Tag Archive for: exposes

Toyota Financial Services ransom attack exposes customer banking info

/in


Toyota Financial Services (TFS) says personal details, including bank account information, were compromised in last month’s ransomware attack claimed by the Medusa ransomware gang.

The European branch of the Japanese automaker’s vehicle financing and leasing subsidiary sent a notice, to affected individuals informing them of the exposure.

On December 5th, TFS has also announced the breach on its website and that “unauthorized persons had gained access to personal data.”

“As announced on November 16th, Toyota Financial Services Europe & Africa has detected unauthorized activity on systems at a limited number of locations, including Toyota Kreditbank GmbH in Germany,” the post stated, translated from German.


TFS handles auto loans, leases, and other financial services to Toyota customers in every continent.

Toyota Deutschland GmbH is an affiliated company held by Toyota Motor Europe (TME) in Brussels, Belgium and located in Köln (Cologne).

The breach notification letter, also sent in German,
 explains that certain TKG files were accessed during the attack.

Toyota Financial Services breach notice

At this time, TFS can confirm the compromised information of those affected includes first and last names, as well as their residential postal code.

Other contract information that may have been exposed includes “contract amount, possible dunning status, and your IBAN (International Bank Account Number),” the letter stated.

“We regret any inconvenience this may have caused to customers and business partners,” TFS wrote.

“It’s not clear how the attackers initially gained access to Toyota’s systems, but with unauthorized access being detected, this could indicate stolen credentials were involved,” said CEO of My1Login Mike Newman.

Data frequently reveals that phishing and credential theft are two of the most common attack vectors used to deploy ransomware, Newman explained.

Newman said the incident is yet another example of “how criminals hold all the power when it comes to ransomware,” adding that for groups like Medusa, the money-making opportunities are endless.

“It doesn’t matter if the organization pays the ransom demand, attackers always have the upper hand as they can still…

Source…

MGM Hack Exposes Social Security Numbers – 24/7 Wall St.

/in


Business

September 19, 2023 7:30 am

Last Updated: September 19, 2023 8:49 am

For more than a decade, Americans have worried that hacks of big companies might expose some of their confidential data. According to LifeLock, this has happened with the huge MGM hack, which included six terabytes of data from MGM and Caesars. Members of the loyalty club of the companies had Social Security numbers and driver’s license data exposed. It is unclear whether any of those people face identity theft. (These are 22 notorious unsolved crimes in American history.)

Some hacks that exposed a huge amount of data are over a decade old. The Sony PlayStation network was hacked in 2011, exposing 77 million personal records. Experian, the credit rating agency, was hacked earlier this year. Given the business it is in, it should have the best anti-hacking system in the world.

In the dark world of hackers, efforts have not stopped at companies. City software systems and hospitals have been hacked, in some cases affecting patient data and the ability of metros to operate key services.

Hackers have started to ask for large amounts of money as ransom, which can stretch into millions of dollars. These payments must be made for organizations with essential parts of the systems taken down.



ALSO READ: Biggest Financial Frauds and Scandals of the 21st Century

Consumer and business concerns extend beyond identity theft. A major hack of banks threatens deposits. The FDIC protects deposits up to $250,000, but what if businesses have more than that at stake?

The cold truth about hacks is that software protection companies meant to shield clients are not good enough. The skills of hackers have stayed one step ahead. There is no reason to think that will stop.

Source…

Winrar Zero-Day Hack Exposes Crypto Accounts

/in


(MENAFN– CoinXposure)
The developers of the file compression software WinRAR have rectified a zero-day vulnerability that allowed hackers to install malware on the computers of unsuspecting victims and access their cryptocurrency and stock trading accounts.

On August 23, the singapore-based cybersecurity company Group-IB disclosed a zero-day vulnerability in WinRAR’s handling of the ZIP file format.

The zero-day vulnerability identified as CVE-2023-38831 was exploited for approximately four months, allowing attackers to install malware when a victim clicked on archive files.

According to the report, the malware would then enable hackers to compromise online crypto and stock trading accounts.

Using the exploit, threat actors were able to generate maliciRAR and ZIP archives containing files that appeared to be harmless, such as JPG images and PDF documents.

These weaponized ZIP archives were then disseminated on trading forums aimed at crypto traders, containing trading strategies such as“Best Personal Strategy for Trading with Bitcoin.

The report affirmed that maliciarchives made their way onto at least eight public trading forums, infecting at least 130 devices; however, the financial losses sustained by the victim are unknown.

WinRar exploit infection chain. Source: Group-IB

See also cristiano ronaldo, binance partner for“forevercr7” 2 months ago

Upon execution, the script initiates a self-extracting (SFX) archive that infects the target computer with varistrains of malware, including DarkMe, GuLoader, and Remcos RAT.

These grant the perpetrator remote access privileges on the compromised system. DarkMe malware has been utilized in the past for cryptographic and financial-motivated attacks.

The researchers informed RARLABS, which rectified the zero-day vulnerability in the August 2 release of WinRAR version 6.23.

In August, BlackBerry identified several malware families that actively targeted computers to mine or pilfer cryptocurrencies.

In the same month, a newly discovered remote access tool dubbed HVNC (Hidden Virtual Network Computer) was discovered for sale on the dark web. This tool allows hackers to compromise Apple operating…

Source…

Critical MikroTik RouterOS Vulnerability Exposes Over Half a Million Devices to Hacking

/in


Jul 26, 2023THNNetwork Security / Vulnerability

MikroTik RouterOS Vulnerability

A severe privilege escalation issue impacting MikroTik RouterOS could be weaponized by remote malicious actors to execute arbitrary code and seize full control of vulnerable devices.

Cataloged as CVE-2023-30799 (CVSS score: 9.1), the shortcoming is expected to put approximately 500,000 and 900,000 RouterOS systems at risk of exploitation via their web and/or Winbox interfaces, respectively, VulnCheck disclosed in a Tuesday report.

“CVE-2023-30799 does require authentication,” security researcher Jacob Baines said. “In fact, the vulnerability itself is a simple privilege escalation from admin to ‘super-admin’ which results in access to an arbitrary function. Acquiring credentials to RouterOS systems is easier than one might expect.”

This is because the Mikrotik RouterOS operating system does not offer any protection against password brute-force attacks and ships with a well-known default “admin” user, with its password being an empty string until October 2021, at which point administrators were prompted to update the blank passwords with the release of RouterOS 6.49.

CVE-2023-30799 is said to have been originally disclosed by Margin Research as an exploit dubbed FOISted without an accompanying CVE identifier in June 2022. The security hole, however, was not plugged until October 13, 2022, in the RouterOS stable version 6.49.7 and on July 19, 2023, for the RouterOS Long-term version 6.49.8.

Vulnerability

VulnCheck noted that a patch for the Long-term release tree was made available only after it directly contacted the vendor and “published new exploits that attacked a wider range of MikroTik hardware.”

A proof-of-concept (PoC) devised by the company shows that it’s possible to derive a new MIPS architecture-based exploit chain from FOISted and obtain a root shell on the router.

UPCOMING WEBINAR

Shield Against Insider Threats: Master SaaS Security Posture Management

Worried about insider threats? We’ve got you covered! Join this webinar to explore practical strategies and the secrets of proactive security with SaaS Security Posture Management.

Join Today

“Given RouterOS’ long history of…

Source…