Search This Blog

Showing posts with label data security. Show all posts

This Vulnerability in E-Learning Platform Moodle Could Even Modify Exam Results

 

Critical Security Exploit in the popular e learning platform Moodle can be compromised that lets access to student data and test papers, the vulnerability can even modify exam results. The company is an open source e learning platform, used by 1,90,000 organizations across the world. Most of these organisations are educational institutes like college or university. A PHP objection vulnerability, the bug exists in Moodle's Shibboleth authentication module, which can permit malicious hackers to use RCE (Remote Code Execution), which can lead to a complete takeover of the server. 

If this happens, the attacker can have access to anything on the server, like student data, passwords, messages and exam grades. Penetration testers Robin Peraglie and Johannes Moritz found the flaw, they were hunting bugs in Moodle because of the previous findings of 2 RCE vulnerabilities in Moodle software. 

According to them, the vulnerability only exists in the Moodle LMS server having Shibboleth sign-in authentication allowed. It is disabled by default, which is a relief to the educational institutions that use the module. But in case if it's enabled, unauthorized hackers can perform a remote execution- arbitrary system commands. If this happens, it can lead to a complete hack of the server including user data leakage. Students can also use to it tamper with the exams before it actually happens. 

As per experts, the vulnerability is very easy to exploit. "After reporting the issue to Bugcrowd and, following a lengthy disclosure process, the flaw has now been patched. It took four months for the vulnerability to be triaged, revealed Moritz, who said he had the impression it was not treated as a priority. When asked why they didn’t report it directly to Moodle, which has its own vulnerability disclosure program, the researcher said they are “quite inflexible with providing patches because of their two-month release cycle”. Moritz did, however, reveal that the team also found  a second critical Moodle pre-authentication bug – details of which will be released following a separate, ongoing coordinated disclosure process," reports the Daily Swig.

An Indian Firm Facing 1,738 Cyber Attacks A Week On Average, Claims Report


On Thursday, a report has been published that claimed that Indian organizations witnessed cyberattacks  1,738 times more compared to 757 attacks per organization globally on average per week in the last six months. 

According to the report by Check Point Research (CPR), the Threat Intelligence arm of Check Point Software Technologies, some of the Indian industries that have been most vulnerable in the last six months include government/military, education/research, insurance/legal, manufacturing and healthcare institutions.

Malicious actors continue to exploit the data related to the Covid-19 pandemic and ransomware attacks have been increased by 93 percent globally, said the 'Cyber Attack Trends: 2021 Mid-Year Report'.

The figure has demonstrated that the APAC region has witnessed the highest number of cyber-attacks, with around 1,338 institutions being vulnerable to cybersecurity, followed by EMEA at 777 and Americas at 688.

"In the first half of 2021, cybercriminals have continued to adapt their working practices to exploit the shift to hybrid working, targeting organizations' supply chains and network links to partners to maximum disruption," said Maya Horowitz, VP Research at Check Point Software.

"This year cyber-attacks have continued to break records and we have even seen a huge increase in the number of ransomware attacks, with high-profile incidents such as Solarwinds, Colonial Pipeline, JBS, or Kayesa," he added.

Despite the continuous efforts by various governments and law enforcement agencies, ransomware attacks are likely to grow rapidly, in the coming months of 2021.

"Ransomware attacks will continue to proliferate despite increased investment from governments and law enforcement, especially as the Joe Biden Administration makes this a priority," the report added,  

Ransomware Attempt Volume Touching Over 300 Million, Sets Record




A new investigation report has been published by SonicWall network security organization in which it stated that ransomware attacks have been increased rampantly in the first half of 2021, with 304.7 million attempted attacks observed by the organization. 

SonicWall researchers' team has discovered several attempted ransomware attacks in both April and May, however, the record of these two months was knockdown by June, which recorded 78.4 million attempted ransomware attacks. 

According to the study, the total figure of ransomware attacks that has been observed by SonicWall in the first half of 2021 has broken the record of 2020's total attempts. 

"Even if we don't record a single ransomware attempt in the entire second half (which is irrationally optimistic), 2021 will already go down as the worst year for ransomware SonicWall has ever recorded," the report read.

According to the 2021 SonicWall Cyber Threat Report, some world's developed counties including the US, the UK, Germany, South Africa, and Brazil topped the list of countries most hard hit by ransomware in the first half of 2021. 

This report has also mentioned the names of some of the US districts that have been impacted more was Florida, which saw 111.1 million ransomware attempts, New York had 26.4 million, Idaho saw 20.5 million, and Rhode Island, as well as Louisiana, has to face nearly 9 million ransomware attacks attempts. 

