Round Up of Major Breaches and Scams
97% of companies have data leaks and other security incidents exposed on the Dark Web. 631,512 verified security incidents were found with over 25% (or 160,529) of those classed as a high or critical risk level+ containing highly sensitive information such as plaintext credentials or PII, including financial or similar data. Hence, on average, there are 1,586 stolen credentials and other sensitive data exposed per cybersecurity company.
US prosecutors and Daimler AG have agreed on a settlement worth $1.5 billion to lay to rest the emissions cheating scandal. On Monday, the US Department of Justice (DoJ) said the deal, proposed between the DoJ, Environmental Protection Agency (EPA), California Air Resources Board (CARB), and Daimler — as well as its US subsidiary Mercedes-Benz USA — will wipe the slate clean when it comes to allegations of violating the US Clean Air Act.
An anonymous ethical hacker found an unsecured Elasticsearch server exposing private data of hundreds of thousands of users of over 70 adult dating and e-commerce websites across the globe. The leaky database belongs to Mailfire, an email marketing firm that provides online marketing tools to all the websites affected in the data leak. vpnMentor’s researchers stated the database hosted copies of push notifications that various online sites were sending to their users via Mailfire’s push notification service.
Round Up of Major Malware and Ransomware Incidents
University Hospital New Jersey (UHNJ) has suffered a massive data leak with over 48,000 documents floating on the dark web. Established in 1994, the University Hospital is a state-owned teaching hospital that also provides medical care to NJ’s residents. According to their website, the hospital runs on a $626 million budget and has over 3,500 employees, 519 licensed beds, and over 172,000 annual outpatient visits.
St. Louis County government’s information technology staff took down the county website on Sept. 1 after discovering attacks on its server designed to take control of the site, the IT director said Monday. They were able to respond to the threat before the hackers could succeed, acting IT director Charles Henderson said in an email on Monday. He said no data was lost, compromised, stolen or corrupted in the attack.
Round Up of Major Vulnerabilities and Patches
The US Cybersecurity and Infrastructure Security Agency (CISA) issued a new advisory on Monday about a wave of cyberattacks carried by Chinese nation-state actors targeting US government agencies and private entities.”CISA has observed Chinese [Ministry of State Security]-affiliated cyber threat actors operating from the People’s Republic of China using commercially available information sources and open-source exploitation tools to target US Government agency networks,” the cybersecurity agency said.
Vulnerabilities ‘that have existed for years’ in WS-Trust could be exploited to attack other services such as Azure and Visual Studio. Bugs in the multi-factor authentication system used by Microsoft’s cloud-based office productivity platform, Microsoft 365, opened the door for hackers to access cloud applications via a bypass of the security system, according to researchers at Proofpoint. The flaws exist in the implementation of what is called the WS-Trust specification in cloud environments where WS-Trust is enabled and used with Microsoft 365, formerly called Office 365.
The UK’s National Cyber Security Centre (NCSC) has released a new Vulnerability Reporting Toolkit, designed to help organizations manage vulnerability disclosure in a streamlined, process-driven manner. The government-backed GCHQ unit explained in a blog post yesterday that the new toolkit was built with knowledge distilled from two years of running the NCSC’s Vulnerability Co-ordination Pilot and Vulnerability Reporting Service.
A privacy bug in Democratic presidential candidate Joe Biden’s official campaign app allowed anyone to look up sensitive voter information on millions of Americans, a security researcher has found. The campaign app, Vote Joe, allows Biden supporters to encourage friends and family members to vote in the upcoming U.S. presidential election by uploading their phone’s contact lists to see if their friends and family members are registered to vote.