As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 17, 2024
Information security updates and events from the past week
1 – The Dropbox company reports that attackers managed to access the production environment of the Dropbox Sign service and were exposed to sensitive customer information.
The disclosed information belongs only to customers who use the Dropbox Sign service, designed for digitally signing documents, among the disclosed information: usernames, phone numbers, API keys and more.
2 – SynLab reports the shutdown of all company activity in Italy due to a ransomware attack.
The company operates about 380 laboratories where it performs various tests and now reports that it is forced to disable all computer systems and laboratory tests until the end of the event.
At this point, no infidel group has claimed responsibility for the attack.
3 – The Qantas app exposed sensitive passenger details to random users
Qantas Airways confirms that some of its customers were affected by a misconfiguration of its app that exposed sensitive information and boarding passes to random users.
Qantas, Australia’s flagship airline and the largest airline by fleet size, operates 125 aircraft and serves 104 destinations. Qantas has approximately 23,500 employees and annual revenues of nearly $12.9 billion.
Earlier today, several users of the Qantas app reported on social media that they could view other users’ travel details, including personal identification information, boarding passes for future flights and other account information.
4 – London Drugs pharmacy chain closes stores after cyber attack
Canadian pharmacy chain London Drugs has closed all its retail stores to contain what it described as a “cyber security incident.”
The company also hired outside experts to investigate the cyberattack that affected its systems over the weekend.
“On April 28, 2024, London Drugs discovered that it was the victim of a cyber security incident. Out of an abundance of caution, London Drugs is closing all stores across Western Canada until further notice,” London Drugs said in a statement.
5 – ICICI Bank exposed credit card data of 17,000 customers
ICICI Bank, one of India’s leading private banks, accidentally disclosed details of thousands of new credit cards to customers who were not the intended recipients.
The bank blocked 17,000 credit cards due to a technical bug in its mobile banking application, ‘iMobile’.
The glitch allowed users to receive card details of other customers. Exposed financial information includes credit card numbers, expiration dates and CVV values.
6 – Hackers claim to have penetrated the main security service of Belarus
A group of Belarusian hackers claims to have penetrated the network of the country’s main KGB security agency and accessed personnel files of more than 8,600 employees of the organization, which still goes by its Soviet name.
Authorities did not respond to the claim, but the website of the Belarusian KGB opened with a blank page on Friday that said it was “under development”.
To back up its claim, the Belarusian Cyber-Partisans group published a list of the site’s administrators, its database and server logs on its page on the Telegram messaging app.
7 – LA County Health Services: Patient data exposed in phishing attack
The Los Angeles County Department of Health Services has disclosed a data breach after thousands of patients’ personal and health information was leaked in a data breach stemming from a recent phishing attack that affected more than 20 employees.
This integrated health system operates the public hospitals and clinics in LA County. (the most populous county in the United States) and is the second largest public health system in the country after NYC Health.
As disclosed in data breach notices sent to potentially affected individuals, 23 employees had their mailboxes hacked after their login information was stolen in an attack in February.
8 – The supply of beverages in Sweden was severely affected by a ransomware attack on a logistics company
Systembolaget’s Skanlog distributor, the Swedish government-owned retail chain, suffered a ransomware attack.
Systembolaget has a monopoly on the sale of alcoholic beverages containing more than 3.5% alcohol by volume. It operates stores throughout Sweden and is responsible for the retail sale of wine, spirits and strong beer.
“It affects about 15% of our sales volume. Wine and spirits the most,” Sofia Sioman Waas, press officer at Systembolaget, told Euronews Next.
9 – Data breach at Kaiser Permanente could affect 13.4 million patients
Healthcare provider Kaiser Permanente has disclosed a data security incident that could affect 13.4 million people in the United States.
Kaiser Permanente is an integrated managed care corporation and one of the largest health plans in the United States.
It operates 40 hospitals and 618 medical facilities in California, Colorado, the District of Columbia, Georgia, Hawaii, Maryland, Oregon, Virginia and Washington.
The attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right protection. Cyberone is here to help! Check out our services.