Cyber Victor – a leading blog on cyber security

The US Cybersecurity and Infrastructure Security Agency (CISA) agency hacked in February 2024 through vulnerabilities in Ivanti products. In response to the security breach, the agency had to shut down two crucial systems:

A system to facilitate the sharing of cyber and physical security assessment tools among federal, state, and local officials, and a system holding information related to the security assessment of chemical facilities. These systems are called the Infrastructure Protection (IP) Gateway and the Chemical Security Assessment Tool (CSAT) respectively.

Ironically, CISA warned US organizations about attacks exploiting vulnerabilities in Ivanti software. On February 1, 2024, for the first time since its establishment, CISA ordered federal agencies to disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours.

On February 29, CISA warned organizations again that threat actors are exploiting multiple vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways.

A spokesperson for CISA told CNN that the security breach did not impact the operations of the agency.

Read more about it here.

The 2023 FBI Internet Crime Report states that reported cybercrime losses reached $12.5 billion in 2023, up from $10.3 billion in 2022, a 21% increase. The number of complaints rose from 800,944 in 2022 to 880,418/

Investment fraud was once again the costliest type of crime tracked by IC3. Losses to investment scams rose from $3.31 billion in 2022 to $4.57 billion in 2023 – a 38% increase. The second-costliest type of crime was business e-mail compromise (BEC), with 21,489 complaints amounting to $2.9 billion in reported losses. Tech support scams, meanwhile, were the third-costliest type of crime tracked by IC3.

In the ransomware category, Healthcare and Public Health was the heaviest hit sector, followed by Critical Manufacturing and Government Facilities.

In terms of crime types, phishing/spoofing by far received the highest number of complaints, followed by personal data breach and non-payment/non-delivery.

Read more about it here.

Bank of America revealed that the personal information of some customers was stolen in a data breach affecting a third-party services provider.

A data breach at Infosys McCamish, a financial software provider, compromised the name, address, date of birth, Social Security number, and financial information, including account and credit card numbers, of 57,028 deferred compensation customers whose accounts were serviced by Bank of America.

An unauthorized party — apparently a ransomware group known as LockBit — accessed the customers’ information through Infosys McCamish’s system, not Bank of America’s, according to a letter Infosys McCamish sent to affected customers, published by Maine’s attorney general. Bank of America provided two-year identity theft protection to the affected customers.

The breach occurred on Nov. 3, 2023, and Infosys McCamish notified Bank of America about the breach on Nov. 24. Infosys McCamish and Bank of America notified customers of the breach on Feb. 2, 2024.

Bank of America has yet to disclose how many of the 57,028 accounts were customer accounts.

Read more about it here.

Hewlett Packard Enterprise (HPE) is investigating a potential new data breach, after a hacker put allegedly stolen data up for sale on BreachForums hacking forum, claiming it contains HPE credentials and other sensitive information.

The announcement was published by a hacker who uses the moniker IntelBroker.

“Hello BreachForums Community. Today, I am selling the data I have taken from Hewlett Packard Enterprise.” reads the announcement published by IntelBroker. “More specifically, the data includes: CI/CD access , System logs , Config Files , Access Tokens , HPE StoreOnce Files (Serial numbers warrant etc) & Access passwords. (Email services are also included)”

IntelBroker is considered a reputable threat actor: It was linked to the breaches of DC Health Link and Volvo Cars.

HPE became aware of the intrusion on December 12, 2023 and immediately launched an investigation. They found that the data at issue appears to be related to information that was contained in a test environment. There is no indication these claims relate to any compromise of HPE production environments or customer information.

HPE is a multinational information technology company based in Spring, Texas.

Read more about it here.

Scammers successfully stole HK$200 million (approximately $25.6 million) from a multinational company in Hong Kong by using a deepfake video call to deceive an employee into transferring the funds. The finance employee attended a video conference call with deepfake recreations of the company’s Chief Financial Officer (CFO) and other employees who instructed him to transfer the funds. The employee initiated a series of 15 bank transfers to five different Hong Kong accounts totaling HK$200 million.

The employee discovered the scam a week later and notified the company and local authorities.

The identity of the company wasn’t revealed.

The investigation is still ongoing, the police have yet to identify the gang behind the scam

Read more about it here.

