The past week was not marked by loud cybersecurity incidents. We have observed only 6 major incidents, involving security and data breaches in Forever 21 manufacture, US Department of Defence, DXC Technologies and Australian Broadcasting Corporation (ABC).
Below is the list of the most noticeable incidents along with brief description and commentary.
- One of the largest manufacturers and retailers of fashionable clothing Forever 21 reported a security breach. Due to improper protection on some of PoS-terminals in Forever 21' stores, unknown actors managed to obtain unauthorized access to payment card data.
The company didn't specify, which stores were affected. However, it stated that customers who made purchases from March to October 2017 could be affected.
- American IT company DXC Technologies suffered a great damage after its private AWS key was mistakenly left in open access.
On September 27, a technical group member created an open repository on GitHub and uploaded the key. This AWS key has been used for 4 days to create 244 AWS virtual machines and cause DXC Technologies damage to the extent of $ 64K.
- Experts for Bitdefender detected a new banking Trojan dubbed Terdot. The malware is able to track and modify users' publications on Facebook and Twitter, as well as intercept e-mails. The Trojan’s code is based on Zeus malware.
Troyan has been active since the middle of 2016 and mainly attacks users in the US, Canada, Britain, Germany and Australia.
Terdot is spread via phishing emails containing a link to a PDF document. When the system is affected, the Trojan embeds in the browser processes to intercept traffic. It can also download additional spyware to extract data and send it to C&C servers.
- According to Ukrainian law enforcement agencies unknown hackers published a list of ATO (military operation conducted in the east of Ukraine) participants allegedly stolen from the server of the Ministry of Internal Affairs of Ukraine.
Employees of the Department of Cyber Police of the National Police of Ukraine managed to detect a computer used for access local network and steal personal data.
- The Australian Broadcasting Corporation (ABC) accidentally allowed the leakage of confidential user data stored on at least two unprotected Amazon Web Services S3 servers.
The incident was revealed
by analysts at Kromtech Security Center during a study of incorrectly configured cloud storage. The discovered archive contained thousands of e-mails, logins and hashes of user passwords, requests for licensed content from producers, private keys and credentials for access to other repositories, video content, as well as 1.8 thousand daily backup copies of MySQL database (since 2015 till nowadays).
- Security expert Chris Vickery discovered three improperly configured Amazon S3 servers containing about 1.8 billion publications made by users around the world.
Discovered databases under the names "centcom-backup", "centcom-archive" and "pacom-archive" belong to the US Central Command (CENTCOM) and the Pacific Command of the US Armed Forces (PACOM).By Olga Vikiriuk