02-Jul-24: In Security News Today

Fintech Companies Wise and Affirm Are Impacted By The Data Breach at Evolve Bank

Evolve Bank has disclosed a ransomware attack by the LockBit group, affecting customers and fintech partners like Wise and Affirm. Hackers accessed sensitive information, including names, Social Security numbers, and bank details, after an employee clicked a malicious link. Despite having backups that minimized operational impact, Evolve refused to pay the ransom, leading to data leaks. Both Wise and Affirm confirmed that their systems were not compromised, but customer data shared with Evolve was affected.

Ransomware Attack Demands Reach a Staggering $5.2m in 2024

A new analysis by Comparitech revealed that the average extortion demand per ransomware attack in the first half of 2024 was over $5.2m, with the highest demand being $100m. In H1 2024, there were 421 confirmed ransomware attacks impacting around 35.3 million records, a reduction from the previous year. Private businesses were the most targeted sector, experiencing 240 incidents impacting 29.7 million records.

Prudential Data Breach Victim Count Soars to 2.5 Million

Prudential Financial initially underestimated the severity of a data breach, with the victim count now soaring to 2.5 million individuals affected, significantly higher than the original estimate of 36,000. The stolen information includes sensitive data like names, addresses, driver’s license numbers, and identification card numbers. Legal proceedings, including a class action lawsuit, have been initiated against the company for failing to safeguard client data, and the ALPHV/BlackCat ransomware group has claimed responsibility for the hack.

Hospitality App Exposes More Than One Million Credit Cards

Quoality, a hotel management services company, leaked personal and financial data of over one million guests due to a misconfigured Elasticsearch cluster, leaving information such as addresses, nationalities, phone numbers, and full credit card details exposed. The breach poses significant risks, including potential identity theft and unauthorized financial transactions, highlighting Quoality’s severe noncompliance with data protection standards like PCI-DSS. Cybernews researchers discovered the vulnerability, leading to the data being secured, but Quoality has yet to respond publicly to the incident.

Juniper Rushes Out Emergency Patch for Critical Smart Router Flaw

Juniper Networks has issued an emergency patch for a critical authentication bypass vulnerability affecting Session Smart Routers, Conductors, and WAN Assurance Routers, with a CVSS score of 10. The flaw, identified as CVE-2024-2973, could allow threat actors to take full control of unpatched devices, although there is no evidence of exploitation in the wild. Juniper recommends immediate updates for affected devices, ensuring routers are upgraded to fixed versions to prevent vulnerability.

Patch Now: Cisco Zero-Day Under Fire From Chinese APT

A vulnerability in Cisco’s NX-OS Software is being exploited by the China-backed threat group Velvet Ant, allowing attackers to execute arbitrary commands as root on affected devices. The flaw, CVE-2024-20399, requires admin credentials to exploit but is already being used by attackers. Organizations are advised to patch vulnerable devices, restrict admin access, and enforce strong password policies to mitigate the risk of exploitation.

Patelco Shuts Down Banking Systems Following Ransomware Attack

Patelco Credit Union experienced a ransomware attack, leading to the proactive shutdown of customer-facing banking systems to contain the incident. Online banking, mobile app, and call center services are currently unavailable, while debit and credit card transactions are operational in a limited capacity. Patelco is working with cybersecurity experts to investigate and recover from the attack, with no specific timeline for normal operations yet.

CocoaPods flaws left iOS, macOS apps open to supply-chain attack

Recently patched vulnerabilities in CocoaPods, a dependency manager for iOS and MacOS apps, could have allowed attackers to insert malicious code into popular apps. The flaws included an issue with orphaned pods that could be claimed by attackers to inject malicious code. Another vulnerability allowed attackers to infiltrate the CocoaPods ‘Trunk’ server, potentially leading to supply chain and zero-day attacks. Developers are advised to review dependencies, validate checksums, and limit the use of orphaned packages to mitigate these risks.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.