Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Alert. Show all posts

Parent Company of Vans Alerts 35.5 Million Customers Following Data Breach

 

VF Corporation, the parent company of popular brands like Vans and North Face, has confirmed a significant data breach that occurred in December, affecting approximately 35.5 million of its customers. 

The breach exposed sensitive information including email addresses, names, phone numbers, billing and shipping addresses. Additionally, details regarding payment methods, order history, and total order value were compromised in certain instances.

While VF Corporation reassured customers that bank account and credit card information were not accessed by fraudsters, concerns remain about potential identity theft, phishing, and other fraudulent activities that could stem from the breach, depending on the specific personal data exposed. Despite this, the company stated that there is "no evidence" suggesting illicit use of compromised personal information such as phone numbers, emails, addresses, or names.

The disclosure of the breach came a month after its detection on December 13, with VF Corporation acknowledging the disruption to its business operations and the impact on its ability to serve customers. Though the company did not explicitly label the incident as ransomware in its regulatory filings, the nature of the attack, involving encryption of IT systems and data theft, bears similarities to such attacks.

While VF Corporation disclosed the breach concurrently with recommendations from the U.S. Securities and Exchange Commission regarding data breach disclosures, concerns persist about the effectiveness of existing cybersecurity regulations in the United States. 

Research from George Mason University and the University of Minnesota suggests that breach notification laws (BNLs), which require businesses to inform customers of data compromises, have not been effective in reducing the frequency of data breaches. Despite these laws being enacted by all 50 states, the study found no significant decline in data misuse following breaches, regardless of various factors such as duration, types of breaches, and affected companies.

Google TAG Alerts on Rising Heliconia Exploit Framework for RCE

 

The Threat Analysis Group (TAG) at Google has discovered Heliconia, a cyberattack framework designed to exploit zero-day and n-day security flaws in Chrome, Firefox, and Microsoft Defender. It is likely linked to Variston IT, a gray-market spyware broker, demonstrating how this shadowy sector is thriving. The Heliconia threat is made up of three modules:
  • Heliconia Noise for compromising the Chrome browser, escaping the sandbox, and installing malware;
  • Heliconia Soft, a Web framework that deploys a PDF containing a Windows Defender exploit for CVE-2021-42298 that allows privilege escalation to SYSTEM and remote code execution (RCE);
  • And the Heliconia Files package which contains a fully documented Firefox exploit chain for Windows and Linux, including CVE-2022-26485 for RCE.
The threat was discovered after TAG received an anonymous submission to the Chrome bug reporting program. Further investigation revealed that the Heliconia framework's source code includes a script that refers to Variston IT, a Barcelona-based company that claims to provide "custom security solutions."

Commercial spyware is frequently sold by organizations claiming to be legitimate businesses for "law enforcement use." According to a TAG posting on Wednesday, mounting evidence shows that too often, these brokers don't vet their clients, "putting advanced surveillance capabilities in the hands of governments who use them to spy on journalists, human rights activists, political opposition, and dissidents.

Researchers noted that Variston IT is firmly in the middle of this rapidly expanding market, which has seen sanctioning by the US and others against organizations such as the infamous NSO Group, creators of the Pegasus spyware.

HHS Warns, Karakurt Ransomware Group Targeting Healthcare Providers

 

The US Department of Health and Human Services Cybersecurity Coordination Center (HC3) recently issued a warning about rising Karakurt activities against the healthcare centre. The department has now issued a new warning about Evil Corp attacks. 

According to the alert, Evil Corp is supposedly obtaining intellectual property from the United States healthcare sector on behalf of the Russian government. Evil Corp's Dridex trojan is competent in compromising the confidentiality and accessibility of operational systems and data, including financial and health data. 

The threat actor has constantly changed its tactics in order to avoid sanctions imposed by the US government, causing millions of dollars in damage.

Evil Corp has a plethora of tools and techniques at its disposal, which are frequently combined with commodity malware and off-the-grid tactics. Furthermore, HC3 is concerned because nation-state-sponsored threat actors, such as Evil Corp, see data exfiltration as a cost-effective way to steal intellectual property. 

In addition to the aforementioned, Evil Corp makes no distinction between large and small organisations, preferring to target wherever there is an opportunity. Karakurt has at least compromised an assisted living facility, a healthcare provider, a hospital, and a dental clinic, according to HC3. The group even transformed its leak site into a searchable database, making it easier to locate victims.

The healthcare sector has long been a favourite target of cybercriminals, and this has only increased since the pandemic's onslaught. On a regular basis, various threat groups target the sector. As a result, putting in place the necessary security measures is advised.