Canadian lender TMX Finance announced that they discovered a breach in the middle of February that had left their network exposed to unfettered access since December. In other cybersecurity news, more than a dozen internal law enforcement agencies teamed up to take down the infamous dark web forum Genesis Market.
Record encryption speeds observed in new ransomware variant
During the investigation of a cybersecurity incident, researchers identified a new ransomware variant that uses intermittent encryption to encrypt an entire system at record speeds. The variant, dubbed ‘Rorschach’, shares many similarities with DarkSide ransomware and even uses an identical ransom note, though without any branding or threat actor organization claiming responsibility. Along with DarkSide, Rorschach has also cherry-picked a variety of highly effective features from a number of other ransomware families like LockBit and Babuk.
Digital marketplace leaks 600k customer records
An unsecured database was recently found that contains more than 600,000 records belonging to customers of the digital marketplace, Z2U. Within the database was an alarming amount of sensitive purchase details, screenshots of passports and other ID cards, and even customer support dashboard information on customer interactions. Fortunately, the database was properly secured within days of being contacted by the researcher who initially discovered the breach.
Genesis Marketplace taken down by law enforcement
With the combined efforts of more than a dozen international law enforcement agencies, the dark web sales forum ‘Genesis Market’ was taken offline, and 120 individuals have been arrested globally. Genesis Market was used mainly for nefarious reasons and offered a wide variety of tools and services for stealing information, deploying malware, or selling stolen data. Having operated since 2018, it is unclear if the FBI was able to detain the actual site operators or if they just rounded up individuals who had been active users or sellers on the site.
TMX Finance breach exposes millions of customers
Officials for the Canadian lender, TMX Finance and its subsidiaries, have confirmed that unknown threat actors had breached their network in December and had unlimited access to many systems until being discovered on February 13th. The breach includes all stored personal and financial information of more than 4.8 million personal loan customers, including tax data, bank account information, and social security numbers. TMX has offered a year of identity monitoring services to all affected customers, though they should remain on alert for any suspicious activity, as the exposed data is extremely sensitive.
Western Digital suffers network breach
Over the weekend, staff at Western Digital were forced to take several of their critical servers offline in response to some unauthorized activity on the network. Many of their customers are facing outages and an inability to access any cloud-stored data but were reassured that Western Digital was working with law enforcement to investigate the intrusion and promptly restore services. The overall extent of the breach is still unclear and could have far-reaching implications throughout the supply chain.