Cyber Security Headlines: See Tickets credit card breach, US charges Chinese agents, Tata Power’s data leaked

See Tickets discloses 2.5 year-long credit card breach

Ticketing service provider ‘See Tickets’ has notified an undisclosed number of customers that cybercriminals might have accessed their payment card details using a skimmer on its website. See Tickets engaged forensic experts as well as Visa, MasterCard, American Express, and Discover to investigate the incident which revealed that the infection occurred back on June 25, 2019. However, See Tickets didn’t fully remove the malicious code from its site until January 8, 2022, leaving customers exposed for 2.5 years. Unfortunately, the company chose not to offer free credit monitoring services to affected customers..

(Bleeping Computer)

US charges Chinese agents in Huawei obstruction case

On Monday, the US Department of Justice (DoJ) announced it has brought charges against two Chinese intelligence officers who allegedly attempted to steal information linked to the federal prosecution of Huawei. The Chinese agents paid $41,000 in Bitcoin to an agent working at the US Attorney’s Office in New York, in exchange for internal documentation. The Chinese agents thought the individual had been recruited by Beijing, however, it was actually a double-agent, who provided a fake document marked “Secret.” The two Chinese suspects could face a combined 60-year jail term in the unlikely event that they are caught.

(Infosecurity Magazine)

Hive begins leaking Tata Power’s data

Earlier this month, Hive ransomware group claimed responsibility for a cyber attack on India’s largest power company, Tata Power. On Tuesday, Hive operators began posting data they claim to have stolen from Tata Power, which signals that their ransom negotiations failed. Stolen data appears to include company employees’ personally identifiable information (PII), National ID (Aadhar) card numbers, PAN (tax account) numbers, and salary information along with other info such as engineering drawings, financial and banking records and client information. 

(Bleeping Computer)

PoS malware used to steal more than 160,000 credit card numbers

Cybercriminals used two strains of point-of-sale (POS) malware to steal the details of more than 167,000 credit cards from payment terminals. The thieves may be able to sell the card info for roughly $3.3 million on underground forums. Nearly all of the victims are American with credit cards issued by US banks. Law enforcement have yet to attribute the malware to a particular crime group. To help thwart POS malware infections, companies should enforce strict password policies, keep software up to date and use network defense products and whitelisting to keep intruders out.

(The Register and Security Affairs)

Thanks to today’s episode sponsor, Votiro

UFOs are everywhere.They’re in your applications, cloud storage, endpoints, and emails.

That’s right – UFOs – Unidentified File Objects – are hiding in files across your organization. UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can’t be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That’s where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files – without detection, and without slowing down business.

Do you believe? Learn more at Votiro.com/UFOs

VMware fixes critical Cloud Foundation RCE bug

On Tuesday, VMware released security updates that fix a critical vulnerability in VMware Cloud Foundation. Cloud Foundation is a hybrid cloud platform for running enterprise apps in private or public environments. The flaw (CVE-2021-39144) is in the XStream open-source library and carries a CVSS score of 9.8/10. The bug is particularly nasty because it can be exploited remotely by unauthenticated threat actors in low-complexity attacks. VMware has updated XStream to version 1.4.19 to resolve the issue and has also included security patches for end-of-life products.

(Bleeping Computer)

Samsung’s ‘Maintenance Mode’ protects your data during phone repairs

After a successful pilot program in Korea, Samsung is now rolling out ‘Maintenance Mode’ to select Galaxy devices globally. The new setting will help protect user data when they physically hand over their phones for servicing. The new mode is available in Settings, under the “Battery and device care” menu and is enabled upon rebooting the device. The feature creates an auxiliary user account on the device, completely isolated from all user-installed apps, stored data, and the filesystem. Samsung will roll out the new feature gradually throughout 2023, starting with Galaxy S21 and S22 series models running on One UI 5.

(Bleeping Computer)

CISOs struggle to articulate business impacts of cyber risks

According to a new survey from FTI Consulting, 85% of US CISOs indicated that cybersecurity has gained prominence on the Board’s agenda over the last 12 months. Additionally, 79% of CISOs feel heightened scrutiny from senior leadership. Unfortunately, 53% say their cybersecurity priorities are not completely aligned with C-suite leadership. Further, 58% of CISOs indicated they struggle to communicate technical information and cyber risk in a manner that the Board and senior leadership can understand. Other notable findings include 82% of CISOs feeling that they need to exaggerate their role to their Board while 46% of CISOs who experienced a cyber incident struggled to rebuild trust with leadership afterward.

(Security Magazine)

K-8 students learn cybersecurity through gamification

A new, no-cost, gamified cyber education platform called Cyber Legends, aims to bolster student cyber readiness in K-8 schools across North America. The platform provides young students with engaging, curriculum-aligned lessons which teach them about passwords, identity theft, scams, phishing, cyber bullying, and social media issues. Teachers are provided with a dashboard showing where students are excelling, and where there’s room for improvement. The problem-based approach helps develop critical thinking and communication skills relating to student cyber safety.

(Security Magazine)

Sean Kelly
Sean Kelly is a cyber risk professional and leader who thrives on learning, collaborating and helping the business securely advance its mission. Sean is also a musician and outdoor enthusiast who loves spending time with his family and two cats.