July 9, 2022
Manga platform “Mangatoon” has suffered a data breach that exposed 23 million user accounts. The breach, which occurred in May, exposed PII of users including auth tokens, email addresses, gender, names, and hashed passwords. A known threat actor stole the data by gaining access to Mangatoon’s Elasticsearch server using weak credentials.
Data Security Perspective: This story highlights the necessity of strong credentials, as allegedly the password for the database was simply “password”. Organizations should ensure they have security policies in place to ensure strong credentials are used to avoid data breaches like this one.
July 18, 2022
Researchers from Sentinel One observed an expansion of the crimeware group 8220 to around 30,000 hosts. The group typically targets Linux and cloud environments through vulnerabilities or insecure configurations. Using a series of simple scripts, the victim is infected, and installs PwnRig crytomning. AWS, Azure, GCP, Alitun and GCloud are all common targets for group 8220.
Data Security Perspective: Cloud users should ensure all vulnerabilities are patched and make sure all cloud environments are properly secured. A CSPM such as Magpie can help notify users of misconfigurations in their AWS environment.
July 11, 2022
Lightspin researcher, Gafnit Amiga, has identified another AWS vulnerability, this time in AWS IAM Authenticator for Kubernetes. The vulnerability “CVE-2022-2385” could enable a threat actor to escalate privileges in Elastic Kubernetes Service clusters by impersonating other identities. Within the IAM Authenticator for Kubernetes, a configuration to use the AccessKeyID is a line of code where the vulnerability exists. The code uses “ToLower” which a threat actor can use to send a different variable with the same name by sending as uppercase and lowercase.
Data Security Perspective: EKS users who do not use the AccessKeyID template are protected from the vulnerability. However, users who do use the AccessKeyId template should update AWS IAM Authenticator for Kubernetes to the latest version.
July 2, 2022
The Firearms Dashboard, California’s gun database, experienced a data breach, exposing PII of gun owners. The Department of Justice uploaded and left publically accessible a spreadsheet containing addresses, birth dates, criminal histories, driving licenses, genders, names and races of California gun owners. The spreadsheet was taken down within 24 hours. However, the DOJ announced that other parts of the Gun database might also have been exposed.
Data Security Perspective: This story highlights how human error can leak personal information. Organizations dealing with PII need to be careful with how the data is handled and stored. For organizations using cloud storage, a DSPM such as Open Raven can tell you where sensitive data is stored, minimizing the risk of unwanted data exposure.
July 22, 2022
Virtual pet website Neopets has announced that they may have been the victim of a data breach, potentially exposing the PII of up to 69 million users. Neopets’ database and some source code appears to have been stolen by a hacker who is trying to sell the information for four bitcoins, or approximately $90,500. The stolen information includes birth dates, country, email addresses, gender, postcodes, and game information.
Data Security Perspective: Neopets recommends that all users update their passwords. While it is unknown how the breach occurred, organizations should maintain good security practices such as enabling two-factor authentication.