Information of 9 Million Passengers Compromised in EasyJet Data Breach

UK low-cost airline EasyJet just announced it was the target of a highly sophisticated cyber-attack that exposed personal details of 9 million customers.

“Following discussions with the Information Commissioner’s Office (“ICO”), the Board of easyJet announces that it has been the target of an attack from a highly sophisticated source,” the company said in cyber security incident notice on May 19.

“As soon as we became aware of the attack, we took immediate steps to respond to and manage the incident and engaged leading forensic experts to investigate the issue,” the company said.

EasyJet’s forensic investigation also discovered that 2,208 customers also had their credit card details stolen.

“Action has already been taken to contact all of these customers and they have been offered support,” the company added, while the remaining affected passengers will be contacted by May 26.

Even if no passport details were accessed or stolen, bad actors could still use the personal details of affected customers in targeted phishing campaigns to gain additional information and financial details.

No more information on how the data breach happened was provided, but the airline said it had “closed off this unauthorised access” and reported the incident to the National Cyber Security Centre and the ICO.

While “there is no evidence that any personal information of any nature has been misused,” the airline is advising customers to be alert and “cautious of any communications purporting to come from easyJet or easyJet Holidays.”

Considering the financial strain brought by the coronavirus pandemic and grounded aircrafts, the company could also face fines exceeding £150 million, and even lawsuits that could further hit the company’s assets.

“Every business must continue to stay agile to stay ahead of the threat. We will continue to invest in protecting our customers, our systems, and our data,” said easyJet Chief Executive Officer Johan Lundgren.

FBI Warns that ProLock Ransomware Decryptor Corrupts Encrypted Files

A new ransomware named ProLock is affecting various
industries in the United States, and the FBI is warning companies and other
interested parties that the decryptor doesn’t work, and causes data loss.

The FBI’s policy has always been to resist the demands of
hackers, and it’s the same advice offered by cybersecurity experts. There are a
couple of good reasons for not paying the ransom. First of all, the money is
likely to land in the hands of criminal organizations, which could include
terrorists. Secondly, it encourages continuation of this crime.

There’s a third reason, although it might not seem as
important as the other two. There’s always a chance that the hackers will take
the money and never send the decryptor back. Or, just as bad, the decryptor is
poorly made and corrupts the encrypted data.

The FBI issued a new alert regarding a newly surfaced
ransomware named ProLock, which started out as PwndLocker. One of its last known
targets is Diebold Nixdorf, a technology company in the financial sector.

“ProLock actors gain initial access to victim networks
through phishing emails, Qakbot, improperly configured remote desktop protocol
(RDP), and stolen login credentials for networks with single-factor

Authentication,” says the FBI advisory. “After ProLock
actors gain access to a victim’s network, they map the network and identify
backups, to include Volume Shadow Copies, for deletion and/or encryption.”

The FBI also explains that the decryption key or
“decryptor” provided by the attackers upon paying the ransom has not routinely
executed correctly. The decryptor could corrupt files larger than 64MB and may
result in file integrity loss of approximately 1 byte per 1KB over 100MB.

Like Sodinokibi (REvil) and Maze operators, Prolock
actors will also look to copy information in the network and exfiltrate data
before encryption. Stolen data could be used to blackmail the companies into
paying the ransom, sold on the dark web, or both.

Cybersecurity Guidelines for U.S. High-Risk Chemical Facilities Are a Decade Old

The US Government Accountability Office (GAO) has issued
a report on the cybersecurity of the high-risk chemical facilities and found serious
security issues as the guidance for policies and protection procedures hasn’t
been updated in a decade.

The Department of Homeland Security (DHS) is responsible
for monitoring all high-security installations, including high-risk chemical
facilities. More precisely, oversight is provided by the Chemical Facility
Anti-Terrorism Standards (CFATS) program within the DHS.

The latest GAO report found that the CFATS program is in
charge of setting the policies for around 3,300 facilities, but the guidance
issued by the program hasn’t been updated in 10 years, leaving all facilities
open to current threats and technological advances.

“A successful cyberattack against chemical facilities’
information and process control systems can disrupt or shut down operations and
lead to serious consequences, such as health and safety risks, including
substantial loss of life,” concludes the report.

“The chemical sector’s increasing reliance on these
systems to more efficiently control and automate the production and use of
hazardous chemicals combined with the rise in adversaries’ efforts to
manipulate and exploit vulnerabilities via evolving techniques, such as malware,
and others, illustrate the importance of ensuring that high-risk chemical
facilities are fully prepared to sustain and recover from these types of
attacks.”

