Bitglass Security Spotlight: Uber, Apollo, & Chegg

By Jacob Serpa, Product Manager, Bitglass

man reading cybersecurity stories in newspaperHere are the top cybersecurity stories of recent weeks:

—Uber fined $148 million over cover-up
—Apollo database of 200 million contacts breached
—Chegg hack exposes 40 million users’ credentials
—Port of San Diego faces cyberattack

Uber fined $148 million over cover-up

In late 2016, Uber suffered a breach at the hands of hackers who were looking to infiltrate one of the company’s cloud services. However, instead of reporting the event (as they were supposed to), they instead paid the culprits $100,000 and elected to keep silent about the attack. Since then, all fifty states, as well as the District of Colombia, have sought legal action against the company, culminating in a fine of $148 million.

Apollo database of 200 million contacts breached

Apollo, a well-known sales engagement startup, recently had its database of 200 million contacts breached by malicious parties. Unfortunately, as detailed in the message that the company sent to the individuals whose information was exposed, the breach did take a number of weeks to detect. As massive damage can be done in a matter of moments, organizations must employ real-time security measures if they want to avoid a similar fate.

Chegg hack exposes 40 million users’ credentials

Chegg was recently found to have been breached by unauthorized users seeking to steal sensitive information. While it is believed that no Social Security numbers were stolen, data that was successfully exfiltrated included users’ names, usernames, passwords, email addresses, shipping addresses, and more. Unfortunately, the breach, which occurred in April of 2018, took months to detect, giving hackers plenty of time to pursue their malicious ends. The company has since reset the affected users’ passwords.

Port of San Diego faces cyberattack

Within a week of the cyberattack on the Port of Barcelona in Spain, another assault was launched upon the Port of San Diego. This pair of cyberattacks highlights the reality that hackers can target infrastructure and have widespread, adverse repercussions for organizations around the world. Fortunately, this particular attack affected only land-based operations at the port. The causes have yet to be discovered.

Learn about cloud access security brokers (CASBs) and how they can protect your enterprise from threats in the cloud and download the Definitive Guide to CASBs.

Bitglass Security Spotlight: Veeam, Mongo Lock, Password Theft, Atlas Quantum & the 2020 Census

By Jacob Serpa, Product Manager, Bitglass

man reading cybersecurity headlinesHere are the top cybersecurity headlines of recent weeks:
—440 million email addresses exposed by Veeam
—Unprotected MongoDB databases being targeted
—42 million emails, passwords, and more leaked
—Cold-boot attacks steal passwords and encryption keys
—2 billion devices still vulnerable to Bluetooth attack
—Atlas Quantum, cryptocurrency platform, breached
—Security concerns around the 2020 census
—Air Canada’s mobile app breached
—WellCare breach exposes data of 20k children

440 million email addresses exposed by Veeam

Data management company Veeam has ironically mismanaged hundreds of millions of users’ data. A public-facing database exposed 440 million users’ email addresses, names, and, in some circumstances, IP addresses. While this leak may seem innocuous, names and email addresses are all that is needed to conduct targeted spear phishing attacks.

Unprotected MongoDB databases being targeted

The rise of the Mongo Lock attack is seeing improperly secured, poorly configured Mongo DB databases being targeted in a ransomware-like fashion. In these attacks, hackers scan for publicly accessible databases, remove their contents, and demand a Bitcoin ransom in exchange for having data returned.

42 million emails, passwords, and more leaked

A public hosting service that allows individuals to upload files for free was recently found to contain a massive amount of personal data. Over 42 million email addresses and passwords, as well as partial credit card numbers, were found within the platform. As noted in the Veeam section, hackers can easily use this type of data to conduct targeted spear phishing campaigns and steal more sensitive information.

Cold-boot attacks steal passwords and encryption keys

A new cold-boot attack can take information in under two minutes from unsuspecting victims. The attack, which is further detailed at the above link, involves stealing information from RAM, or random access memory. Through this tactic, passwords and even encryption keys can be stolen. Fortunately, hackers need physical access to a computer to execute this kind of technique. Rather than allowing a system to sleep, forcing it to hibernate or shut down is a helpful defense.

2 billion devices still vulnerable to Bluetooth attack

One year ago, BlueBorne, a collection of vulnerabilities in devices that leverage Bluetooth, was revealed. Unfortunately, despite the fact that an entire year has gone by, 2 billion devices remain exposed. This is due to systems that have not been patched, systems that cannot be patched, and more.