Furthermore, the report touched upon what these ransomware attacks are doing with organizations' systems. The network collects malware and IP-sensitive credentials from tens of thousands of firewalls and email security devices from all over the world. 

As per the report, in 2021, the most common targets are important governmental organizations such as financial institutions, defense, and information broadcasting institutions; Governments face more attacks than any other industry each month. By the month of June, government customers saw 10 times as many ransomware attempts and an overall spike of 917%. 

Customers in the education field have been found to be largely targeted by ransomware attempts, with an increase of 615%. SonicWall Capture Labs threat researchers have found an increased risk of ransomware attacks across healthcare (594%), as well as retail (264%) organizations.

According to data from SonicWall's Capture Labs, the three ransomware groups including Ryuk, Cerber, and SamSam are alone responsible for 64% of all attempted ransomware attacks. Ryuk attempted 93.9 million attacks, however, a new hype has been seen in 2020, tripling Ryuk attempts. 

On the other hand, Cerber attempted 52.5 million ransomware attacks in 2021 while SamSam group has increased its attempts by 49.7 in 2021, from last year's 15.7 million attempts. 



Trump's Social Media Website GETTR Hacked

 

An attacker leaked non-public information from GETTR, a social media platform made by former president Donald Trump's team in July 2021. The data was stored in two attempts, first on 1st July and 2nd on 5th July, the data was later leaked on a publicly accessible hacking forum called RAID. It is a forum where one can download hacking data free of cost. 

As per the leaked file copies and hacker's claims, the first batch of hacked data was retrieved via scraping the website, whereas the second batch (the heavier leak) was stolen by exploiting compromised GETTR API endpoints. The Record analyzed these samples which contained data like user names, address, profile info, website user IDs, and other public information. Besides this, the leak also contained non public info like user email IDs, date of birth, and location data. 

The dumped data contained authentic information, confirm cybersecurity experts. GETTR didn't respond to any requests sent to its website for giving comment about the hack. All in all, 90,065 users' data was included in the dump posted on RAID this Monday, i.e July 5. The API leak news comes following the website's bumpy launch. On 4th July, an attacker hacked into the GETTR website and seized multipl high profile Republican accounts, which include Georgia Rep. Marjorie Taylor Greene, former Secretary of State Mike Pompeo, Jason Miller, the former Trump spokesperson Gettr’s founder, and former Trump campaign chief Steve Bannon. Bumpy site launch are a common thing, similar incidents have happened in the past which impacted other organisations before, particularly right wing affiliations in the US political diaspora. 

Another pro-Trump social media platform, Gab, recently suffered a similar attack in March this year, the attack had exposed data of its members. The Wrap reports "the hacked profiles were all changed to include the message “@JubaBaghad was here :)”; some of the accounts also included the phrase “free Palestine.” The accounts were hacked around 8:30 a.m. ET on Sunday, according to Insider, before being restored around 10:00 a.m. ET. Miller, meanwhile, told the outlet the hack was merely a sign Gettr was onto something big."

Industrial Facilities are at Risk of Data Theft and Ransomware Attacks

 

Recently, multinational cybersecurity software company ‘Trend Micro’ has published a new report on cybersecurity in which it has highlighted the growing threats of downtime and sensitive credential theft from ransomware attacks targeting industrial facilities. 

“Industrial Control Systems are incredibly challenging to secure, leaving plenty of gaps in protection that threat actors are exploiting with growing determination,” said Ryan Flores, senior manager of forward-looking threat research for Trend Micro...” 

“…Given the US government is now treating ransomware attacks with the same gravity as terrorism, we hope our latest research will help industrial plant owners to prioritize and refocus their security efforts."

What happens when a threat actor targets your facility? 

In factories and other facilities, there are crucial elements of utility plants that help in monitoring and controlling industrial processes across IT-OT networks called Industrial Control Systems (ICS). However, in any case, when ransomware gets into these systems; it can stop all operations for several days and can heighten the risk of vulnerabilities. 

As per the published report, several different revised versions have been accounted for more than half of the ICS ransomware attacks in 2020 including Ryuk (20%), Nefilim (14.6%), Sodinokibi (13.5%), and LockBit (10.4%). 

Cybersecurity And Infrasture Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), jointly published a report titled ‘The Guide’, which aims at informing and enhancing network defense and reducing exposure to a ransomware attack. The two measures offered are Ransomware Prevention Best Practices and a Ransomware Response Checklist. Moreover, CISA provides various scanning and testing services to help organizations assess, identify and mitigate their exposure to threats, including ransomware, at no expense. 