GAO made a series of recommendations to the DHS, which
includes the revision of the old guidance, the implementation of cybersecurity
measures at regular intervals and tracking their effectiveness, and more.

High-risk industries, such as power generation, chemical
facilities, utilities, government and military, are regularly targeted by
ransomware, APT groups and even state actors. It stands to reason that DHS
would be directly interested in keeping these facilities as secure as possible.

65% of European Consumers Worry About Online Fraud. Do You Shop Online Safely?

The Coronavirus lockdown has ramped up online shopping 57%, according to a new study from Mastercard in partnership with independent research company Fly Research. And, as people spend more time in front of their screens, about one in three Europeans have started to spend more on virtual experiences such as movies and films.

However, along with the growing popularity of e-commerce, the risks of falling victim to fraud have also increased. Among the 12,500 adults in 15 countries in Europe polled in the study, 65% expressed concerns about online fraud and scams.

The findings also show a boost in good cyber hygiene. For example, 87% of respondents are mindful of where they shop online and 81% stick to familiar online retailers. As a plus, one in three shoppers will even contact an unknown or new merchant before deciding to go through with their purchase.

As consumer behavior changes in the current Covid-19 stricken landscape, 26.5% of all transactions in the first quarter of 2020 were attempts at fraud and abuse, according to Arkose Labs researchers.

While some consumers might gear up with gloves and masks while filling up their online shopping carts, fraudulent attacks have never been more prolific. This is why every shopper should turn vigilant and adopt safe shopping patterns:

• Make sure the website you are visiting is secure. An easy way to check is by looking for the locked padlock icon found to the left of the URL address bar. If you stick to your trusted website, or want to try a new retailer, check for misspellings or differences in the domain, as website spoofing is a common trick for scammers.

• Don’t provide unnecessary personal information while checking out your order. Online shopping platforms do not need your Social Security number or date of birth to complete your order. If you see any retailers that ask for this type of personal information, it’s likely a scam to steal key pieces of your identity.

• Create strong a password for your online shopping account and enable two-factor authentication, where possible. Should the online retailer suffer a cyber attack or data breach, bad actors will not be able to access your account without proper authentication or code.

• Install a security solution on all Internet-enabled devices. Besides protecting you from malware attacks, a local security solution can fight spam and phishing attempts that try to steal your personal information.

Here at Bitdefender we focus on protecting your devices from malicious activity and threats of all kinds. Now more than ever, we need autonomy and safety as we interact with the world through our internet-enabled devices. That’s why we have extended the trial for our best security suite, ensuring that you can take care of your family’s devices for up to 90 days. If you’re already set up, why not make an unexpected gift to your loved ones who might not be aware of emerging cyber threats?

Firefox to Fully Drop Flash Support by the End of 2020

Firefox to Fully Drop Flash Support by the End of 2020

Mozilla has decided to remove support altogether for Flash
from its Firefox browser by December 2020, and updated the release schedule of
the releases that will slowly integrate this important change.

The decision to drop Flash from browsers and operating
systems was taken a long time ago, but many websites still rely on this
antiquated technology. Flash was difficult to maintain, and new security
problems were discovered regularly. It took companies and developers many years
to reach this point.

According to a new schedule posted by Mozilla, the
deprecation of Flash in Firefox started in June 2016 by disabling the plugin
and requiring users to activate it manually. In 2019, Firefox 69 removed the
“Always Activate” Flash option, so all users were required to set
permissions when using a Flash-enabled website.

As it stands, Adobe will completely stop shipping security
updates for Flash at the end of 2020. In December 2020, Flash support will be
completely removed from the consumer version of Firefox.

“Plugins are a security and performance problem for
Firefox users,” says Mozilla.
“NPAPI plugins are an obsolete technology, and Mozilla has been moving
toward a Web which doesn’t need plugins. 
The last remaining NPAPI plugin, Adobe Flash, has announced an
end-of-life plan.”

Users of Beta and Nightly versions of Firefox will see these
changes much earlier, as the features are pushed upstream.

Starting in 2021, websites using Flash will have problems
displaying that content to users, including Firefox.

The removal and replacement of Flash is actually a
collaboration between Apple, Facebook, Google, Microsoft and Mozilla, allowing
all of them to be ready in time with their browsers and OS implementations.

Hackers Threaten to Release Stolen Documents from Law Firm Implicating Donald Trump

The group that deployed REvil ransomware into the network of
the Grubman Shire Meiselas& Sacks law firm just last week now threatens to
release stolen information pertaining to President Donald Trump, if their
demands are not met.

