CYBER SECURITY NEWS – WEEK OF MARCH 13, 2023
Mental health provider Cerebral alerts 3.1M people of data breach
- Healthcare platform Cerebral is sending data breach notices to 3.18 million people who have interacted with its websites, applications, and telehealth services.
- In a ‘Notice of HIPAA Privacy Breach’ published on Cerebral’s site this week, the company disclosed that they had been using invisible pixel trackers from Google, Meta (Facebook), TikTok, and other third parties on its online services since October 12, 2019.
- Due to a tracking pixel’s data logging features, Cerebral said the sensitive medical information of people who used the provider’s platform was exposed to third parties without the patient’s permission.
- “Cerebral recently initiated a review of its use of Tracking Technologies and data sharing practices involving Subcontractors,” warned Cerebral’s privacy breach notice.
Acer confirms unauthorized access but says no consumer data stolen
- Taiwanese electronics manufacturer Acer has confirmed an incident of unauthorized access to one of its document servers for repairs technicians.
- In a statement shared with Infosecurity via email, the multinational corporation added that it believes no consumer data was accessed due to the breach.
- “While our investigation is ongoing, there is currently no indication that any consumer data was stored on that server,” the company said.
- A threat actor self-identified as “Kernelware” claimed responsibility for the hack on a dark web forum earlier this week. They mentioned they executed the attack mid-February and stole 160GB of information from the company, including 655 directories and 2869 files.
Major data breach exposes personal information of ‘hundreds’ of lawmakers and staff
- The size and scope of the breach were not immediately clear, but the FBI believes data from hundreds of members and staffers of both the House and Senate were stolen.
- The breach exposed “Personal Identifiable Information” of enrollees who had information on DC Health Link.
- The FBI is investigating the situation, and authorities are working on compiling a list of names of those whose data was compromised. Staffers and members were encouraged to freeze their credit with Equifax, Experian, and TransUnion out of an abundance of caution.
Xenomorph Android malware now steals data from 400 banks
- The Xenomorph Android malware has released a new version that adds significant capabilities to conduct malicious attacks, including a new automated transfer system (ATS) framework and the ability to steal credentials for 400 banks.
- That first version targeted 56 European banks using injections for overlay attacks and abused Accessibility Services permissions to perform notification interception to steal one-time codes.
- Development of the malware continued throughout 2022 by its authors, “Hadoken Security,” but its newer releases were never distributed in high volumes.
AT&T alerts 9 million customers of data breach after vendor hack
- AT&T is notifying roughly 9 million customers that some of their information was exposed after a marketing vendor was hacked in January.
- “Customer Proprietary Network Information from some wireless accounts was exposed, such as the number of lines on an account or wireless rate plan,” AT&T told BleepingComputer.
- “The information did not contain credit card information, Social Security Number, account passwords or other sensitive personal information. We are notifying affected customers.”
BMW exposes data of clients in Italy, experts warn
- BMW clients should remain vigilant, as home addresses, vehicle location data, and many other kinds of sensitive personal information are collected by the manufacturer.
- Attackers could exploit the data to steal the website’s source code and potentially access customer info.
- Data could lead to the website being compromised or point attackers towards customer information storage and the means to access it.
- The .git configuration file, exposed to the public, would have allowed threat actors to find other exploitable vulnerabilities, since it contained the .git repository for the site’s source code.