The National Institute of Standards and Technology (NIST) also provides help against ransomware attacks. It offers help in detecting and responding. It is worth noting that lately, several cybersecurity agencies are coming forward for industries so that they can detect and mitigate future ransomware attacks and numerous guide reports are also being published on ransomware threats.

After Ransomware Attack AJG US Reported Data Breach

 

US-based global insurance brokerage and risk management firm, Arthur J. Gallagher (AJG) has reported a cyberattack on the company’s infrastructure. The company has started mailing about the breach to its potentially impacted individuals. It is worth noting that earlier, in September 2020, the company made headlines for a ransomware attack that crippled its systems. 

"Working with the cybersecurity and forensic specialists to determine what may have happened and what information may have been affected, we determined that an unknown party accessed or acquired data contained within certain segments of our network between June 3, 2020, and September 26, 2020," AJG reported to the press. 

As per the latest statistic, AJG stands as one of the largest insurance brokers in the world, it has more than 33,300 employees and the firm works in 49 countries remotely. Alongside, in Fortune 500 list, AJG ranked 429, and as per the information on its website this insurance company provides insurance-related services to more than 150 countries. 

Regarding the breach, the company has not given technical details, it remains unclear whether customers' or employees' credentials were accessed or stolen. However, during the investigation, the company found that sensitive information stored on systems in various forms have been breached during the attack including usernames, passwords, social security number or tax identification number, date of birth, passport details, driver's license, employee identification number, credit card information, medical records, electronic signature, claim, diagnosis, health insurance information, and biometric information.

Following the incident, the company has notified data regulatory authorities and all affected people (7,376 according to the information provided to the Office of Maine's Attorney General) as per the law. Additionally, the company has recommended affected individuals keep an eye on their bank, credit cards for any fraud cases.  

“While Gallagher is not aware of any attempted or actual misuse of the impacted information, Gallagher is providing access to credit monitoring services for twenty-four months through Kroll to individuals whose personal information was affected by this incident, at no cost to these individuals,” AJG added.

Indian Startup Exposed Byju's Compromised Server Data

 

Salesken.ai, an Indian-based technology secured a compromised server that was leaking out private and sensitive data on one of its clients, Byju's, a startup and one of the leading educational startups. The server was left uncompromised since June 14, says Shodan, who provide the historical data. Shodan is a search engine for compromised devices and databases. Anyone could access the server data as it was left without the password. 

The compromised server was discovered by security researcher Anurag Sen, who also asked for assistance from Tech Crunch. "WhiteHat Jr. spokesperson Sameer Bajaj said the company is currently communicating with Salesken.ai about the incident and will take appropriate action in accordance with our rigorous security policies," reports Tech Crunch. Salesken.ai offers companies like Byjus customer-relationship technology. It is a Bangalore-based start-up that recently raised $8 Million in Series. 
Funding from Sequoia Capital India in 2020, after two years of its founding. 

Most of the data stored in the compromised server containing information related to an online school that teaches coding to students in India and the U.S. Byjus bought Whitehat for $300 Million last year. The server had the names and addresses of the students and the email addresses and contact numbers of the parents and teachers. Besides this, the exposed server contained other data related to students, such as chat logs between parents and staff, and remarks given by teachers to their students. The compromised server also contained email copies that had reset codes for restoring accounts and other data pertaining to Salesken.ai. 

Co-founder and chief executive at Salesken.ai, Surga Thilakan says the company is currently investigating the issue but didn't disclose any information related to what kind of data was exposed in the compromised server. "Our assessment suggests the exposed device appears to be a non-production, staging instance of one of our integration services having access to less than 1% of India-based end-of-life sales logs for a fortnight." Salesken.ai follows stringent data security norms and is certified under the highest standards of global security and safety. We have, in an abundance of caution, immediately severed access to the cloud device," reports Tech Crunch.

Mercedes-Benz USA: Nearly 1,000 Customers’ Data Accessible Online

 

Mercedes-Benz USA stated on Thursday 24th of June, that sensitive information was made inadvisably accessible on a cloud storage network for over 1,000 customers and prospective buyers. 

On 11 June 2021, Mercedes-Benz was told by a salesperson that sensitive personal data on cloud storage was mistakenly made available to fewer than 1000 Mercedes-Benz customers and interested buyers. This confirmation was made in consultation with the vendor as part of a continuing investigation. The problem was discovered through an external safety researcher's effort.

They believe that the information was entered between 01 January 2014 and 19 June 2017 by customers and interested buyers on the Mercedes-Benz websites. As a consequence of this event, no Mercedes-Benz system has been hacked and there is no sign of malpractice for any Mercedes-Benz data at this time. 

