Breach Notification, Cybercrime, Fraud Management & Cybercrime
Related article: Yakult Australia admits to having experienced a ‘cybersecurity incident’
Prajeet Nair (@prajeetspeaks) •
December 28, 2023
Each week, Information Security Media Group compiles cybersecurity incidents and breaches from around the world. This week, property company Wealth Network’s breach exposed 1.5 billion records, Corewell Health patients suffered second breach, Loancare’s data on 1.3 million mortgage customers exposed, Yakult Australia admitted to experiencing a “cybersecurity incident” that exposed 95 gigabytes. Massive data leaks, pro-Palestinian organizations leak Israeli customer databases, and stealth his backdoor Android/Xamalicious is actively infecting devices.
Real estate asset network data breach
According to the security researcher who discovered the vulnerability, an insecure database linked to the Real Estate Wealth Network exposed 1.5 billion records, including real estate details, financial data, and even internal user logs.
Jeremiah Fowler, a researcher at security services firm Security Discovery, said in a report that the database, which belongs to a New York-based real estate wealth network, was quickly secured after Fowler’s responsible disclosure notice. Ta.
Celebrity data such as addresses and purchase details may be accessible, but the full extent of exposure remains unclear.
Fowler said: “When a celebrity’s home address is published online, it can pose potential risks, including threats to safety and invasion of privacy. “They may face stalking and harassment by individuals who have a criminal record.”
Second data breach affects 1 million Corewell Health patients
Unidentified attackers compromised the data of more than 1 million Corewell Health patients in Michigan in a separate data breach. HealthEC, a vendor servicing Corewell’s southeast Michigan facilities, disclosed that certain systems were accessed by an unauthorized user.
Corewell has suffered its second data breach in recent months. Last month, the health system disclosed a breach involving Welltok Inc., a contract software company that provides communications services. This breach affected his 1 million people.
The unidentified attackers accessed certain files from July 14th to July 23rd, resulting in information such as names, addresses, dates of birth, social security numbers, tax ID numbers, medical records numbers, diagnoses, and mental health information. -Files and information containing medical information, including physical health information, were copied. Condition, prescription information, provider name and location.
Other compromised customer health insurance information includes beneficiary numbers, enrollee numbers, Medicaid/Medicare IDs, as well as billing and billing information.
HEC said it notified its customers, including Corewell Health, and worked with them to provide information to potentially affected individuals. The company said its business partners affected by this event include HonorHealth and its TennCare division in Tennessee.
LoanCare notifies 1.3 million customers of incident
Mortgage sub-servicing company LoanCare LLC announced it is notifying more than 1.3 million homeowners of a potential data breach resulting from a cyberattack on its parent company, Fidelity National Financial.
The breach, discovered on Nov. 19, exposed personal information including names, addresses, social security numbers and mortgage numbers. LoanCare said it has not seen any data abuse so far, but offered 24 months of free ID monitoring through Kroll.
“Our investigation revealed that an unauthorized third party had leaked data from certain FNF systems. As part of our investigation into potentially affected data, LoanCare has confirmed that this data contains your personal information. “We have identified that some of these may be included,” the notification states.
In its data breach notification letter, LawnCare said FNF has begun an investigation with third-party experts, provided information to certain law enforcement and government authorities, and taken steps to assess and contain the breach. FNF had the incident under control by November 26th and operations were restored by December 6th.
Yakult Australia admits “cybersecurity incident”
Yakult, the famous manufacturer of probiotic milk drinks, announced that it is investigating a “cyber incident” that affected IT systems in Australia and New Zealand, according to an official release on its website.
Approximately 95GB of data was stolen in the mid-December hack and later leaked to the dark web. The amount of data posted online and the specific nature of the compromised information remain unclear.
Yakult Australia director David Whatley told 9news.com.au on Christmas Day that the company had discovered that the attackers had published at least some of the claimed data on a dark web forum.
Whatley did not provide specific details about the stolen data, but said the incident was under investigation. “We are working with our cybersecurity experts to confirm the scope of the incident and identify the data that was accessed,” he said.
BleepingComputer analyzed leaked data dumped by hacker group DragonForce on its leak site and found that the data included various business documents, spreadsheets, credit applications, employee records and passports submitted to Yakult Australia. It was discovered that the photo contained a copy of the person’s ID.
Pro-Palestinian group leaks Israeli company database
The pro-Palestinian organization Cyber Toufan announced that it had successfully extracted a database of Mitronics customers and distributors in Israel and released a sample of this data.
The group said Maytronics is an Israeli company and a world leader in the swimming pool industry. The company offers a variety of robotic pool cleaners, pool safety products, and mineral-based water treatment technologies. The company operates his five subsidiaries around the world and has global partners and over 100 distributors in 65 countries on five continents.
“We have leaked part of the company’s database, which contains customers and distributors and their details. We will continue to attack your industrial interests as you continue to kill your industrial interests,” the group posted on its official Telegram. channel.
As of this writing, Maytronics’ official website remained inaccessible.
Stealth backdoor “Android/Xamalicious” that actively infects devices
Researchers from the McAfee Mobile Research Team have uncovered Android/Xamalicious, an Android backdoor that leverages Xamarin, an open source framework built by Microsoft used to create mobile and desktop applications.
Since mid-2020, this malware leverages social engineering to gain accessibility privileges. A second stage payload is downloaded after communicating with the command and control server, providing full device control against fraudulent activities such as ad clicks and unauthorized app installations.
The link to ad fraud app Cash Magnet suggests a financial motive. The Xamarin framework uses APK file packing and obfuscation techniques to enable stealth. Although Google Play has removed the identified apps, the threat still exists and over 327,000 devices worldwide could be at risk.
The use of non-Java code frameworks such as Xamarin poses security challenges and allows malware authors to hide their activities and evade detection.
Researchers advise users to be wary of apps that require unnecessary accessibility services, as the second-stage payload gains control through granted permissions.