Orbitz admits data breach exposed 880,000 credit card details

Breach occurred in 2016 but took two years to travel into Orbitz's view

The company fessed up to what it suspects was a cyber attack made against the personal and payment information of its customers, with data such as dates of birth, email addresses, billing addresses and phone numbers thought to have been exposed.

Credentials for some 880,000 payment cards may have also been nicked as part of the breach, Orbitz said.

The data breach appears to have involved hackers cracking into a legacy website run by Orbitz between January and June 2016, though the company only caught wind of it on 1 March.

A partner platform that also contained Orbitz customer data is also thought to have been breached between January 2016 and December 2017.

Orbitz is now notifying its customer about the breach and is offering a free year's worth of credit monitoring and identity protection to help its customers fight any attempts at fraud committed against them, fueled by the exposed data.

While data breaches are getting increasingly high-profile and come with stringent punishment from the Information Commissioner's Office if not reported correctly, they still seem a dime a dozen these days.

FACEBOOK'S MASSIVE SECURITY BREACH

Facebook revealed that a hack in September 2018 allowed attackers to harvest millions of phone

numbers and email addresses. The company said hackers used 400,000 accounts under their control to gain the access tokens of 30 million Facebook users, according to a blog post. Access tokens are used by Facebook users to log into their accounts without having to type in their passwords

Among the 30 million affected users, 14 million had their names, contact information and sensitive information, such as their gender, relationship status and recent place check-ins, exposed to the attackers, Facebook said. Another 15 million users had their names and contact information breached, and 1 million users solely had their access tokens stolen. Facebook has reset the access tokens for all of those users.

• Facebook Take Step to Check Whether the account

is hacked or not

Facebook also published a website where users can go to check if their accounts were affected by the breach, and if so, to what degree their information was exposed.

What it cause

Three software flaws in Facebook's systems allowed hackers to break into user accounts, including those of the top executives Mark Zuckerberg and Sheryl Sandberg, according to two people familiar with the investigation but not allowed to discuss it publicly. Once in, the attackers could have gained access to apps like Spotify, Instagram and hundreds of others that give users a way to log into their systems through Facebook

Apple Releases Security Updates to Address Actively Exploited iOS Zero-Day Flaw

On Wednesday, Apple released security updates to fix a fresh zero-day vulnerability in iOS and iPadOS that the company claimed was already being actively exploited in the wild.

The kernel vulnerability, identified as CVE-2023-42824, could be exploited by a local attacker to gain elevated privileges. The iPhone manufacturer claimed that better checks were used to address the issue.

In a brief advisory, Apple stated, "Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6."

Even while more information about the attacks' nature and the threat actors who carried them out is still unclear, successful exploitation most certainly requires an attacker to have already established a foothold through some other method.

Apple's most recent patch also fixes CVE-2023-5217, a WebRTC component vulnerability that Google last week defined as a heap-based buffer overflow in the VP8 compression codec in libvpx.
For the following devices, the updates, iOS 17.0.3 and iPadOS 17.0.3, are available:
iPhone XS and later.

The iPad Pro 12.9-inch and later models, the iPad Pro 10.5-inch and later models, the iPad Pro 11-inch and later models, the iPad Air 3rd generation and later models, the iPad 6th generation and later models, and the iPad mini 5th generation and later models. Since the beginning of the year, Apple has fixed a total of 17 actively exploited zero-days in its software.

It also arrives two weeks after Cupertino released patches to address three issues (CVE-2023-41991, CVE-2023-41992, and CVE-2023-41993), all of which are alleged to have been used by an Israeli spyware company named Cytrox to infect an iPhone belonging to a former Egyptian lawmaker named Ahmed Eltantawy with the Predator malware earlier this year.

It's worth mentioning that CVE-2023-41992 also relates to a flaw in the kernel that allows local attackers to gain privilege escalation.
It is unclear whether the two problems are related, and whether CVE-2023-42824 is a patch bypass for CVE-2023-41992.

