Lactalis, the world's one of the best dairy groups disclosed that it was recently hit by cyberattacks after hackers breached its company's systems. Short for Lactalis group, the company has around 85,000 employees working throughout 81 countries, with dairy exports to more than 100 countries across the globe.
The FBI issued this week a Private Industry Notification (PIN) caution to warn organizations about the dangers of utilizing obsolete Windows 7 systems, poor account passwords, and desktop sharing software TeamViewer. The alert comes after the recent assaults on the Oldsmar water treatment plant's network where assailants attempted to raise levels of sodium hydroxide, by a factor of more than 100. The investigation into the occurrence uncovered that operators at the plant were utilizing obsolete Windows 7 systems and poor account passwords, and the desktop sharing software TeamViewer which was utilized by the assailants to penetrate the network of the plant.
Neopets is an online platform where kids can take care of "virtual pets." The website has revealed many sensitive user data online, including login credentials used for gaining access to company databases, email ids of employees, and repositories that contain proprietary code for the website.
The exposed data comprises the IP address of Neopets users, data that can be used by hackers to target Neopets visitors. John Jackson, an independent cybersecurity researcher, found the issue while he was searching Neopet's website with his security software. The Security Ledger reports, "this is the second serious security incident involving the Neopets site. In 2016, the company acknowledged a breach that spilled usernames, passwords, IP addresses, and other personal information for some 27 million users. That breach may have occurred as early as 2013."
Neopet, an online pet platform, was launched in the year 1999. It allows users, mostly kids, and children to take care of virtual pets/animals and buy virtual accessories for these pets using the "Neopoint" or "Neocash," virtual points earned in-game. Users can buy Neocash with real money or with the help of the awards. Viacom purchased Neopets for $160 million in 2005, but in 2017 it was purchased by NetDragon, a Chinese company.
"The issue appears to be related to a misconfigured Apache web server, Jackson said. Though many web-based applications are hosted on infrastructure owned by cloud providers such as Amazon, Google, or Microsoft's Azure, leaked documents indicate that the 20-year-old Neopets website continues to operate from the infrastructure it owns and operates," reports The Security Ledger.
Hacked accounts on sellout
According to researcher Jackson, he found that Neopets accounts were "on-sale" on a website. It led him to scan Neopet's website using a security tool, which reported Neopets' subdomain exposed the website data. Upon research, Jackson found the employees' database, emails, login credentials, and complete code-base. The screenshots of the Neopets repository shared by Jackson show that the credentials were either embedded in the website's underlying code or "hard-coded." With the help of cybersecurity expert Nick Sahler, Jackson downloaded Neopet's full code-base, it revealed a database, private code repositories, user IP addresses, and employee emails.
iPhones of around 36 Journalists at Al Jazeera news organisation have been hacked by nation-sponsored hackers who sent malware laden iMessages. The attackers who are suspected to be backed by the governments of the United Arab Emirates and Saudi Arabia, exploited a zero-day vulnerability in iMessage which was later fixed by Apple.