AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 7/15/2024

Banks in Singapore to phase out one-time passwords in 3 months

The Monetary Authority of Singapore (MAS) has announced a new requirement impacting all major retail banks in the country to phase out the use of one-time passwords (OTPs) within the next three months. This initiative was agreed upon between the government and the Association of Banks in Singapore (ABS) to protect consumers against phishing and other scams. “The use of OTP was introduced in the 2000s as a multi-factor authentication option to strengthen online security,” reads the MAS announcement.

 

AT&T Paid a Hacker $370,000 to Delete Stolen Phone Records

US telecom giant AT&T, which disclosed Friday that hackers had stolen the call records for tens of millions of its customers, paid a member of the hacking team more than $300,000 to delete the data and provide a video demonstrating proof of deletion. The hacker, who is part of the notorious ShinyHunters hacking group that has stolen data from a number of victims through unsecured Snowflake cloud storage accounts, tells WIRED that AT&T paid the ransom in May. He provided the address for the cryptocurrency wallet that sent the currency to him, as well as the address that received it. WIRED confirmed, through an online blockchain tracking tool, that a payment transaction occurred on May 17 in the amount of 5.7 bitcoin. 

 

Pharmacy Giant Rite Aid Hit By Ransomware

Rite Aid has become the latest high street name to fall victim to ransomware actors, after it revealed a “limited” cybersecurity incident took place last month. A statement from the firm said it was “finalizing” the incident response investigation.  “Together with our third-party cybersecurity partner experts, we have restored our systems and are fully operational,” Rite Aid said. “We take our obligation to safeguard personal information very seriously, and this incident has been a top priority. We appreciate your patience until we can provide additional information.”

 

Disney’s Internal Slack Breached? NullBulge Leaks 1.1 TiB of Data

A self-proclaimed hacktivist group named NullBulge, aiming to “protect artists’ rights and ensure fair compensation for their work,” claims to have breached Disney and leaked 1.1 TiB (1.2 TB) of the company’s internal Slack infrastructure. These claims were posted on the notorious cybercrime and hacker platform Breach Forums on July 12, 2024. The breach, which is yet to be verified, allegedly contains a complete copy of the company’s Slack communications used by their development team including messages, files, and other data exchanged within the Slack workspace. The hackers further claim the dump includes “almost 10,000 channels, every message and file possible, unreleased projects, raw images, code, logins, links to internal API/web pages, and more!”

 

1.4 GB of NSA Data Leaked – Phone Numbers, Email Addresss & More Classified Data Exposed Online

Researchers from Cyber Press, who reported a massive Twitter data leak today, found another data leak online. This time, cybercriminals exposed a file with 1.4 GB of leaked data from the National Security Agency (NSA). The data, which includes sensitive and classified information, is posted in a well-known data breach forum. The leaked data reportedly contains sensitive information, including internal communications, classified documents, and personal data of NSA employees.

Related Posts