Cyber Security Headlines: American Airlines hacked, $160M swiped from Wintermute, 2K and Rockstar victimized by cyberattacks

American Airlines announce breach of customer and staff info

On Tuesday, American Airlines indicated that “a very small number of customers’ and employees’ personal information” was compromised in a data breach. The aerospace giant  confirmed that the source of the incident was a phishing attack which resulted in compromise of “a limited number of team-member mailboxes.” On Friday, American Airlines sent a breach notification letter to affected customers offering two years of Experian identity theft protection.  

(IT Security Guru)

Crypto market maker hacked for $160 million

On Tuesday, crypto market making firm Wintermute said the firm remains solvent despite being hacked for 90 assets worth $160 million. Wintermute’s CEO, Evgeny Gaevoy, said on Twitter that the money was related to its DeFi operations and that its centralized exchange and over-the-counter offerings were not affected. Interestingly, Gaevoy said that the firm was open to treating the incident as a white hat hack and would allow the hacker to keep some of the money as a bug bounty, if they returned the rest.

(The Block)

2K and Rockstar fall victim to cyberattacks

Hackers have compromised the support system of 2K, the American video game company who publishes popular game franchises, including NBA 2K, Borderlands, and WWE 2K, among others. On Tuesday, the attackers began using their access to 2K’s Zendesk ticketing system to send support tickets to gamers. Ticket notifications were then followed by emails containing attachments masquerading a new game launcher. Instead the file contains the widely-used RedLine password-stealing malware, the same malware discovered last week targeting gamers on YouTube. Anyone who downloaded the 2K launcher is urged to scan their computer with antivirus software, removing any detected malware and to change passwords for any frequently visited sites.

Another gamemaker, Rockstar Games, was breached over the weekend. In what appears to be a twist of irony, the maker of Grand Theft Auto, had its data stolen by the hackers. The hackers began leaking videos of the unreleased game and source code files for both GTA V and GTA VI.Though it is unclear if the attacks are related, both Rockstar Games and 2K are subsidiaries of Take-Two Interactive, one of the largest game publishers in the Americas and Europe.

(Bleeping Computer)

Thanks to today’s episode sponsor, 6clicks

The 6clicks GRC solution comes with a fully integrated content library full of hundreds of standards, assessment templates, libraries, playbooks, and more. With the content library included in every 6clicks license, organizations can get started on their GRC implementation faster than ever before. For more information visit 6clicks.com/cisoseries.

FTC chairwoman ‘extremely disturbed’ by Twitter whistleblower allegations

FTC Chairwoman Lina Khan said Tuesday she was “extremely disturbed” by cyber expert and Twitter whistleblower Peiter “Mudge” Zatko’s allegations indicting Twitter’s security practices. Khan expressed concern about Mudge’s claim that Twitter withheld information from the FTC during interviews aimed at enforcing the regulator’s 2011 consent decree. Khan said during  a Senate Judiciary Hearing, “There has absolutely been a problem with companies treating FTC orders as suggestions. We have a program underway to really toughen that up.”

(Market Watch)

Revolut confirms cyberattack exposed user data

Revolut has confirmed that an “unauthorized third party” accessed data of roughly 50,000 of its customers. Revolut, which has a banking license in Lithuania, discovered the malicious access late on September 10 and isolated the attack by the following morning. According to Revolut’s breach disclosure, hackers used social engineering to access a database containing partial card payment data, along with customers’ names, addresses, email addresses and phone numbers. Revolut also warned that the breach appears to have triggered a phishing campaign. As a precaution, Revolut has also formed a dedicated task force to monitor customer accounts and data.

(TechCrunch)

Critical vulnerability in Oracle Cloud allowed unauthorized access

On Tuesday, Oracle published an advisory outlining a new vulnerability in Oracle Cloud Infrastructure (OCI) leading to unauthorized access to cloud storage volumes of all users. The flaw, dubbed AttachMe, was discovered by researchers at Wiz in June. Oracle claims to have patched the bug for all OCI customers within 24 hours of being notified by Wiz, without any customer action required. However, researchers point out that before it was patched, all OCI customers could have been subject to sensitive data exfiltration or other destructive attacks.

(Infosecurity Magazine)

Indonesia passes long-awaited data protection measure

On Tuesday, Indonesia’s parliament passed a new data protection bill into law. The bill’s most severe penalties include 2% of a corporation’s annual revenue and up to a six years imprisonment for falsifying personal data for personal gain. The bill’s passage comes after a series of data leaks and probes into organizations including a state insurer, telecoms company, and a public utility to a contact-tracing COVID-19 app that revealed President Joko Widodo’s vaccine records.

(Reuters)

Sean Kelly is a cyber risk professional and leader who thrives on learning, collaborating and helping the business securely advance its mission. Sean is also a musician and outdoor enthusiast who loves spending time with his family and two cats.