A Discord.io database of 760,000 users is up for sale, LinkedIn users under attack and more MOVEit victims.
Welcome to Cyber Security Today. It’s Wednesday, August 16th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
 |
 |
 |
The operators of the independent Discord.io platform, which allows users to create custom invites to the Discord instant messaging service, have confirmed its member database was stolen. This comes after someone posted the data of 760,000 Discord.io users for sale on a darknet forum. In response Discord revoked the authentication tokens of Discord.io users. They will have to re-authenticate with new passwords and enable multifactor authentication. Discord.io says it believes the breach was caused by a vulnerability in its website code, allowing an attacker to copy the database. The data includes subscribers’ Discord user names and email addresses. Discord.io is overhauling its website code and security practices. Meanwhile, it is offline.
Recently locked out of your LinkedIn account? You’re not alone. According to researchers at Cyberint, a threat actor is successfully compromising and taking over LinkedIn accounts around the world. Some victims are being pressured into paying a fee to get their access back. The report doesn’t say exactly how accounts are compromised. Likely they are using brute-force password attacks. If they try to get around two-factor authentication the account is frozen until the real owner can verify their identity. However, if the attacker takes control over the account the real owner can’t do anything. The report notes that compromised accounts can be used for phishing or scams. If you still have access to your account make sure contact information hasn’t been changed and your password is long and unique. And for heaven’s sake if you haven’t enabled two-factor authentication do it now.
More American organizations indirectly hit by the vulnerability in MOVEit file transfer servers are emerging. VNS Health Plans, which offers home, behavioural and hospice healthcare services in New York state, has admitted that data on over 103,000 patients was copied when the MOVEit server of a claims processor it uses called TMG Health was hacked. TMG Health is owned by the professional IT services company Cognizant. Files copied included people’s names, addresses, date of birth, social security number, medical claims information and more.
Banco Popular de Puerto Rico says over 82,000 of its customers had their data copied when the MOVEit server of accounting firm PwC was compromised. Information included names, social security numbers and mortgage information.
Milliman Inc., which provides administrative services for employee benefit and pension plans, says data on over 44,000 of its customers was copied when the MOVEit servers of Pension Benefit Information was hacked. I’ve mentioned before that several organizations using PBI for data processing have admitted been victimized when that company’s MOVEit server was compromised.
One of them is New York Life Insurance, which last week said data on over 25,000 customers was copied as part of the PBI hack.
Information about the hackers on your network may be closer than you think. Researchers at Hudson Rock analyzed 14.5 million computers infected with information-stealing malware and found 120,000 of them had credentials associated with cybercrime forums. That could help identify the real identities of hackers. It also means many of the computers used by hackers are also infected with information-stealing malware. This type of malware looks for saved credentials, data used to auto-complete forms and credit card information. The most common information-stealing malware are Redline, Raccoon and Azorult [AZ-O-ROOLT].
Speaking of the Raccoon stealer, after the person responsible for the malware’s infrastructure was arrested in October the gang decided to rebuild their operation. According to researchers at VX-Underground and Cyberint, after a six-month hiatus they are back. New features for the threat actor customers using this malware-as-a-service have been added, including the ability to block IP addresses used by security pros to monitor Raccoon traffic.
Network administrators with Citrix Netscaler application delivery controllers on their networks are urged to install a security update if they haven’t done so already. The patch has been available for almost a month. According to researchers at NCC Group, as of Monday just over 1,800 devices around the world were still compromised.
Finally, on Monday’s podcast I complained that there were no details on an announced Canadian government consultation to develop a voluntary code of practice for companies in this country using generative artificial intelligence applications. Yesterday I heard back from the Innovation department with a few things: There will be a roundtable discussion process before September 14th. It will hear from experts, academics, Canadian AI research institutes and public groups.
UPDATE: After this podcast was published the government issued this background paper for those who want to participate in the virtual and hybrid roundtables. It makes clear the voluntary code will help companies to prepare their processes and products before Parliament adopts the proposed Artificial Intelligence and Data Act, which is part of Bill C-27.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.
