Tag: Potentially | SpinSafe

1.3 Million FNF Customers’ Data Potentially Exposed in Ransomware Atta

January 11, 2024/in Internet Security

Fidelity National Financial (FNF) has revealed that around 1.3 million customers’ data may have been exposed during a ransomware attack it suffered in 2023.

The firm, which provides title insurance services to the real estate and mortgage industries, notified the Securities and Exchange Commission (SEC) of the number of potentially impacted consumers in an updated filing on January 9, 2024.

The incident was first disclosed in November 2023, and forced FNF to take down certain systems, resulting in disruption to its business operations.

The ALPHV/BlackCat ransomware group subsequently claimed responsibility for the attack, announcing FNF’s inclusion on their leak site.

New Details About the FNF Ransomware Attack

The updated filing appeared to confirm the incident was a ransomware attack.

The firm stated that following the completion of a forensic investigation on December 13, “we determined that an unauthorized third-party accessed certain FNF systems, deployed a type of malware that is not self-propagating, and exfiltrated certain data.”

FNF said it has notified approximately 1.3 million potentially impacted consumers, and is providing them with credit monitoring, web monitoring and identity theft restoration services.

It is also continuing to coordinate with law enforcement, regulators and other stakeholders.

There is no evidence any customer-owned system was directly impacted in the incident, nor has it received any customer reports that this has occurred, the company said.

FNF successfully contained the incident on November 26, 2023, and full services have been restored. The last confirmed date of unauthorized third-party activity in its network was November 20, 2023.

“At this time, we do not believe that the incident will have a material impact on the Company,” read the filing.

Details relating to how the attackers gained initial access into the firm’s systems and the nature of the personal data that was exposed were not provided.

FNF acknowledged that it is subject to several lawsuits related to the incident and will “rigorously defend itself” against such claims.

Earlier this week (January 9), retail mortgage lender LoanDepot revealed it had…

Source…

A 15-Year-Old Unpatched Python bug potentially impacts +350K projectsSecurity Affairs

September 22, 2022/in Internet Security

More than 350,000 open source projects can be potentially affected by a 15-Year-Old unpatched Python vulnerability

More than 350,000 open source projects can be potentially affected by an unpatched Python vulnerability, tracked as CVE-2007-4559 (CVSS score: 6.8), that was discovered 15 years ago.

The issue is a Directory traversal vulnerability that resides in the ‘extract’ and ‘extractall’ functions in the tarfile module in Python. A user-assisted remote attacker can trigger the issue to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.

“While investigating an unrelated vulnerability, Trellix Advanced Research Center stumbled across a vulnerability in Python’s tarfile module. Initially we thought we had found a new zero-day vulnerability. As we dug into the issue, we realized this was in fact CVE-2007-4559.” reads the post published by security firm Trellix.”The vulnerability is a path traversal attack in the extract and extractall functions in the tarfile module that allow an attacker to overwrite arbitrary files by adding the “..” sequence to filenames in a TAR archive.”

The experts pointed out that the issue was underestimated, it initially received a CVSS score of 6.8, however, in most cases an attacker exploit this issue to gain code execution from the file write. Trellix shared a video PoC that shows how to get code execution by exploiting Universal Radio Hacker:

An attacker can exploit the flaw by uploading a specially crafted tarfile that allows escaping the directory that a file is intended to be extracted to and achieve code execution.

“For an attacker to take advantage of this vulnerability they need to add “..” with the separator for the operating system (“/” or “\”) into the file name to escape the directory the file is supposed to be extracted to. Python’s tarfile module lets us do exactly this:” continues the post.

tarfile python flaw.jpg — Crafting a Malicious Archive (Source Trellix)

“The tarfile module lets users add a filter that can be used to…

Source…

Ransomware potentially exposed 2,000 Ypsilanti-area utility customers’ bank information

August 11, 2022/in Internet Security

YPSILANTI, MI – A ransomware infection, detected by an employee working the midnight shift in mid-April, may have exposed 2,000 Ypsilanti-area utility customers’ bank payment information to unauthorized individuals.

The Ypsilanti Community Utilities Authority, serving Ypsilanti and surrounding townships, isn’t aware of any reports of identify fraud or improper use of information resulting from the incident, detected on April 16, according to a letter sent this month to affected customers.

“We took a very proactive approach from the very beginning. We’ve brought experts on board, and we followed their guidance,” said YCUA Human Resource Director Debra Kinde.

The person or people behind the network breach potentially obtained files containing customers’ names and bank account and routing numbers used for ACH payments to the water and wastewater service provider, affecting about 8% of the authority’s 25,000 customers, according to Kinde and the letter.

Cybersecurity experts have assured YCUA officials that the information alone should not be sufficient to access the accounts. Kinde said while legal counsel brought on to assess the situation determined the the breach didn’t require notification to customers under the law, YCUA felt it was still important to notify them.

“Better that we take that route than for even one person to be caught unaware,” Kinde said. “We just wanted to be extra-transparent.”

Officials quickly contained the cyberthreat by disabling unauthorized access to their network and started an investigation with the assistance of outside digital forensics professionals, according to Kinde and the notification letter to customers.

The ransomware infected encrypted files stored on the network, and YCUA officials received a demand for payment to access them, saying the information would be released otherwise, Kinde said. Officials were able to restore all encrypted data and did not pay any ransom, she said.

On July 15, the investigation into the incident revealed that data accessible to the unauthorized individual or individuals behind the attack included some customers’ banking information, according to the notice sent to customers.

The letter recommends…

Source…

Mailchimp hack potentially leading to crypto wallet thefts

April 6, 2022/in Computer Security

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

Email marketing firm Mailchimp confirms that hackers used one of its own internal tools to access accounts of customers working in finance and cryptocurrency — and a follow-up attack could lead to crypto wallet draining.

In total, some 319 Mailchimp accounts were reportedly viewed, and data from 102 of them was downloaded. Among the affected users was the Trezor cryptocurrency app, which has since tweeted advice for its customers.

MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies.

We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected. 1/

— Trezor (@Trezor) April 3, 2022

Trezor goes into further detail in a blog post which says the hacker or hackers gained access through targeting Mailchimp employees with a social engineering attack.

In the case of Trezor, its Mailchimp account was then used to contact users of the cryptocurrency wallet service. Calling the attack “exceptional in its sophistication,” Trezor says the fake email directed users to download what was a “very realistic” clone of the Trezor Suite wallet app.

Users who downloaded this fake update and then entered their cryptocurrency seed information into the app, could lose funds.

According to Bleeping Computer, Mailchimp’s Chief Information Security officer Siobhan Smyth says the company has warned the affected users.

“On March 26, our Security team became aware of a malicious actor accessing one of our internal tools used by customer-facing teams for customer support and account administration,” Smyth told the publication. “The incident was propagated by an external actor who conducted a successful social engineering attack on Mailchimp employees, resulting in employee credentials being compromised.”

“We acted swiftly to address the situation,” continued Smyth, “by terminating access for the compromised employee accounts and took steps to…

Source…

Tag Archive for: Potentially

New Details About the FNF Ransomware Attack

More than 350,000 open source projects can be potentially affected by a 15-Year-Old unpatched Python vulnerability