The latest data breaches, a Twitter hacker sentenced to five years, and more.
Welcome to Cyber Security Today. It’s Monday, June 26th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
 |
 |
 |
Lutheran Services of Illinois, a social service provider for the state, is notifying over 150,000 people that some of their personal information was copied during a January 27th ransomware attack. The attacker had been in the IT system for weeks. Data stolen included names and Social Security numbers of individuals.
Two of the biggest airlines in the United States are notifying thousands of pilots that some of their personal information was stolen through a third-party supplier. The supplier is Pilot Credentials, which helps recruiters hire pilots. That company was hacked around April 30th. The attacker copied pilot and cadet applications that included names, Social Security numbers, driver’s licence numbers, dates of birth, passport numbers, Airman Certificate numbers and other government-issued ID numbers — in other words all the stuff needed for impersonation. Both American Airlines and Southwest say they now no longer use the Pilot Credentials service.
The latest American victims of the hack of the MOVEit file transfer system are a life insurance company called Genworth Financial and the California state public employees retirement system known as CalPERS. Both say the personal information of their subscribers or members was stolen from a third-party supplier of services they use called PBI Research Services. Genworth said in a regulatory filing that information on as many as 2.7 million of its customers was stolen when PBI’s MOVEit application was hacked. CalPERS is notifying about 769,000 retirees their data was stolen through PBI.
Meanwhile, the New York City Department of Education is notifying 45,000 students and staff that their personal information was copied in an attack on the department’s MOVEit server.
Administrators whose firms use Cisco Systems’ AnyConnect mobility client or Cisco’s Secure Client for Windows are being urged to quickly apply the latest security update. It closes a vulnerability in the client update process. A hacker able to exploit the hole could elevate their network access privileges.
The British hacker who compromised the Twitter accounts of celebrities in 2020 as part of a cryptocurrency scam has been sentenced by an American judge to five years in prison. Joseph O’Connor, who was extradited from Spain earlier this year, received the sentence after pleading guilty to several charges including a separate incident of theft. He and several others leveraged a smartphone SIM card swap to steal about $794,000 worth of cryptocurrency from victims in 2019. A year later he and others took control over the Twitter accounts of well-known people and planted cryptocurrency promotions.
Most threat actors hack their way into IT networks. However, spreading malware through infected USB memory sticks is still an effective weapon. Researchers at Check Point Software say a Chinese-based group recently managed to infect an IT system of an unnamed European hospital that way. Here’s how: A hospital employee went to a conference in Asia to give a presentation, which was on a USB drive. He loaned that drive to other conference attendees so they could copy the presentation. Unfortunately, the laptop of one of those people had been infected, which spread to the drive. So when the hospital employee went back to the institution and plugged in the USB drive into their office computer’s drive, the malware went into his machine and then into the hospital network. Note the gang believed to be behind this malware, which researchers call Camaro Dragon or Mustang Pilot, wasn’t targeting the hospital. Usually, it goes after organizations in Southeast Asia. But malware goes wherever there’s opportunity. In addition to having security software to detect malware, organizations have to remind employees about the dangers of using USB keys that have been plugged into other people’s computers. They also shouldn’t accept USB keys from anyone, or drives they pick up from trade shows at conferences.
Employees should also be warned about receiving and plugging in unexpected internet-connected devices they get in the mail or by package delivery. This comes after members of the U.S. Army and Navy recently began receiving smartwatches through the postal service that they hadn’t ordered. Nice gift, eh? Who doesn’t want to save a few bucks by not having to buy a smartwatch? Well, it probably comes with malware. What better way to get into a military IT network. It reminds me of a penetration test a cybersecurity company ran a few years ago to see if it could sucker employees. The chief financial officer was sent an iPad by the tester with a note seemingly from the CEO. “This is in appreciation for the fine work you did on the last financial results conference call,” the note said. The iPad had a file that notified the penetration tester when the CFO activated the tablet through the company’s Wi-Fi network. The file was innocent, but it could have been infected. Lesson: If you haven’t ordered an internet-connected device that lands on your desk, don’t use it until you know for sure where it came from.
Finally, some users of the LastPass password manager have been locked out of the application for weeks after the company updated its security. They’re being repeatedly prompted to reset their multifactor authentication. So instead of having a helpful application that keeps track of their passwords, they can’t work. Bleeping Computer has an article quoting the company explaining the right way to solve this: Users have to log into the LastPass website in their browser and them re-enroll their MFA. They shouldn’t use the LastPass browser extension or the LastPass Password Manager app. If they do the re-enrollment process won’t work. This incident is an example of why you need to keep a paper backup of your passwords — not in a file on your computer — as a backup just in case of problems.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.