A massive REvil ransomware attack affected the law firm in New York. On top of that, hackers stole 756GB worth of data, which they threaten to use if the law firm doesn’t pay the ransom.

The law firm has many famous clients, most of them from the
entertainment business, including artists such as Madonna, Lady Gaga, Robert
DeNiro, Elton John, David Letterman, and a long list of athletes.

Early reports stated that the group was asking for $21
million but, as the law firm refused to cooperate, they upped the ransom to $42
million and used a much more convincing threat, involving the US President,
Donald Trump.

“The next person we’ll be publishing is Donald Trump.
There’s an election race going on, and we found a ton of dirty laundry on time,”
said the group on their blog, according to NBC.

“Mr. Trump, if you want to stay president, poke a sharp
stick at the guys, otherwise you may forget this ambition forever. And to you
voters, we can let you know that after such a publication, you certainly don’t
want to see him as president. Well, let’s leave out the details. The deadline
is one week.”

The law firm says it had no dealing with Donald Trump, implying
that the hackers are bluffing. The only problem is that bluffing doesn’t really
serve their interests, especially in the long run.

So far, the White House has declined to comment, and the
hackers haven’t said anything since. The law firm has already contacted authorities
and says that it won’t negotiate.

Cyber-crime against children spikes amid stay-at-home orders

The sudden shift to remote work has forced millions of individuals and families to set aside their daily routines and quickly adapt to self-isolating measures to stay safe amid the pandemic

While social distancing helped us flatten the curve, the unprecedented spike in online consumption has opened new doors of exploitation for adults and children alike.

Adults are not the only ones susceptible to the dangers of online exposure. During the stay-at-home orders, millions of children have stored away their backpacks and school gear, participating in online courses along with their teachers and classmates.

While the virtual environment helps teachers and parents struggling to maintain a balanced day-to-day schedule for children, it also serves as a malicious vector for the cyber exploitation of children.

In the first two months of spring, the Minnesota Bureau of Criminal Apprehension observed a 30% increase in cyber-crimes against children. On top of more than 1,000 complaints received by the agency, The National Center of Missing and Exploited Children (NCMEC) recorded more than 6 million tips during the same period.

While the sudden spike in numbers can be attributed to the increased screen time for minors, John Shehan, the vice-president of NCMEC, says that online predators are discussing their intentions to exploit the lockdown orders on the dark web.

Law enforcement agencies also warn of the dangers of online chatrooms, where an adult may pose as a teenager and manipulate the recipient into sending indecent photos, ultimately blackmailing the child by threatening to expose his actions to his parents or teachers.

“Parents are stretched so thin and asked to do so much right now,” said Minnesota U.S. Attorney Erica MacDonald. “It just leads to a very target-rich environment for kids to be preyed upon.”

Parents and caretakers should be the first to start an honest conversation with their children and warn them about the risks they face in the online world, she said.

Parents are advised to keep an eye on their children’s online profiles and monitor their posting patterns. It’s also a good idea to set privacy settings for social media accounts and online gaming platforms. If your little one is more of a night owl, it’s best to try and limit online consumption during late hours or, at least, supervise their interactions.

Edison Mail bug exposed users’ email accounts to complete strangers

Edison Mail bug exposed users' email accounts to complete strangers

The makers of a popular iOS email app have warned their users that their accounts may have been compromised after a buggy software update made it possible to see strangers’ emails.

Users jumped onto social networks this weekend after updating their iPhones with the latest version of Edison Mail, warning that the email accounts of other users were suddenly freely accessible within the app.

It is believed that the problem arose after the company pushed out an update that included a new account syncing feature.

In response to a cavalcade of complaints from concerned users, Edison offered its “deepest apologies” for what it described as a “malfunction”.

Earlier today Edison Mail published a blog post which attempted to explain what happened and limit the damage to its reputation:

On Friday, May 15th, 2020, a software update enabled users to manage accounts across their Apple devices. This update caused a technical malfunction that impacted approximately 6,480 Edison Mail iOS users. The issue only impacted a fraction of our iOS app users (and no Android or Mac users were affected). This temporary issue was a bug, and not related to any external security issues. Data from these individual’s impacted email accounts may have been exposed to another user. No passwords were compromised. On Saturday morning a patch was deployed to remove and prevent any further exposure. As a safety measure, the patch prevented all potentially impacted users from being able to access any mail from the Edison app. We apologize for temporarily pausing the app from working for many users, which was required to ensure the safety and protection of all potentially impacted users.

In short, realising just what an emergency it found itself in, Edison blocked users from accessing their email entirely.

And users’ emails were not accessed as a result of an attack by external hackers, but rather due to an injury that was entirely self-inflicted by Edison.

