Hacks, Attacks and Breaches: 3/3/2021 to 3/9/2021
Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.
The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.
Exploit: Unsecured Server
CallX: Telemarketing Firm
Risk to Small Business: An unsecured AWS S3 bucket has been leaking information gathered by CallX, whose analytics services are utilized by a wide array of companies including LendingTree, Liberty Mutual Insurance and Vivint to improve their media buying and inbound marketing. Discovered by researchers, 114,000 files were left publicly accessibly in the leaky bucket. Most of these were audio recordings of phone conversations between CallX clients and their customers, which were being tracked by the firm’s marketing software. An additional 2000 transcripts of text chats were also viewable.
How it Could Affect Your Business: Information like this makes its way quickly to the bustling data markets and dumps on the dark web, seeding future trouble.
Exploit: Third-Party Breach (Ransomware)
Qualys: Cybersecurity & Cloud Development
Risk to Small Business: Qualys is the latest victim to have suffered a data breach after a zero-day vulnerability in their Accellion FTA server was exploited to steal hosted files. The Clop ransomware gang posted screenshots of files allegedly belonging to the cybersecurity firm including purchase orders, invoices, tax documents and scan reports.
How it Could Affect Your Business: It is especially damaging for a cybersecurity company to fall victim to something like ransomware. Unfortunately, this problem came through a third-party partner, but potential customers may see a cybersecurity firm that cannot protect itself.
PrismHR: Payroll Services
Risk to Small Business: A suspected ransomware attack has brought trouble to payroll giant Prism HR and its clients. PrismHR’s platform is experiencing a service outage as a result, which has led to smaller accountants, and their clients, to lose access to PrismHR’s customer portals.
How it Could Affect Your Business: Ransomware can strike anytime, anywhere and companies of any size are vulnerable. Smart companies take proper precautions like increased security awareness training.
Exploit: Nation-State Hacking
Microsoft: Software Developer
Risk to Business: Microsoft is reporting a that suspected Chinese nation-state actors have exploited a flaw in Exchange that has given them some access to data or email accounts. The company estimates that 30,000 or so customers were affected. This flaw impacts a broad range of customers, from small businesses to local and state governments and some military contractors. The hackers were able to steal emails and install malware to continue surveillance of their targets. Patches are available and should be installed immediately.
How it Could Affect Your Business: This is a tremendous problem for businesses of every size, and something that will be lingering for years for impacted organizations.