August 10, 2022
Cisco confirmed they were the victim of a ransomware gang after the stolen files were posted on the dark web. The threat actors behind the attack are Yanluowang group, who used stolen employee credentials and tricked them into accepting MFA requests. Once they gained access to the VPN they were able to move through the corporate network and install malware. The group allegedly stole 2.75 GB of data and tried to extort Cisco with the data. However, no actual ransomware was deployed.
Data Security Perspective: Organizations should ensure employees are trained in security practices to avoid credential theft or being the victim of social engineering. In addition, companies can review the permissions for employee accounts and limit access to certain material that threat actors may steal once they gain access.
Michigan-based health insurance company Priority Health has announced they have suffered a third-party data breach. The breach may have exposed first and last names, pharmacy and claim information, drug names, and prescriptions dating back to 2012. The third-party breach occurred at a law firm, Warner Norcross and Judd, in October 2021, when the unauthorized activity occurred in their systems.
Data Security Perspective: This incident highlights the ongoing problem of third-party breaches. When organizations rely on third parties to handle their sensitive information, they must trust that the third party will take all precautions to protect the data.
August 5, 2022
A security vulnerability has led to the exposure of 5.4 million Twitter accounts. The vulnerability, which Twitter claims is now fixed, allowed anyone to enter a phone number or email address of a known user to potentially identify associated Twitter accounts. While the bug was fixed in January, threat actors had already been able to exploit the vulnerability and create a database containing the phone number and email addresses of Twitter accounts, including high-profile users.
Data Security Perspective: Affected Twitter users should take precautions to protect their accounts and be aware of attempts at phishing. In addition, other steps such as MFA should be enabled.
August 1, 2022
Researchers at CloudSEK have identified over 3,000 mobile apps that are exposing developer secrets. The secrets leaked are Twitter API keys containing valid consumer keys and secrets. Whoever has these keys can perform actions as that account, including reading and writing messages, writing tweets, accessing account settings, and any other associated actions. The keys typically are leaked by developers who have left them embedded in the application.
Data Security Perspective: Human error and accidental credential leaks are common mistakes that can lead to organizations being breached. Users should ensure secure programming practices are used, and credentials should never be released in production.
July 19, 2022
Researchers at Palo Alto have identified a campaign conducted by Russian threat group APT29, targeting a NATO country. The campaign, which occurred in May 2022, used suspicious PDF files sent via email that contained a link to an EnvyScout payload hosted on DropBox. During a second campaign, Palo Alto observed the same threat actors using Google Drive to store data stolen by the malware.
Data Security Perspective: As most organizations are moving to the cloud, so are threat groups. This tactic allows the group to avoid detection due to their trust in DropBox and Google Drive. Organizations should ensure employees are protected against emails containing malicious attachments.