This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Janet Heins, CISO, ChenMed and janetheins.com
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
New York Times source code stolen using exposed GitHub token
“Basically all source code belonging to the New York Times Company, 270GB.” This was the ad headline placed on a 4chan forum post, referring to data stolen from the company’s GitHub repositories in January 2024. This stolen data included “IT documentation, infrastructure tools, and source code, allegedly including the viral Wordle game.” The Times, in a statement described it as “when a credential to a cloud-based third-party code platform was inadvertently made available.”
Angry Club Penguin hackers allegedly steal Disney data
4chan was not only the site of the New York Times data breach; it also hosted a link to Internal Club Penguin PDFs, a breach file that not only contained old information about Club Penguin – the popular multiplayer online game that was shuttered in 2017 – reported also contained information, from as recently as this month, about “Disney+, corporate strategies, advertising plans, links to Disney’s internal websites, and its internal developer tools Helios and Communicore, all allegedly stored on Disney’s Confluence server.
(Gizmodo)
NHS out for blood after cyberattack
The UK’s National Health Service is still suffering the fallout from a cyberattack on the pathology service provider Synnovis. The NHS launched a call for Type O blood donors, as these universal donors can make it faster to match for blood transfusions. Impacted hospitals also requested medical student volunteers to mitigate the biggest impacts to patient care. The Independent’s sources say two of the UK’s largest hospitals canceled over 200 emergency and life-saving operations as a result of the disruption.
Pure Storage hacked via Snowflake workspace
On Monday, cybersecurity firm Mandiant warned that the threat actor named UNC5537 is “systematically” compromising victim organization data through Snowflake and attempting to extort them. Snowflake is a multi-cloud data warehousing platform and, to date, 165 orgs who use it have potentially been exposed. Mandiant said the three primary factors causing compromises are lack of Multi-factor authentication (MFA), failure to rotate credentials, and lack of network allow lists to limit incoming Snowflake traffic to trusted sources.
Data storage solutions provider, Pure Storage, reported Tuesday that it too has become a victim of the mounting Snowflake-related breaches. The company said analytics data was affected but strongly emphasized that no customer data was compromised.
(Infosecurity and The Register)
Thanks to today’s episode sponsor, Vanta
BreachForums down again and official Telegram channels deleted
Following up on a story we’ve been following on Cyber Security Headlines, the infamous BreachForums hacking forum is again down and now returns a ‘502- Bad Gateway’ error. Shortly after the domains went down, the site’s official Telegram accounts were deleted. Last month, ‘ShinyHunters’ recovered BreachForums domains which had been seized by authorities. Security researcher Vinny Troia reported that ShinyHunters direct messaged via Telegram that he was retiring from the forum due to getting ‘too much heat.’ Though reports have not been confirmed, some researchers are attributing the latest takedown to the FBI, even congratulating the agency on X and LinkedIn.
White House report highlights increase in federal attacks
A new White House report reveals that 11 US federal agencies reported a 9.9% increase in cybersecurity incidents in 2023, totaling 32,211 cases. The most common incident was “improper usage,” while phishing and malicious emails saw the largest year-on-year increase. Significant breaches included ransomware attacks on the Department of Health and Human Services, repeated data exposures at the Treasury Department, and successful phishing of an employee at the Office for the Inspector General. According to the official White House release, the report is to be used as an outline for the administration’s cyber investment priorities.
(The Register), (White House Report)
Email scam costs Massachusetts town $445,000
The town of Arlington, Massachusetts are admitting to being a victim of a social engineering attack. According to a statement from town manager Jim Feeney, town employees started receiving legitimate emails from a vendor involved in a project focused on rebuilding a local high school. However, cybercriminals had compromised some town employee user accounts and were monitoring email correspondence. The criminals then sent messages from an email that appeared genuine, requesting a change in their payment method from check to electronic funds transfer.” Once the con had been discovered, the town was able to recoup just over $3,000, or 6 percent of the funds stolen.