In this week's Cyber Weekly:
Thanks to all 11,569 subscribers. It really takes a community to fight against cyberattacks. By sharing and commenting on these newsletters, we can reach more people and help others from becoming a statistic. Share your comments below or simply like the post.
On another note, I asked everyone what percentage of the world you thought was affected by a cyber attack last year and 66% shocked me with your answer. Check out the poll here.
Also, follow me on LinkedIn for daily cyber security discussions >> Luigi Tiano.
A Swiss hacker by the name “maia arson crimew” claims they discovered a No-Fly List of Alleged Terrorist suspects on an unsecured server run by Michigan-based airliner CommuteAir. Buried in the server, which also included personal information of nearly 1,000 CommuteAir employees, was a file labeled, “NoFly.csv.”
The file, first reported on by The Daily Dot, is reportedly in reference to a small subset of the U.S. government’s Terrorist Screening Database, maintained by the DOJ, FBI, and Terrorist Screening Center (TSC).
The 80 mb exposed file from 2019, left publicly viewable on the open internet, included over 1.5 million entries. Those entries included the names and birthdates of people with suspected ties to terrorist organizations. (gizmodo)
My thoughts: Whether the information contained within is accurate or not is debatable. However, the fact that this was found on a server for a small regional airline’s internal use opens up some questions.
No fly lists have existed for a very long time, and CSV was the way this data was often kept and managed. Often considered as a “database”. Hard to believe isn’t it! These lists in theory are dynamic. How do they remain up to date? Who sends and receives these files?
Data exchange, especially when dealing with PII is a very sensitive issue and regardless of who is on the list, the data should be safeguarded and transferred with the highest level of integrity and confidentially with the minim Data at rest or in flight is of equal importance.
It was revealed that hackers stole personal information of 35,000 PayPal customers in December 2022. Information stolen included social security numbers, usernames, addresses, dates of birth and individual tac identification numbers.
As of now, there is no indication that any financial information was stolen or that any accounts were misused. PayPal offered the affected customers guidance on how to protect their personal information, reset their passwords and providing identity theft monitoring services.
The cybercriminals used a credential-stuffing attack to gain access to the personal information. The attackers use previously stolen emails and passwords and reuse them on other apps with the assumption that people reuse passwords. (cnet)
My thoughts: What if online services asked you if the password you were using was already being used for another platform or service? Do you think that would encourage people to stop using the same password everywhere? Use at least 12 characters in your password and be sure to use upper/lower case, numbers and special characters. (be creative!)
T-Mobile was hacked yet again. It is the 5th attack on the communication conglomerate. This time the hackers used a company API to obtain data tied to the customer accounts. This time around, 37 million people’s personal information was affected. Just last year, they agreed to a $500 million settlement for a previous attack affected 77 million people.
"Five breaches in five years," noted Chester Wisniewski, field chief technology officer for applied research at security company Sophos. "People can decide for themselves if they want to stick with T-Mobile." (cnet)
My thoughts: At the end of the day, consumers should be able to expect that a mobile conglomerate worth billions of dollars and with repeated security incidents is employing enough resources to protect their personal data. It is clear that T-Mobile has taken positive steps towards hardening their security processes, but until they can string together some major successes in terms of preventing attacks, it is hard to give them the benefit of the doubt.
MailChimp, the email marketing platform, got hacked for the second time in the last 6 months. What’s worse is that the second attack was very similar to the first attack. The hackers targeting contractors and employees with a social engineering attack. This is when someone uses phone, email or text to manipulate the user to share their information.
The hacker then used this stolen information to gain access to 133 MailChimp accounts. Out of those 133 clients, WooCommerce, the e-commerce giant and popular sports-betting platform, Fanduel, were on that list.
As a result, getting that one customer password led to a list of 133 clients which led to thousands and thousands of people’s information being compromised. The extent of the attack is still unknown. We are likely to hear more vendor-related hacks in the upcoming future. (techcrunch) (fanduel)
My thoughts: The investigation into this breach is far from over. Intuit, the parent company, acquired MailChimp just over a year ago. They are known for their TurboTax software, it’s recent purchase of Credit Karma and acquisition of Mint. MailChimp’s client roster is clearly impressive. And so, I can only imagine the effort required to prevent this from happening again can be huge. Now that they were penetrated once, I would not be surprised if one of their companies are hacked again this year. Let’s hope not!
I started Assurance IT with my childhood friend Ernesto Pellegrino in 2011. Our mission is to help 100,000 companies become cyber resilient through our services and free content. We focus on helping mid-sized organizations with data protection and data privacy. Our primary services include: endpoint management, cloud backup, DRaaS, Microsoft 365 backup, and Quebec's Law 25 training.
Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.