Try it
Schedule a Demo
October 21

SecureFact – Cyber Security News – Week of October 21, 2024

Internet Archive breached again through stolen access tokens

  • The Internet Archive has experienced another data breach, this time involving its Zendesk email support platform, after hackers exploited exposed GitLab authentication tokens.
  • The breach allowed unauthorized access to over 800,000 support tickets dating back to 2018.
  • Despite prior warnings about the vulnerability, the Internet Archive failed to rotate the compromised API keys.
  • The breach was linked to a previous incident where the organization’s source code and user data for 33 million users were stolen.
  • The attackers claimed they accessed the Internet Archive’s systems through an exposed GitLab configuration file, which contained authentication tokens that enabled them to download the source code and user database, reportedly stealing around 7TB of data.

*Source

Tech giant Nidec confirms data breach following ransomware attack

  • Nidec Corporation has confirmed a data breach resulting from a ransomware attack earlier this year, where hackers stole and leaked sensitive information on the dark web after their extortion demands were unmet.
  • The breach, which targeted Nidec’s Precision division in Vietnam, did not involve file encryption and has been fully remediated.
  • The attackers gained access to the network using valid VPN credentials from a Nidec employee, compromising 50,694 files that included internal documents, business contracts, and labor safety policies.
  • Nidec has implemented additional security measures and is providing training to employees to mitigate future risks.

*Source

Cisco investigates breach after stolen data for sale on hacking forum

  • Cisco is investigating claims of a data breach after a threat actor, known as “IntelBroker,” began selling allegedly stolen data on a hacking forum.
  • The breach reportedly occurred on June 10, 2024, and involved the theft of a significant amount of developer-related data, including GitHub and GitLab projects, source code, hard-coded credentials, certificates, customer documentation, API tokens, and more.
  • IntelBroker claimed to have accessed various Cisco-related files and shared samples of the stolen data, which included databases and customer information. However, details on how the data was obtained remain unclear.
  • This incident follows IntelBroker’s previous activities involving data theft from other companies like T-Mobile and AMD. Sources suggest that the Cisco data may have been compromised through a third-party managed services provider specializing in DevOps and software development. Cisco has acknowledged the reports and is actively investigating the situation.

*Source

Boston Children’s Health Physicians Faces Data Breach, BianLian Cyber Group Claims Responsibility

  • Boston Children’s Health Physicians (BCHP) has reported a significant data breach following a cyberattack linked to an IT vendor’s systems.
  • The incident, which occurred on September 6, 2024, involved unauthorized access to parts of BCHP’s network, leading to the exfiltration of sensitive information belonging to current and former employees, patients, and guarantors.
  • The breach exposed a range of sensitive data, including: Names, Social Security numbers
  • Billing details, Addresses, Driver’s license numbers, Medical record numbers, Health insurance information, BCHP assured that its electronic health records (EHR) remained secure on a separate network.
  • The BianLian ransomware group claimed responsibility for the attack.
  • The organization is offering complimentary credit monitoring services to those whose sensitive information was compromised.

*Source

Globe Life Faces Extortion After Hackers Steal Customer Data at a Subsidiary

  • Globe Life is currently facing extortion demands from hackers who stole data on over 5,000 individuals from its subsidiary, American Income Life Insurance Company.
  • The company has reported the incident to the U.S. Securities and Exchange Commission (SEC) and federal law enforcement, emphasizing that its investigation is ongoing.
  • Compromised Data includes – Social Security numbers, Names, Addresses, Health-related information
  • However, Globe Life clarified that no financial information, such as credit card or banking details, was involved. The full scope of the data taken by the hackers has yet to be verified.
  • The hackers have shared some of the stolen data with short sellers and attorneys involved in lawsuits, claiming to possess additional unverified information.

*Source

Microsoft warns it lost some customer’s security logs for a month

  • Microsoft has warned that a bug caused the loss of critical security logs for enterprise customers from September 2 to September 19, 2024.
  • This issue impacted various services, including Microsoft Entra, Azure Logic Apps, and Microsoft Sentinel, hindering companies’ ability to detect unauthorized activities and threats.
  • The logging failure was due to a bug introduced while fixing another issue in the log collection service, which led to a deadlock condition preventing the upload of telemetry data.
  • Although Microsoft has resolved the problem and notified customers, cybersecurity expert Kevin Beaumont noted that at least two companies with missing logs did not receive alerts.
  • This incident follows previous criticism of Microsoft for inadequate logging practices, particularly after a significant breach involving Chinese hackers in July 2023. In response to concerns, Microsoft expanded its free logging capabilities in February 2024 to enhance security for all customers.

*Source

Omni Family Health data breach impacts 468,344 individuals

  • Omni Family Health, a nonprofit healthcare provider in California, has disclosed a significant data breach affecting nearly 470,000 individuals.
  • The breach was discovered on August 7, 2024, after claims surfaced that sensitive information had been stolen and leaked on the dark web.
  • The exposed information includes names, addresses, Social Security numbers, dates of birth, health insurance details, and medical records of current and former patients.
  • The Hunters International ransomware group claimed responsibility for the attack, asserting they stole 2.7 terabytes of data and subsequently listed Omni on their Tor leak site, releasing the stolen information on August 23.
  • To assist those impacted, Omni is offering 12 months of free credit monitoring and identity protection services.

*Source