Cyber-security stories 28 June 2024

Read the hand-picked cyber security stories for June 28, 2024. These stories include cyber incidents, cyber-attacks, data theft incidents, ransomware incidents, and other cyber-security-related events and incidents from all over the world.

The recent payment delays experienced by customers of HSBC, Virgin Money, and Nationwide underscore significant vulnerabilities within the current banking infrastructure. Outages reportedly affected more than 7,000 customers, disrupting access to online and mobile banking services. Banks reported issues, with customers unable to access their money or pay bills, exacerbating the frustration and financial stress of affected individuals. Read the full story.

The Kosovo government on June 28 banned use of the social media network TikTok in state institutions amid growing global concerns over its potential vulnerability to cyber threats. Bardhyl Dobra, Deputy Minister for Internal Affairs, said that the decision “aims to protect the state institutions of Kosovo against cyber threats, and actions which could be exploited for cyber attacks against the information and communication technology infrastructure of Kosovo’s institutions”. Read the full story.

Panera LLC is facing a proposed class-action lawsuit from former and current employees due to a data breach that exposed employee information during the first quarter of 2024, according to a June 24 complaint filed in the U.S. District Court for the Western District of Missouri. In March, Panera had a systemwide tech outage, which was speculated to be a cybersecurity attack. In mid-June, the company informed staff that personal employee data had been leaked. Read the full story.

The Association of Texas Professional Educators notified the state of the breach in a data security breach report filed with the Texas Attorney General’s Office this month. The compromised data includes some employees’ and members’ names, addresses, social security numbers, dates of birth, and driver’s license numbers. Read the full story.

North Korean hackers have used Google Chrome extensions to gather personal data from South Koreans. The hack employed a complex act of software trickery to install fake translation programs on the devices of unsuspecting victims. Once inside, passwords, emails and other bits of personal data were in the hands of the Pyongyang-backed actors. The attack took place on March 24, 2024. Read the full story.

Following the kick-off of the UEFA Euro 2024 in Germany, Egress’ Threat Intelligence team has observed a massive spike in Euros-related phishing attacks, recording 7,000 unique campaigns with over 24,000 individual attacks since June 17th, 2024. Booking.com was the most impersonated brand, closely followed by German airline, Lufthansa, and Uber.a Other impersonated brands include Trainline, Eurostar, Tripadvisor, Hotels.com and Marriott.com. Read the full story.

TeamViewer, the company that makes widely used remote access tools for companies, has confirmed an ongoing cyberattack on its corporate network. In a statement released on Friday, the company attributed the compromise to government-backed hackers working for Russian intelligence, known as APT29 (and Midnight Blizzard). The Germany-based company said its investigation so far points to an initial intrusion on June 26 “tied to credentials of a standard employee account within our corporate IT environment.” Read the full story.

When the Intercontinental Exchange (ICE) identified a breach in its virtual private network (VPN), the organization immediately launched investigation and remediation efforts. However, it was not until four days later that the company reported the breach to regulators, violating not only the Security and Exchange Commission’s (SEC) compliance requirements but also the company’s own internal cyber incident reporting procedures. This is according to the SEC in its May announcement of a $10 million fine levied on ICE and its affiliates for failure to disclose the breach. Read the full story.

Microsoft Corp has confirmed a breach in its internal systems by a Russian state-sponsored hacking group. The hackers accessed some of the company’s customers’ emails. Microsoft is currently notifying customers who corresponded with the compromised email accounts. The breach has raised questions about the security of Microsoft’s software and systems against foreign threats. The Russian government has not yet responded to these allegations. Read the full story.

Japanese publisher KADOKAWA says the June 8 cyberattack, including ransomware, crippled multiple websites of the KADOKAWA Group, targeting popular video-sharing platform Niconico and related services, affecting manufacturing, distribution, and Web services and merchandise businesses. On June 27, the BlackSuit ransomware gang claimed this attack. The treat actor expects a ransom to be paid by July 1 to refrain from leaking the alleged data trove they own. They say they obtained it by breaching the company’s systems a month ago, even mentioning that the “KADOKAWA network architecture was not organized properly.Read the full story.

