Cyber security update, November

SoftwareOne believes there is a need for additional information when it comes to cyber security, as organizations have made it clear that investment in a proper security strategy is paramount. SoftwareOne’s monthly “Cyber Security Update” provides information on the most recent threats, the latest breaches and how to react to them in order to stay on top of malware and ransomware threats.

Latest security breaches

In a recent data breach, hackers have exploited two zero-day vulnerabilities in Palo Alto Networks firewalls, gaining administrator privileges and running commands with root privileges. The ongoing attacks have impacted thousands of vulnerable PAN-OS devices worldwide, leading to the dropping of malware and execution of commands on compromised firewalls.

In another data breach, medical records of approximately 750,000 patients at an unnamed French hospital have been compromised. The breach occurred through unauthorized access to the MediBoard electronic patient record system, facilitated by stolen credentials. Softway Medical Group, the system's developer, clarified that the breach was due to compromised user credentials rather than a software vulnerability.

Finastra, a leading financial technology firm serving over 8,000 institutions globally, detected unauthorized access to its Secure File Transfer Platform (SFTP). The breach, attributed to compromised credentials, led to the exfiltration of approximately 400GB of data, which a threat actor attempted to sell on a hacking forum.

In another data breach, Maxar Space Systems identified unauthorized access to a system containing employee personal data. The compromised information includes names, addresses, gender, Social Security numbers, business contact details, employment status, job titles, supervisors, departments, and other employment-related information.

T-Mobile confirmed unauthorized access to its systems as part of a broader cyber-espionage campaign targeting multiple telecommunications companies. The attack, attributed to Chinese state-sponsored hackers known as Salt Typhoon, aimed to access private communications, call records, and law enforcement information requests.

In a significant data breach, Hot Topic, a U.S.-based retail chain, experienced unauthorized access to its systems, compromising the personal information of approximately 57 million customers. The exposed data includes names, email addresses, physical addresses, phone numbers, dates of birth, and partial credit card information.

Amazon confirmed that over 2.8 million lines of employee data were exposed following a cyberattack on a third-party property management vendor. The compromised information includes work email addresses, desk phone numbers, and building locations. Amazon‘s own systems remain secure and no sensitive personal data, such as Social Security numbers or financial information, was accessed.

In another data breach, Schneider Electric faced unauthorized access to an internal project tracking platform, resulting in the theft of approximately 40GB of data from its JIRA server. The threat actor, known as "Grep," claimed to have exploited exposed credentials to breach the system, extracting over 400,000 rows of user data, including 75,000 unique email addresses and full names of employees and customers.

Interbank, a leading Peruvian financial institution, confirmed unauthorized access to its systems, resulting in the exposure of customer data. The threat actor, identified as "kzoldyck," claimed to have stolen information on over 3 million customers, including full names, account IDs, birth dates, addresses, phone numbers, email addresses, IP addresses, credit card details, and plaintext credentials.

In another significant data breach, SelectBlinds, an online window treatment retailer, reported that approximately 200,000 customers were affected by a card-skimming attack. The breach involved malicious code injected into the company's website, capturing customers' payment card details during transactions. The compromised information includes names, addresses, and credit card numbers.

Cyber security awareness

The Cybersecurity and Infrastructure Security Agency (CISA) has launched CISA Learning, a new learning management system aimed at modernizing training and education for its employees and key stakeholders. This platform replaces the Federal Virtual Training Environment (FedVTE) and offers scalable training solutions, including classroom-based courses, virtual instructor-led training, and self-paced online modules.

The international cybersecurity challenge is the first global Capture the Flag event (CTF), with a clear focus on younger generations. It is organized by ENISA, together with several international and regional organizations, representing more than 80 countries in total. The aim of the challenge is to attract young talent and raise awareness in the community globally on the education and skills needed in the area of cybersecurity.

Cybersecurity and Infrastructure Security Agency (CISA) added three vulnerabilities to its Known Exploited Vulnerabilities Catalog. These vulnerabilities are being actively leveraged by threat actors and pose significant security risks. CISA has urged organizations to prioritize remediation efforts to protect their systems and mitigate potential exploitation.

Cyber security intelligence

Microsoft announced the Windows Resiliency Initiative, a response to a significant incident that affected 8.5 million Windows PCs and servers. This initiative includes core changes aimed at improving Windows security and recovery capabilities, such as Quick Machine Recovery and new controls over the apps and drivers that can run on Windows.