Try it
Schedule a Demo
November 11

SecureFact – Cyber Security News – Week of November 11, 2024

Schneider Electric confirms dev platform breach after hacker steals data

  • Schneider Electric has confirmed a breach of its developer platform, where a threat actor claimed to have stolen 40GB of data from the company’s JIRA server.
  • The company reported unauthorized access to an internal project execution tracking platform and activated its Global Incident Response team to address the incident, assuring that its products and services remain unaffected.
  • The hacker, known as “Grep,” stated they accessed Schneider Electric’s JIRA server using exposed credentials and scraped approximately 400,000 rows of user data, including 75,000 unique email addresses and full names of employees and customers. In a dark web post, Grep demanded $125,000 in “Baguettes” to refrain from leaking the data.
  • The breach has reportedly compromised critical information related to projects, issues, and plugins.

*Source

City of Columbus: Data of 500,000 stolen in July ransomware attack

  • The City of Columbus, Ohio, has notified 500,000 individuals that their personal and financial information was stolen in a ransomware attack that occurred on July 18, 2024.
  • The Rhysida ransomware gang claimed responsibility for the attack, asserting they had stolen 6.5 TB of data, including employee credentials and sensitive information.
  • Although city officials initially reported that no systems were encrypted, the attackers began leaking data after failing to extort the city.
  • They published 3.1 TB of the stolen data, which included unencrypted personal information, contradicting claims made by Columbus Mayor Andrew Ginther that the leaked data was unusable.
  • Despite not finding evidence of misuse of the stolen data, the city has advised affected individuals to monitor their credit reports and financial accounts for suspicious activity and is offering 24 months of free credit monitoring services through Experian IdentityWorks.

*Source

Nokia says hackers leaked third-party app source code

  • Nokia has confirmed that hackers leaked source code belonging to a third-party vendor, following claims of a data breach.
  • The investigation revealed that while the hacker group IntelBroker attempted to sell the stolen data—which includes SSH keys, RSA keys, and hardcoded credentials—they ultimately leaked it after Nokia denied any breach of its systems.
  • Nokia stated that their investigation found no evidence of any impact on their own data or systems, attributing the incident to a security breach at a third-party vendor, specifically linked to a customized software application.
  • The leaked source code pertains to an application not developed by Nokia and is designed to operate solely within a specific network, lacking any Nokia code.
  • The company reassured that customer data and networks remain unaffected and emphasized its commitment to monitoring the situation closely.

*Source

FBI says hackers are sending fraudulent police data requests to tech giants to steal people’s private information

  • The FBI has issued a warning about hackers exploiting fraudulent police data requests to obtain private user information from U.S.-based tech companies.
  • These criminals are reportedly compromising government and police email accounts to submit “emergency” data requests, which are typically used to access sensitive information during urgent situations.
  • The advisory highlights a rise in such fraudulent activities since August 2024, with cybercriminals using compromised accounts to send legitimate-looking subpoenas.
  • These requests often cite false emergencies, such as threats of harm or human trafficking, to pressure companies into releasing user data like emails and phone numbers.
  • The FBI noted that while some requests were successful, not all were fulfilled. The stolen data can be used for harassment, doxing, and financial fraud.

*Source

DocuSign’s Envelopes API abused to send realistic fake invoices

  • Threat actors are exploiting DocuSign’s Envelopes API to send realistic fake invoices that impersonate reputable brands like Norton and PayPal.
  • By using legitimate DocuSign accounts, these attackers can bypass traditional email security measures since the invoices originate from the trusted docusign.net domain.
  • The Envelopes API, a key feature of DocuSign’s eSignature service, allows users to create and manage document containers for signing.
  • Attackers leverage this API to generate and dispatch a high volume of fraudulent invoices that closely mimic the branding and layout of legitimate companies.
  • The fees listed in these invoices are designed to appear realistic, enhancing the likelihood that targets will sign them.
  • Reports indicate that this abuse has been ongoing, with numerous customers voicing concerns about receiving multiple phishing emails weekly from the DocuSign domain.
  • Despite complaints, users have found it difficult to report these issues effectively due to inadequate support channels from DocuSign.

*Source