In a recent investigation, Sekoia stated that it discovered infrastructural similarities between customers of Cytrox (aka Lycantrox) and another commercial spyware company called Candiru (aka Karkadann) in December 2021, most likely owing to the use of both spyware technologies.

"The infrastructure used by Lycantrox consists of VPS hosted in several autonomous systems," the French cybersecurity firm explained, adding that each customer appears to run their own instances of VPS and administer their own domain names associated with it.

Tip: Users who are at danger of being targeted should enable Lockdown Mode to decrease their vulnerability to mercenary spyware attacks.

The Blackcat Gang has managed to pull off one of the largest medical data breaches in history, stealing information from 2.5 million patients of McLaren Health Care.

In the United States, Michigan is home to the non-profit healthcare organization McLaren Health Care. Through its network of hospitals, clinics, and healthcare facilities, it is one of the state's largest integrated health systems and provides healthcare to a sizeable section of the population.

McLaren Health Care was added to the list of victims on the ALPHV/BlackCat ransomware gang's Tor leak site. Data belonging to 2.5 million patients of McLaren Health Care, according to the group, have allegedly been taken.

The ransomware gang that the company was suspected of using tried to hide the security lapse. The ransomware group also stated that they continue to have access to the company's network.

"It would have been more fascinating if a Mclaren official had discussed in an interview how they skillfully tried to hide the fact that their network had been hacked and asked not to disclose the stolen data. Mclaren was planning a way out, but instead, they compromised the private information of 2.5 million of their patients. It is merely lip service to say that you would protect your consumers' interests and privacy.

Maclaren We've shown you that you have the lowest level of security ever. You choose to play with us, our backdoor is still active on your network, and we know how to have fun. We also have a fantastic sense of humor. I'll see you later. reads the letter that the ALPHV group posted on its leak website.

The global provider of audio and video equipment for cars and other vehicles, Clarion, as well as the hotel brand Motel One, were among the recent targets of the Alphv ransomware organization, which has been highly active during this time.

15 additional US hospitals and 2 HMOs have reportedly been compromised by the ALPHV BlackCat Ransomware, according to cyber security researcher Dominic Alvieri.

Sony System Allegedly Hacked: What the Latest Ransomware Attack Means For You

Australian cybersecurity publication Cyber Security Connect reported that Sony has been targeted by Ransomed.vc, a new group of hackers operating since September.
The hack allegedly exposed screenshots of Sony's internal log-in page, PowerPoint presentation, Java files, and a document tree containing 6,000 files.
The gang is believed to have connections to previous dark web forums and groups.

We have successfully [compromised] all of [Sony’s] systems,” Ransomed.vc proclaimed. “We won’t ransom them! We will sell the data. Due to Sony not wanting to pay.
DATA IS FOR SALE. WE ARE SELLING IT.”

Among the 6,000 files allegedly contained in the leak are various documents, such as "build log files," Java resources, and HTML data.
Most of the files are reportedly written in Japanese. Although Ransomed.vc has not specified a price for the data,
they have provided contact details for Sony to reach out and indicated a "post date" of September 28, which may be when the data is released to the public.
It is interesting to note that Ransomed.vc is not only a ransomware operator but also a ransomware-as-a-service organization.

This means that they are involved in the large-scale hacks of major corporations. Reports suggest that Ransomed.vc, which is said to be based in Russia and Ukraine,
is taking advantage of the EU's General Data Protection and Regulation (GDPR) and other data privacy laws to report any vulnerabilities or violations in company systems.
As reported by Cyber Security Connect, the group is utilizing laws to accomplish their goal.
Sony released a statement to IGN on September 26th regarding the claims, saying that they are currently investigating the situation and have no further comment at this time.

Apple is rushing to fix zero-day vulnerabilities used by the iPhone's Pegasus spy software

Apple has released security patches for iOS, iPadOS, macOS, and watchOS to address two zero-day holes used to distribute Pegasus spyware from NSO Group.

