CYBER SECURITY NEWS – WEEK OF MARCH 20, 2023
Hitachi Energy confirms data breach after Clop GoAnywhere attacks
- Hitachi Energy confirmed it suffered a data breach after the Clop ransomware gang stole data using a zero-day GoAnyway zero-day vulnerability.
- The attack was made possible by exploiting a zero-day vulnerability in the Fortra GoAnywhere MFT (Managed File Transfer), first disclosed on February 3, 2023, and now tracked as CVE-2023-0669.
- “We recently learned that a third-party software provider called FORTRA GoAnywhere MFT (Managed File Transfer) was the victim of an attack by the CLOP ransomware group that could have resulted in an unauthorized access to employee data in some countries,” Hitachi said in a press statement.
- The firm says it responded to the incident immediately, disconnected the impacted system (GoAnywhere MFT), and initiated an internal investigation to determine the breach’s impact.
NBA alerts fans of a data breach exposing personal information
- The NBA (National Basketball Association) is notifying fans of a data breach after some of their personal information, “held” by a third-party newsletter service, was stolen.
- In “Notice of Cybersecurity Incident” emails sent to an unknown number of fans, NBA says its systems were not breached, and the affected fans’ credentials were not impacted in this incident. However, some fans’ personal information was stolen.
- “We recently became aware that an unauthorized third party gained access to, and obtained a copy of, your name and email address, which was held by a third-party service provider that helps us communicate via email with fans who have shared this information with the NBA,” the NBA says.
- “There is no indication that our systems, your username, password, or any other information you have shared with us have been impacted.”
Hacker selling data allegedly stolen in US Marshals Service hack
- A threat actor is selling on a Russian-speaking hacking forum what they claim to be hundreds of gigabytes of data allegedly stolen from U.S. Marshals Service (USMS) servers.
- The announcement, titled “350 GB from US Marshal Service (USMS) law enforcement confidential information,” was added earlier today using an account registered yesterday afternoon.
- According to the seller, the database is being sold for $150,000 and contains “documents from file servers and work computers from 2021 to February 2023, without flooding like exe files and libraries,” according to the seller.
Healthcare provider ILS warns 4.2 million people of data breach
- Independent Living Systems (ILS), a Miami-based healthcare administration and managed care solutions provider, suffered a data breach that exposed the personal information of 4,226,508 individuals.
- According to the notification submitted to the Office of the Maine Attorney General, the company discovered that its network was hacked on July 5, 2022.
- Development of the malware continued throughout 2022 by its authors, “Hadoken Security,” but its newer releases were never distributed in high volumes.
AT&T alerts 9 million customers of data breach after vendor hack
- AT&T is notifying roughly 9 million customers that some of their information was exposed after a marketing vendor was hacked in January.
- “Customer Proprietary Network Information from some wireless accounts was exposed, such as the number of lines on an account or wireless rate plan,” AT&T told BleepingComputer.
- “The information did not contain credit card information, Social Security Number, account passwords or other sensitive personal information. We are notifying affected customers.”
- While the data breach notification does not share the number of impacted customers, AT&T told BleepingComputer that “approximately 9 million wireless accounts had their Customer Proprietary Network Information accessed.”
Hackers Exploiting Silicon Valley Bank (SVB) Collapse to Launch Cyber-Attacks
- The failure of Silicon Valley Bank (SVB) on March 10, 2023, as a result of a bank run on its deposits, is expected to have a significant impact on this society because SVB had previously been the preferred banking partner for many businesses globally.
- “According to the report by security researcher Johannes Ulrich, threat actors are grabbing the chance and registering suspicious domains with ties to SVB that will almost certainly be utilized in attacks.
- He added that scammers would try to contact former SVB customers and offer them a support package, legal services, loans, or other fake services related to the bank’s failure.
- Notably, an attack by BEC threat actors, who pose as SVB customers and request money be transmitted to a new bank account following the bank’s collapse, has already been observed in the wild.