For MBUSA, data safety is a major issue. The seller stated that the problem is fixed and no replication is possible of such an event. The company will carry on its research to guarantee that this matter is addressed properly. 

The store claims that these consumers' personal information largely includes self-reported credit scores and a limited number of driver's license numbers, social security numbers, credit card details, and birth dates. To examine the information, one needs to understand the special software applications and tools – no information included in these files would be returned by an Internet search. 

The study was launched to analyze the accessibility of around 1.6 million unique documents. Amid the overwhelming bulk of those records, the names, addresses, emails, telephone, and some car details were obtained. Nevertheless, MBUSA needs to underline that the analysis of the overall data record set found that there is more personal information available in a state publicly accessible, of less than 1.000 Mercedes-Benz customers and concerned buyers. 

Mercedes-Benz, also branded as Mercedes, is both a German car brand and a subsidiary of Daimler AG, as Mercedes-Benz AG, from late 2019. Mercedes-Benz is renowned for its luxury and commercial vehicle production. It is headquartered in Stuttgart, Baden-Württemberg. 

Mercedes-Benz USA has already started reporting this incident to those who could get additional information.

Security Experts listed who responsible for leaking your data to scammers

"There are three most common types of data leakage," said Vseslav Solenik, Director of the R-Vision Center of Expertise.

Personal data of Russians become available to fraudsters due to the negligence of employees and partners of companies, hacking of IT structures of organizations, or due to the carelessness of the citizens themselves.

Mr. Solenik stressed that in most cases, data leakage is illegal. Often, scammers find out personal data from the people themselves, promising them profitable bonus programs.

"Fraudsters attract them with various bonus programs, favorable offers and other things. And in exchange, the attackers receive a full set of personal data," the expert added.

The specifics of the Russian legislation is that even when transferring the full name and phone number of the company, the subject is obliged to fill out the consent form prescribed by law, where he is forced to specify his passport data, registration address and other information that can be used later by fraudsters.

"At the same time, it is impossible to fully protect your personal data from fraudsters today. You can only observe the hygiene of information security, raise your awareness to resist phishing and attacks, be vigilant and refuse to transfer personal data in exchange for minor services from dubious companies," the expert stressed.

Solenik added that it is equally important to know the current legislation. He called on the Russians to defend their rights in the field of personal data processing: to report incidents of leakage to the regulator and to seek the responsibility of companies for this.

Earlier, the majority of Russians supported the introduction of amendments to the law on personal data. Thus, 62 percent consider it necessary to be able to withdraw consent to the use of their personal information. In this case, Internet services will have to delete it within three days.

Scripps Health Care Facility Reported Ransomware

 


Scripps Health care facility has reported on Tuesday that the organization has started sending alert notifications to nearly 150,000 individuals after a group of threat actors has stolen the sensitive data of people during a ransomware attack on one of its local health care facility on 01st May. 

What is Scripps Health care and how this works? 

Scripps is a nonprofit health care facility in San Diego, California, United States. The medical firm operates five hospitals and 19 outpatient facilities. The firm also treats a half-million patients around the year through 2,600 affiliated physicians. In addition, Scripps Healthcare also runs several medical education programs and research programs. 

A statement has been released by the firm in which a medical professional said, that the company has just begun notifying victims so that they can take protective measures against this attack which would allow them to safeguard their personal information from further misuse. “About 2.5 percent of those — nearly 3,700 — are said to have had their Social Security and/or driver’s license numbers taken. For those, the company said, it will provide complimentary credit monitoring and identity protection support services,” he further added. 

As per the information shared by the firm, the cybercriminals have stolen clinical credential data that includes the address of the individuals, patient account number, date of birth, medical record number, health insurance information, doctor’s name, and medical data, etc. Reportedly, the data was stolen from the system, however, the firm did not disclose which system the information came from. 

The breach has forced medical professionals at all levels of the healthcare facility to work differently because the system was at risk. Professionals have to use paper charts for their document work. Additionally, access to the important clinical data, including previous test results, was also unavailable for weeks. 

The health care facility further said that the investigation is being conducted on the attack and at present, they are unable to disclose all the technical details. “We still don’t know what the rest of the document seems to be related to. We have started an extensive manual review of these documents…”

“…This is a time-consuming process that can take months, but we will notify affected individuals and organizations as soon as possible in accordance with applicable regulatory requirements,” Scripps added.

