CYBER SECURITY NEWS – WEEK OF OCTOBER 10, 2022

Binance Bridge hit by $560 million hack

• Hackers have exploited a cross-chain bridge to divert more than $560 million worth of cryptocurrency from Binance Bridge.
• “An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly,” Binance CEO Changpeng Zhao said.
• According to Zhao, the overall impact of the hack is of around $100 million worth of BNB. However, the attackers’ wallet reportedly received two transactions of 1,000,000 BNB each, worth a total of more than $560 million.
• Soon after, the hackers started transferring funds to other cryptocurrency wallets, including over $50 million to Etherium and roughly the same amount to Fantom.

*Source

Insurance giant Lloyd’s of London investigating cybersecurity incident

• Insurance giant Lloyd’s of London is investigating a cybersecurity incident that has forced it to disconnect some systems.
• The company says it has detected unusual activity and decided to ‘reset’ its network and systems as a precaution. It shut down all external connectivity, including its delegated authority platforms, in response to the incident.
• The company has not shared any details, but the actions taken in response to the incident suggest that it may have been targeted in a ransomware attack.

*Source

Personal information of 123K individuals exposed in city of Tucson data breach

• The City of Tucson, Arizona, is notifying roughly 123,000 individuals that their personal information was compromised in a recent data breach.
• In a data breach notice on its website, the city says that the incident was the result of compromised network account credentials that allowed the attackers to access files containing the personal information of some individuals.
• The exposed data included name, Social Security number, driver’s license number, state identification number, and passport number.

*Source

State Bar of Georgia notifies members and employees of cybersecurity incident

• Current and former employees and members are being offered complimentary credit monitoring and identity protection services as some personal information may have been accessed.
• Since learning of the incident, the State Bar worked to restore its systems safely and resume normal operations.
• The State Bar investigated the incident, and a third-party cybersecurity firm was engaged to assist in that investigation. Law enforcement and regulators were notified.
• The investigation revealed that an unauthorized person gained access to the State Bar systems. Through its investigation, the State Bar determined that some personal information of its current and former employees as well as its members may have been subject to unauthorized access.

*Source 

Russian-speaking hackers knock US state government websites offline

• The Kentucky Board of Elections’ website, which posts information on how to register to vote, was also temporarily offline, but it was not immediately clear what caused that outage.
• The board of elections’ website is also managed by the Kentucky government, though the hackers did not specifically list the board as a target.
• The board of elections’ website is also managed by the Kentucky government, though the hackers did not specifically list the board as a target.

*Source