Crypto losses to hacks and rug-pulls in the second quarter doubled compared with the year-earlier period, according to security platform Immunefi. Losses totalled almost $572.7 million in Q2, mostly to hacks, while $8.4 million was lost to frauds, the report said. Funds recovery to date is about 5%. DMM Bitcoin and BTCTurk accounted for 63 percent of these losses. Read the full story.

Germany-based remote monitoring and management software company, Teamviewer has confirmed a data breach. The said data breach has affected the corporate environment of the company and was detected on 26 June 2024. The company’s remote monitoring and support tool is in use by over 600,000 customers. However, the company has confirmed that the product environment remains isolated from the corporate environment. No customer data has been impacted. Read the full story.

Expect more cyberattacks like the one that hit CDK Global this week to target key software that manages your doctor visits, bank accounts, mortgage payments and other vital functions, said Frederick Scholl, director of the graduate cybersecurity program at Quinnipiac University. Instead of going after individual companies, hackers are increasingly seeking out shared software platforms to multiply the impact and potential payoff of their crimes. Read the full story.

Juniper networks released a statement that confirmed an authentication bypass vulnerability in the Session Smart Router, Session Smart Conductor, WAN Assurance Router. The authentication bypass vulnerability has a CVSS score of 10 and could lead an attacker to bypass authentication and attack the target devices. This vulnerability affects Session Smart Routers, Session Smart Conductor, WAN Assurance Router. You will need to update the firmware on Session Smart Routers to tide over the threat.The company has already updated the software to resolve the vulnerability. Read the full story.

Infosys McCamish Systems (IMS), a US subsidiary of India’s IT service provider Infosys, has provided more details about the type of data compromised in last year’s cyberattack. According to a breach notification letter submitted to the Maine Attorney General, the cybersecurity incident in late 2023 impacted more than 6 million people. Sensitive customer data and information was accessed by the attacker. The company has been already hit by two class action complaints over last year’s cyberattack. The LockBit ransomware group claimed responsibility for the IMS hack. Read the full story.

Check Point Software Technologies Ltd. has unveiled its latest Threat Intelligence Report for the Indian market revealing cyber numbers for the last six months. The report reveals that the Indian healthcare sector has become a major target for cybercriminals, experiencing an average of 6,935 cyberattacks per week over the past six months, compared to 1,821 attacks per organisation globally. This alarming trend highlights the increased attack surface due to the rapid adoption of technologies such as electronic health records (EHRs), telemedicine, and Internet of Things (IoT) devices. Following healthcare, the most attacked industries in India include Education/Research (6,244 attacks), Consulting (3,989 attacks), and Government/Military (3,618 attacks). Read the full story.

A hacker is claiming to have access to an extensive database associated with the Indian government’s portal for blue-collar workers emigrating from the country. The database reportedly associated with the eMigrate portal contains full names, email addresses, phone numbers, dates of birth, mailing addresses and passport details of individuals who allegedly signed up to the portal, TechCrunch reported. Read the full story.

The bulk of Indonesian government data affected by a recent ransomware cyberattack was not backed up, officials said, in an incident that has exposed the lack of preparations for such an attack in Southeast Asia’s biggest economy. Last week’s cyberattack, the worst in the country in recent years, has disrupted multiple government services including immigration and operations at major airports. The government has said more than 230 public agencies, including ministries, had been affected, but has refused to pay an US$8 million (RM37.7 million) ransom demanded to retrieve the encrypted data. Read the full story.

Minister of Communications and Informatics (Kominfo) Budi Arie Setiadi said he is planning to make a regulation requiring all ministries and institutions to backup their data after the Temporary National Data Center (PDNS) server was hacked. The minister stated that the government did have backup facilities, but it was an optional action prior to the ransomware attack. Read the full story.

Indonesian immigration authorities arrested 103 Taiwan passport holders, an official said on Friday, suspecting them of running a cyber crime operation out of the island of Bali. The raid on June 26 was the biggest arrest this year, the Immigration agency said. “The 103 foreign nationals stayed at the villa and conducted suspicious activities, which we suspect are activities related to cyber crime activities,” he said, presenting laptops and routers at the press conference. Read the full story.

Related stories:

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.