Ticketmaster made the news this week with a breach potentially impacting 560 million customers, fake browser updates are spreading malware, a breach at the BBC is putting member's pensions at risk, Everbridge assessing the impact of a breach, and a mysterious botnet bricks 600,000 routers in 2023.
Ticketmaster breach
Link: Bleeping Computer Bleeping Computer 404 Media
Ticketmaster has confirmed a data breach through a filing with the SEC, revealing that a third-party cloud database, believed to be managed by Snowflake, was compromised. This breach potentially affects 560 million customers, with sensitive data such as names, email addresses, phone numbers, and ticket information exposed. The hacking group ShinyHunters has been linked to this breach, as well as other recent attacks on companies like Santander. The stolen data is reportedly being sold on the dark web. Ticketmaster is cooperating with law enforcement and taking steps to mitigate risks.
Fake browser updates spreading malware
Link: The Hacker News
Cybercriminals are using fake browser update notifications to spread BitRAT and Lumma Stealer malware. These attacks start with victims being redirected to a malicious website, which prompts them to download a bogus update from Discord. The downloaded ZIP file contains JavaScript that runs PowerShell scripts to download and execute the malware. BitRAT allows attackers to steal data, mine cryptocurrency, and control infected devices, while Lumma Stealer targets sensitive information from browsers and crypto wallets. This technique exploits trusted names to trick users and spread malware effectively.
To protect against fake browser update attacks delivering malware like BitRAT and Lumma Stealer, users should:
- Only download updates from official browser websites.
- Enable automatic updates to ensure browsers update themselves.
- Use reputable antivirus software to detect and block malicious downloads.
- Be cautious of unexpected update prompts, especially those redirecting to third-party sites.
- Regularly back up important data to minimize damage in case of infection.
BBC Breach Puts 25K Pension Scheme Members at Risk
Link: Dark Reading BBC
The BBC has disclosed a data breach affecting over 25,000 current and former members of its pension scheme. Detected on May 21, the breach involved unauthorized access to files hosted on a cloud-based service, exposing sensitive information such as names, national insurance numbers, dates of birth, gender, and home addresses. However, financial details and passwords were not compromised.
In response, the BBC has secured the affected database, notified relevant authorities, and offered impacted individuals two years of free credit monitoring services. The organization assures there is no evidence of the data being misused but advises vigilance against any unusual activities or communications. This incident follows previous security challenges faced by the BBC, highlighting ongoing risks in cybersecurity
Everbridge warns of corporate systems breach exposing business data
Link: Bleeping Computer
Everbridge, a crisis management and public warning software company, has disclosed a data breach involving unauthorized access to its corporate systems. The breach was detected on May 21 and originated from a phishing attack targeting employees. Compromised data includes business-related information, admin user contacts, and details about Everbridge services. The company has notified affected customers and is working with security experts to assess the impact. Everbridge will enforce multi-factor authentication for all accounts by June 3 to enhance security measures.
Malware botnet bricked 600,000 routers in mysterious 2023 attack
Link: Bleeping Computer
In a mysterious 2023 attack, the malware botnet "Pumpkin Eclipse" bricked 600,000 small office/home office (SOHO) routers, disrupting internet access for customers, primarily in the Midwest. This attack targeted a specific ISP and affected three router models: ActionTec T3200s, ActionTec T3260s, and Sagemcom F5380. The attackers likely used weak credentials or an unknown vulnerability to gain access. The incident forced affected users to replace their routers to restore service.