Atlas Quantum, cryptocurrency platform, breached

Well-known cryptocurrency platform Atlas Quantum was recently found to have been breached. 261,000 of the company’s users had their names, account balances, email addresses, and phone numbers exposed. While the company initially declined to disclose the circumstances surrounding the breach, it did state that users’ cryptocurrencies were safe – it was merely information that was stolen.

Security concerns around the 2020 census

In the US, the Government Accountability Office has concerns about the cybersecurity of the Census Bureau. The bureau is reported to have thousands of security vulnerabilities – dozens of which are identified as highly risky and dangerous. Naturally, as conducting a census involves collecting data from countless citizens, these security gaps must be filled before the next census in 2020.

Air Canada’s mobile app breached

Late last month, Air Canada’s mobile app was found to have been breached. While it was only 1% of the application’s 1.7 million users that were affected, it was still 20,000 individuals who had their names, phone numbers, passport numbers, and dates of birth exposed.

WellCare breach exposes data of 20k children

In WellCare Health Plans’ recent breach, 20,000 children had their PHI (protected health information) exposed. The information’s security was compromised when WellCare accidentally mailed letters to the wrong addresses. Exposed data included children’s names, ages, and healthcare providers.

Learn about cloud access security brokers (CASBs) and how they can defend against the rising tide of data breaches.

 

Bitglass Security Spotlight: Yale, LifeLock, SingHealth, Malware Evolving & Reddit Breached

By Jacob Serpa, Product Manager, Bitglass

man reading cybersecurity headlinesHere are the top cybersecurity headlines of recent months:

—Future malware to recognize victims’ faces
—Reddit suffers breach
—6 million records of Georgian voters exposed
—RASPITE Group attacks US infrastructure
—Decade-old breach at Yale uncovered
—Bug exposes LifeLock customer data
—Patient data of 1.5 million exposed in SingHealth breach
—Tesla, GM, Toyota, and others expose 157 GB of data
—COSCO hit with ransomware attack

Future malware to recognize victims’ faces

Malware is poised to continue its evolution and deploy newer, more advanced capabilities. In particular, it is believed that threats will leverage artificial intelligence in order to become increasingly context aware. For example, malware may soon employ facial recognition that uses an individual’s appearance to trigger an attack.

Reddit suffers breach

Early last month, a hacker was discovered to have breached Reddit’s systems and stolen a variety of user data; for example, email addresses, passwords, private messages, and more. While the breached data came from an unsecured database containing information from 2005 to 2007, the incident still highlights the importance of maintaining constant visibility and control over data.

6 million records of Georgian voters exposed

Voters in Georgia recently had their personal information exposed when the office of the Secretary of State granted various parties access to voter registration data in an unsecured fashion. This data included dates of birth, drivers license numbers, and Social Security numbers. If the data were obtained by nefarious individuals, widespread identity theft could ensue very easily.

RASPITE Group attacks US infrastructure

Since 2017, the RASPITE Group has been a cybersecurity threat that has attacked nations around the world. Countries in the Middle East, Asia, and Europe have all suffered. Recently, the cybercriminal group was tied to Iran and found to be targeting electric utility companies in the US. Naturally, these organizations must have adequate defenses lying in wait

Decade-old breach at Yale uncovered

About ten years ago, Yale University suffered a breach. Unfortunately, at the time, the intrusion was not detected. Alumni and various faculty and staff had information like Social Security numbers exposed. This event highlights the need for proactive cybersecurity measures as well as constant threat monitoring.

Bug exposes LifeLock customer data

In an ironic twist of fate, LifeLock, an organization built upon defending customers from identity theft, was found to have exposed its users’ email addresses through a bug. The company’s users are now more vulnerable to targeted phishing attacks that imitate communications from LifeLock.

Patient data of 1.5 million exposed in SingHealth breach

Singaporean healthcare organization, SingHealth, was recently breached – much to the ire of those in the country pushing for Singapore to become a cloud-first nation. The cybersecurity incident exposed sensitive information belonging to 1.5 million, including 160,000 whose prescription details were stolen.

Tesla, GM, Toyota, and others expose 157 GB of data

Leading automotive companies (Ford, Volkswagen, and many others) were recently found to have extensive amounts of proprietary information publicly available online. The data was reportedly exposed by poor configurations around rsync protocol, demonstrating, once again, the importance of maintaining a robust and detail-oriented security posture.

COSCO hit with ransomware attack 

As one of the biggest shipping enterprises in the world, COSCO sends countless goods around the globe every day. Unfortunately, the company was recently hit with a ransomware attack that harmed some of its US operations. While the company has since responded to the attacks, ransomware continues to represent an imposing threat for businesses everywhere.

To learn about cloud access security brokers (CASBs) and how they can defend against malware, breaches, and more, download the Definitive Guide to CASBs.