The update considers any system storing personally identifiable information (PII) as critical equipment, making them subject to regular reviews and testing processes. Technology implementations interacting with critical operating and maintenance systems are also considered critical.

Entities providing investment services shall also maintain an updated inventory of their systems, including hardware, software, storage units, network resources and data flows. System administrators should perform frequent security audits, performed only by entities previously approved by CERT-In.

If that were not enough, all organizations that provide these services must submit their security reports within ten days after receiving this notification.

As many readers may guess, ten days is a ridiculously short deadline to achieve such goals, so it is anticipated that many organizations will try to challenge this decision of the Indian government.

Online platforms think this is mission impossible, especially considering that the deadline granted by the authorities includes two weekends.

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.

The post Indian companies listed in stock exchange to provide infosec audits and information system inventory to government. New SEBI guidelines appeared first on Information Security Newspaper | Hacking News.

While it was already possible to make these requests in cases of doxing or leaking of bank details, the update will allow users to request the removal of other content that appears in search results, including personal contact information. Google will also allow the removal of additional information that may pose a risk of identity theft, such as access credentials to online platforms.

According to the report, the following records may be considered personal contact information:

• Government identification numbers, including social security numbers, tax identification keys and the like depending on the country in question
• Bank account numbers and credit cards
• Images of handwritten signatures
• Images of identity documents
• Medical records
• Physical addresses, phone numbers and email addresses

On the processes that are implemented when receiving one of these requests, Google ensures that they evaluate all the content of websites that may incur in the exposure of confidential data, trying not to limit the availability of other useful data for users. The company also looks at whether content users want to remove is part of public or government records; if so, the request is inadmissible.

Although this is undoubtedly good news, users should remember that removing this content from the results in Google Search, this will not remove the content from the Internet. To do this, it is necessary to communicate directly with the administrators of the website in question.

Google continues to implement changes to its policies in order to improve the privacy experience of its users. In recent days it was revealed the application of a new measure to allow users under the age of 18 to request the removal of any image of theirs from image search results. The parents and guardians of minors may also carry out this procedure.

Full information about these requests and other security and privacy measures implemented by Google is available on the company’s official communication channels.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Now you can ask Google to remove your phone number, email address, physical address and other personal contact data from Search Results. Learn how to do it appeared first on Information Security Newspaper | Hacking News.

In the notification that the company sent to the authorities it is mentioned that this external incident would have occurred in mid-September and affected a total of 103,767 individuals. California Pizza Kitchen was founded in Beverly Hills and has more than 250 branches in much of the U.S.

In its report, the company states that it detected unusual activity in its systems, so they proceeded to take the necessary security measures in order to contain a potential attack and subsequently initiate an investigation, in collaboration with a specialized firm: “Our environment was secured and an investigation was initiated to determine the nature and scope of this incident,” adds the company.

A couple of weeks later, the cybersecurity firm hired to investigate the incident confirmed unauthorized access to users’ personal information. The company began notifying directly all affected people a few days ago, ensuring that so far there are no indications of malicious use of the compromised information.

While the restaurant chain did not share technical details about the attack or attribute it to a specific hacking group, it concluded its message by mentioning that its current security policies are being evaluated in order to determine the best steps to take to improve its security environment and avoid future security incidents.

It is also mentioned that the security firm that collaborated in the investigation recommended California Pizza Kitchen implement awareness programs for users as a first security filter, although it is unknown if the company plans to create a cybersecurity awareness program.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post California Pizza Kitchen restaurant chain hacked. Confidential data leaked appeared first on Information Security Newspaper | Hacking News.

According to the report, the company stored much of this collected data in a cloud deployment without security mechanisms, so any user could have accessed the records of more than 200,000 Australian citizens.

The incident was reported on at least two occasions since September 9, although the affected company did not close access to this data until September 21, after which the CERT intervened.

The report notes that Acquirely was using an Amazon Web Services (AWS) S3 bucket to store information collected during its regular activities. These cloud deployments must be manually configured for proper protection, which the affected company seems to have completely ignored. Acquirely did not implement any security measures in its S3 bucket, leaving the content fully exposed and within reach of any user, including threat actors.

While the information collected by the company was obtained with the prior consent of the users involved, these more than 200,000 people were never told that this information would be stored in an unprotected database.

The leaking features personal identifiable information, including:

• Full names
• Email addresses
• Dates of birth
• Phone numbers
• Home and work addresses

Even though the access to this information has already been revoked, cybersecurity experts explain that it is impossible to know whether some malicious actor managed to access and further download this information for malicious purposes, so affected users are advised to be aware of any fraud attempt related to this leak. It is still also unknown if the company is directly notifying affected users.

