WEEK OF JUNE 06, 2022
Airline in Turkey exposes flight and crew info in 6.5TB leak
- A low-cost Turkish airline accidentally leaked personal information of flight crew alongside source code and flight data after misconfiguring an AWS bucket, it has emerged.
- A research team from security comparison site SafetyDetectives discovered the cloud data store left wide open on February 28. It traced some of the leaked information to Electronic Flight Bag (EFB) software developed by Pegasus Airlines.
- Almost 23 million files were found on the bucket, totalling around 6.5TB of leaked data. This included over three million files containing sensitive flight data such as: flight charts and revisions; insurance documents; details of issues found during pre-flight checks; and info on crew shifts.
A massive cyberattack in Costa Rica leaves citizens hurting
- Economic losses dwarf the $15 million ransom the government refused to pay the hackers, and the chaos is only getting worse.
- On May 31, Costa Rica’s public health system was taken offline, the result of a fresh attack that targeted the country’s social security fund, which could result in delays in medical attention and surgeries.
- The cybercriminals started by attacking eight Costa Rican institutions, taking down internal systems and kidnapping their data in exchange for a ransom of $10 million on April 18.
- he current Costa Rican government took power three weeks into the crisis and announced it would not negotiate with “terrorists.”
Lebanese threat actor ‘Polonium’ targets Israeli organizations
- Microsoft says it has uncovered and disabled the OneDrive infrastructure of a Lebanon-based threat actor targeting organizations in Israel.
- Based on victimology and tool and techniques overlaps, the previously-undocumented group, which is tracked by the tech giant as Polonium, appears to be collaborating with adversaries affiliated with Iran’s Ministry of Intelligence and Security (MOIS).
- According to Microsoft, such collaborations are not surprising, given that the government of Iran has been observed for roughly two years employing third parties to carry out its cyberoperations.
- Targeted sectors include critical manufacturing, defense industrial base, food and agriculture, financial systems, government agencies, healthcare and public health, IT, transportation systems, and more.
Australian trading giant ACY securities exposed 60GB of user data
- Upon being alerted by security researcher Anurag Sen, the company rubbished the sensitivity of the matter by labeling the exposed database as “an insignificant one.”
- It happened due to a misconfigured database owned by ACY Securities. The worse part of the data leak is the fact that it contained over 60GB worth of data that was left exposed without any security authentication.
- This means anyone with a slight bit of knowledge about finding unsecured databases on Shodan and other such platforms would have complete access to ACY’s data which contained logs from February 2020 while being updated with the latest data set every second.
Meeting Owl videoconference device used by govs is a security disaster
- No patch yet for easy-to-hack access point that leaks data and exposes networks to hacks.
- A recently published security analysis has concluded the devices pose an unacceptable risk to the networks they connect to and the personal information of those who register and administer them.
- While the operational features of this product line are interesting, modzero does not recommend using these products until effective measures are applied. The network and Bluetooth features cannot be turned off completely. Even a standalone usage, where the Meeting Owl is only acting as a USB camera, is not suggested. Attackers within the proximity range of Bluetooth can activate the network communication and access critical IPC channels.
Icare sends private details of 193,000 workers to wrong employers
- The personal details of almost 200,000 injured workers were mistakenly shared with 587 employers and insurance brokers in a major privacy data breach by embattled state insurer icare last month.
- A senior source with direct knowledge of the breach said the details of 193,000 employees were contained in spreadsheets that were mistakenly sent as attachments to the wrong employers
- Icare contacted affected workers last week to apologize and put the mistake down to “human error”.