Prometheus: Emerging Ransomware Group That Has Published Mexican Government Data For Sale

 

Emerging technology has changed the way we make money or hoard wealth, indeed as in the 21st century, information and data means money, and the spy groups that are compromising systems of large tech companies around the world including public and private organizations, have reached some sort of a pinnacle of sophistication. 

The last few years have witnessed a rapid surge in cyberattacks around the world and the consistency of these attacks has been growing dramatically. 

Recently, a new ransomware cyber gang identified as ‘Prometheus’ is making headlines, the group has become a threat to the Mexican Government as the threat actors published illegally compromised data on the dark web which was available for sale today itself. 

Following the aforementioned security incident, the group also became the first cyber-hacking group that has assailed the big state of Latin American at this level. 

Resecurity, a cybersecurity company out of Los Angeles while reporting about the attack said, the leaked data was compromised from the multiple e-mails handles as a result of ATO/BEC and leveraging network resources that belong to several Mexican government firms. The company also added that as of now, it is not easy to determine the extent of consequences and the end impact of the leaks. However, one thing is ascertained: it is an extortion game that has been played by malicious actors. 

As per the available data, Mexico is known as the big trading partner of the United States, the second-largest economy in Latin America, and the 17th-largest exporter around the world. In the past few years, the number of cybercrimes reported in the state has skyrocketed and in 2020, Mexico has become one of the countries with the most cybercrimes in Latin America. 

The data that has been leaked today on the website by the Prometheus group belongs to 27 victims. Some victims are from Hotel Nyack (New York, USA) Ghana National Gas, enterprises in France, and Tulsa Cardiovascular Center of Excellence (Oklahoma, USA), and others are from Switzerland, Norway, Netherlands, UAE, Brazil, and Malaysia. For the time being, The Institute for Security and Technology-coordinated Ransomware Task Force is conducting its research on the issue. 

Threat Actors Use Several New Advanced Techniques To Exploit Windows Services


 

According to the cybersecurity researchers, several fresh techniques, comparatively advanced — are being used by attackers, for exploiting legitimate Windows services to accelerate low-level privileges into the system (concept and practice of restricting access rights for users, accounts, and computing processes to only those resources required to perform routine, legitimate activities, least privilege is also a foundational component of zero trust strategies) to get full control of the system. 

By the means of this recent attack, the threat actors took the same advantages, targeting similar Windows services facilities as that of previous attacks. Meanwhile, threat actors are also working on some new techniques to get access to the recent version of the operating system, as reported by Antonio Cocomazzi, a system engineer at SentinelOne. Furthermore, Antonio Cocomazzi shed light on the same in a Black Hat Asian virtual conference this week. 

For the organizations, the biggest issue dealing with these cyberattacks is that these attacks exploit services that hold a very important part of the system as well as exist by design in the windows functioning system. These services are enabled and available by default into the system as well as they play an essential part in the implementation of Web networking, mail servers, database servers, and other important services. 

Exploits, named “juicy potatoes,” has become a mainstream method for threat actors to invade into the windows systems, said Cocoazzi. Further, he added that SentinelOne has disclosed some very specific evidence against this exploit: it is being used in multiple APT campaigns. 

“Microsoft has fixed the exploit in newer versions of its software. However, JuicyPotato still works on every updated Windows Server until version 2016 and on every updated Windows Client machine until version 10, build 1803. Additionally, newer versions of the so-called Potato family of exploits — such as RoguePotato and Juicy 2 — are now available that bypass the Microsoft fix that shut down JuicyPotato.” Antonio Cocomazzi, a system engineer at SentinelOne reported. 

IT Services Remain Disrupted At Two Colleges Of Ireland After Ransomware Attacks

 

Two IT universities of Ireland the National College of Ireland (NCI) and the Technological University of Dublin have been hit by a cyber attack. 

Recently, both the aforementioned universities have reported ransomware attacks on their system. Currently, the National College of Ireland is working 24 hours to restore its IT services after suffering a massive cyber attack. Consequently, the institution is forced to go with an offline IT system. 

"NCI is currently experiencing a significant disruption to IT services that have impacted a number of college systems, including Moodle, the Library service, and the current students’ MyDetails service," the college reported on Saturday. 

An advisory that has been released by some press institutions said that two third-level institutions that are experiencing cyber-attacks, particularly ransomware attacks – in their regard, there is no definite timeline for when the IT services will be fully restored. 

In the wake of the attack, the two institutions have immediately notified the students, staff, and other employees, about the cyber attacks. Subsequently, NCI’s IT suspended access to the systems and the campus building was also shut down for staff as well as the students until the IT services are fully recovered from the attacks. 

