TL; DR: Data of most US residents on the market and password manager hacked (17th week)
The United States went through a big data robbery. The data of almost every American appeared on the hacking forum. Millions of users of a certain Indian online store have a similar problem.
Hackers have also targeted Washington police officers, and there is a risk that the local police will have major problems in the fight against organized crime.
Smishing on the British Isles
The UK is facing a malicious SMS campaign. Flubot spyware is spreading across the country.
Users receive a text message about a missed package delivery and are prompted to install a tracking application related to the missed package delivery. Afterwards, installed malware steals passwords and other sensitive data from your phone.
Malware is also capable of obtaining access to contact details and sending out smishing messages, thus spreading Flubot to more devices.
Data of quarter billion US residents on the market
The personal data of more than 250 million US residents leaked on a hacker forum.
The leaked information contains sensitive data, e.g. full names, phone numbers, e-mail addresses, dates of birth, home addresses, geolocation, political affiliation and others.
So far it is unclear who owned the data.
Password manager hacked
Click Studios, the author of Passwordstate password manager, has become a target of a sophisticated supply chain attack. The attackers managed to implant malware into a legitimate update, and thus exfiltrate the data.
The attacker accessed usernames and passwords stored in the password manager along with the data of the device on which the application has been installed. 29 thousand users of this app were exposed to risk. However, the company quickly released a security update and recommends all users to update Passwordstate without delay.
Police work put in danger
Hackers attacked the DC Police systems in the US capital, Washington DC. It was a Babuk ransomware attack.
The incident is also being investigated by the FBI. The attackers claim to have stolen more than 250 gigabytes of data.
They threaten to share the data on informants with local criminal gangs.
Now, hackers were mining
Mining firm Gyrodata was hit by REvil ransomware attack at the beginning of the year.
In addition to file encryption, the incident leaked data related to current and former employees.
They contained sensitive information such as names, addresses, dates of birth, driving licence numbers, social security numbers, health insurance data and so on.
Millions of data on the forum
Records of about 20 million users of the Indian online grocery delivery service BigBasket appeared for free on the hacking forum.
They contain sensitive data, e.g. usernames, passwords hashed with the SHA1 algorithm, full names, phone numbers, e-mail addresses, dates of birth, residence and so on.
SHORTCUT
- The REvil Group has attacked Apple’s supplier and demands a $50 million ransom, otherwise it will publish plans for two upcoming laptops and plans for a new Apple Watch series.
- The UnitingCare healthcare facilities in Queensland, Australia, have become a target of a ransomware attack. Some operational systems were impacted including internal staff e-mail and patient operation booking.
- German security researchers have discovered the vulnerability in the AirDrop service that enables the direct transfer of data between Apple devices. However, along with the data, the contact details of the user may also leak without the user’s knowledge.
- According to Atlas VPN findings, over than 5 billion data have already been leaked in Q1 of 2021.
- The University of Minnesota apologised to the maintainers of Linux Kernel Project for intentionally including vulnerabilities in the source code, which led to the university being banned from contributing to the project development.
- Guilderland Central School District near Albany in the US has become the victim of a ransomware attack. The extent and consequences of the attack are not clear.
« Späť na zoznam