In today’s cybersecurity news…
Ticketmaster hack affects 560 million customers, third-party denies liability
The attack, which occurred on May 20, has been confirmed by its parent company, Live Nation, as having been the result of “unauthorized activity within a third-party cloud database environment containing company data.” A week later the threat actor ShinyHunters offered the data, which is alleged to contain PII and partial payment details of up to 560 million customers up for sale if a ransom payment of over $500,000 is not made. This is the same threat actor group who breached the Spanish bank Santander around the same time.
Meanwhile, the third-party vendor in question, cloud storage provider Snowflake has denied that its products were to blame for the Ticketmaster breach, or the Santander Bank, for that matter. According to a since- removed post on the website of security firm Hudson Rock, “the intruders were able to sign into a Snowflake employee’s ServiceNow account using stolen credentials, and from there were able to generate session tokens,” however Snowflake, while acknowledging that a former employee’s demo account was accessed through stolen credentials, said it did not contain sensitive data, and that there was “no pathway for customers’ credentials to be accessed and exfiltrated from the Snowflake production environment.”
(The Guardian and The Record)
Australia’s Ticketek sees customer details exposed in cyber security breach
Separate from the Ticketmaster breach comes a breach of personal data from the Australian company Ticketek, which operates ticketing operations for entertainment and sporting events in Australia and New Zealand. This company has also been hit by a “cyber incident” with personal information of Australian customers stolen from a third-party global cloud-based platform. When asked by The Guardian news outlet whether the third-party vendor in question was Snowflake, representatives from Ticketek remained tight-lipped. They did add, however, that Ticketek customer credit card information and transactions are processed via a separate payment system, which has not been impacted.”
HHS changes tack, allows Change Healthcare to file breach notifications for others
This reversal from the Department of Health and Human Services is an update from an April 19 FAQ page that stated every organization affected by the Change Healthcare hack would have to file their own breach notices with federal and state regulators. This had apparently angered the staff of thousands of hospitals, clinics and doctor’s offices who are still working through the damage caused by the attack. The new statement, sent by Melanie Fontes Rainer, director of HHS’s Office for Civil Rights says, “affected covered entities that want Change Healthcare to provide breach notifications on their behalf should contact Change Healthcare. All of the required HIPAA breach notifications may be performed by Change Healthcare.”
Thanks to today’s episode sponsor, Conveyor
Get all of the detailed metrics and learn how best in class infosec teams measure and tie their impact to revenue.
Download the report at www.conveyor.com by clicking on the banner at the top.
World’s largest botnet taken down
The U.S. Department of Justice said on Wednesday said that it dismantled this largest botnet ever, consisting of 19 million infected devices. The botnet was leased to other threat actors and operated in 190 countries, which is pretty much every country in the world. It functioned as a residential proxy service known as 911 S5. A 35-year-old Chinese national was arrested in Singapore on May 24, 2024, accused of being the botnet’s admin from 2014 to July 2022.
Kaspersky releases free Linux malware scanner
Kaspersky has announced the released a new virus removal tool for the Linux platform, named KVRT. This tool is a standalone scanner as opposed to a real-time threat detector, allowing users to scan and remove malware and other known threats for free. As posted in BleepingComputer, “the security firm notes that despite the common misconception that Linux systems are intrinsically secure from threats, there has been a constant supply of “in the wild” examples that prove otherwise, most recently, the XZ Utils backdoor.”
Microsoft warns: Windows 11 preview update causes taskbar crashes
This warning follows a May 2024 non-security preview update for Windows 11 which is causing issues for users such as the taskbar “temporarily glitching, not responding, disappearing, and reappearing automatically.” Microsoft has already addressed the taskbar crashes using the Known Issue Rollback.
More evidence of journalists and activists in Europe targeted with Pegasus
A new investigation, “carried out by the human rights organizations Access Now, the Citizen Lab at the University of Toronto and the independent researcher Nikolai Kvantaliani,” shows that the seven people, five journalists and two activists, who were targeted with Pegasus spyware between August 2020 and June 2023, were Russian, Belarusian, Latvian and Israeli, “underscores the continuing threat that advanced spyware poses to writers and dissidents.” The authors of the report urge all governments to place a moratorium on the sale and use of targeted digital surveillance technologies.