NCI has also notified the important inquiries pertaining to the attack, to the authorities including the national police service of the Republic of Ireland and the Data Protection Commissioner. 

"Please note that all classes, assessments, and induction sessions planned from today Tuesday 6th until this Thursday 8th April inclusive have been postponed and will be rescheduled for a later date," NCI added in a statement issued today. 

"…The College will issue a further update on Thursday afternoon in relation to classes and other events for Friday and beyond. As well as, Students with assignments due this week were told that "no late penalties will be applied while the outage remains in place." 

Meanwhile, students were also told not to access any system of the campus until Monday, April 12. They were also advised to avoid contacting the IT staff that is at present working on restoring attacked IT systems.

Facebook Data Breach: How To Check If Your Details Were Leaked

 

By now you must have heard that the social network giant ‘Facebook’ has witnessed a very large-scale user data breach that has affected more than 533 million users from 100 plus states. 

Cybercriminals leaked the credentials on online serves that included Facebook IDs, addresses, photos, and other details and in certain cases email addresses. Ironically, it has been seen that the personal data of Facebook’s founder and CEO-Mark Zuckerberg, was also leaked in that breach. 

This article will guide you to check whether your personal data has been breached or not, as a part of the breach. Additionally, you also can check recent leaks or other past leaks in the post. 

The first step is to just go and visit Have I Been Pwned, it will ask for your account details such as your email address or logged-in phone number. If your email address (and the associated account) has been compromised, it will let you know, moreover, not only in regard to the recent breach but it will also give you an account of any other breaches in which your personal data may have been compromised.

"Have I Been Pwned" has been created by a security researcher named Troy Hunt, who was initially skeptical of adding a phone number option while searching breaches due to certain privacy risks, but ended up adding the feature. 

Another tool is a site called The News Each Day, wherein you can just enter your phone number, and then technical information will appear on your screen informing whether your data has been compromised or not. 

Additionally, all the users are advised to change the passwords of the compromised sites alongside, looking out for the best endpoint protection tools that are out there. Users are also recommended to verify the security of sites and apps around to keep their identity safe and secure, for which they are advised to rely on the best identity theft protection.

Man Indicted In Kansas Water Facility Breach

 

Today the US Department of Justice charged a Kansas man for breaching a public water system and trying to shut down the water functioning process with the intention of damaging the local community. 

The official statement has been posted on Wednesday by the Department of Justice (DOJ); The 22-year-old man named Wyatt A. Travnichek, accused of hacking into the computer system of the local water utility is a native of Ellsworth County, Kan. He was well aware of the public damage that could be caused by getting access to the Ellsworth County Rural Water District's (also known as Post Rock Rural Water District) computer system with illegal means. He tried to sabotage the water running system, according to the sources. 

The episode first appeared on 27 March 2019, when Post Rock experienced an uncertified remote trespass the facility system and successfully shut down the whole functioning operations. 
Lance Ehrig, Special Agent in Charge of EPA’s Criminal Investigation Division in Kansas said that “By illegally tampering with a public drinking water system, the defendant threatened the safety and health of an entire community…”

“…EPA and its law enforcement partners are committed to upholding the laws designed to protect our drinking water systems from harm or threat of harm. Today’s indictment sends a clear message that individuals who intentionally violate these laws will be vigorously prosecuted.” 

Nevertheless, the court’s documents had not mentioned whether Travnichek’s operation was successful or not. Additionally, the court did not explain how the operation was detected. In this regard, the officials stated that Travnichek was an employee of the Post Rock Rural Water District from January 2018 to January 2019 until he resigned from the facility in January 2019. 

Post Rock provides water facilities around eight Kansas counties. Part of Travnichek's job was to log in to the Post Rock computer system to monitor the plant after hours, but he ended up exploiting the system by illicitly accessing it. 

"He logged in remotely to Post Rock Rural Water District's computer system and performed activities that shut down processes at the facility which affect the facility's cleaning and disinfecting procedures with the intention of harming the Ellsworth County Rural Water District No. 1," the document further reads.

US Telemarketing Company Leaks Data of 114,000 Consumers In a Cloud Storage Error

In a recent cybersecurity incident, a US telemarketing firm leaked sensitive data of tens of thousands of customers after a misconfiguration of a cloud storage bucket happened. VpnMentor team's Noem Rotem identified the malicious AWS S3 bucket last year on 24 December. The finding was traced back to CallX, a Californian business, and its clients use the analytics service to strengthen their inbound marketing and media buying. As per the website, the company lends marketplace Lending tree, security provider Vivint and Liberty Mutual Insurance to its customers. 

