Every week, Information Security Media Group aggregates cybersecurity incidents and breaches from around the world. This week, a breach at real estate firm Wealth Network exposed 1. 5 billion records, Corewell Health patients suffered a second breach, the data of 1. 3 million LoanCare loan customers was exposed, and Yakult Australia admitted to suffering a “cybersecurity incident” that exposed 95 gigathroughtes. A pro-Palestinian organization leaked a knowledge base of Israeli consumers and the stealthy Android/Xamalicious backdoor is actively infecting the devices.
See Also: OnDemand | Overcoming the Limitations of Addressing Insider Threat in Banking: Real Solutions for Real Security Challenges
An unsecured knowledge base connected to the Real Estate Wealth Network exposed 1. 5 billion records, aggregating asset details, monetary knowledge and even internal user records, according to the security researcher who discovered the vulnerability.
Researcher Jeremiah Fowler of security company Security Discovery said in a report that the database, owned by New York-based Real Estate Wealth Network, was temporarily secured after Fowler’s guilty disclosure notice.
Although data, addresses, and details of celebrity acquisitions can be accessed, the extent of the duration of the exhibition is still unclear.
An unidentified threat actor compromised the data of over 1 million Corewell Health patients in Michigan in another data breach. HealthEC, a vendor serving Corewell’s Southeast Michigan properties, disclosed that certain systems had been accessed by an unauthorized user.
Corewell suffered its second data breach in recent months. Last month, the company Fitness revealed a leak involving Welltok Inc. , a software-for-hire company that offers communications services. The breach affected 1 million people.
The unknown actor accessed express files from July 14 to July 23, resulting in the copying of the files and data, adding calls, addresses, dates of birth, Social Security numbers, tax identification numbers, medical record numbers, and medical data, adding diagnoses. , physical and intellectual fitness. Health status, prescription and call data, and provider location.
Other fitness insurance commitments to consumers include beneficiary number, subscriber number, Medicaid/Medicare ID, and billing and claims matrix.
HEC said it notified consumers like Corewell Health and collaborated to inform those potentially affected. The company said the business partners involved in this case are HonorHealth and the Tennessee State Department of TennCare.
Mortgage loan subservicer LoanCare LLC said it is notifying over 1.3 million homeowners about a potential data compromise during a cyberattack on parent company Fidelity National Financial.
The breach, discovered Nov. 19, exposed personal details, including names, addresses, Social Security numbers and mortgage loan numbers. While LoanCare said it has not seen any fraudulent use of the data so far, it offered 24 months of free identity monitoring through Kroll.
“The investigation concluded that an unauthorized third party extracted data from certain FNF systems. During the review of the potentially affected data, LoanCare discovered that some of your personal information may have been included in this data,” the notification letter states.
In a knowledge breach notification letter, LoanCare said FNF had opened an investigation with outside experts, expressly informed government and law enforcement authorities, and implemented measures to assess and implicate the breach. FNF closed the incident on November 26 and resumed operations on December 6.
Yakult, the famous maker of a probiotic dairy drink, said it was investigating a “cyber incident” that affected its computer systems in Australia and New Zealand, according to an official posted on its website.
The hack in mid-December resulted in the theft of approximately 95GB of data, which was subsequently leaked on the dark web. It remains unclear how much of the data was posted online or the specific nature of the compromised information.
David Whatley, director of Yakult Australia, told 9news. com. au on Christmas Day that he had discovered that the threatening actor had posted at least some of the claimed knowledge on his Dark Web forum.
Whatley did not provide specific details about the stolen data but said the incident is under investigation. “We are collaborating with our cybersecurity experts to ascertain the extent of the incident and identify the accessed data,” he said.
BleepingComputer said it analyzed knowledge leaked through the DragonForce hacker organization on its leak site and found that the knowledge contained business documents, spreadsheets, and credit programs sent to Yakult Australia, as well as worker records and copies of identity documents such as passports.
The pro-Palestinian organization Cyber Toufan said it had managed to leak Maytronics’ database of consumers and suppliers in Israel and publish a sample of that data.
The organization said Maytronics is a world-leading Israeli company in the swimming pool sector. The company offers a variety of robot pool cleaners, pool protection products, and mineral-based water treatment technologies. It operates five subsidiaries around the world and has global partners in 65 countries on five continents and more than one hundred distributors.
“We are leaking a part of database of the company. It contains their customers and distributors and their details. We are reminding you. We will keep striking your industrial interests, as you continuing killing our children,” the group posted on its official Telegram channel.
At the time of writing, the Maytronics official remained inaccessible.
Researchers at the McAfee Mobile Research Team unveiled the presence of Android/Xamalicious, an Android backdoor leveraging the Microsoft-built open-source framework Xamarin, used for creating mobile and desktop applications.
In the wild since mid-2020, this malware exploits social engineering to gain accessibility privileges. A second-stage payload is downloaded after communication with the command and server, offering complete on-device fraudulent activities such as clicks and unauthorized ones. app installs.
A login to the Cash Magnet ad fraud app suggests a monetary motive. The Xamarin framework allows stealthy techniques to compress and obfuscate APK files. Although Google Play has gotten rid of the known apps, the risk remains, potentially compromising more than 327,000 devices worldwide. .
Using non-Java code frameworks, such as Xamarin, poses a challenge in terms of security measures, as it allows malware authors to hide their activities and detection.
The researchers advise users to be wary of programs that require unnecessary accessibility services, as the payload of the second stage goes through the permissions granted.
Read more »
Sign in now
Complete your profile and stay informed
Contact Support
Log in now
Sign in now
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.