Welcome back to our blog. Here's a quick overview of some of the week's top stories.
Password manager provider LastPass has revealed it has been breached again. With some help from security firm Mandiant, CEO Karim Toubba says the breach was due to an unauthorized party that accessed its cloud service in August.
The Irish Data Protection Commission slapped Meta Platforms Inc. with a massive fine for failing to prevent the leak of the personal data of more than half a billion users of its Facebook service. Not only that, the watchdog ordered Meta’s Irish unit to make sure its processing complies with the law.
A British judge ordered six cryptocurrency exchanges to reveal the identities of account holders allegedly tied to a 2020 crypto hack during which thieves stole $10.7 million worth of digital assets.
Keralty, a large Colombian healthcare group, was hit with a ransomware attack on Sunday. The attack disrupted the websites and operations of the company and its subsidiaries.
In October, a security researcher alerted ConnectWise - the maker of a self-hosted, remote desktop software application widely used by MSPs - that their client executable file gets generated based on client-controlled parameters. Meaning, an attacker could craft a ConnectWise Control client download link that would bounce or proxy the remote connection from the MSP’s servers to a server that the attacker controls.
Finally, it's no surprise to anyone, but cyber criminals have been taking advantage of the FIFA World Cup. The thieves have tried everything, from fake crypto tokens and coins, cashing stolen credit cards, phishing and ticket sale scams, to promoting fake gambling sites and carrying out DDoS attacks.
That's all for this week. Have a great weekend.
Top Global Security News
Engadget (December 1, 2022) LastPass reveals another security breach
LastPass CEO Karim Toubba has revealed that the password manager has been breached again. Toubba said the company detected an unusual activity within a third-party cloud storage service that it shares with its parent company GoTo, which was formerly known as LogMeIn. To investigate the incident, LastPass has teamed up with security firm Mandiant. Together, they've determined that the unauthorized party got into LastPass' cloud service by using information obtained from the security breach it suffered in August this year. Further, they've discovered that the bad actor was able to access "certain elements" of its customers' information.
Krebs on Security (December 1, 2022) ConnectWise Quietly Patches Flaw That Helps Phishers
ConnectWise, which offers a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipients click the included link. The warning comes just weeks after the company quietly patched a vulnerability that makes it easier for phishers to launch these attacks.
In October, security researcher Ken Pyle alerted ConnectWise that their client executable file gets generated based on client-controlled parameters. Meaning, an attacker could craft a ConnectWise Control client download link that would bounce or proxy the remote connection from the MSP’s servers to a server that the attacker controls.
Bleeping Computer (November 30, 2022) Keralty ransomware attack impacts Colombia's health care system
The Keralty multinational healthcare organization suffered a RansomHouse ransomware attack on Sunday, disrupting the websites and operations of the company and its subsidiaries.
Keralty is a Colombian healthcare provider that operates an international network of 12 hospitals and 371 medical centers in Latin America, Spain, the US, and Asia. The group employs 24,000 people and 10,000 medical doctors who provide healthcare to over 6 million patients.
The company offers further healthcare services through its subsidiaries, Colsanitas, Sanitas USA, and EPS Sanitas.
Data Breach Today (November 30, 2022) UK Court Orders Crypto Firms to Share Data to Track Thieves
A British court ordered six cryptocurrency exchanges to reveal the identities of account holders allegedly tied to a 2020 hack of an anonymous English cryptocurrency platform during which thieves stole $10.7 million worth of digital assets.
The exchanges must share the status of the stolen funds, the "know your customer" details of the alleged hackers and their bank account and payment card details, email addresses, residential addresses, phone numbers and bank statements, High Court Justice Christopher Butcher ruled.
HelpNetSecurity (November 29, 2022) Cybercriminals are cashing in on FIFA World Cup-themed cyberattacks
The hype and popularity of the FIFA World Cup has attracted audiences from across the globe. And this, in turn attracts a variety of cybercriminals, who want to exploit the varied fan following, and the organizations participating, to make a quick buck.
“The gap between the supply and demand of FIFA World Cup game tickets, flight tickets, hotels, souvenirs, etc., has been co-opted by cybercriminals, to defraud fans and enthusiasts. Despite the attractive offers and lures, users should restrict their purchases to official websites and mobile apps. And companies that are FIFA sponsors should bolster their security mechanisms and stay up to date on threat actors’ tactics and techniques,” said a CloudSEK researcher.
Bloomberg (November 28, 2022) Meta Fined $277 Million for Leak of Half a Billion Users
Meta Platforms Inc. was slapped with a €265 million ($277 million) fine for failing to prevent the leak of the personal data of more than half a billion users of its Facebook service.
The Irish Data Protection Commission, the main privacy watchdog for Meta in the European Union, levied the fine following a probe that found the social-media company had failed to apply strict safeguards required under the bloc’s sweeping General Data Protection Regulation.
On top of the fine -- the third-biggest under GDPR -- the watchdog ordered Meta’s Irish unit to make sure its processing complies with the law, according to an emailed statement on Monday.
Other Top Security News