Rotem discovered around 1,14,000 files that were dumped openly in the leaky bucket. Most of the files were the audio recordings of call logs between customers and CallX clients, these were traced through the company's software. Besides this, 2000 text transcripts of conversations were also accessible. The files' PII (Personally Identifiable information) include user names, contact no, residential address, and much more. 

"If cybercriminals needed additional information, they could hijack calls logged by CallX and do fake ‘follow up’ phone calls or emails posing as a representative of the relevant CallX client company. Using the transcripts, it would be easy to establish trust and legitimacy with targets in such schemes," reports VpnMentor. As the people exposed have no apparent relationship to one another, by the time the fraud was discovered, it may be too late, it says. VpnMentor alarmed that hackers could launch phishing attacks using the leaked data. CallX can also fall under regulatory scrutiny, being in the purview of the new CCPA (Californian privacy law). Sadly, the bucket is still open to date. 

VpnMentor in its research team reported (https://www.vpnmentor.com/blog/report-callx-breach/) "our team discovered CallX’s S3 bucket and was able to view it due to insufficient security. We found an image of the company’s logo amongst the files stored on the S3 bucket and, upon further investigation, confirmed the company as its owner. We immediately contacted CallX to notify it of the vulnerability and provide guidance on securing an S3 bucket. It’s unclear how many people were aware that somebody recorded their conversations. As a result, the people exposed in this data breach may never know their private data was exposed publicly."

Zee5 Once Again Caught In Data Breach; Info Of 9 Million Users Exposed

 

Zee5, an Indian Leading giant over-the-top (OTT) platform has witnessed a data breach. According to the information, the data breach has exposed sensitive credentials of the 9 Million customers of the network. Screenshots of the stolen database which were accessed by Inc42 have disclosed that hacked information contained the names of the clients, IP addresses, phone numbers, email addresses, and their usernames of the Zee5 accounts. 

At first, the incident has been reported to the Inc42 by an independent Cybersecurity researcher ‘Rajshekhar Rajaharia’. Additionally, it has also been confirmed that the leaked data of at least a few clients were genuine and that of Zee5 customers. 

An unidentified threat actor had uploaded a sample of the full stolen database that included descriptive information of 1 Million customers of Zee5 on an AnonFiles link. Whilst the leaked data has not directly compromised the accounts of victims, but there's a high likeability in the future that the details of contact that are contained in the database could be used for large-scale phishing attacks and for various scams in cyberattacks such as taking advantage of the stolen database to try to find similarities on other vulnerable platforms. 

A Zee5 spokesperson responded to Inc42, “We have noted some reports claiming about the data breach at Zee5’s end and we are investigating it further. We would like to confirm that all the sensitive information of our subscriber user base has not been compromised and is fully secured.” 

In July 2020, cyber attackers had affirmed to have stolen a 150 GB sized database that they had planned to sell online privately. 

However, at that time, the organization had responded to the public regarding an attack in negative, even though the intelligence warned that the information is being sold on the dark web. 

As of December 2020, the Zee5 had confirmed that the network has a monthly 65.9 Million active users (MAUs) and 5.4 Million daily active users (DAUs). 

Meanwhile, in June 2020, a Sensor Tower had revealed in its report that the Zee5 OTT platform was the ninth most downloaded streaming app worldwide with 4.16 Million downloads in the month of July itself.  Active users are from India, Pakistan, and the United Arab Emirates; they constitute 96% of the userbase for the platform. 

Malaysia Airlines hit by ‘Data Security Incident’

 

Malaysia Airlines has educated Enrich frequent flyer individuals of a “data security incident” via a third-party IT service provider, demanding the breach avoided the national carrier’s core IT infrastructure and systems. The airline had conveyed an emailer to Enrich members this week, expressing it was informed of a "data security incident" at the third-party IT supplier. The breach included "some personal data" and happened sometime between March 2010 and June 2019, it said, adding that these details incorporated members name, date of birth, contact data, and different frequent flyer information like number, status, and tier level. 

Travel information like schedules, reservations, ticketing, and ID card, just as payment details were not compromised, as indicated by Malaysia Airlines. Its own IT infrastructure or systems likewise were not influenced, the carrier said. It noticed that there was "no proof" that any personal information had been abused and the breach didn't uncover any account passwords, however, it encouraged Enrich members to change their passwords as a safety measure. The airline likewise guided clients to pose any questions they may have directly via email to its data privacy officer. 

