AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/17/2023

Samsung Data Breach: Hackers Steal Data of UK Customers 

Samsung has notified its customers in the United Kingdom that a data breach has exposed the personal information of thousands of individuals. The breach impacted customers who made purchases on the company’s UK online store between July 1, 2019, and June 30, 2020. The company discovered the breach on November 13, 2023, and determined that an unauthorized individual exploited a vulnerability in a third-party business application to access customer data. Samsung has not disclosed the identity of the hacker. 


APTs Swarm Zimbra Zero-Day to Steal Government Info Worldwide 

At least four separate cyberattack groups have used a former zero-day security vulnerability in the Zimbra Collaboration Suite (ZCS) to steal email data, user credentials, and authentication tokens from government organizations globally. ZCS is an email server, calendaring, and chat and video platform, used by “thousands” of companies and “hundreds of millions” of individuals, according to the Zimbra website. Its client organizations are as diverse as the Japan Advanced Institute of Science and Technology, Germany’s Max Planck Institute, and Gunung Sewu, a top business incubator in Southeast Asia. 


Fortinet warns of critical command injection bug in FortiSIEM 

Fortinet is alerting customers of a critical OS command injection vulnerability in FortiSIEM report server that could be exploited by remote, unauthenticated attackers to execute commands through specially crafted API requests. FortiSIEM (Security Information and Event Management) is a comprehensive cybersecurity solution that provides organizations with enhanced visibility and granular control over their security posture. It is used in businesses of all sizes in the healthcare, financial, retail, e-commerce, government, and public sectors. 


How much to clean up a ransomware infection? For Rackspace, about $11M 

Rackspace’s costs from last year’s ransomware infection continue to mount. The cloud hosting biz has told America’s financial watchdog, the SEC, its total expenses to date regarding that cyberattack have now reached about $11 million, though insurance has helped cover half of that. The extortionware raid on the IT provider, initially described as a “security incident,” hit Rackspace’s hosted Microsoft Exchange on December 2, 2022, shutting down email services to thousands of customers, most of whom were small and mid-sized businesses. 


Alarm system cyberattack leaves those in need struggling to call for help 

An alarm system company that allows those in need to ask for help at the touch of a button has suffered a cyberattack, causing serious disruption. Tunstall Netherlands says the attack left the control room struggling to receive distress calls from clients on Sunday November 12, 2023. Tunstall, among others, provides services and systems to allow smart monitoring in various healthcare settings. One of the services provides sick or disabled persons, and the elderly with an alarm button that can be used in case of an emergency. 


Toyota confirms breach after Medusa ransomware threatens to leak data 

Toyota Financial Services (TFS) has confirmed that it detected unauthorized access on some of its systems in Europe and Africa after Medusa ransomware claimed an attack on the company. Toyota Financial Services, a subsidiary of Toyota Motor Corporation, is a global entity with a presence in 90% of the markets where Toyota sells its cars, providing auto financing to its customers. Earlier today, the Medusa ransomware gang listed TFS to its data leak site on the dark web, demanding a payment of $8,000,000 to delete data allegedly stolen from the Japanese company. 

Related Posts