As in any similar incident, affected users are exposed to phishing campaigns, social engineering and fraud attempts such as the well-known SIM swap, so it is essential that some kind of protection mechanism is implemented as soon as possible.    

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post PII and personal data of 200K Australians leaked by marketing company Acquirely appeared first on Information Security Newspaper | Hacking News.

A spokesman for the pharmaceutical company denied such reports, saying that the protection of its users’ information is Walgreens’ top priority: “We have implemented a reliable security program in order to protect the confidential data of our patients.”

The spokesperson adds that the report revealing the leak is the product of an inaccurate assessment of the company’s security measures, specifically in the “COVID-19 Testing” section of its website.

Apparently, this potential leak is related to the company’s COVID-19 testing registration system; in this section of their website, customers sign up to request a test, receiving in response a 32-digit number as a patient ID. This key is included in the appointment request page, and anyone who has the URL can access that page.

The problem grows considering that these pages remain active for up to six months.

To be precise, these pages do not explicitly display all the information entered by users, although it is possible to access this data through the developer tool panel of any browser. It is also possible to access the name of the laboratory where the COVID-19 test was performed, which would allow threat actors to develop detailed profiles of some affected users.

In certain cases, a threat actor could create a bot to guess many of these patient IDs using brute force, performing ambitious information-gathering attacks to obtain a large amount of sensitive details in a short time.

Still, the company dismissed the risk by mentioning that the probability of guessing a patient ID through brute force is one in trillions, as this automatic system generates a unique 32-digit hexadecimal URL link. No attempts at attack have been detected in real scenarios, so at least for now the facts seem to support Walgreens’ position.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Sensitive Walgreens customer data leaked, including COVID-19 test results appeared first on Information Security Newspaper | Hacking News.

The companies affected are LifeLong Medical Care, based in California, and Desert Wells Family Medicine, in Arizona.

For days LifeLong Medical Care issued a notification addressed to about 115,000 users to inform them about a ransomware attack detected late last year. Although the company’s notification does not add details about the hacking group related to the attack, it has been confirmed that the incident was detected by Netgain, a network service provider.

The investigation into the incident was delayed until August 9, when the company concluded that the attack involved access to confidential records of its customers. LifeLong Medical Care is offering affected users a subscription to a credit monitoring service, in addition to asking them to stay on top of any attack attempts stemming from the incident.

On the other hand, Desert Wells Family Medicine sent a similar notification to 35,000 patients, confirming that this company was also the victim of a ransomware attack that leaked confidential information.

This company discovered the attack last May, which enabled its internal protocol for responding to security incidents and notified the corresponding authorities. In its notification, Desert Wells mentions that the attacking group “corrupted the data and health records of patients registered before May 21, 2021.” The company’s security teams were unable to retrieve the logs and their corresponding backups.

Desert Wells mentions that its electronic registration system is still being rehabilitated, in addition to the company also offering its affected patients a credit monitoring service and protection against identity fraud.

At the moment it is unknown if any of these incidents compromised in any way the regular operations of the affected health centers.

For a couple of years now, ransomware groups have put healthcare organizations among their main targets of attack, which can be critical especially in the context of the COVID-19 pandemic. While not all of these incidents lead to disruptions in health services, you never know how far threat actors are willing to go.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Medical companies in California and Arizona leak patients’ data after ransomware attack appeared first on Information Security Newspaper | Hacking News.

While the company has not responded to requests for comment regarding the incident, it has been confirmed that the data breach exposed the names, nationalities, phone numbers, email addresses and other sensitive details of its customers. To make matters worse, the leak would have included partial credit card information from some users.

This incident continues to be investigated in collaboration with specialized firms, in addition to some measures will be implemented to prevent similar incidents from recurring in the future. The airline notes that, during the incident, the company’s critical systems were not affected: “For primary prevention measures, we highly recommend passengers to contact their bank or credit card provider and follow their advice and change any compromised passwords as soon as possible.”

The airline also advised affected users to contact the competent authorities in case of detecting signs of malicious activity, especially in relation to their bank accounts.

This announcement, published last Friday, coincides with the posts of the LockBit ransomware hackers, who claim to have access to around 103 GB of information extracted from the airline, so all this fuss could be related to a ransomware infection.

The hackers claim that the compromised information will be exposed this August 31, although LockBit is not characterized by honoring its word. A few weeks ago, ransomware operators threatened to leak thousands of sensitive records extracted from technology services company Accenture, though this leak never came.

