SecureFact - Cyber Security News – Week of January 22, 2024
Data Breach
1. Vans, Supreme owner VF Corp says hackers stole 35 million customers’ personal data
VF Corp said it does not retain consumer Social Security numbers, bank account information, or payment card information for its consumer businesses, nor does the company have evidence that the hackers stole customer passwords.
2. Cooper Aerobics: Data security incident raises concerns of personal information exposure
On January 5, 2024, the organization notified individuals about where unauthorized access to its network, stemmed from a Cooper Aerobics data breach, potentially exposing personal information.
3. National Bank of Angola says it mitigated cyberattack
In a statement, the bank said the January 6 cybersecurity incident was mitigated “without significant impacts on its infrastructure and data.” “Following the incident, access to technological infrastructures and, consequently, the safe and efficient provision of institutional services were ensured in a controlled manner,” it said.
4. Russian hackers stole Microsoft corporate emails in month-long breach
The fact that the hackers were able to gain access to the account using a brute force attack indicates it was not protected with two-factor authentication (2FA) or multi-factor authentication (MFA), a security practice that Microsoft recommends on all types of online accounts.
5. Clearview Resources Ltd hit by cyberattack, suffers $1.5 million in damages
The Clearview cyberattack unfolded through the compromise of an internal email address, which was exploited by malicious actors to redirect company funds to a third-party account.
Recommended by LinkedIn
6. Kansas State University cyberattack disrupts IT network and services
Impacted systems were taken offline upon detection of the attack, resulting in the unavailability of VPN, emails, Canvas and Mediasite videos, printing, shared drives, and mailing list management services (Listservs).
Malware and Vulnerabilities
1.Malicious extortion bot targets publicly exposed PostgreSQL and MySQL databases
Publicly exposed PostgreSQL and MySQL databases with weak passwords are being autonomously wiped out by a malicious extortion bot – one that marks who pays up and who is not getting their data back.
2. Zero-Day Alert: Update chrome now to fix new actively exploited vulnerability
The issue, tracked as CVE-2024-0519, concerns an out-of-bounds memory access in the V8 JavaScript and WebAssembly engine, which can be weaponized by threat actors to trigger a crash.
3. GitLab releases patch for critical vulnerabilities
Tracked as CVE-2023-7028, the flaw has been awarded the maximum severity of 10.0 on the CVSS scoring system and could facilitate account takeover by sending password reset emails to an unverified email address.