CYBER SECURITY NEWS – WEEK OF FEBRUARY 20, 2023
FBI is investigating a cybersecurity incident on its network
- The federal law enforcement agency says it already contained the “isolated incident” and is working to uncover its scope and overall impact.
- “The FBI is aware of the incident and is working to gain additional information,” the U.S. domestic intelligence and security service told BleepingComputer.
- “This is an isolated incident that has been contained. As this is an ongoing investigation the FBI does not have further comment to provide at this time.”
- CNN first reported on Friday that this was a hacking incident involving an FBI New York Field Office computer system used to investigate child sexual exploitation.
Scandinavian Airlines says cyberattack caused passenger data leak
- Scandinavian Airlines (SAS) has posted a notice warning passengers that a recent multi-hour outage of its website and mobile app was caused by a cyberattack that also exposed customer data.
- The cyberattack caused some form of a malfunction on the airline’s online system, causing passenger data to become visible to other passengers.
- This data includes contact details, previous and upcoming flights, as well the last four digits of the credit card number.
Pepsi Bottling Ventures suffers data breach after malware attack
- Pepsi Bottling Ventures LLC suffered a data breach caused by a network intrusion that resulted in the installation of information-stealing malware and the extraction of data from its IT systems.
- In a sample security incident notice filed with Montana’s Attorney General office, the company explains that the breach occurred on December 23, 2022. But it wasn’t until January 10th 2023, or 18 days later that it was discovered, with remediation taking even longer.
- “Based on our preliminary investigation, an unknown party accessed on or around December 23, 2022, installed malware, and downloaded certain information contained on the accessed IT systems,” reads the notice.
GoDaddy: Hackers stole source code, installed malware in multi-year breach
- Web hosting giant GoDaddy says it suffered a breach where unknown attackers have stolen source code and installed malware on its servers after breaching its cPanel shared hosting environment in a multi-year attack.
- While GoDaddy discovered the security breach following customer reports in early December 2022 that their sites were being used to redirect to random domains, the attackers had access to the company’s network for multiple years.
- “Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy,” the hosting firm said in an SEC filing.
Atlassian data leak caused by stolen employee credentials
- Atlassian suffered a data leak after threat actors used stolen employee credentials to steal data from a third-party vendor. However, the company says its network and customer information are secure.
- “We are leaking thousands of employee records as well as a few building floorplans. These employee records contain email addresses, phone numbers, names, and lots more~!,” said the SiegedSec hackers.
- Soon after the leak, Check Point Software told BleepingComputer that they analyzed the leaked data and that it contained two floor maps for the Sydney and San Francisco offices and a JSON file containing information about employees.
AI-based visual editing service leaks user images and customer data
- Cutout.pro, an AI media manipulation service, leaked nine gigabytes of data, including usernames and images it created using specific queries.
- Artificial intelligence-based tools such as ChatGPT or DALL-E have caught the attention of swaths of internet users. However, few have likely considered the security implications of uploading text or images to such tools, and a recent Cybernews discovery is a stellar example of this worrying trend.
- According to the team, Cutout.pro exposed customer usernames and images they created using the company’s tools. Moreover, the instance also had information on the number of user credits, a virtual in-service currency, and links to Amazon S3 buckets, where generated images were stored.