CYBER SECURITY NEWS – WEEK OF OCTOBER 02, 2023
Hackers steal user database from European telecommunications standards body
- A nonprofit institution for developing communications standards said hackers have stolen a database identifying its users.
- It is not yet clear whether the attack was financially motivated or if the hackers had intended to acquire the list of users for espionage purposes.
- The nonprofit said the “vulnerability on which the attack was based has been fixed,” although it did not identify the vulnerability. A spokesperson declined to clarify whether this had been a known vulnerability or a zero-day at the time of the attack.
- “Under the guidance of ANSSI experts, ETSI has fixed the vulnerability, undertaken additional security actions and significantly strengthened its IT security procedures. Following this incident, ETSI asked their online service users to change their passwords,” the institution stated.
National Logistics Portal (NLP) data leak: seaports in India were left vulnerable to takeover by hackers
- The National Logistics Portal (NLP), a newly launched platform to manage all port operations in India, left public access to sensitive data, posing the risk of a potential takeover by threat actors.
- In addition to that, a number of Amazon Web Services (AWS) S3 buckets were left publicly accessible to anyone. The buckets contained the personal data of workers, marine crew, invoices, and internal documents.
- Alarmingly, the exposed AWS S3 keys allowed anyone to get higher privileges and gain access to all of the NLP infrastructure. This poses a grave danger of ransomware attacks. Threat actors could have taken advantage of the access to the system to encrypt critical information and make it inaccessible to the waterways authorities.
- According to the CEO of SecurityDiscovery Bob Diachenko, who first identified the leak, the exact consequences are hard to estimate.
Royal family website downed by DDoS attack
- Company says it believes about 193,000 customers are affected by the breach, which it spotted in early September.
- The Royal.uk site was unavailable for around 90 minutes, starting at 10am local time, according to The Independent.
- It was fully functional again soon after, although Cloudflare checks were in place at the time of writing to ensure that IP addresses looking to access the site are not automated bots.
- Reed said the data obtained includes customer details and online order details from Pizza Hut’s customer database, including names, delivery address and instructions, email addresses and contact numbers.
Misconfigured WBSC server leaks thousands of passports
- The World Baseball Softball Confederation (WBSC) left open a data repository exposing nearly 50,000 files, some of which were highly sensitive, the Cybernews research team has discovered.
- According to the team, the exposed files belonged to the WBSC, the world governing body for baseball, softball, and Baseball5 – a recently introduced sport combining the previous two.
- Worryingly, among the contents of the misconfigured AWS bucket, which the WBSC closed after being contacted by the team, were copies of 4,600 national passports.
Russian flight booking system suffers ‘massive’ cyberattack
- A “massive” distributed denial-of-service (DDoS) attack on the local airline booking system Leonardo was carried out by “foreign hackers,” reported one of the system’s developers, Russian state defense company Rostec.
- The incident lasted about an hour and affected the operation of several Leonardo customers, including Russian air carriers Rossiya Airlines, Pobeda and flagship airline Aeroflot. DDoS attacks overwhelm websites with a flood of traffic, making them temporarily unavailable to users.
- According to Aeroflot, the incident caused delays of up to an hour for departures at Moscow’s Sheremetyevo International Airport — the busiest in the country.
- The flight booking system has “encountered dozens of these incidents in recent months, with around five attempts recorded in September,” the agency stated
Canadian Flair Airlines left user data leaking for months
- Canadian Flair Airlines left credentials to sensitive databases and email addresses open for at least seven months, the Cybernews research team has discovered. This increases the risk of passengers’ personal information, such as emails, names, or addresses, ending up in the wrong hands.
- The leak consisted of publicly accessible environment files hosted on the flyflair.com website. Flyflair.com belongs to the Canadian ultra-low-cost carrier Flair Airlines, founded in 2005. According to SimilarWeb, the website attracts 3.2 million monthly visitors.
- Environment files are commonly used in software development to manage environment-specific settings or sensitive information such as API keys and database credentials. Web development 101, or an essential requirement, is to keep crucial .env files secure, as they often contain sensitive information that could be used to compromise services or applications.