10-Apr-24: In Security News Today

AT&T Now Says Data Breach Impacted 51 Million Customers

AT&T is notifying 51 million former and current customers about a data breach that exposed their personal information on a hacking forum, with details including names, addresses, phone numbers, social security numbers, and more. The breach, initially denied by AT&T, was confirmed after data was leaked by threat actors. AT&T is now facing class-action lawsuits for the security lapse and delay in informing affected customers, urging recipients to monitor their accounts and enroll in identity theft protection services.

Attack on Consumer Electronics Manufacturer boAt Leaks Data on 7.5M Customers

A hacker leaked the personal data of 7.5 million boAt customers, including comprehensive personal information, by posting it on the Dark Web for a mere $2, raising questions about the data’s authenticity. Investigations confirmed the accuracy of the leaked data, spotlighting the vulnerability of boAt, India’s leading consumer electronics brand. Experts emphasize the importance of data encryption and anti-exfiltration tools to prevent such breaches, suggesting boAt’s security measures were insufficient.

Underground Online Casino Fixbet Exposes 850K Users

The underground online casino Fixbet, targeting the Turkish market, suffered a data breach exposing personal information of 850,000 users. This breach is particularly sensitive due to the illegal status of gambling in Turkey, placing users at risk of cyberstalking, financial loss, and legal repercussions. The leak was attributed to human error, revealing usernames, passwords, and extensive personal details, underscoring the critical need for stringent data security measures in online gambling platforms.

Accor Hospitality Database Leaked, Exposing 642K Individuals

A database linked to hospitality giant Accor was leaked, compromising the personal information of 642,000 individuals. The leak includes names, emails, job titles, and employer details, raising risks of targeted phishing and scams. The breach underscores the need for stringent data security and vigilance against social engineering attacks.

LG TV Vulnerabilities Expose 91,000 Devices

Bitdefender discovered vulnerabilities in LG TVs’ WebOS versions 4 through 7, allowing unauthorized access to the root system, affecting models like LG43UM7000PLA and OLED55CXPUA. CVE-2023-6317, CVE-2023-6318, CVE-2023-6319, and CVE-2023-6320 were identified, enabling attackers to bypass authorization, escalate privileges, inject commands, and execute authenticated command injections. Bitdefender’s disclosure timeline revealed vendor notification on November 1, 2023, with a patch released on March 22, 2024, emphasizing the importance of prompt patching and updates to mitigate risks and enhance device security.

French Football Giant PSG Says Attackers Targeted its Ticketing System

Cybernews.com is using a security service to protect against online attacks, and your access has been blocked due to triggering the security solution. To resolve this, email the site owner with details of your actions when the block occurred and the Cloudflare Ray ID provided on the page.

Ransomware Attack Cripples German Business Intelligence Provider GBI Genios

A ransomware attack on GBI Genios, a key German business intelligence and database provider, has severely disrupted access to crucial press publications and business information, with expectations of several days for service restoration. This incident affects a wide range of institutions, including media, universities, and libraries, highlighting the vulnerability of critical information infrastructure to cyber threats. The attack underlines the importance of robust cybersecurity measures for data providers.

Half of UK Businesses Hit by Cyber-Incident in Past Year, UK Government Finds

The UK Government’s Cyber Security Breaches Survey 2024 reveals that half of UK businesses and a third of charities experienced cyber incidents in the past year, with phishing being the primary cause. While most organizations were able to restore operations within 24 hours, large businesses faced more negative outcomes. The survey also highlights a lack of focus on risk management, incident response plans, and supply chain security, emphasizing the need for improved cybersecurity measures and awareness.

GitHub’s Fake Popularity Scam Tricking Developers into Downloading Malware

Threat actors are exploiting GitHub’s search functionality to trick users into downloading malware by creating fake repositories with popular names and topics. The attackers manipulate search rankings and use techniques like fake stars to deceive developers into downloading malicious code concealed within Microsoft Visual Code project files. This underscores the importance of developers exercising caution when downloading from open-source repositories and not solely relying on reputation as a metric for trustworthiness.

‘eXotic Visit’ Spyware Campaign Targets Android Users in India and Pakistan

The eXotic Visit spyware campaign is actively targeting Android users in India and Pakistan, distributing malware through dedicated websites and the Google Play Store. The campaign, ongoing since November 2021, is highly targeted and involves fake-but-functional apps masquerading as messaging services and other legitimate services. The malware, XploitSPY RAT, is capable of gathering sensitive data from infected devices and employs various tactics to evade detection, with the main purpose being espionage in South Asia.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.