CYBER SECURITY NEWS – WEEK OF APRIL 08, 2024
Shopping platform PandaBuy data leak impacts 1.3 million users
- Shopping platform PandaBuy, which enables international users to purchase products from various e-commerce platforms in China, experienced a data leak affecting over 1.3 million customers.
- The data was stolen by exploiting several critical vulnerabilities in the platform’s API and other bugs were identified allowing access to the internal service of the website.
- Leaked data includes user IDs, names, phone numbers, emails, login IP addresses, order data, order IDs, home addresses, zip codes, countries, and more.
- The stolen data has been leaked on a forum and can be obtained by registered members in exchange for a symbolic payment in cryptocurrency.
Prudential Insurance says data of 36,000 exposed during February cyberattack
- Prudential Insurance – one of the largest insurers in the United States – said hackers stole the sensitive information of more than 36,000 during a February incident.
- The attackers gained access to some of its systems and stole employee and contractor data before being blocked.
- The company said the names, addresses, driver’s license numbers or ID cards of 36,545 were accessed.
- Prudential has reported the breach to law enforcement agencies and hired an outside cybersecurity firm to help with the response.
OWASP discloses a data breach
- The OWASP (Open Web Application Security Project) Foundation recently disclosed a data breach that affected some of its members.
- The breach involved a misconfiguration of OWASP’s old Wiki web server, leading to the exposure of old member resumes from 2006 to around 2014.
- These exposed resumes contained personally identifiable information such as names, email addresses, phone numbers, and physical addresses.
- In response to the breach, the Foundation took several security measures, including disabling directory browsing, reviewing server configurations, securing the resumes, and purging the CloudFlare cache.
US government review faults Microsoft for ‘cascade’ of errors that allowed Chinese hackers to breach senior official’s emails
- US government review criticizes Microsoft for a series of errors that allowed Chinese hackers to breach the tech giant’s network and access the email accounts of senior US officials.
- The incident is part of a series of cyber-espionage campaigns tied to China and Russia that have exploited widely used software made by companies like Microsoft to target US national security interests.
- The hackers gained access to unclassified email accounts of senior US diplomats, downloading about 60,000 emails from the State Department alone.
INC Ransom claims to be behind ‘cyber incident’ at UK city council
- A cybercriminal group, has claimed responsibility for a cybersecurity incident at Leicester City Council in the UK.
- The attack on the council, involved the theft of 3 TB of council data.The data was reportedly deleted shortly after being taken.
- This incident marks the first indication that the local authority’s IT issue involves an established cybercrime gang.
Highly sensitive files mysteriously disappeared from Europol headquarters
- The website Politico reported that the Europol has suffered a serious security breach, a batch of sensitive files containing personal information of top law enforcement executives went missing from a secure storage room at its headquarters in The Hague.
- The missing files were discovered to be missing on September 6, 2023, and Europol launched an investigation which is still ongoing.
- The missing files include human resources files that contain a huge trove of sensitive information.