Cyber security update, October

SoftwareOne believes there is a need for additional information when it comes to cyber security, as organisations have made it clear that investment in a proper security strategy is paramount. SoftwareOne’s monthly “Cyber security update” provides information on the most recent threats, the latest breaches and how to react to them in order to stay on top of malware and ransomware threats.

Latest security breaches

Irish Police database hacked: 500K records exposed

A significant data breach has exposed the personal information of over 500,000 people from the Irish National Police database. The breach includes names, addresses, phone numbers, and email addresses. It is not yet clear how the breach occurred, but the Irish National Police is investigating.

Data breach exposes 500K Irish Police vehicle seizure records

A data leak has exposed the vehicle seizure records of over 500,000 people in Ireland. The leak occurred from a contractor database that was used by the Irish National Police. The leak includes the names, addresses, and vehicle registration numbers of people who have had their vehicles seized by the police.

Pizza Hut Australia suffers from data breach, impacting 190K customers

Pizza Hut Australia has announced that it has suffered a data breach. The breach impacted over 190,000 customers. The company says that the breach exposed names, email addresses, and phone numbers. It is not yet clear how the breach occurred, but Pizza Hut Australia is investigating.

Air Canada data breach: ransomware group threatens to release 210 GB of data

The BianLian ransomware group has threatened to release 210 GB of data stolen from Air Canada. The group says that the data includes customer names, passport numbers, and credit card information. Air Canada has confirmed the breach and says that it is working with law enforcement to investigate.

23andMe data breach: over 4 million ancestral profiles exposed

In a major data breach, over 4 million 23andMe customers have had their ancestral information leaked. The hacker, known as Golem, previously leaked a sample of user data from the genetic testing company. This time, Golem has released a much larger dataset, and has hinted at more leaks to come. This breach raises serious concerns about the security of genetic testing data. 23andMe is one of the leading direct-to-consumer genetic testing companies.

Cyber security intelligence

Treat actors exploiting Atlassian Confluence vulnerability for initial access to networks

Threat actors are actively exploiting a vulnerability in Atlassian Confluence (CVE-2023-22515) to gain initial access to networks. The vulnerability allows attackers to execute arbitrary code on vulnerable systems. Atlassian has released a patch for the vulnerability, and users are urged to update their Confluence installations as soon as possible.

The AvosLocker ransomware group has released an updated version of its ransomware. The new version includes a number of new features, including the ability to encrypt data on Linux and macOS systems. The AvosLocker ransomware group is also targeting a wider range of organisations, including government agencies and healthcare providers.

Hot topic of the month: Cyber Security Awareness Month

Mitigating ransomware threats

Published recently by the Cybersecurity and Infrastructure Security Agency (CISA), their new StopRansomware Guide is a resource developed by the Cybersecurity and Infrastructure Security Agency (CISA) to help organisations protect themselves from ransomware attacks. The guide provides information on how to identify and mitigate ransomware threats, as well as how to recover from a ransomware attack.