Edison may be keen to downplay the seriousness of what happened, but the truth is that its users did suffer a significant security and privacy breach.

Complete strangers were able to access the email accounts of some Edison Mail users, and read and send email from those accounts without permission.

And as so much personal sensitive information is held in email accounts, the potential for abuse is considerable.

To try to describe such a security breach as a “temporary issue” or “bug” seems disingenuous to me.

Remember – this isn’t the familiar narrative of passwords leaking into the hands of the criminal underground who might be tempted to use it to break into email accounts. Instead, regular users opened the Edison email app on their iPhone and suddenly found they could read strangers’ emails to their hearts’ content.

As a result private conversations, personal information, intimate photographs, password reset notifications for third-party services, all manner of sensitive communications will have been exposed.

In its blog post Edison says that it has released a new update to the iOS App Store which restores full functionality, and suggests that impacted users change their email account password.

Personally, if I was an affected user, I would want to do much more than that. I would want to be sure that none of my other accounts have been compromised, and might – out of an abundance of caution – want to reset the passwords on those as well.

After all, you don’t know who might have been rifling through your email, and how they might have abused that access

Furthermore, I would have to seriously question whether I would feel comfortable using the Edison Mail app again, after such a terrible privacy blunder.

The news comes at a particularly bad time for Edison, which earlier this year was accused of not being transparent enough with users that its business model involved scraping email inboxes for monetizable data.

U.S. Secret Service Exposes Unemployment Benefits Scam by Overseas Fraud Ring

The latest memo from the U.S. Secret Service reveals that overseas criminals are registering for unemployment claims using stolen Social Security numbers and personally identifiable information (PII).

Unemployment benefit scams are not unique, but the Coronavirus pandemic has given fraudsters new ways of exploiting the surge in newly unemployed workers who file for benefits.

“A substantial amount of the fraudulent benefits submitted have used Personal Identifying Information (PII) from first responders, government personnel and school employees,” the Secret Service said.

More than 36 million Americans are currently jobless, and agencies are struggling to speed up the process of sending their benefits by any means possible, sometimes overlooking proper screening of applications.

According to investigators, the campaign is run by a well-organized Nigerian crime ring, with the sole purpose of defrauding the Federal Government of millions of dollars.

Using detailed information of identity theft victims, the attackers may also file claims on behalf of people who did not lose their jobs. For example, unemployment agencies from Washington State have received notifications and inquiries from working citizens who received unsolicited paperwork in the mail.

More than 400 employees at Western Washington University in Bellingham have also been targeted with similar fraudulent claims, according to university officials.

Investigators are now focusing on tracking down the individuals, and it appears that some people in the US are helping the scammers.

“We are actively running down every lead we are getting,” said special agent Roy Dotson in an interview. He also warned citizens to be suspicious of any quick-money job offerings and any questionable arrangements involving wiring transactions.

So far, Washington is the primary targeted state, however, “there is also evidence of attacks in North Carolina, Massachusetts, Rhode Island, Oklahoma, Wyoming and Florida,” the Secret Service said.

Interserve Hit by Data Breach; 100,000 Employee Records Stolen

Hackers stole sensitive details on 100,000 people from an
outsourcing company named Interserve, but the attackers are unknown and the
company offered no additional information.

News of the intrusion surfaced a couple of days ago, and
it looks like a lot of the data stolen is sensitive, including employee names
and their addresses, bank details, payroll information, HR records, pension
information and much more.

Such data is extremely valuable on the dark web, as it
can be used in a variety of ways, such as stealing people’s identities,
compromising their bank accounts and so on. Interserve works directly with the
UK government, making it all the more a target. According to a Telegraph
report, the company recently helped build the Birmingham Nightingale Hospital.

“Interserve was the target of a cybersecurity attack
earlier this month. Interserve is working closely with the National Cyber
Security Centre (NCSC) and Strategic Incident Response teams to investigate,
contain and remedy the situation,” said an Interserve spokesperson.

“This will take some time and some operational services
may be affected. Interserve has informed the Information Commissioner (ICO) of
the incident. We will provide further updates when appropriate. Interserve’s
employees, former employees, clients and suppliers are requested to exercise
heightened vigilance during this time.”

People affected by the data breach should pay close
attention to their bank accounts and other online accounts for any sign of
compromise. Making matters worse, Interserve is on the verge of being broken up
as it had financial problems and the new owners will take further steps in this
direction in coming months. Dealing with a massive data breach is just the
cherry on top.

Posts navigation

1 2 3 4 5 6 7
Scroll to top