due to national security concerns.
In 2020, India banned TikTok, among dozens of other China-developed apps.
In anticipation of the EU ban, TikTok has gone on a major PR offensive, including infrastructure investments that includes opening three local data centers in Europe for its EU user’s data.
TikTok, developed by Chinese firm ByteDance, has over 1 billion active users across 154 countries. It has come under close scrutiny in the US and other countries for its alleged ties to the Government of China.
Web hosting giant GoDaddy disclosed on February 17, 2023 a multi-year security breach that enabled unknown threat actors to install malware on its servers and exfiltrate source code related to some of its services.
The threat actors have breached its cPanel shared hosting environment.
The malware installed on the systems of the company was intermittently redirecting random customer websites to malicious websites, stated the company.
The security breach was discovered in December 2022 after customers reported that this, however the attackers had access to GoDaddy’s network for several years.
The company says that previous breaches disclosed in November 2021 and March 2020 are also linked to this multi-year campaign.
PayPal has recently filed with the US Maine Attorney General’s Office notice of a data breach, after learning that confidential consumer information was compromised following what appears to have been a credential stuffing attack. The incident resulted in an unauthorized party gaining access to consumers’ names, addresses, Social Security Numbers, individual Tax Identification Numbers, and dates of birth. After confirming that consumer data was leaked, PayPal began sending out data breach notification letters to all 34,942 individuals – who were impacted by this data security incident.
Credential stuffing is a type of attack in which hackers “stuff” the login page with numerous credentials taken elsewhere until one eventually works. This method relies on people using the same passwords across multiple online services so that if one gets breached, all are at risk.
To protect its users, PayPal reset the passwords for the affected users, and “enhanced security controls”, requiring users to set up a new account on their next login. The affected users were also given two years free identity monitoring services through Equifax.
Mobile giant T-Mobile disclosed a new data breach that resulted in the theft of data belonging to 37 million customer accounts.
According to the announcement made, “a bad actor used a single Application Programming Interface (or API) to obtain limited types of information on their accounts.”
The announcement continues: “No passwords, payment card information, social security numbers, government ID numbers or other financial account information were compromised. Some basic customer information”, “including name, billing address, email, phone number, date of birth, account number, and information such as the number of lines on the account and service plan features” was obtained.
T-Mobile said it first learned of the incident on Jan. 5, 2023, and that an investigation determined the bad actor started abusing the API beginning around Nov. 25, 2022. The company says it is in the process of notifying affected customers.
In the end of November 2022, OpenAI released ChatGPT. ChatGPT (Generative Pre-trained Transformer) is the newest development in the AI field, created by research company OpenAI led by Sam Altman and backed by Microsoft, Elon Musk, LinkedIn Co-Founder Reid Hoffman, and Khosla Ventures. It can conduct conversations with people, mimicking various writing styles.
Check Point Research (CPR) has recently discovered that there are already first instances of cybercriminals using ChatGPT to develop malicious tools. Although the tools presented are rudimentary, it’s only a matter of time until they can be enhanced for malicious used.
The researchers provided the following examples:
Creating infostealer: A hacker shared the code of a Python-based stealer that searches for common file types, copies them to a random folder inside the Temp folder, ZIPs them and uploads them to a hardcoded FTP server.
Creating an Encryption Tool: A hacker shared a Python script that performs cryptographic operations: Generates a cryptographic key, encrypts a file, and more. With some work, hacker can potentially turn the code into ransomware.
A data leak containing email addresses of 222 million Twitter users has been published on a popular hacker forum. Many experts have analyzed it and confirmed the authenticity of many of the entries in the leaked archive.
Since July 22, 2022, threat actors and data breach collectors have been selling and circulating large data sets of scraped Twitter user profiles containing both private data (phone numbers and email addresses) and public data on various hacker forums. These data sets were created in 2021 by exploiting a Twitter API vulnerability.
The first data set of 5.4 million users was put up for sale in July 2022 for $30,000 and ultimately released for free on November 27, 2022. Another data set allegedly containing the data for 17 million users was also circulating privately in November.
On January 4, 2023, a threat actor released a data set consisting of 221,608,279 Twitter profiles on the Breached hacking forum for eight credits of the forum’s currency, worth approximately $2.
Unlike previously leaked data collected using this Twitter API flaw, this leak didn’t indicate whether an account is verified.
Gemini crypto exchange warned users of an ongoing phishing campaign, after a third-party vendor suffered a security breach. The notification comes after multiple posts on hacker forums seen by BleepingComputer offered to sell a database allegedly from Gemini, containing email addresses and partial phone numbers of 5.7 million users. The company pointed out that its systems were not impacted and customer accounts remain secure.
As a result of the breach, customers of the crypto exchange received phishing emails.
The database appeared to be available for sale since September 2022, when a seller was offering it for 30 bitcoins, or roughly $500,000.
Gemini advised its customers to rely on strong authentication methods and recommended activating two-factor authentication (2FA) protection and/or using of hardware security keys to access their accounts.
