Cyber Security News — Past 24 hours | 24.05.2021
Domino’s Data Leak Exposed Data of 18 Crore Orders
The famous Pizza company Dominos suffered a data leak again this year wherein the details of 18 crore orders are made accessible on the dark web, according to some security experts. A hacker alleged that earlier in April he had successfully gained access to Dominos data in the value of 13TB. Data belonging to more than 180,00,000 purchase orders containing telephone numbers, e-mail addresses, and billing information, and user credit card details would be included in the leak. « If you have ever ordered @dominos_india online, your data might be leaked.
Data include Name, Email, Mobile, GPS Location, etc,» Rajaharia tweeted. He said that users’ data were sold for about ten BTC by hackers. The hackers want to create a search engine to enable data to be queried, Gal further added. The data compromised include 10 Lakh credit card details and even addresses of people who have purchased Dominos Pizza.
However, Dominos India had denied leakage of financial information of users in a declaration given to Gadgets 360. « No data about financial information of any person was accessed and the incident has not resulted in any operational or business impact». «As a policy, we do not store financial details or credit card data of our customers, thus no such information has been compromised. »
A malware attack hit the Alaska Health Department
The Alaska health department website was forced offline by a malware attack, officials are investigating the incident. The website of the Alaska health department was forced offline this week by a malware attack. “The health department in a statement late Tuesday said its website was taken offline Monday while an investigation takes place.” reported the Associated Press. “At the end of April, the Alaska court system was hit by a similar attack, on April 29 the attackers placed malware on the system, prompting the IT staff to disconnect online services on May 1. “
“At this time, there are no details about who initiated the attack, why they targeted DHSS, whether this attack is related to any other recent attacks, or how long the website may be down,” the Department of Health and Social Services said in its statement.
Details Disclosed On Critical Flaws Affecting Nagios IT Monitoring Software
Cybersecurity researchers disclosed details about 13 vulnerabilities in the Nagios network monitoring application that could be abused by an adversary to hijack the infrastructure without any operator intervention. Nagios is an open-source IT infrastructure tool analogous to SolarWinds Network Performance Monitor that offers monitoring and alerting services for servers, network cards, applications, and services. The issues, which consist of a mix of authenticated remote code execution and privilege escalation flaws, were discovered and reported to Nagios in October 2020, following which they were remediated in November. «Namely, if we, as attackers, compromise a customer site that is being monitored using a Nagios XI server, we can compromise the telecommunications company’s management server and every other customer that is being monitored,» the researchers said in a write-up published last week.
CVE-2020–28900 — Nagios Fusion and XI privilege escalation from nagios to root via upgrade_to_latest. CVE-2020–28901 — Nagios Fusion privilege escalation from apache to nagios via command injection on component_dir parameter in cmd_subsys. CVE-2020–28902 — Nagios Fusion privilege escalation from apache to nagios via command injection on timezone parameter in cmd_subsys.
CVE-2020–28911 — Nagios Fusion information disclosure: Lower privileged user can authenticate to fused server when credentials are stored
With SolarWinds falling victim to a major supply chain attack last year, targeting a network monitoring platform like Nagios could enable a malicious actor to orchestrate intrusions into corporate networks, laterally expand their access across the IT network, and become an entry point for more sophisticated threats.
What To Do When Your Business Is Hacked
As businesses move to a remote workforce, hackers have increased their activity to capitalize on new security holes. These include phishing emails to harvest credentials and gain easy access to business-critical environments.
What do these steps include?
There is a chance that if you discover ransomware or other evidence of the hack on your network, it may not have made it to all business-critical data and systems. While not pleasant to do so, disclosing security incidents as quickly as possible creates an atmosphere of transparency that generally reflects well on the organization in the long run. Organizations may be liable under compliance regulations to report any breach of security as well. If your business is a victim of a cyberattack, engaging with law enforcement is an important step.
The disaster recovery plan outlines the steps needed to operate the business with degraded systems or missing business-critical data. After discovering a hack of your business, the disaster recovery plan should be enacted. These plans reestablish business continuity as soon as possible. They also get everyone on the same page for streamlining business processes, even in a degraded state.
After system integrity has returned to normal and the imminent security threat has been removed, businesses will want to analyze the attack and remediate any vulnerabilities. No matter how large or small, any type of breach or successful attack should be used to understand where the security posture can be improved. Compromised credentials are a significant root cause of modern data breaches.
Data breaches, ransomware infections, and other types of hacks are all too common for businesses today.
Stay Focused. Stay Vigilant.
Cyber Threat Incident Management Team — Cyber Security Community @ SLIIT