Here are the top security stories from recent weeks:
- T-Mobile Hacker Brute-Forced Way Through Company Network
- Boston Public Library Victim of Cyberattack that Resulted in System-wide Outage
- Ragnarok Ransomware Group Shuts Down, Releases Master Decryption Keys
- Microsoft Power Apps Portals Exposes 38 Million Sensitive Data Records
- Cloudflare Stops Largest Reported DDoS Attack
T-Mobile recently confirmed an attack where records belonging to 48.6 million individuals were stolen. T-Mobile CEO Mike Sievert stated the hacker gained access to test environments then brute-forced his way to other servers that held customer data. 21-year-old American John Binns has taken credit for the attack. T-Mobile says breach access points have been closed, and there is no ongoing risk to customer data. Stolen records included customers’ first and last names, birthdates, SSNs, and driver’s licenses.
The Boston Public Library (BPL), the third-largest U.S. public library, disclosed it was hit by a cyberattack that resulted in a system-wide outage. The outage impacted computers, printers, and all online library services requiring a login. The investigation is ongoing, and there has been no evidence yet that any employee or patron data was stolen.
The Ragnarok ransomware group appears to have shut down. In an apparently unplanned and rushed shutdown, their leak site has been wiped clean save for a text linking to the archive containing the master decryptor key and accompanying binaries. The site showed 12 victims before it was shut down. The Ragnarok gang appeared in January 2020 and is infamous for exploiting the since-patched Citrix ADC vulnerability (CVE-2019-19781).
Researchers at UpGuard Research have discovered Microsoft’s Power Apps portal was exposing sensitive data from 38 million records. Exposed data includes COVID-19 vaccination status, SSNs, and email addresses. The leak resulted due to unset customer configuration settings, allowing anonymous users free access to data. Initially, Microsoft did not consider the issue a vulnerability but a configuration issue. Microsoft has since released a tool to check Power Apps portals for leaky data and changed the tool’s default permissions to reduce the risk of misconfigurations.
Cloudflare says it stopped the largest reported DDoS attack in July. The attack, which resulted in 17.2 million requests per second, was three times larger than the previous largest attack. The attack originated from a botnet targeting a Cloudflare customer. Attack traffic came from more than 20,000 bots in 125 countries with a significant portion of the traffic originating from Indonesia, India, and Brazil, indicating many infected devices in those countries. Additionally, Cloudflare states they have seen an increase in Mirai-based DDoS attacks in the past weeks.