Here are the top security stories from recent weeks:
- Twitch Leak Exposes Personal Data
- Cox Media Group Confirms Ransomware Attack
- Xgroup Attackers Offer to Hack EU Hospitals in COVID-19 Vaccine Scam
- New Python Ransomware Targets VMware ESXi Servers, Encrypts Data in Under Three Hours
- The Telegraph Exposes 10 TB Database of Subscriber Info
On October 6, an attacker posted a 125 GB torrent of leaked data, including source code and business data, from video streaming platform Twitch. Subsequent reports indicate the leaked data also includes user personal data including addresses and passwords. The data seemed to have been obtained from one of Twitch’s internal GitHub repositories. Twitch has disclosed that the data was leaked due to an error in a server configuration change. The company has reset all stream keys.
American media conglomerate Cox Media Group has confirmed it was hit by a ransomware attack in June 2021. The company has sent data breach notification letters to over 800 individuals whose personal data is believed to have been impacted in the attack. Personal information exposed includes names, addresses, Social Security numbers, financial account numbers, health insurance and medical information, and user credentials. Cox Media Group took affected systems offline after the attack and said they did not pay a ransom demand.
New cybercrime group Xgroup is offering to add non-vaccinated people to the national COVID-19 vaccine registers feeding into EU databases. For $600 USD, victims can allegedly pay the group to hack into EU hospital databases and add the victim’s info to local hospital digital vaccination records. The scam’s goal is likely to trick victims into providing personal information; researchers could not find proof that Xgroup attackers can follow through with their claims. Researchers believe the attackers behind the scam are based in the U.S.
A new Python ransomware has been discovered targeting VMWare ESXi servers, taking less than three hours from initial breach to encryption, making it one of the fastest attacks. While Python is an unusual coding language for ransomware, the choice makes sense when targeting ESXi since Python is pre-installed on the Linux-based system. Targeting ESXi is also common as attackers can encrypt the shared virtual hard-drive storage used across VMs, compromising several VMs at one go.
The Telegraph, one of the UK’s largest newspaper and media outlets, has exposed 10 TB of data including internal logs, full subscriber names, email addresses, device info, URL requests, IP addresses, authentication tokens, and unique reader identifiers. Researchers have confirmed at least 1,200 unencrypted contacts were exposed. The newspaper took two days to secure the database but has claimed the leak affected less than 0.1% of its users. The exposure was due to an improperly secured database.