Earlier this month, the Australian Cyber Security Centre issued an alert stating that this ransomware group was relaunched after interrupting its activity, returning with more force in this second wave. The new LockBit attacks are characterized by the exploitation of CVE-20218-13379, a known vulnerability in Fortinet FortiOS and FortiProxy that allows malicious hackers to gain initial access to a compromised network.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Bangkok Airways became victim of LockBit ransomware. Hackers leak passengers’ passport and personal data appeared first on Information Security Newspaper | Hacking News.

A recent report notes that John Erin Binns, a U.S. citizen based in Turkey, admitted being the primarily responsible for the cybersecurity incident that impacted T-Mobile IT infrastructure, resulting in the leak of more than 50 million users’ confidential records. This seems to confirm the hypothesis of Alon Gal, co-founder of cybersecurity firm Hudson Rock.

A few weeks ago, the researcher shared some tweets stating that the intention of the perpetrator of this attack was to retaliate against the U.S. government due to the kidnapping and subsequent torture Binss suffered back in 2019: “Our intention was simply to damage critical American infrastructure,” the alleged hacker claimed.

Binns, 21 year-old, gave an interview to the Wall Street Journal (WSJ), during which he claimed responsibility for the attack, assuring that the entire operation was deployed from his home in Izmir, Turkey, where he has lived since 2018. Binns’ father, now deceased, was American, while his mother is of Turkish origin.

Using Telegram, a privacy-focused instant messaging platform, Binns provided his interviewer with evidence to prove that it was actually he who deployed the attack on the telecom giant. Binns apparently gained access to the company’s networks through a vulnerable router.

The young hacker mentioned he was looking for security flaws in T-Mobile through its internet addresses, gaining access to a data center in Washington from where he was able to access more than 100 vulnerable servers. Just a few days later, Binns had managed to access and steal millions of confidential files: “Their security is really bad, so it was even a challenge to get detected and make all the fuss possible about it,” says the attacker.

Despite the revelation of these details, the attacker decided not to confirm whether the compromised information was sold to a third party or if someone else paid for the deployment of the attack. In this regard, the WSJ report indicates that the affected company received a report from a security firm, which specified that the compromised information was being sold in some dark web forums.

At all times Binns said he was upset with the way he was treated by U.S. authorities. A year ago, the hacker filed a lawsuit against the Federal Bureau of Investigation (FBI), the Department of Justice (DOJ) and the Central Intelligence Agency (CIA), claiming that the agencies wrongly accused him of participating in multiple criminal schemes, including the operation of the Satori botnet.

The lawsuit states that Binns was also tortured and monitored on suspicion of belonging to the Islamic State terrorist group. The young hacker has denied these allegations all along, mentioning that he was kidnapped and taken into mental institutions in Germany and Turkey as part of the harassment he suffered: “I have no reason to lie, I hope that someone inside the intelligence agencies can help me,” he adds.

Although T-Mobile has not stated anything about Binns’ actions, a few days ago the company confirmed the data exposure, mentioning that the incident exposed details of its customers such as full names, phone numbers, dates of birth, social security numbers and other sensitive data. As part of its security incident response protocol, the company will offer affected customers a free subscription to a protection service against identity theft and other variants of fraud.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post This 21 year old hacker was behind massive T-Mobile attack that exposed data of 50 million people appeared first on Information Security Newspaper | Hacking News.

According to the StarHub report, the file in question stored various personally identifiable details, including identity card numbers, phone numbers and email addresses belonging to nearly 57,200 customers subscribed to some company service sometime before 2007.

StarHub mentions that so far there is no evidence that the leak includes payment card numbers or any other financial information of customers, in addition to ensuring that the compromised data has not been used for malicious purposes. This is one of the major telecommunications companies in Asia, so this is not a minor incident.

On the measures that have been taken in this regard, StarHub claims to have activated an incident management protocol immediately after this exposed file was found, asking the website operators to delete the file. The company also enabled a security protocol on its core systems.

In a statement, StarHub CEO Nikhil Eapen noted: “Data security and customer privacy are serious matters for StarHub. We apologize for the concern this incident may be causing our affected customers.” Affected users are already being notified via email. StarHub offered its customers a six-month, no-cost subscription to a credit monitoring and identity fraud protection service. Interested users will receive a resolution in a couple of weeks.

