WEEK OF FEBRUARY 14, 2022
City of Boston apologizes for ‘accidentally’ emailing out names of unvaccinated employees
- Boston HR admitted ‘we messed up’ for not blind copying recipients in email about positive COVID test, new vaccination requirement.
- The city’s human resources department sent an email out on Jan. 18 to about 100 employees notifying them that they had submitted information indicating they tested positive for COVID-19.
- The email – which had all names and emails visible on the chain – said policy changed to no longer allow continued testing and recipients would be required to become vaccinated or face possible disciplinary action.
Data breach exposes booking details of 19 million customers
- A massive data breach has been uncovered totaling in excess of 172 GB of data and affecting an estimated 19 million people. The victims are primarily customers of online appointment company FlexBooker, researchers say.
- Robert Byrne, field strategist at identity security platform One Identity, says attacks like these remind us how easy it is to misconfigure access in the cloud and the dramatic impact that can have.
- “As business users engage with new technologies and new ways of working, their organizations need to put better handrails and guidance in place. The good news is that the best-practices, technologies, and services are readily available. For example, following the CIS benchmarks for AWS as a baseline greatly reduces the risk of this type of leak. We see organizations being successful by augmenting that baseline with governance for cloud infrastructure and continuous compliance processes,” Byrne says.
Massive breach hits 500 e-commerce sites
- Researchers have detected a massive breach of more than 500 stores using the Magento 1 e-commerce platform
- “All stores were victims of a payment skimmer loaded from the naturalfreshmall.com domain. We invited victims to reach out to us, so we could find a common point of entry and protect other merchants against a potential new attack,” researchers at Dutch security firm Sansec say.
- Once the investigation was concluded, the researchers identified that the attackers used a combination of an SQL injection and PHP Object Injection attack to gain control of the Magento store.
Puma hit by data breach after Kronos ransomware attack
- Sportswear manufacturer Puma was hit by a data breach following the ransomware attack that hit Kronos, one of its North American workforce management service providers, in December 2021.
- The data breach notification filed with several attorney generals’ offices earlier this month says the attackers also stole personal information belonging to Puma employees and their dependents from the Kronos Private Cloud (KPC) cloud environment before encrypting the data.
- Kronos describes KPC as secure storage protected from attacks using firewalls, multi-factor authentication, and encrypted transmissions.
- Right after the attack, a Kronos customer impacted in the incident told BleepingComputer that they had to go back to using paper and pencil to cut checks and monitor timekeeping.
China-linked group attacked Taiwanese financial firms for 18 months
- The Antlion group, also known as Pirate Panda and Tropic Trooper, has shifted to targeting mainly Taiwan, using custom backdoors against financial organizations.
- The cyber-espionage group maintained a long-term presence in victims’ networks, exploring one manufacturing firm’s network for nearly six months and a financial organization for more than eight months, Symantec, the security division of Broadcom, stated in its analysis on the campaign.
- The attacks coincide with increasing tensions between China and Taiwan over its political status. Over the last year, China has increased military activity near Taiwan, and the cyberattacks appear to be an extension of that policy.
Swissport ransomware attack delays flights, disrupts operations
- Aviation services company Swissport International has disclosed a ransomware attack that has impacted its IT infrastructure and services, causing flights to suffer delays.
- The Swiss company provides services for cargo handling, security, maintenance, cleaning, and lounge hospitality for 310 airports in 50 countries.
- It handles 282 million passengers and 4.8 million tons of cargo every year, making it a a vital link in the global aviation travel industry chain.
- A tweet from the company today notes that the attack has been largely contained and systems are being restored to bring services back to normal.