15-Apr-24: In Security News Today

Hacker dumps data of 2.8 million Giant Tiger customers

A threat actor claimed responsibility for a March 2024 data breach at Giant Tiger, exposing 2.8 million customer records including email addresses, names, addresses, and phone numbers. The hacker dumped the stolen data on a forum, offering it for free with a download link requiring ‘8 credits’ to unlock. Giant Tiger confirmed the breach was due to a cybersecurity incident with a third-party vendor, urging customers to be cautious of messages regarding payment information.

Roku cyberattack impacts 576,000 accounts

Roku reported that 576,000 user accounts were affected by a cyberattack, discovered during an investigation of an earlier breach involving 15,000 accounts. Both incidents involved credential stuffing, where stolen login data from other breaches were used to access Roku accounts, leading to unauthorized purchases in fewer cases. Roku has since implemented two-factor authentication and reset passwords for affected accounts, and is actively notifying and compensating impacted users.

Former Security Engineer Sentenced to Prison for Hacking Crypto Exchanges

Shakeeb Ahmed, a former security engineer, has been sentenced to three years in prison for exploiting vulnerabilities in smart contracts of two cryptocurrency exchanges, defrauding them of substantial sums. By manipulating price data and smart contract terms, Ahmed illegally withdrew millions, returning some funds in exchange for a “bounty” while keeping the rest. His sentence also includes three years of supervised release and restitution payments totaling over $5 million to the affected exchanges.

Airlines Apps Might Know More Than You Think

Recent investigations into popular airline apps reveal they may access more personal data than expected, raising privacy and cybersecurity concerns. Cybernews highlighted that these apps often require permissions that could compromise user data security, not always clearly disclosed. Furthermore, incidents like AirAsia’s alleged ransomware attacks underline the vulnerability of airline systems and the urgent need for stringent data protection measures.

Chipmaker Nexperia Confirms Breach After Ransomware Gang Leaks Data

Dutch chipmaker Nexperia confirmed a data breach after a ransomware gang leaked samples of allegedly stolen data. The breach occurred in March 2024, with the threat actors claiming to have stolen 1 TB of confidential data. The extortion site ‘Dunghill Leak’ linked to the Dark Angels ransomware gang is pressuring Nexperia to pay a ransom to prevent the leak of sensitive information, including data from high-profile clients like SpaceX, IBM, Apple, and Huawei.

Daixin Ransomware Gang Claims Attack on Omni Hotels

The Daixin Team ransomware gang has claimed responsibility for a cyberattack on Omni Hotels & Resorts, threatening to publish customers’ sensitive information if a ransom is not paid. The attack led to a nationwide IT outage impacting reservation, hotel room door lock, and point-of-sale systems. Daixin Team is known for targeting organizations through VPN server vulnerabilities or compromised credentials, using stolen data for double extortion.

Pro-Iranian Cyber Gang Claims to Have Breached Radar Systems and Sent 500,000 Text messages to Israeli Citizens

Pro-Iranian cyber groups have escalated their cyberattacks in tandem with Iran’s missile strikes against Israel, claiming to have compromised Israeli radar systems and sent threatening text messages to citizens. Despite posting proof, inconsistencies in the hackers’ claims cast doubt on the actual impact of these cyberattacks. The intensifying cyber operations target both governmental and private sectors, indicating a broader strategy to supplement physical military actions.

Chinese-Linked LightSpy iOS Spyware Targets South Asian iPhone Users

Cybersecurity researchers have identified a renewed cyber espionage campaign targeting South Asian users with LightSpy, an Apple iOS spyware implant. The spyware, known as ‘F_Warehouse,’ is sophisticated, modular, and capable of extensive data exfiltration, audio surveillance, and potential full device control. The malware, attributed to Chinese nation-state group APT41, employs certificate pinning to evade detection and communicates with a server displaying Chinese error messages, indicating possible state-sponsored activity.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.