PayPal Accounts Breached Due to Password Recycling
On January 19, 2023, Paypal sent out data breach notifications and informed nearly 35,000 of their users that their accounts were compromised in December 2022.
Paypal explained that the accounts were targeted by hackers through credential stuffing – an attack where leaked usernames and passwords from various websites are used to try and access a target account.
Leaked credentials are often due to recycled usernames and passwords. Paypal claimed that the data breach was not caused by a failure in its systems.
Personal information that the hackers were able to breach included full names of account owners, social security numbers, birth dates, and postal addresses. Paypal says that the attackers were not able to perform unauthorized transactions and resetting of passwords were done to the affected accounts.
Iranian and Russian Hackers Discovered to be Targeting Politicians and Journalists
British politicians and journalists are reported to have been targeted with phishing attacks by two hacking groups: Iran-based TA453 and Russia-based Seaborgium. In 2022, Seaborgium was discovered to be attacking three nuclear research labs in the US. TA453 was previously monitored and found to be potentially targeting American politicians.
The United Kingdom’s Cyber Security Centre (NCSC) warned potential targets not to fall for malicious links that are used to steal information in their online accounts.
The hackers have been found to create fake social media profiles of the targets’ contacts and then go on to share bogus conference or event invitations, a lot of times in the form of Zoom meeting links that contain malicious code. The fake links allow the hackers to steal the email account credentials of the victims. Upon entry, they have been detected sniffing into mailing-list data and contact lists which they then use for further phishing campaigns.
The hackers have also set up websites disguised as authoritative organizations to further fool their targets. Interestingly, they go for personal email accounts rather than official work accounts. Aside from being likely to have lesser multifactor authentication, personal accounts can also cause the victim to be less cautious when communicating.
Healthcare Industry Most Common Victim of Third-party Breaches, Black Kite Finds
The 2023 Third Party Data Breach Report by Black Kite revealed that the healthcare industry received the highest amount of third-party breaches in 2022. The share in percentage amounts to 34%, an increase by 1% compared to 2021.
Black Kite explains the reason for the healthcare industry’s continually vulnerable position:
“Lack of budget, remotely shared personal data between patients and hospital systems, and outdated software all point to avenues for hackers to infiltrate and gain access to health-related sensitive data. That’s why, again this year, the most affected sector has been healthcare.”
The report comes at the heels of several high-profile cybersecurity attacks against healthcare companies in 2022, including the data leak of 2 million New England patients being serviced by Shields Health Care Group; the ransomware attack against CommonSpirit hospital which compromised the private information of more than 600,000 people; and the attack against multinational healthcare services company Tenet Healthcare which caused several of their hospitals to go offline forcing their staff to use paper and charts.
Hospitals do not usually prioritize cybersecurity in their IT budgets. In the 2021 HIMSS Healthcare Cybersecurity Survey, hospitals were found to only allocate 6% or less of their IT expenditures for cybersecurity.
US Government No Fly List Leaked on a Hacking Forum
In a wide-scale data breach, a U.S. No Fly List containing the complete names, likely aliases, and birth dates of more than 1.5 million suspected terrorists has been leaked on a hacking forum.
According to Swiss hacker maia arson crime, the person who leaked the sensitive information, she discovered the No Fly List unsecured on an AWS server owned by Ohio airline CommuteAir.
CommuteAir said the breached server was taken offline after it was contacted by the hacker. In November 2022, a different set of personally identifiable information (PII) held by the airline was also hacked. Information that was compromised included names, birth dates, and portions of Social Security numbers.
The No Fly List is usually not publicly accessible and strictly held by relevant government agencies including the Transportation Security Agency (TSA) and Department of Defense, and is coordinated with private airlines for reference. Given the sensitive nature of such lists, it calls into question how the US government can make sure that the data they share with private organizations can be stored securely.
OV & IV Code Signing Key Storage Requirements are Changing
With input from most of its membership, the CA/Browser Forum is changing the OV & IV Code Signing Key Storage Requirements. The change date is June 1, 2023. OV & IV Code Signing Certificates will be issued on Yubico USB Tokens or available via the SSL.com eSigner cloud signing service.