WEEK OF JULY 11, 2022
Cloud misconfig exposes 3TB of sensitive airport data in Amazon s3 bucket: ‘Lives at stake’
- The unsecured server exposed more than 1.5 million files, including airport worker ID photos and other PII, highlighting the ongoing cloud-security challenges worldwide.
- A misconfigured Amazon S3 bucket resulted in 3TB of airport data (more than 1.5 million files) being publicly accessible, open, and without an authentication requirement for access, highlighting the dangers of unsecured cloud infrastructure within the travel sector.
- The exposed information, uncovered by Skyhigh Security, includes employee personal identification information (PII) and other sensitive company data affecting at least four airports in Colombia and Peru.
CPWD faces cyber attacks, reiterates guidelines to employees
- The Central Public Works Department has been facing a spate of targeted cyberattacks on computers across its offices, according to an advisory it issued to employees last week, reiterating earlier cybersecurity guidelines.
- “References are being received from security agencies of Government of India regarding targeted attacks on the compromised computers in various CPWD offices for collection of sensitive information. Frequency of such references has increased in past few months,” the CPWD said in an office memorandum issued on July 8.
- It added that the references from security agencies are being sent to the regional heads of CPWD for analyzing the root cause and sanitization of devices. Reports are also sought on compliance.
Hackers attack Goa’s flood monitoring system
- According to the officials of the departments, attackers demanded crypto in lieu of data decryption.
- According to the department’s executive engineer Sunil Karmarkar, the server had been subjected to a ransomware cyberattack and all files were encrypted with the “eking extension” and could not be viewed.
- He also added that the attackers demanded Bitcoin in lieu of data decryption. The engineer also informed that the attack occurred between 12 a.m. and 2 a.m. on June 21, 2022. He also highlighted that the data’s integrity had been compromised, making back-up of earlier data impossible.
Hackers used fake LinkedIn job offer to hack off $625m from Axie Infinity
- Earlier in March this year, Ronin Network (RON), a blockchain network underpinning the famous crypto game Axie Infinity and Axie DAO suffered the largest crypto hack against a decentralized finance network reported to date.
- According to The Block, when the hacking took place, Axie Infinity had nine validators from its proof-of-authority, an Ethereum-based sidechain Ronin.
- The attacker had to capture five out of nine validators to infiltrate the company’s networks. The spyware-laced PDF helped the attacker control 4 validators and access the community-run Axie DAO (Decentralized Autonomous Organization), from where they got control of the 5th validator.
- After compromising the network, the attackers stole $25 million worth of USDC stablecoin and 173,600 ether (roughly $597 million) from Axie Infinity’s treasury, collectively stealing crypto worth around $625 million.
Associated eye care discloses impact from 2020 Netgain ransomware attack
- Montana-based Associated Eye Care Partners (AEC) has started informing patients that their personal data might have been compromised during an old ransomware attack targeting Netgain.
- In a data breach notification letter sent to potentially impacted individuals, a copy of which was sent to the Montana Attorney General’s office, the firm does not say when exactly Netgain informed it of the data breach, but said that its investigation into the attack was completed two months ago.
- The firm notes that the attackers had access to patient information such as names, addresses, Social Security numbers, and medical history.
- The firm notes that it has since replaced Netgain as its hosting vendor, that it has migrated all of its data to a different vendor, and that it is working on improving security and mitigating cyber risks.
Ransomware attack hits French telecoms firm
- French telecoms operator La Poste Mobile has alerted customers that their data may have been compromised in a ransomware attack that targeted the company’s administrative and management systems.
- The attack, believed to have been carried out by the LockBit ransomware group, took the company’s systems offline as it attempted to minimize damage. Seven days later, its website is still offline and visitors are greeted by a statement in French telling customers to be wary of targeted cyber-attacks.
- While La Poste Mobile’s mobile services continue to operate, it has asked customers to be on the lookout for phishing attempts or suspicious activity related to personal information the attackers may have accessed.