American Airlines hack, $160 million Wintermute heist, 2K and Rockstar attacks

American Airlines hack, 0 million Wintermute heist, 2K and Rockstar attacks

American Airlines announces breach of customer and employee information

On Tuesday, American Airlines indicated that “a very small number of customer and employee personal information” was compromised in a data breach. The aviation giant confirmed that the source of the incident was a phishing attack that resulted in the compromise of “a limited number of mailboxes for team members.” On Friday, American Airlines sent a notification letter to affected customers offering two years of Experian identity theft protection.

(IT Security Guru)

Crypto market maker hacked for $160 million

On Tuesday, crypto market-making firm Wintermute said the firm remains solvent despite being hacked for 90 assets worth $160 million. Wintermute’s CEO, Evgeny Gaevoy, said on Twitter that the money was related to its DeFi operations and that its centralized exchange and over-the-counter offering were not affected. Interestingly, Gaevoy said the firm was open to treating the incident as a white hat hack and would allow the hacker to keep some of the money as a bug bounty, if they returned the rest.

(The block)

2K and Rockstar fall victim to cyber attacks

Hackers have compromised the support system of 2K, the American video game company that publishes popular game franchises, including NBA 2K, Borderlands and WWE 2K, among others. On Tuesday, the attackers began using access to 2K’s Zendesk ticketing system to send support tickets to players. Ticket alerts were then followed by emails containing attachments masking a new game launcher. Instead, the file contains the widely used RedLine password stealer malware, the same malware discovered last week targeting gamers on YouTube. Anyone who downloaded the 2K launcher is encouraged to scan their computer with anti-virus software, remove any detected malware, and change passwords for frequently visited websites.

See also  Companies need to up their cyber security game while complying with CERT-In norms

Another game maker, Rockstar Games, was breached over the weekend. In what appears to be a twist of irony, the maker of Grand Theft Auto had its data stolen by the hackers. The hackers started leaking videos of the unreleased game and source code files for both GTA V and GTA VI. Although it is unclear whether the attacks are related, both Rockstar Games and 2K are subsidiaries of Take-Two Interactive, one of the largest game publishers in America and Europe.

(Blueing computer)

Thanks to today’s episode sponsor, 6klikk

The 6clicks GRC solution comes with a fully integrated content library full of hundreds of standards, assessment templates, libraries, playbooks and more. With the content library included in every 6clicks license, organizations can get started with their GRC implementation faster than ever before. For more information visit 6clicks.com/cisoseries.

FTC chairman ‘extremely disturbed’ by whistleblower Twitter allegations

FTC Chairman Lina Khan said Tuesday that she was “extremely disturbed” by cyber expert and Twitter whistleblower Peiter “Mudge” Zatko’s allegations alleging Twitter’s security practices. Khan expressed concern about Mudge’s claim that Twitter withheld information from the FTC during interviews aimed at enforcing the regulator’s 2011 consent decree. Khan said during a Senate hearing: “There has certainly been a problem with companies treating FTC orders as proposals . We have a program underway to really tighten it up.”

(Market Watch)

Revolut verifies user data that is exposed to cyber attacks

Revolut has confirmed that an “unauthorized third party” accessed the data of approximately 50,000 of its customers. Revolut, which has a banking license in Lithuania, discovered the malicious access late on September 10 and isolated the attack the next morning. According to Revolut’s breach disclosure, hackers used social engineering to access a database containing partial card payment data, along with customers’ names, addresses, email addresses and phone numbers. Revolut also warned that the breach appears to have triggered a phishing campaign. As a precaution, Revolut has also formed a dedicated task force to monitor customer accounts and data.

See also  Axie Infinity is toxic to cryptogaming

(TechCrunch)

Critical vulnerability in Oracle Cloud allowed unauthorized access

On Tuesday, Oracle published an advisory outlining a new vulnerability in Oracle Cloud Infrastructure (OCI) that leads to unauthorized access to cloud storage volumes for all users. The flaw, called AttachMe, was discovered by researchers at Wiz in June. Oracle claims to have fixed the bug for all OCI customers within 24 hours of being notified by Wiz, with no customer action required. However, researchers point out that before it was patched, all OCI customers could have been exposed to sensitive data exfiltration or other destructive attacks.

(Infosecurity Magazine)

Indonesia adopts long-awaited data protection measures

On Tuesday, Indonesia’s parliament passed a new data protection law. The bill’s harshest penalties include 2% of a company’s annual revenue and up to six years in prison for falsifying personal information for personal gain. The bill’s passage comes after a series of data leaks and investigations into organizations including a state insurance company, telecom company and a public utility for a contact-tracing COVID-19 app that exposed President Joko Widodo’s vaccination records.

(Reuters)

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *