WEEK OF SEPTEMBER 26, 2022
Grand Theft Auto publisher Rockstar Games hacked
- Threat actor Lapsus$ is now seemingly responsible for hacking gaming giant Rockstar Games after targeting mega-brands like Microsoft, Cisco, Samsung, Nvidia, Okta and probably Uber.
- An account operating name ‘teapotuberhacker’ posted on GTAForums around 90 videos of what appeared to be in-development footage of the upcoming Rockstar Games installment, Grand Theft Auto 6 – that the publisher confirmed it was working on earlier this year.
- The videos, which totaled around 50 minutes of footage, included short clips of animation tests to more detailed animation scenes. They were then widely shared on social media.
American Airlines breach exposes customer and staff information
- The aerospace giant confirmed in a statement that the source of the incident was a phishing attack which “led to the unauthorized access to a limited number of team-member mailboxes.”
- The airline said that “a very small number of customers’ and employees’ personal information” was contained in the accessed emails, suggesting that its attackers were not able to pivot to corporate data stores.
- A breach notification letter sent to customers by American Airlines on Friday and seen by Infosecurity, noted that the incident actually took place in July this year.
Cyberattack steals passenger data from Portuguese Airline
- Portugal’s national airline TAP Air Portugal says hackers obtained the personal data of some of its customers and have published the information on the dark web.
- No payment data was taken in the cyberattack, the flag carrier said in a statement late Wednesday.
- The attack began almost a month ago and is being investigated by Portuguese authorities, with the help of specialists from Microsoft, the airline said.
- The hackers obtained the name, nationality, sex, date of birth and address, email and telephone contact details, the airline said, without elaborating.
Twitter password reset bug exposed user accounts
- Twitter has remediated an issue that allowed accounts to stay logged in across multiple devices even after a voluntary password reset.
- In an update, the social media company explained that the bug meant users who proactively changed their passwords on one device may have still been able to access open sessions on other screens.
- The bug meant that a threat actor who was able to access an account in some way would have continued to be able to do so even after such a reset.
- It’s unclear exactly how long users have been exposed in this way, but Twitter explained that the issue appeared after it made a change “last year” to the systems that power its password reset functionality.
California signs Internet Privacy Legislation to boost children’s safety online
- The new legislation, signed by Newsom on September 15, 2022 and passed by the state congress in late August, will implement some of the strictest privacy requirements for children in the US, especially in relation to social media.
- The law restricts apps’ ability to collect data on anyone 18 or younger and requires them to implement their ‘highest privacy standards’ for children and teenagers.
- Additionally, the law will also require technology-focused companies to incorporate technology to verify a user’s age before allowing access to their platforms.
Google tool for e-commerce sites being abused by hackers stealing card data, personal info
- Hackers are abusing Google’s Tag Manager (GTM) containers to install malicious e-skimmers that steal payment card data and personally identifiable information of shoppers on e-commerce sites, according to a new report from Recorded Future.
- Thousands of e-commerce sites use Google Tag Manager containers for data on website usage metrics, customer tracking and marketing purposes.
- But Recorded Future experts have found three significant variants of malicious scripts that cybercriminals are hiding within GTM containers that allow them to exfiltrate the personal information of shoppers.
- “As of this writing, over 165,000 payment card records attributed to victims of GTM container abuse attacks have been posted to dark web carding shops,” the researchers said. “The total number of payment cards compromised via GTM-based e-skimmers is likely higher.” The Record is an editorially independent unit of Recorded Future.