Thousands of Nissan customers have had their data stolen in cyberattack
In December 2023, Nissan Motor Corporation and Nissan Financial Services in Australia and New Zealand fell victim to a cyberattack, leading to the unauthorised access and theft of sensitive data belonging to approximately 100,000 individuals, as confirmed by the company. Nissan has initiated the process of informing those affected, comprising customers, both current and former employees, and certain dealers. Noteworthy is the inclusion of customers affiliated with Mitsubishi, Renault, Skyline, Infiniti, LDV, and RAM brands, as highlighted by the company's recent update on its website.
HSE suffers IT glitch that leaves data of more than one million people vulnerable to hackers
The HSE has acknowledged experiencing an IT malfunction that compromised the security surrounding vaccination records of over one million individuals. According to a spokesperson, the organisation inadvertently misconfigured a Covid-related database in December 2021, potentially exposing the details of these individuals to exploitation. Although the health body assures that no personal data was accessed by hackers or malicious entities, it did not initially report the incident to the Data Protection Commissioner (DPC). The DPC became aware of the data oversight through the Irish Independent this week and is presently scrutinising the matter. Should the DPC conclude that a data breach occurred, it may launch an investigation into the breach itself and the reasons behind the failure to issue a breach notice.
Keyloggers, spyware, and stealers dominate SMB malware detections
In 2023, Sophos reported that 50% of malware detections targeting SMBs consisted of keyloggers, spyware, and stealers—malicious software utilised by attackers to pilfer data and credentials.
Subsequently, attackers employ this pilfered information for unauthorised remote access, extortion, ransomware deployment, and other nefarious activities. The report also revealed that initial access brokers (IABs) are leveraging the dark web to advertise their expertise and services tailored towards breaching SMB networks or selling pre-compromised access to SMBs they've already penetrated.
ChatGPT Plugins Exposed to Critical Vulnerabilities, Risked User Data
New research has found that critical security vulnerabilities have been unearthed in ChatGPT plugins, putting users at risk of data breaches. These flaws could enable attackers to pilfer login credentials and exploit sensitive information on external websites. This research highlights the importance of promptly and regularly updating your plugins and only relying on extensions from reputable sources to safeguard against AI-driven cyber threats. Vulnerability scanning and attack surface management tools are good ways to curb the threat of new and existing vulnerabilities.
Windows SmartScreen Bypass Flaw Exploited to Drop DarkGate RAT
The operators of the DarkGate malware have been taking advantage of a previously unpatched flaw in Windows SmartScreen, using it to bypass security measures through a phishing campaign distributing counterfeit Microsoft software installers to spread the malicious code.
Earlier this year, security researchers identified a zero-day vulnerability known as CVE-2024-21412, which allowed bypassing the security feature of Internet Shortcut Files. Microsoft subsequently addressed this issue in its February Patch Tuesday updates. However, prior to the patch release, attackers such as Water Hydra had already exploited this vulnerability for malicious activities.
Remaining well-versed in the latest industry advancements remains paramount in combating cybercrime. Keeping abreast of pertinent news enables leaders to make informed decisions, pre-emptively adopt security measures, and adequately fortify their organisations against cyberattacks.
Maintaining a vigilant approach, embracing optimal practices, and harnessing state-of-the-art technologies are all pivotal elements in shaping a secure digital landscape for the future.