Cyber Security Headlines: Thomson Reuters leak, Polish Parliament cyberattack, trolls bombard Twitter

Thomson Reuters leaks 3TB of sensitive data

The research team at Cybernews has found that the media giant left at least three of its databases open and accessible for several hours, including the 3TB public-facing ElasticSearch database, which contains a trove of sensitive, up-to-date information, including Thomson Reuters plaintext passwords to third-party servers, from across the company’s platforms. The company recognized the issue and fixed it immediately, downplaying the issue, saying it affects only a “small subset of Thomson Reuters Global Trade customers.”

(CybersecurityWorldConference.com)

Massive cyberattack hits Slovak and Polish Parliaments

“The attack was multi-directional, including from inside the Russian Federation,” reads a statement published by the Polish Senate, who suggest that the attack may be linked to the Senate’s vote. The attack completely blocked the IT infrastructure of the parliament including the IT network and phone lines at the Slovak parliament, and interrupting voting operations on several bills.

(Security Affairs)

Twitter trolls bombard platform after Elon Musk takeover

Twitter has been hit by a coordinated trolling campaign in the wake of Elon Musk’s takeover, with more than 50,000 tweets from 300 accounts bombarding the platform with hateful content, as of Sunday. The social media platform said it has been targeted with an attempt to make users think Twitter has dropped or weakened its content policies after Elon Musk bought the company for $44bn (£38bn) last week. In a Twitter thread posted on Sunday, Twitter’s head of safety and integrity Yoel Roth said the company had seen a “ton” of tweets posted by a small number of accounts featuring slurs and other derogatory terms. Roth said most of those accounts were “inauthentic” and the users involved had been banned.

(The Guardian)

Air New Zealand warns of an ongoing credential stuffing attack

Air New Zealand chief digital officer Nikhil Ravishankar​ pointed out that threat actors did not hack any of the company’s systems, but only individual customer accounts were impacted. These accounts were locked and customers were advised to change their login details before using the Airpoints system again, he said.” The company is also urging customers to change their passwords on all accounts that used that same password. 

(Security Affairs)

Thanks to this week’s episode sponsor, Votiro

UFOs are everywhere.
They’re in your applications, cloud storage, endpoints, and emails.
That’s right – UFOs – Unidentified File Objects – are hiding in files across your organization.
UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can’t be detected by traditional scanning solutions like Anti-Virus and Sandboxing.
That’s where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files – without detection, and without slowing down business.
Do you believe? Learn more at Votiro.com/UFOs

Microsoft shares workaround for ongoing Outlook login issues

Microsoft is working on a fix for ongoing sign-in issues affecting some Outlook for Microsoft 365 customers and preventing them from accessing their accounts. The login problems impact users trying to sign in to Outlook using their Outlook.com accounts or those who have already added the accounts to their Outlook profiles. Instead of being able to log in, the users will see error messages asking them to use a work or school account instead. The bug is related to how Outlook is authenticating for the diagnostics in some situations,” Microsoft said.

(Bleeping Computer)

Signal says it will exit India rather than compromise its encryption

The Indian government, furthering its zero-tolerance stance against cyber crime and fraud has proposed legislation would give the government the power to intercept encrypted messages. Since interception is useless against end-to-end encryption, this new power would either require companies to provide assistance in decrypting and/or intercepting messages or it would require companies falling under the mandate to unplug at least one end of the end-to-end encryption so the government can listen in. Signal president Meredith Whittaker has made it clear the company will exit India and give up access to a market with more than a billion potential users if the Indian government heads in this direction.

(TechDirt)

Google backs senate bill on securing open source software

Google joined other industry forces on Thursday in support of legislation to secure open source software. The Securing Open Source Software Act was introduced in September by Senate Homeland Security Committee leader Gary Peters and ranking member Rob Portman and was quickly approved in a voice vote. If signed into law, the bipartisan legislation would require CISA to develop a risk framework within the next year that details how the federal government relies on open-source code.

(The Record)

Last week in ransomware

Last week, we learned of healthcare data leaks at Medibank and Australian Clinical Labs in Australia,and Microsoft’s reporting that the Raspberry Robin worm is providing access to corporate networks for the Clop ransomware gang. Other research includes TommyLeaks and SchoolBoys extortion gangs being actually the same group, with TommyLeaks focusing on pure data extortion and SchoolBoys deploying ransomware. Finally, Microsoft disclosed that Vice Society uses multiple ransomware families in attacks, including BlackCat, Quantum, Zeppelin, and a Vice Society-branded variant of Zeppelin ransomware. Additionally, BleepingComputer is also aware of the group using the HelloKitty ransomware in attacks. We also learned more information about new and existing ransomware attacks, such as an alleged 60 million LockBit ransomware demand on Pendragon, Hive claiming the attack on Tata Power, and a ransomware attack on the Indianapolis Housing Agency.

(Bleeping Computer)