As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 14, 2024
Information security updates and events from the past week
1 – AT&T finally confirms that 73 million customer data was leaked on a hacker forum
AT&T has finally confirmed that it is affected by a data breach affecting 73 million current and former customers, after initially denying that the leaked data originated with them.
This comes after AT&T repeatedly denied in the past two weeks that vast amounts of customer data was leaked from them or that their systems were hacked.
2 – Yacht retailer MarineMax reveals data breach after cyber attack
One of the world’s largest recreational boat and yacht stores, MarineMax, says attackers stole employee and customer data after breaching its systems in a cyber-attack in March.
The Florida yacht seller said in a March 12 filing with the SEC that it did not store sensitive data on the compromised systems. Still, on Monday, a new 8-K filing revealed that the malicious actors gained access and stole personal data belonging to an unknown number of people.
3 – PandaBuy shopping platform data leak affects 1.3 million users
Data belonging to more than 1.3 million customers of the online shopping platform PandaBuy was allegedly leaked after two threat actors exploited multiple vulnerabilities to hack into the systems.
Yesterday, a threat actor named ‘Sanggiero’ claimed a breach at PandaBuy, allegedly together with another threat actor named ‘IntelBoker’.
4 – Sensitive files mysteriously disappeared from EUROPOL headquarters
The website Politico reported that Europol suffered a serious security breach, a group of sensitive files of senior law enforcement officials, including Europol CEO Catherine de Boll, disappeared last summer.
The sensitive documents were in a secure storage room at Europol headquarters in The Hague. The European Police opened an investigation, which is still ongoing, into the security breach.
https://securityaffairs.com/161416/data-breach/europol-highly-sensitive-files-disappeared.html
5 – Data breach at Prudential Financial: About 36,000 user data was stolen
Prudential Financial, from the financial services sector based in Newark, New Jersey, has reported a serious security incident.
The breach, which was discovered on February 5, 2024, happened just a day before. This involved sophisticated social engineering tactics that led to unauthorized access to the company’s external systems.
https://cybersecuritynews.com/prudential-financial-data-breach/
6 – Omni hotels have been experiencing a nationwide IT outage since Friday
Omni Hotels & Resorts experienced a chain-wide outage that brought down its IT systems on Friday, affecting reservations, hotel room door locks and point-of-sale (POS) systems.
The official site was down on Friday, and an alert was added after it came back online over the weekend, warning customers, “Dear Guest, We are currently experiencing technical difficulties, please try again later.”
7 – Jackson County in state of emergency after ransomware attack
Jackson County, Missouri, entered a state of emergency after a ransomware attack took down some county services on Tuesday.
“Jackson County has confirmed that a ransomware attack was responsible for the disruption of several county services today,” the Missouri county said.
8 – The US State Department is allegedly investigating the theft of government data
The US State Department is investigating claims of a cyber incident after a threat actor leaked documents allegedly stolen from a government contractor.
Acuity, which was reportedly hacked to steal this information, is a technology consulting firm with nearly 400 employees and $100+ million in annual revenue.
It provides DevSecOps, IT operations and modernization, cyber security, data analytics, and operations support services to civilian and national security customers.
9 – Notice from Activision: Enable 2FA to secure accounts recently stolen by malware
An infostealer malware campaign collected millions of hits from users of various gaming sites, including players who use cheats, pay-to-cheat services.
The details emerged after Alexander Wallace, aka ‘PainCorp’, notified Zebleer, the developer of Phantom Overlay cheats for Call of Duty and Counter-Strike, about a database of information thieves he had found.
“The DB for the thief represents far more gaming-related accounts than anything else,” Zebleer said, adding that “this is the largest data-stealing malware campaign targeting gamers in history.”
10 – The Hot Topic chain was hit by credential stuffing attacks
US retailer Hot Topic revealed that two waves of credential stuffing attacks in November exposed customers’ personal information and partial payment data.
The Hot Topic fashion chain has over 10,000 employees in more than 630 stores across the US and Canada, corporate headquarters and two distribution centers.
The attacks highlighted in this report aren’t just incidents; they’re blueprints of the adversary’s arsenal. To protect your business you need the right protection. Cyberone is here to help! Check out our services.
