SecureFact - Cyber Security News - Week of July 29, 2024

Data Breach

1. FBCS data breach impact now reaches 4.2 million people

The data breach at Financial Business and Consumer Solutions (FBCS) has now affected approximately 4.2 million individuals in the U.S., significantly increasing from earlier estimates. Initially reported in April as impacting 1.9 million people, this number was later raised to 3.2 million in May. The breach, which was discovered on February, 2024, involved unauthorized access to FBCS's internal network between February 14 and February 26 2024. The types of sensitive personal information compromised include: Full names, Social Security Numbers (SSNs), Dates of birth, Account information, Driver's license numbers or ID cards, Medical information. FBCS has begun notifying affected individuals and is providing guidance on protective measures. They are also offering 24 months of complimentary credit monitoring and identity restoration services through CyEx.

2. India Confirms State-Owned Telecom Giant BSNL’s Data Breach, Millions of User Records Compromised

The Indian government has confirmed a data breach at Bharat Sanchar Nigam Limited (BSNL), which is a state-owned telecommunications company. The breach has compromised sensitive information related to BSNL employees and customers. An investigation has been launched by the government to assess the situation and implement measures to prevent future incidents. BSNL has not provided specific details regarding the extent of the breach or the types of data that were exposed.

3. Compex Data Breach: Legal Firm Notifies Clients of Unauthorized Access to Client Data

Compex Legal Services Inc. has reported a data breach that potentially exposed sensitive information of its clients, including health records and Social Security numbers. The breach was discovered on April 17, 2024, after suspicious activity was detected on its network, which had begun on April 9. The company, which serves over 500 insurance companies and 4,000 law firms, is currently conducting an internal investigation with the help of cybersecurity specialists to assess the scope of the breach. Compex plans to notify affected individuals directly once it completes a review of the compromised data. The exposed information may include names, dates of birth, medical diagnoses, treatment details, medical record numbers, and health insurance information. Compex is advising potentially impacted individuals to monitor their accounts for signs of identity theft and to be vigilant against unusual activity.

4. BMW Data Breach Exposes 14,000 Hong Kong Customers’ Personal Information

BMW has reported a major data breach affecting approximately 14,000 customers in Hong Kong. BMW Concessionaires (HK), the exclusive distributor of BMW vehicles in Hong Kong, revealed that sensitive information belonging to around 14,000 of its customers had been exposed. This includes names, mobile numbers, and SMS opt-out preferences, reported South China Morning Post. The company disclosed that the compromised data was managed by a third-party contractor, Sanuker, which had alerted both the police and the privacy watchdog about the BMW data leak.

5. Bullhorn Refutes Data Breach Claims, Confirms Partner Company Was Impacted

Bullhorn, a staffing software provider, is facing a class-action lawsuit following a data breach that reportedly exposed sensitive personal information of over 1.5 million individuals. The breach, which occurred in early 2023, involved unauthorized access to data including names, addresses, Social Security numbers, and financial information. The lawsuit alleges that Bullhorn failed to implement adequate security measures to protect user data, leading to the breach. Plaintiffs are seeking damages for the potential risks of identity theft and fraud resulting from the exposure.

 Malware and Vulnerabilities

1. Docker fixes critical 5-year old authentication bypass flaw

Docker has addressed a critical vulnerability, identified as CVE-2024-41110, that allows attackers to bypass authorization plugins in certain versions of Docker Engine. This flaw, which has a CVSS score of 10.0, was first discovered in January 2019 but was not properly fixed in subsequent releases, leaving it exploitable for five years. The vulnerability allows an attacker to send a specially crafted API request with a Content-Length of 0, which results in the Docker daemon forwarding the request to the authorization plugin without the necessary data for validation. This could lead to unauthorized actions, including privilege escalation. Docker recommends users upgrade to versions v23.0.14 and v27.1.0 as soon as possible.

2. Over 3,000 GitHub accounts used by malware distribution service

Threat actors known as 'Stargazer Goblin' have established a malware Distribution-as-a-Service (DaaS) operation using over 3,000 fake GitHub accounts. This network, named Stargazers Ghost Network, distributes various types of information-stealing malware, including RedLine and Lumma Stealer, through GitHub repositories and compromised WordPress sites. Check Point Research revealed that this organized scheme is notable for its scale and effectiveness, as users often perceive GitHub as a trusted source, making them more likely to download malicious files.

 3. Two Vulnerabilities Discovered in LangChain GenAI Framework

The article from Palo Alto Networks' Unit 42 discusses vulnerabilities associated with LangChain, a framework designed for building applications with large language models (LLMs). The article identifies several vulnerabilities within LangChain that can be exploited, potentially leading to unauthorized access and data leakage. It categorizes the vulnerabilities into issues such as improper input validation, which can allow for command injection, and inadequate authentication mechanisms. The vulnerabilities pose risks to applications built on LangChain, as attackers could manipulate the framework to execute arbitrary code or access sensitive information.