Here are the top security stories from recent weeks:
- Mercedes-Benz Discloses Breach Exposing Customer Information
- Supermarket Chain Wegmans Exposes Customer Data Due to Misconfigured Cloud Databases
- City of Tulsa Suffers Ransomware Attack, Warns Residents of Personal Data Exposure
- Software Tool Vendor Atlassian Patches One-Click Account Takeover Vulnerabilities
- Nobelium Threat Actors Accessed Microsoft Customer Support Computers
German luxury car maker Mercedes-Benz disclosed a breach that exposed sensitive personal information of some customers and potential customers due to an unsecured cloud storage platform. While the company says less 1,000 individuals are affected, the breach exposed credit scores, drivers license numbers, social security numbers, credit card numbers, and dates of birth. Mercedes-Benz was notified of the breach by a vendor after a third-party security researcher discovered the improperly secured data.
U.S. supermarket chain Wegmans Food Markets notified customers of exposed customer data due to two misconfigured cloud databases allowing public access to the data. Wegmans was notified of the issue by a third-party security researcher in mid-April, but it is not clear how long the databases were open to public access. Database information exposed included customer names, addresses, phone numbers, birth dates, email addresses, and salted and hashed passwords. The breach could be related to an earlier series of credential-stuffing attacks on Wegmans on March 31. The company has forced a password reset on all affected accounts.
The city of Tulsa, Oklahoma suffered a ransomware attack in May that resulted in the city shutting down its network to prevent the ransomware from spreading. Tulsa’s online billing system, utility billing, email, and websites were affected. Recently, Conti Ransomware gang claimed responsibility for the attack and published 18,938 files, mainly composed of police citations. Tulsa warned residents to be aware of identity thefts using the exposed personal identifiable information (PII), which included name, date of birth, address, and driver’s license numbers.
Atlassian, the maker of issue tracking tool Jira and team collaboration platform Confluence, has patched vulnerabilities that could allow an attacker to enable one-click account takeovers in Atlassian-owned websites. The vulnerabilities discovered by Check Point Research (CPR) could allow cross-site scripting, cross-site request forgery, and one-click account takeovers in Atlassian subdomains including those used for partners, developers, support, Jira, and Confluence. Researchers said an attacker could have used these vulnerabilities to take over accounts and gain control over Atlassian applications for account hijacking, data theft, performing actions on behalf of an user, and obtaining access to Jira tickets in supply-chain based attacks.