Cybersecurity news provided by NetworkTigers on Monday, 29 March 2021.
SAN MATEO, CA — Spear-phishing attack on German parliament, FBI Cyber Division issues flash alert, financial firm CNA goes offline because of hackers, British fashion retailer FatFace suffers data breach, university information leaked, broker accidentally exposes customer data, vulnerability discovered in 5G network slicing, disgruntled contractor jailed after cyberattack, petrochemical giant Shell suffers data breach, and comic hosting website offline after cyberattack.
German parliament targeted by hackers
A spear-phishing attack that used legitimate looking emails that appeared to be from trusted sources has targeted almost 40 members of the German parliament. The parties responsible for the attack have not yet been named, and it has been stated that some of the emails were effective in deceiving parliament officials into opening them. The attack has been reported to have targeted political activists as well. This is the second breach of this nature since one that was effectively carried out by Russian hackers in 2015. Read more.
Mamba ransomware triggers alert from FBI
The prevalence of Mamba, a piece of malware that piggybacks the open source full-disk encryption product known as DiskCryptor, has prompted the FBI’s Cyber Division to issue a flash alert. According to the FBI’s statement, the ransomware has been deployed against different levels of government, public transit systems, and commercial users. By “weaponizing” DiskCryptor, Mamba is able to encrypt an entire system. Users are then prompted with a ransom demand. The FBI has posted mitigation suggestions regarding the threat. Read more.
Major financial corporation CNA goes offline after cyberattack
Chicago-based financial firm CNA has suffered a breach that has resulted in those visiting the website to land on a page in which the company explains that hackers have caused disruption to the site. According to their statement, CNA has disconnected their systems from the network out of an “abundance of caution” after sustaining a “sophisticated cybersecurity attack.” Currently, there is no information to suggest that the attack impacted customer data and the company says that its systems, while disconnected, are also unaffected. The company has stated that it is implementing workarounds for those who have been thrown into disarray by the hack and is currently working with a third party forensics team as well as law enforcement. Read more.
Personal banking information stolen from British fashion retailer FatFace
British fashion retailer FatFace has suffered a data breach that has compromised the personal data of both its customers and employees, including sensitive banking information and home addresses. While the company remains firm in its statement that the information leaked cannot be used to make fraudulent transactions, experts say that those affected should be diligent. FatFace has offered its staff a one year free membership to Experian Identity Plus in order to monitor their personal data. Read more.
University information leaked online
Private information accessed from the University of Colorado and the University of Miami via the exploit of Accellion has been leaked online. It is reported that the stolen information is posted on a website closely associated with Clop, a more recent type of ransomware. Both schools have made arrangements to mitigate damage associated with the hack, with the University of Miami stating that the breach had a minimal impact on their system and the University of Colorado saying that they will be using a new vendor for their file sharing needs going forward. Read more.
Online trading broker accidentally exposes customer data
FBS, one of the world’s most popular exchange brokers for online trading, has reportedly leaked over 20TB of sensitive data after it left a cloud based server open with no password protection. The breach exposed the data of millions of users and was discovered by researchers at WizCase, an online cybersecurity review site. The information leaked includes a great deal of critical details including home addresses and financial information which could not only lead to identity theft but actual robbery attempts as well, especially with regard to more wealthy users. Read more.
Vulnerability discovered in 5G network slicing
Dublin-based AdaptiveMobile Security has revealed that it has uncovered a flaw in 5G network slicing, a traffic management optimization that is one of 5G’s most forward-thinking features. AdaptiveMobile discovered that the utilization of multiple instances of network slicing could open up opportunities for hackers to access critical data. The company has stated that it is working with 5G mobile network operators to continue to highlight potential security risks and provide a roadmap for best practices going forward with regard to 5G and cyber security. Read more.
Disgruntled contractor sentenced to jail for cyberattack
Deepanshu Kher, in an apparent act of revenge resulting from the termination of his contract, has been sentenced to jail after hacking into a Carlsbad company server and deleting more than 12,000 user accounts. Kher was reportedly angry due to being fired after the company was not satisfied with his work. The damage done is said to have shut the company down for two days. Kher has been sentenced to two years in prison as a result of the sabotage. Read more.
Shell energy company suffers data breach
Multinational energy and petrochemical giant Shell has disclosed that it suffered a data breach as a result of the hack of Accellion. Shell has stated that the breach did not have an effect on its core IT system thanks to its usage of Accellion’s file sharing services being isolated. The information accessed is reportedly largely associated with Shell’s subsidiary companies and stakeholders. Read more.
Comic hosting website offline due to cyberattack
MangaDex, a website that hosts free manga comics, was taken offline after it was discovered that a malicious hacker had accessed the site’s administrator account which then allowed them entry into a database of user information. The hack was then followed by the individual emailing users of the site and boasting of the site’s security vulnerabilities. Users have been instructed to change their passwords, and the site will remain offline until administrators are confident that they have addressed all weaknesses. Read more.
More cybersecurity news
Read more cybersecurity news and articles brought to you by NetworkTigers.
NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses and individuals globally. www.networktigers.com
Mike Syiek, CEO
1029 S. Claremont Ave
San Mateo, CA 94402