CYBER SECURITY NEWS – WEEK OF NOVEMBER 20, 2023
Vietnam Post exposes 1.2Tb of data, including email addresses
- Vietnam Post Corporation, a Vietnamese government-owned postal service, exposed security logs and employee email addresses to external cyber threats.
- At the time of discovery, the data store contained 226 million logged events, resulting in 1.2 Terabytes of data, which was being updated in real-time. The leaked information also had employee names and emails.
- Those logs were mainly attributable to cybersecurity software such as Extended Detection and Response (XDR) and Security Information and Event Management (SIEM). Some records resembled a modified version of Wazuh, an open-source security information and event management (SIEM) platform.
- The data store was left accessible for at least 87 days, as the internet-scanning IoT search engines indexed the data for the first time on July 8th, 2023.
Stanley Steemer hack breached data of almost 67K customers
- The cleaning company said attackers gained access to its systems nearly a month before the intrusion was discovered in March.
- The Dublin, Ohio-based carpet cleaning company said it originally detected suspicious activity on March 6. After an initial investigation, the company determined the attackers gained access to its systems starting Feb. 10 and acquired certain records after lingering inside the company’s network.
- A total of 66,978 customers were impacted, including 16 from the state of Maine, according to the filing.
New Samsung data breach impacts UK store customers
- No details have been provided about the security issue leveraged in the attack or the vulnerable application that enabled the attacker to access Samsung customer’s personal information.
- The company says that the cyberattack impacted only customers who made purchases from the Samsung UK online store between July 1, 2019, and June 30, 2020.
- The notification to customers says that exposed data may include names, phone numbers, postal and email addresses. The company underlines that credentials or financial information remains unaffected by the incident.
Toyota recovering from cyberattack on its financial services division
- Toyota is bringing some services in its European and African financial services department back online after discovering a cyberattack.
- A spokesperson for the car maker directed Recorded Future News to a statement the company published about the incident following claims made by a notorious ransomware gang.
- “Toyota Financial Services Europe & Africa recently identified unauthorized activity on systems in a limited number of its locations. We took certain systems offline to investigate this activity and to reduce risk, and have also begun working with law enforcement. In most countries, we have started bringing our systems back online,” the company said.
- “We are working diligently to get systems back online as soon as possible and we regret any inconvenience caused to our customers and business partners. As of now, this incident is limited to Toyota Financial Services Europe & Africa.”
Yamaha and WellLife Network confirm cyber incidents after ransomware gang claims attacks
- Japanese manufacturer Yamaha Motor and the healthcare organization WellLife Network have confirmed cyberattacks after being added to the leak site of a ransomware gang this week.
- Yamaha Motor published a notice on Thursday confirming that a server managed by its motorcycle manufacturing and sales subsidiary in the Philippines had been hit with a ransomware attack discovered on October 25.
- The attack leaked the personal information of employees but the company noted that it will take more time before it understands the full extent of the damage.
- The incident was reported to Philippine authorities on October 27 and on Thursday, the company confirmed that employee information was leaked.
Gamblers’ data compromised after casino giant Strendus fails to set password
- Mexican online casino Strendus has exposed sensitive user data, including home addresses and the amounts of money they spent on gambling.
- The Cybernews research team discovered that Strendus, a Mexican-licensed online casino, had left public access to 85GB of its authentication logs, with hundreds of thousands of entries containing private gamblers’ data. The open instance also contained data from another online casino, MustangMoney.
- The private user data was found in activity logs showing poor cybersecurity practices. Storing personal information in logs should be avoided, as it elevates their sensitivity level.