The executive added that StarHub has made substantial improvements to its technology infrastructure over the years: “We have strengthened our cyber defenses and will continue to implement the necessary measures to protect our computer systems against cybercriminals. We can assure our customers that StarHub will continue to work to ensure the security of their personal information.”

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Asian telecom giant StarHub suffers massive data breach; thousands of customers affected appeared first on Information Security Newspaper | Hacking News.

Starting as a local phone-based directory, Justdial offers bill services, top-ups, grocery delivery, reservation system management, taxis, airline tickets and other services.

The leak consists of records of users’ personal information, including usernames, email addresses, phone numbers and dates of birth. This incident appears to be related to a flaw detected in 2019 by Justdial’s teams and which was apparently not properly addressed.

As in other similar incidents, the detection of the unprotected database does not mean that the threat actors have accessed the exposed information; however, it does imply the risk that this information will eventually be used to deploy massive phishing campaigns. The company has not issued any statements on the matter, although it has already received multiple requests for information.

Justdial is not the only company operating in India that has been the victim of similar incidents recently. Last May, pizza chain Domino’s India suffered a massive leak of information; the compromised data was eventually put up for sale on a dark web forum.

At the time, threat actors claimed to have extracted nearly 13 TB of confidential information held by Domino’s India. These confidential records included names, email addresses, phone numbers and location details.

Another major data breach this year impacted MobiKwik’s systems, which denied claims about a data breach that impacted 100 million users. It is mentioned that this information would be for sale on the dark web, although so far nothing has been confirmed about it.

For further reports on vulnerabilities, exploits, malware variants, cybersecurity risks and information security courses fell free to visit the International Institute of Cyber Security (IICS) websites, as well as the official platforms of technology companies.

The post Justdial leaks personal data of 100 million users… Again appeared first on Information Security Newspaper | Hacking News.

As some users may recall, in these attacks the criminals get try to access the accounts of potential victims using login credentials stolen in previous security incidents. Since millions of users employ the same credentials to access their online platforms, this attack variant is highly effective.

The report notes that Intuit teams discovered a leak involving a non disclosed number of TurboTax accounts. The attackers allegedly used credentials obtained from a threat actor “outside of Intuit,” the company says.

“By accessing the affected accounts, threat actors may have obtained information about tax returns from a previous year and even from the current year. These records include sensitive data such as full names, social security numbers, phone numbers, addresses, email addresses and financial details,” the company says.

After discovering the attacks, Intuit temporarily deactivated the compromised TurboTax accounts as part of an incident mitigation process. Users who have experienced the temporary dequalification of their accounts should contact the company, which has deployed a dedicated team to fix this temporary measure.

This isn’t the first time a hacking group has successfully compromised TurboTax accounts to steal financial and personal information. Users of this platform were the target of at least three other series of similar attacks between 2014 and 2019. As in this case, Intuit temporarily deactivated some accounts and offered a free year of identity protection and credit monitoring to affected users.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post TurboTax customer financial data leaked for the third time in the last 5 years appeared first on Information Security Newspaper | Hacking News.

The cybersecurity community is unclear where this information comes from, although the leak apparently originates from an open Apache SOLR server hosted on Amazon Web Services (AWS). Experts also mention that the data is available at three different IP addresses that hackers accessed before being deleted. On the other hand, the Hackread.com confirmed that the leak includes information that could be of great interest to many cybercriminal groups.

Early reports indicate that the database includes details such as:

• Full names
• Phone numbers
• Dates of birth
• Email addresses
• Marital status
• Gender
• Home
• House value or rental amount
• Year of construction of the house
• ZIP codes
• Creditworthiness
• Geolocation
• Political affiliation
• Number of vehicles owned
• Salary and income details
• Number of children and pets in a home

Although the leak is full of sensitive information, good news is that there is no evidence of exposed passwords.

It has been more than a week since the leak and the database continues to circulate through multiple Russian-speaking hacking forums hosted on dark web and Telegram groups. It took very little time for the incident to take political tints, especially considering the supply chain attack that hit SolarWinds a few months ago.

This is not the first incident to leak information from millions of U.S. citizens. In mid-2017, a marketing company working for the Republican National Committee mistakenly leaked about 200 million individual records. Just a few months later, a data analytics company exposed about 123 million personal records due to incorrect AWS configuration.

So far no malicious campaigns associated with this leak have been identified, although experts recommend users stay on top of any potential attack attempts. These attacks can occur in the form of SMS messages, unsolicited emails and even visits from alleged vendors or government agents. To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Massive data breach; more than 250 million personal records displayed on dark web appeared first on Information Security Newspaper | Hacking News.