AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/15/2023

Auckland transport authority hit by suspected ransomware attack 

The Auckland Transport (AT) transportation authority in New Zealand is dealing with a widespread outage caused by a cyber incident, impacting a wide range of customer services. AT is the government-owned regional transportation authority in the Auckland region, responsible for public transport through ferries, busses, and trains and for designing and building roads and other infrastructure. The company has announced today that it’s experiencing issues with its HOP services (integrated ticketing and fares system) as a cyber incident has impacted parts of its network. 


MGM, Caesars File SEC Disclosures on Cybersecurity Incidents 

MGM Resorts and Caesars Entertainment have both filed required disclosures of cyber incidents to the Security and Exchange Commission (SEC) following ransomware attacks on their casino empires. The SEC passed new rules last March requiring publicly traded companies to report “material” cybersecurity incidents to the regulator within four days. Caesars’ SEC filing, dated Sept. 14, acknowledges an unauthorized actor exfiltrated a copy of the company’s loyalty program database on Sept. 7, which included sensitive data like Social Security and drivers license numbers on a “significant” number of members. 


Pirated Software Likely Cause of Airbus Breach 

A major data breach at Airbus revealed earlier this week stemmed from a RedLine info-stealer likely hidden in a pirated copy of Microsoft software, according to researchers. The European aerospace giant said it has launched an investigation into the incident. “As a major high-tech and industrial player, Airbus is also a target for malicious actors,” it noted in a statement. “Airbus takes cybersecurity seriously and continuously monitors activities on its IT systems, has solid protection tools, skilled cyber experts and associated processes to protect the company by taking immediate and appropriate measures as and when needed.” 


Google settles with California for $93M over location privacy allegations 

Google will pay $93 million in a proposed deal with the California attorney general’s office to settle allegations that the tech giant deceived users about how it used their location data, the state announced Thursday. In addition to the $93 million settlement, Google has agreed to show additional information to users about enabling location-related account settings and more transparency about location tracking. In the complaint filed along with the proposed stipulated judgment, California Attorney General Rob Bonta (D) alleged that Google misled users about how it collected, stored and used a person’s location data, according to a copy of the announcement first shared with The Hill.  


Shell Says Australian Unit BG Group Hit by MOVEit Cybersecurity Breach 

Shell Plc said on Friday that it has identified a cybersecurity incident involving some employees who worked with the company’s unit BG Group in Australia before the merger, becoming the latest victim of the MOVEit hack. A number of businesses globally have lately been affected by a cybersecurity breach on the software tool MOVEit that is typically used to transfer large amounts of often sensitive data including pension information and social security numbers. 


Greater Manchester Police ransomware attack another classic demo of supply chain challenges 

The UK’s Greater Manchester Police (GMP) has admitted that crooks have got their mitts on some of its data after a third-party supplier responsible for ID badges was attacked. According to the Manchester Evening News the stolen data included the names and pictures of police officers held by the supplier for use on thousands of ID badges. Assistant Chief Constable Colin McFarlane of Greater Manchester Police (GMP) said: “We are aware of a ransomware attack affecting a third-party supplier of various UK organizations, including GMP, which holds some information on those employed by GMP.” 

Related Posts