At press time, Malaysia Airlines presently couldn't seem to make a public statement on the security breach or post a notice on its website. It did, in any case, seem to affirm the incident on Twitter in its answers to clients. In one of a few such responses, the national carrier said: “The data security incident occurred at our third-party IT service provider and not Malaysia Airlines' computer systems. However, the airline is monitoring any suspicious activity concerning its members' accounts and in constant contact with the affected IT service provider to secure Enrich members' data and investigate the incident's scope and causes." 

 The announcement comes less than a month after revelations that software utilized by Singtel was “illegally attacked by unidentified hackers”, accessing file-sharing system FTA via third-party vendor Accellion. As per the telecommunications giant, the breach affected a “standalone system” which is utilized to share data internally as well as with external stakeholders. 

 “This is an isolated incident involving a standalone third-party system,” a statement from Singtel read at the time. “Our core operations remain unaffected and sound.”

Russian Hackers Sabotaging Critical U.S Infrastructure

Among every state-sponsored hacking group that has attacked the U.S power grid, and went beyond to compromise American Electric Utilities, only Sandworm, a Russian Espionage group, has been bold enough to activate real blackouts, compelling lights shutdown in Ukraine in 2015 and 2016. A firm that emphasizes grid security has issued a warning that a criminal group that has links to Sandworm's highly sophisticated hackers has been successfully attacking US energy systems and it's been years.

Wired reports, "Dragos ties Kamacite to electric grid intrusions not just in the US, but also to European targets well beyond the well-publicized attacks in Ukraine. That includes a hacking campaign against Germany's electric sector in 2017." Recently, Dragos, an industrial cybersecurity firm issued its yearly report on the current state of industrial controls systems security. The report has identified four new foreign criminal groups which target these critical infrastructure systems. Three of these four groups have attacked US industrial control systems. 

However, the most notorious group is Kamacite, according to Dragos. The group, says Dragos, may have worked with Gru's Sandworm. In the past, Kamacite has worked as Sandworm's access team. Experts believe it emphasized getting a stronghold in the victim network before giving access to other Sandworm hacking groups. These groups, in turn, have performed the cyberattacks. As per cybersecurity agencies, Kamacite has targeted US electric utilities, gas and oil, and other organizations on various occasions. These attacks date back to 2017.  Experts believe that the group is continuously attacking the US electric utility sector to maintain a presence of a threat. 

In few incidents over the years, the group has successfully managed to breach US target networks, which allowed them to gain access to the utilities. Sergio Caltagirone, Dragos vice president of threat intelligence and former NSA analyst says that "if you see Kamacite in an industrial network or targeting industrial entities, you clearly can't be confident they're just gathering information. You have to assume something else follows. Kamacite is dangerous to industrial control facilities because when they attack them, they have a connection to entities who know how to do destructive operations."  

Data of 14 Million Amazon and eBay Accounts Leaked on Hacking Websites

 

An anonymous user offered 14 million data from Amazon and eBay accounts on a prominent hacking website for dissemination. The details seem to have been obtained from customers of Amazon or eBay having accounts from 18 countries between 2014-2021.

In Seattle, USA- focused on e-commerce, cloud computing, internet streaming, and artificial intelligence, Amazon.com Inc. is an international corporation based in Washington. Founded in 1994, the business was named "one of the most influential economic and cultural forces in the world" as well as the most valuable brand in the world. Whereas eBay Inc. is also a U.S. international e-commerce company headquartered in San Jose, California that allows transactions and sales to customers and companies through its website. eBay was founded in 1995 by Pierre Omidyar and became a remarkable success story for the dot-com bubble. 

The database acquired by the hacker was sold for 800 dollars where the accounts were divided through each country. The details leaked contain the entire customer name, mailing code, shipping address and store name, and a telephone number list of 1.6 million users. Although two copies had already been sold, the blog publisher has now closed the deal. 

The way the blog-publisher has acquired data is at present- unclear. Though the firm researching this incidence did not independently check or validate that Amazon or eBay data were certainly from the 2014-2021 period. A representative of Amazon said that the allegations had been reviewed with no evidence of any data violation. 

Also, it is more probable that Amazon or eBay have not experienced any infringements. Instead, a common form of password spraying was presumably used by the threat actor to get the passwords. Spraying passwords is an attack attempting to enter a wide number of accounts with a few popular passwords (usernames). Standard attacks by brute forces seek to enter a single account by guessing the password.

Fortunately, highly confidential material, including billing records, national ID numbers, or even e-mail addresses, does not exist on the server. However, the data being sold at this time is also potentially vulnerable and can be used for a range of reasons, such as doxing users by public dissemination of private data (e.g. sensitive things that nobody needs to hear about). The data may also be exploited by cybercriminals for purposes of creating a spam list or business intelligence.