CYBER SECURITY NEWS – WEEK OF JANUARY 16, 2023
Air France-KLM notifies frequent fliers of data breach
- Stolen customer account data presents risk of identity theft, future hacks, cybersecurity researchers say.
- Details including customers’ names, email addresses, phone numbers, account numbers and mileage balances might have been exposed, Air France-KLM said.
- The data breach affected members of the airline’s loyalty program, Flying Blue, a spokesperson said. The company’s security team stopped the incident, the spokesperson added.
Cyber-attackers torch Python Machine Learning Project
- The popular PyTorch Python project for data scientists and machine learning developers has become the latest open source project to be targeted with a dependency confusion attack.
- An unknown attacker slipped a malicious binary into the PyTorch machine learning project by registering a malicious project with the Python Package Index (PyPI), infecting users’ machines if they downloaded a nightly build between Dec. 25 and Dec. 30.
- The PyTorch Foundation stated in an advisory on Dec. 31 that the effort was a dependency confusion attack, in which an unknown entity created a package in the Python Package Index with the same name, torchtriton, as a code library on which the PyTorch project depends.
CircleCI hacked via malware on employee laptop
- Software development service CircleCI has revealed that a recently disclosed data breach was the result of information stealer malware being deployed on an engineer’s laptop.
- In an updated incident report on Friday, the company said that it was initially alerted of suspicious activity on December 29, 2022, and that on December 31 it started rotating all GitHub OAuth tokens on behalf of its customers.
- On January 4, 2023, CircleCI learned that malware deployed on an engineer’s laptop on December 16 was used to steal a 2FA-backed SSO session, which allowed the attackers to access the company’s internal systems.
- “Our investigation indicates that the malware was able to execute session cookie theft, enabling them to impersonate the targeted employee in a remote location and then escalate access to a subset of our production systems,” the company said.
The Guardian confirms personal information compromised in ransomware attack
- British news organization The Guardian has confirmed that personal information was compromised in a ransomware attack in December 2022.
- The company fell victim to the attack just days before Christmas, when it instructed staff to work from home, announcing network disruptions that mostly impacted the print newspaper.
- Right from the start, the Guardian said it suspected ransomware to have been involved in the incident, and this week the company confirmed that this was indeed the case.
- In an email to staff on Wednesday, The Guardian Media Group’s chief executive and the Guardian’s editor-in-chief said that the sophisticated cyberattack was likely the result of phishing.
Twitter finds no evidence of vulnerability exploitation in recent data leaks
- Twitter says it has analyzed the recently advertised databases allegedly containing the information of hundreds of millions of its users and found no evidence that a vulnerability has been exploited.
- In August 2022, Twitter informed customers that a vulnerability in its systems had been exploited to obtain user data. The flaw, patched in January 2022, was used to determine whether a specified phone number or email address were tied to an existing Twitter account.
- Twitter confirmed exploitation of the vulnerability after reports started circulating that the flaw had been leveraged to collect data on 5.4 million users.
- Twitter said the data was the same in both cases, but it never clarified exactly how many users are believed to be impacted.
Cyber incident hits UK Postal Service, halts overseas mail
- Britain’s postal service said it was hit Wednesday by a “cyber incident” that is temporarily preventing it from sending letters or parcels to other countries.
- Royal Mail reported on its website that international export services were “experiencing severe service disruption” without providing further details.
- “We are temporarily unable to dispatch items to overseas destinations,” the service said, adding that it recommended customers hold on to mail destined for outside the country while it works on fixing the problem.
- The British government’s National Cyber Security Center said it’s aware of the incident and is working with Royal Mail and the National Crime Agency “to fully understand the impact.”