Categories
Breach Bug Cyber Security Data leak Egregor Hacking Malware Phishing Ransomware Scam Skimming Vulnerability

Hackers leak data from airplane maker Embraer, Web malware hides in social media buttons, and more

Major cybersecurity events on 7th December 2020 (Evening Post): Flight Centre hackathon exposes 6918 customers’ data in 2017 data breach. Ransomware targets Greater Baltimore Medical Center. Verizon Communication’s Chatbox flaw leaks customers’ personal information.

Round Up of Major Breaches and Scams

Hackers leak data from Embraer, world’s third-largest airplane maker

Brazilian company Embraer, considered today’s third-largest airplane maker after Boeing and Airbus, was the victim of a ransomware attack last month. Today, hackers involved in the intrusion have leaked some of the company’s private files as revenge after the airplane maker refused to negotiate and instead chose to restore systems from backups without paying their ransom demand.

Payment Card Skimmer Group Using Raccoon Info-Stealer to Siphon Off Data

A cybercrime group known for targeting e-commerce websites unleashed a “multi-stage malicious campaign” earlier this year designed with an intent to distribute information stealers and JavaScript-based payment skimmers. In a new report published today and shared with The Hacker News, Singapore-based cybersecurity firm Group-IB attributed the operation to the same group that’s been linked to a separate attack aimed at online merchants using password-stealing malware.

Norweigian researcher exposes how a US firm collected his location data

The researcher identified over 75000 data points of his phone being tracked. Most of us already know that our smartphones are being tracked constantly through either telecommunication service providers, tech giants like Google, or the various apps that we use. One researcher decided to see where the information or data was collected similar to when a student traced his phone’s thief.

Credit card stealer discovered in social media buttons

Cyber-criminals have created a new type of web malware that hides inside images used for social media sharing buttons in order to steal credit card information entered in payment forms on online stores. The malware, known as a web skimmer, or Magecart script, was spotted on online stores in June and September this year by Dutch security firm Sanguine Security (SangSec).

Flight Centre hackathon behind 2017 breach, exposed 6918 customers’ data

A 2017 data breach at Flight Centre occurred when passport and credit card numbers for 6918 customers were accidentally left in a dataset used by the participants of a hackathon. Details of the breach are revealed in a determination by the Australian Information Commissioner and Privacy Commissioner Angelene Falk that Flight Centre breached Australian privacy principles, including by using data for purposes other than the reason it was originally collected.

Round Up of Major Malware and Ransomware Incidents

Data Breach: HR Consulting Giant Randstad Hit by Egregor Ransomware

The data that has been made public is a 32.7MB archive which contains 184 files including legal documents, business files, accounting spreadsheets, and some financial reports. After the data was published by the ransomware operators, a security notification regarding the confirmation of the same was issued by Randstad. However, there is no clarity on whether the personal data of employees or clients was compromised during the attack.

Greater Baltimore Medical Center Hit by Ransomware Attack

The Greater Baltimore Medical Center in Towson, Maryland was hit by a ransomware attack that impacted computer systems and medical procedures, the healthcare provider said Sunday. While few details have been provided, operator GBMC HealthCare says the incident has impacted information technology systems and forced some procedures scheduled for Monday to be cancelled.

Round Up of Major Vulnerabilities and Patches

Verizon’s Chatbox Flaw Leaks Customers’ Personal Information

Verizon Communications, an American telecommunications company, has been found exposing customers’ personal data for months due to a technical glitch in its chatbox on the company’s website. As reported by Ars Technica, the vulnerability is making the chat window display the conversations between Verizon’s employees and customers. Customers’ personal details such as transcripts, full names, phone numbers, addresses, account numbers, etc., are displayed when users click on a link to chat.