25-Jun-24: In Security News Today

LockBit Ransomware Gang Claims to have Hacked US Federal Reserve

The LockBit ransomware gang claims to have breached the US Federal Reserve, threatening to release allegedly stolen data if their ransom demands are not met. The Federal Reserve has not confirmed the breach, stating it is investigating the claims while emphasizing its robust cybersecurity measures. This incident highlights the increasing boldness of ransomware groups targeting critical national infrastructure, necessitating heightened vigilance and reinforced security protocols.

Japan’s Space Agency Hit by Multiple Cyberattacks

Japan’s space agency, JAXA, has been targeted by cyberattacks since last year, but no sensitive information related to rockets and satellites was compromised. The agency is actively investigating and implementing preventive measures to strengthen its cybersecurity defenses. Despite the attacks, JAXA has continued its successful space missions, including a precision landing on the moon and successful rocket launches.

Hacker Claims Theft of 30M User Records From Australia Ticketing Company TEG

A hacker claims to have stolen 30 million user records from the Australian ticketing company TEG. The stolen data reportedly includes personal information such as names, email addresses, phone numbers, and dates of birth. TEG has not confirmed the breach but stated that it is investigating the claims and working to ensure the security of its systems.

Car Dealerships in North America Revert to Pens and Paper After Cyberattacks on Software Provider

Critical Design Knowledge (CDK) attacks pose a significant threat to SaaS providers, highlighting the importance of robust contingency planning. These attacks target the architectural and design flaws within SaaS applications, potentially leading to severe service disruptions and data breaches. To mitigate these risks, SaaS providers must enhance their security measures by conducting thorough threat modeling, implementing regular security assessments, and preparing detailed incident response plans​

Cybercriminals Steal Over $2 Million in Cryptocurrency From CoinStats Wallets

Hackers have stolen over $2 million in cryptocurrency from CoinStats wallets by exploiting a vulnerability in the platform’s authentication process. The breach allowed attackers to gain unauthorized access to users’ funds, highlighting the critical need for robust security measures in cryptocurrency services. CoinStats has initiated an investigation and is working with cybersecurity experts to enhance security protocols and prevent future incidents.

Indonesia Says a Cyberattack Has Compromised Its Data Center but It Won’t Pay the $8 Million Ransom

Indonesia has confirmed a cyberattack on its data center, resulting in the compromise of sensitive data and an $8 million ransom demand, which the government refuses to pay. The attackers have threatened to leak the stolen data if the ransom is not met, prompting Indonesia to bolster its cybersecurity defenses and investigate the breach. Authorities are collaborating with cybersecurity experts to address the vulnerabilities exploited during the attack and to prevent future incidents.

Creditors’ Service Provider Leaked Millions of Records With Lawsuit History

Creditors Service, a collection service provider, has experienced a data breach exposing over 5 million records, including personal and financial information of consumers. The compromised data, found on a publicly accessible AWS S3 bucket, includes names, addresses, phone numbers, email addresses, and Social Security numbers. This exposure presents significant risks for identity theft and financial fraud, and affected individuals are urged to monitor their accounts and credit reports closely.

Luxury Retailer Neiman Marcus Confirms Data Breach After Snowflake Account Hack

Neiman Marcus confirmed a data breach after hackers gained unauthorized access to their Snowflake account, impacting over 64,000 individuals. The breach involved personal information like names, contact details, and gift card numbers. The incident is linked to a threat actor named ‘Sp1d3r’ who attempted to sell the stolen data, and it is part of a larger series of Snowflake data theft attacks affecting multiple organizations.

Open-source AI Development Framework Ollama Patches Critical Vulnerability

Security researchers discovered a critical remote code execution (RCE) flaw in Ollama, an open-source AI development platform, leaving AI inference servers vulnerable to takeover. The vulnerability, fixed in version 0.1.34, allowed attackers to exploit insufficient input validation to achieve full remote code execution. The lack of authentication support in Ollama and similar tools poses a significant risk, requiring additional security measures like isolation from the internet and implementing authentication layers.

Push Notification Fatigue Leads to LA County Health Department Data Breach

Push notification fatigue contributed to a data breach at the LA County Department of Health Services, affecting 22,000 individuals. Employees became desensitized to frequent security alerts, leading to delayed responses to phishing attacks. This incident underscores the need for organizations to address alert fatigue and implement effective security training to safeguard sensitive data.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.

Leave a Reply

Your email address will not be published. Required fields are marked *