Officials at the Costa Rican Social Security Fund (CCCS) discovered their systems were being encrypted by a Hive ransomware attack. Employees were told to disconnect their devices from the network to prevent any further spread of the infection. However, there isn’t a timeline for a return to normal work operations. Unfortunately, the Hive attack comes just weeks after the Conti ransomware group targeted a substantial portion of the Costa Rican government’s organizations, including the Social Security Fund.
Turkish airline compromises 6.5TB of internal data
Researchers have found a misconfigured Amazon Web Services (AWS) bucket belonging to an internally developed software by Pegasus Airlines, based in Turkey. The bucket contained nearly 6.5TB of sensitive customer and employee data, including flight plans and personally identifiable information (PII) that could be used to initiate further malicious attacks. Shortly after being contacted by the research team, the IT staff at Pegasus Airlines were able to properly secure the servers. However, it remains unclear if any malicious actors accessed the data while it was vulnerable.
International law enforcement operation takes control of FluBot
The combined efforts of several international law enforcement agencies and coordination by Europol have led to the takeover of the Android malware known as FluBot. Active since December 2020, FluBot has disguised itself as a wide variety of simple apps on the Google Play store. This form of malware has stolen the login credentials of its unsuspecting users and racked up millions of downloads.
Phishing campaign disguised as RuneScape account change email
Security researchers have identified a new phishing campaign that is disguising itself as an email regarding account changes from the publisher, MMORPG RuneScape, Jagex Ltd. The campaign is orchestrated to warn potential victims through email of account changes that require a user to enter their credentials to cancel or verify the change. Once collected, the credentials are transferred to a connected Discord server, where an attacker attempts to access and take total control of the account before the victim knows what is happening.
Third-party breach exposes Australian National Disability data
Staff of the client management system, CTARS, have revealed they suffered a data breach in mid-May that affected several clients, including the Australian National Disability Insurance Scheme (NDIS). While the company does acknowledge the breach, they have not been able to confirm if the data being posted to the Dark Web is legitimate or issued a statement in response to the breach.
