Cyber Security Headlines: PayPal accounts breached, Yum! Brands attacked, ODIN Intelligence hacked

PayPal accounts breached in large-scale credential stuffing attack

PayPal is sending out data breach notifications to thousands of users who had their accounts accessed through credential stuffing attacks that exposed some personal data. PayPal explains that the attack occurred between December 6 and December 8, 2022. The company detected and mitigated it at the time and by December 20, 2022, it confirmed that unauthorized third parties logged into the accounts with valid credentials. The electronic payments platform claims that this was not due to a breach on its systems and has no evidence that the user credentials were obtained directly from them. Almost 35,000 users have been impacted by the incident, during which hackers had access to account holders’ full names, dates of birth, postal addresses, social security numbers, and individual tax identification numbers.

(Bleeping Computer)

Ransomware gang steals data from KFC, Taco Bell, and Pizza Hut brand owner

Yum! Brands, the operator of these names, and The Habit Burger Grill fast-food restaurant chains, has been targeted by a ransomware attack that forced the closure of 300 locations in the United Kingdom. Yum! Brands operates 53,000 restaurants across 155 countries and territories, with over $5 billion in total assets and $1.3 billion in yearly net profit. The impacted restaurants in the United Kingdom have returned to normal operations and are not expected to face any other problems relevant to the cyberattack. Yum! Brands has confirmed that data was stolen in the attack but sees no evidence that customer information has been exposed.

(Bleeping Computer)

ODIN Intelligence hack exposes a huge trove of police raid files

Detailed tactical plans for imminent police raids, confidential police reports with descriptions of alleged crimes and suspects, and a forensic extraction report detailing the contents of a suspect’s phone. These are some of the files in a huge cache of data taken from the internal servers of ODIN Intelligence, a tech company that provides apps and services to police departments, following a hack and defacement of its website over the weekend. The group behind the breach said in a message left on ODIN’s website that it hacked the company after its founder and chief executive Erik McCauley dismissed a report by Wired, which discovered the company’s flagship app SweepWizard, was insecure and spilling sensitive data about upcoming police operations to the open web. The hackers also published the company’s Amazon Web Services private keys for accessing its cloud-stored data and claimed to have “shredded” the company’s data and backups but not before exfiltrating gigabytes of data from ODIN’s systems.

(TechCrunch)

Google parent Alphabet to cut 12,000 jobs

The cuts will affect 6% of Alphabet’s workforce worldwide, in teams including recruitment and engineering. This comes days after Microsoft announced 10,000 jobs would be lost, and weeks after Amazon announced 18,000 job cuts, along with similar announcements from Hewlett Packard and Salesforce. Daniel Ives of Wedbush Securities said “the layoffs highlight irresponsible spending across a sector basking in hypergrowth. “The reality is tech stalwarts over-hired at a pace that was unsustainable and now darker macro is forcing these layoffs across the tech space,” he said.

(BBC News)

Thanks to this week’s episode sponsor, SafeBase

These days, customer trust can be an organization’s strongest competitive advantage. But how can you develop and maintain customer trust over the long term? The answer is SafeBase. After implementing SafeBase’s Smart Trust Center, many companies see shorter deal cycles, higher-value contracts, and stronger long-term customer relationships. Some even achieve a 90% reduction in security questionnaires. Learn more at safebase.com

Riot Games hacked, delays game patches after security breach

The video game developer and publisher behind League of Legends and Valorant says it will delay game patches after its development environment was compromised last week. The LA-based game publisher disclosed the incident in a Twitter thread on Friday night and promised to keep customers up-to-date with its investigation. They blame the attack on social engineering, and added that the breach directly impacted its ability to publish patches for its games.

(Bleeping Computer)

Cyberattack on Nunavut energy supplier limits company operations

A wide-ranging cyberattack on the Qulliq Energy Corporation in Canada’s Nunavut territory has crippled the company’s administrative offices. Officials with the company said the attack started on January 15 and while power plants are still operating normally, computer systems at the corporation’s customer care and administrative offices are unavailable. The company cannot accept bill payment through credit cards but customers can pay using cash or through bank transfers. The company is still trying to determine what information may have been stolen or accessed during the attack. Nunavut has a population of about 40,000 and is Canada’s largest and northernmost territory. It has faced several cyberattacks over the past four years, including a 2019 ransomware attack that impacted all of its government’s IT systems and services.

(The Record)

Rentokil pilots facial recognition system as way to exterminate rats

The world’s largest pest control group is piloting the use of facial recognition software as a way to exterminate rats in people’s homes. Rentokil said it had been developing the technology alongside Vodafone for 18 months. The surveillance technology, which is already being tested in real homes, tracks the rodents’ habits and streams real-time analysis using artificial intelligence. Rentokil’s chief executive, Andy Ransom, told the Financial Times, “the technology will identify which rat has come back, where are they feeding, where are they sleeping, who’s causing the damage, which part of the building are they coming from, where are they getting into the building from, whether it’s the same rodent that caused the problem last week.”

(The Guardian)

Last week in ransomware 

Last week, the US and France conducted a law enforcement operation where they seized the domain and arrested the operator of the Bizlato crypto exchange for allegedly money laundering crypto proceeds generated from ransomware and illegal drug transaction. Also last week, Vice Society ransomware leaked the data for University of Duisburg-Essen (UDE), shipping software supplier DNV suffered an attack that impacted the ship management software of 1,000 vessels, the Los Angeles Unified School District confirmed that SSNs were stolen in last year’s ransomware attack. In the good news column, Avast released a free decryptor for the BianLian ransomware and reports from both Chainalysis and Coveware illustrate that ransomware payments dropped approximately 40% in 2022 as companies refuse to pay and the enterprise invests in stronger security and better backups.

(Bleeping Computer)