A supermassive database of 26 billion leaked records has been discovered, in what has been called the “Mother of all Breaches” (“MOAB” for short). The massive 12 Terabyte leak was discovered by cybersecurity researcher Bob Dyachenko, working alongside the team at Cybernews. The owner of the open database instance is unlikely ever to be identified. The data contains both credentials and sensitive data.

A quick run through the data tree reveals that the largest number of records, 1.4 billion, comes from Tencent QQ, a Chinese instant messaging app. Next, there are supposedly hundreds of millions of records from Weibo (504M), MySpace (360M), Twitter (281M), Deezer (258M), Linkedin (251M), AdultFriendFinder (220M), Adobe (153M), Canva (143M), VK (101M), Daily Motion (86M), Dropbox (69M), Telegram (41M), and many other companies and organizations.

The leak also includes records of various government organizations in the US, Brazil, Germany, Philippines, Turkey, and other countries.

Cybernews is offering a data leak checker to include information from the MOAB, which will allow users to see whether their data was included in the largest known data leak. Meanwhile, users are strongly advised to stay vigilant and take care of their cyber hygiene.

Read more about it here.

The private data of hundreds of millions of Brazilians were publicly accessible to threat actors, putting many people at risk.

Researchers revealed a publicly accessible Elasticsearch instance, a commonly used tool for the search, analysis, and visualization of large volumes of data, which contained a large amount of private data belonging to Brazilian individuals.

The leaked data contained full names, dates of birth, sex, and Cadastro de Pessoas Físicas (CPF) numbers (Brazilian taxpayer ID).

Over 223 million records were leaked, and it is unknown for how long.

Read more about it here.

Texas-based mortgage and loan company Mr. Cooper has disclosed that almost 14.7 million people’s private information, including addresses and bank account numbers, were stolen in an earlier IT security breach.

In a filing with Maine’s attorney general’s office, Mr. Cooper said the hackers stole customer names, addresses, dates of birth and phone numbers, as well as customer Social Security Numbers and bank account numbers.

The number of affected victims is significantly higher than the 4 million existing customers that Mr. Cooper claims on its website, likely because the company stores historical data on mortgage holders. Mr. Cooper had acquired Nationstar Mortgage LLC, Centex Home Equity, and sister brands RightPath Servicing, Rushmore Servicing, Greenlight Financial Services, and Champion Mortgage.

The company refused to provide further detail about the cyberattack that hit its systems.

This is expected to cost the business at least $25 million to clean up for providing identity protection services for two years.

Read more about it here.

Mint Mobile, a mobile virtual network operator in the US, has notified its customers of a personal information leak. Mint Mobile is a mobile virtual network operator (MVNO) that offers prepaid mobile phone services. As an MVNO, Mint Mobile doesn’t own its own wireless infrastructure. In March 2023, T-Mobile US announced it would acquire the mobile virtual network operator for up to $1.35 billion.

Mint chose not to publicly disclose the security breach. Instead, it sent personal notification letters to affected individuals. The Verge journalists were the first to notice a Reddit thread where a customer shared details about the email they received.

“We are writing to inform you about a security incident we recently identified in which an unauthorized actor obtained some limited types of customer information. Our investigation indicates that certain information associated with your account was impacted,” the email reads. Customers names, numbers, email addresses, SIM Serial Numbers, IMEI numbers and service plan information were leaked.

No further details regarding the breach have been provided but Mint Mobile

Read more about it here.

Toyota Financial Services (TFS) is warning its customers it has suffered a data breach that exposed sensitive personal and financial data.

Toyota Financial Services, a subsidiary of Toyota Motor Corporation, is a global entity with a presence in 90% of the markets where Toyota sells its cars, providing auto financing and insurance solutions to its customers.

Due to an attack on the systems, unauthorized persons gained access to personal data. Affected customers have now been informed. Toyota Kreditbank’s systems have been gradually restarted since December 1st.” reads a statement published by the company on its website.

German news outlet Heise received a sample of the notices sent by Toyota to German customers, informing that the following data has been compromised:

• Full name
• Residence address
• Contract information
• Lease-purchase details
• IBAN (International Bank Account Number)

Read more about it here.