The problems are listed below:

CVE-2023-41061 - A validation flaw in Wallet that, when handled by a maliciously designed attachment, might lead to arbitrary code execution.

When processing a maliciously created image, CVE-2023-41064, a buffer overflow flaw in the Image I/O component, might lead to arbitrary code execution.

CVE-2023-41061 was identified internally by Apple with "assistance" from the Citizen Lab, whereas CVE-2023-41064 was discovered by the Citizen Lab at the Munk School of the University of Toronto.

The updates are available for the following devices and operating systems -iOS 16.6.1 and iPadOS 16.6.1 - iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

macOS Ventura 13.5.2 - macOS devices running macOS Ventura

watchOS 9.6.2 - Apple Watch Series 4 and later

Citizen Lab has discovered twin flaws in a zero-click iMessage exploit chain called BLASTPASS, which can deploy Pegasus on fully-patched iPhones running iOS 16.6 without any interaction from the victim. The exploit involves PassKit attachments containing malicious images sent from an attacker iMessage account to the victim. Technical details about the shortcomings have been withheld due to active exploitation, but the exploit bypasses Apple's BlastDoor sandbox framework to mitigate zero-click attacks.

While studying an unnamed device belonged to a Washington, D.C.-based civil society organization with foreign offices, Citizen Lab disclosed a recent discovery that mercenary malware and sophisticated exploits are targeting civil society.

Since the beginning of the year, Cupertino has repaired 13 zero-day defects in its software, more than a month after addressing an exploited kernel issue. The zero-days coincide with the Chinese government's decision to forbid the use of foreign-branded devices for work, which reduces reliance on foreign technology and intensifies the Sino-American trade war.

The Chinese government has banned iPhones and other foreign-branded devices for government officials to reduce reliance on overseas technology and amid the Sino-U.S. trade war. Security researcher Zuk Avraham claims that iPhones are not safe against simple espionage, despite their reputation as the most secure phone. He cites the number of 0-clicks commercial companies have experienced over the years, highlighting the lack of protection against cyber espionage via iPhones.

VMConnect Supply Chain Threat

In recent months, the cybersecurity landscape has been marred by the persistence of the VMConnect Supply Chain Attack. This blog post aims to provide a professional yet easily understandable overview of this ongoing threat.

Understanding the VMConnect Supply Chain Attack

The VMConnect Supply Chain Attack is a sophisticated cyber threat that targets the software supply chain. This attack vector is particularly concerning because it infiltrates trusted software repositories and distribution channels, making it challenging to detect.
Diving into details
The researchers have discovered that the people behind this operation go to considerable measures to make their actions appear genuine. They set up GitHub repositories with descriptions that appear real and even employ legitimate source code.

Tablediter (736 downloads), Request-Plus (43 downloads), and Requestspro (341 downloads) are some of the most recent packages found.

Among these recently found packages, the first one appears to pose as a tool for modifying tables, while the other two mimic the widely utilized

Attributions

While ReversingLabs was unable to positively identify the threat actor behind this campaign, Crowdstrike's analysts were confident in their identification of the malware's source as Labyrinth Chollima, a branch of the Lazarus Group, a state-sponsored threat organisation based in North Korea

JPCERT/CC connected the attack to DangerousPassword, another Lazarus Group affiliate, in addition to the aforementioned information.

These attributions, along with the striking code similarities between the packages discovered in the VMConnect campaign and those detailed in JPCERT/CC's investigation, have led researchers to the conclusion that the same threat actor is behind both assaults.

Conclusion

The VMConnect Supply Chain Attack is a persistent threat that demands vigilance and proactive security measures from organizations. By staying informed and taking steps to secure your software supply chain, you can better protect your systems and data from this evolving danger

Best Cyber Security Course In Mumbai ! With placement