Cruise operator Carnival discloses a security breach
Carnival Corp. this week confirmed that the data breach that took place in March might have exposed personal information about customers and employees of Carnival Cruise Line, Holland America Line, and Princess Cruises.Carnival Corporation & plc is a British-American cruise operator, currently the world’s largest travel leisure company, with a combined fleet of over 100 vessels across 10 cruise line brands. A dual-listed company, Carnival Corporation has over 150,000 employees and 13 million guests annually. The cruise line operates under the brands Carnival Cruise Line, Costa, P&O Australia, P&O Cruises, Princess Cruises, Holland American Line, AIDA, Cunard, and their ultra-luxury cruise line Seabourn. The company sent a data breach notification letter to its customers to inform them that unauthorized parties might have gained access to their data, including social Security numbers, passport numbers, dates of birth, addresses and health information of people. At the time of this writing, the number of impacted individuals was not revealed, it is also unclear if the company paid a ransom. In 2020, the company was the victim of two distinct ransomware attacks that took place in August and December. In October, Carnival Corporation disclosed a data breach as a result of the ransomware attack that took place in August. Ransomware operators have stolen the personal information of customers, employees, and ship crews during the attack.
Source — https://securityaffairs.co/wordpress/119102/data-breach/carnival-security-breach.html
Apple Patched Two WebKit Zero-Day Bugs In Out-of-Band Updates
Recently, Apple has rolled out an out-of-band update for iPhone and iPad users. This update brings out the version iOS 12.5.4. Updating to this version is important for all users since it addresses two serious vulnerabilities under attack. As elaborated in its advisory, Apple patched a total of three security vulnerabilities that include two zero-day bugs affecting WebKit. Specifically, WebKit is the browser engine empowering all iOS web browsers including Apple Safari. The first of these, CVE-2021–30761, was a memory corruption issue, whereas, the second, CVE-2021–30762, was a use-after-free flaw. Regarding the impact of both the vulnerabilities, the advisory states, Processing maliciously crafted web content may lead to arbitrary code execution.
However, Apple patched this memory corruption flaw (CVE-2021–30737) by removing the vulnerable code. Since the patches are out, users must ensure updating their devices at the earliest to stay protected against potential attacks. These fixes arrive just a month after Apple addressed three other zero-day vulnerabilities in macOS/tvOS. One of these vulnerabilities even went under attack by the XCSSET malware since exploiting the bug allowed stealing data.
The Vulnerabilities of the Past Are the Vulnerabilities of the Future
This May had the fewest vulnerabilities, with a total of 55 and only four considered critical. The problem is that the critical vulnerabilities are things we have seen for many years, like remote code execution and privilege escalation.
Remote control
If an attacker can find a way to run arbitrary code on your system remotely, they have a lot more control than they would from just getting a user to run a piece of malware with predefined functions unwittingly. If the attacker can run arbitrary code remotely, they gain the ability to move around the system and possibly the network — enabling them to change their goals and tactics based on what they find.
Who needs malware anyway?
One of the most common applications to be exploited this way is PowerShell. This makes sense because PowerShell is a powerful application used to script and run system commands. This is another instance where monitoring the behaviors of applications and processes can be vital in stopping an attack quickly.
Go forth and repeat yourself
While the common types of attacks may not change much, any changes to application or code have the potential to introduce new vulnerabilities.
Source — The Vulnerabilities of the Past Are the Vulnerabilities of the Future (thehackernews.com)
Hacker selling DDOS-Guard database, source code, pirate sites data
It is time for anti-piracy groups to rejoice as the database of DDoS-Guard is reportedly on sale on a hacking forum. It is an infamous bulletproof hosting service dubbed a ‘notorious market’ that many pirate websites use.
The service is known for hosting numerous file-sharing giants, including BS., S., and Go-Unlimited file hosting services. The data up for sale allegedly includes details of those operating Russian torrent site RuTracker.
It is worth noting that DDoS-Guard is the same service that helped Parler, a right-learning social media firm, get back online after being banished by Amazon Web Services.
The listing was discovered by security vendor Group-IB on May 26.
Data Available for $350,000
Reportedly, the seller, who goes by the online handle of «kilobyte,» has listed the source code and database of DDoS-Guard for $350,000.
Data Authenticity Not Proven Yet!
The legitimacy of data is still being investigated since the seller didn’t provide a data sample and had no previous sales record on the forum. In fact, the seller endured a ban for refusing to use Exploit.in’s escrow service.
Source — Hacker selling DDOS-Guard database, source code, pirate sites data (hackread.com)
Stay Focused. Stay Vigilant.
Cyber Threat Incident Management Team — Cyber Security Community @ SLIIT