Cyber Bits · · 3 min read

Cyber Bits: June 3, 2024

Ticketmaster made the news this week with a breach potentially impacting 560 million customers, fake browser updates are spreading malware, a breach at the BBC is putting member's pensions at risk, Everbridge assessing the impact of a breach, and a mysterious botnet bricks 600,000 routers in 2023.

Cyber Bits: June 3, 2024

Ticketmaster made the news this week with a breach potentially impacting 560 million customers, fake browser updates are spreading malware, a breach at the BBC is putting member's pensions at risk, Everbridge assessing the impact of a breach, and a mysterious botnet bricks 600,000 routers in 2023.

Ticketmaster breach

Link: Bleeping Computer Bleeping Computer 404 Media

Ticketmaster has confirmed a data breach through a filing with the SEC, revealing that a third-party cloud database, believed to be managed by Snowflake, was compromised. This breach potentially affects 560 million customers, with sensitive data such as names, email addresses, phone numbers, and ticket information exposed. The hacking group ShinyHunters has been linked to this breach, as well as other recent attacks on companies like Santander. The stolen data is reportedly being sold on the dark web. Ticketmaster is cooperating with law enforcement and taking steps to mitigate risks​.

Fake browser updates spreading malware

Link: The Hacker News

Cybercriminals are using fake browser update notifications to spread BitRAT and Lumma Stealer malware. These attacks start with victims being redirected to a malicious website, which prompts them to download a bogus update from Discord. The downloaded ZIP file contains JavaScript that runs PowerShell scripts to download and execute the malware. BitRAT allows attackers to steal data, mine cryptocurrency, and control infected devices, while Lumma Stealer targets sensitive information from browsers and crypto wallets. This technique exploits trusted names to trick users and spread malware effectively.

To protect against fake browser update attacks delivering malware like BitRAT and Lumma Stealer, users should:

  1. Only download updates from official browser websites.
  2. Enable automatic updates to ensure browsers update themselves.
  3. Use reputable antivirus software to detect and block malicious downloads.
  4. Be cautious of unexpected update prompts, especially those redirecting to third-party sites.
  5. Regularly back up important data to minimize damage in case of infection.

BBC Breach Puts 25K Pension Scheme Members at Risk

Link: Dark Reading BBC

The BBC has disclosed a data breach affecting over 25,000 current and former members of its pension scheme. Detected on May 21, the breach involved unauthorized access to files hosted on a cloud-based service, exposing sensitive information such as names, national insurance numbers, dates of birth, gender, and home addresses. However, financial details and passwords were not compromised.

In response, the BBC has secured the affected database, notified relevant authorities, and offered impacted individuals two years of free credit monitoring services. The organization assures there is no evidence of the data being misused but advises vigilance against any unusual activities or communications. This incident follows previous security challenges faced by the BBC, highlighting ongoing risks in cybersecurity

Everbridge warns of corporate systems breach exposing business data

Link: Bleeping Computer

Everbridge, a crisis management and public warning software company, has disclosed a data breach involving unauthorized access to its corporate systems. The breach was detected on May 21 and originated from a phishing attack targeting employees. Compromised data includes business-related information, admin user contacts, and details about Everbridge services. The company has notified affected customers and is working with security experts to assess the impact. Everbridge will enforce multi-factor authentication for all accounts by June 3 to enhance security measures.

Malware botnet bricked 600,000 routers in mysterious 2023 attack

Link: Bleeping Computer

In a mysterious 2023 attack, the malware botnet "Pumpkin Eclipse" bricked 600,000 small office/home office (SOHO) routers, disrupting internet access for customers, primarily in the Midwest. This attack targeted a specific ISP and affected three router models: ActionTec T3200s, ActionTec T3260s, and Sagemcom F5380. The attackers likely used weak credentials or an unknown vulnerability to gain access. The incident forced affected users to replace their routers to restore service.

Read next

Cyber Bits: November 25
Cyber Bits ·

Cyber Bits: November 25

Welcome to this week's edition of Cyber Bits, where we cover the latest in malware campaigns, advanced persistent threats, data breaches, vulnerabilities in enterprise systems from Fortinet and Palo Alto, and the economic impact of cyberattacks. Here's what you need to know this week:

Cyber Bits: October 21
Cyber Bits ·

Cyber Bits: October 21

In this week's Cyber Bits, Internet Archive faces another breach, Microsoft sets up Azure tenant honeypots, ransomware attacks are using ESET's name, Microsoft may have lost some security logs, and North Korea is targeting companies looking for temporary IT workers.

Cyber Bits: October 14
Cyber Bits ·

Cyber Bits: October 14

In this weeks Cyber Bits, Microsoft deprecates VPN protocols, OpenAI confirms what everyone already knew about bad guys using ChatGPT for malware, SOC teams lament alert fatigue, qualified personnel gaps in cloud and cyber, and how to build cyber resilience for SMB's.