[Security News] Data breach from ANY.RUN, Neiman, TEG, and CSAT
July 03, 2024
1. ANY.RUN Cyber Attack: Employee Email Address Hacked – Cyber Security News
A leading cybersecurity company has become the latest victim of a sophisticated phishing attack. The attacks have originated since late May, when an unsuspecting ANY.RUN sales team employee received a seemingly innocuous email from a trusted client. The full extent of the breach became apparent on June 18, when the attacker launched a large-scale phishing campaign using the compromised employee’s account. ANY.RUN’s response was swift. Within minutes of detecting the unauthorized activity, the company disabled the compromised account, reset affected credentials, and revoked active sessions. This incident is a stark reminder that even cybersecurity companies are not immune to sophisticated attacks.
Source : Cyber Security News, The Cyber Express, SC Media
2. Neiman Marcus confirms data breach after Snowflake account hack
Luxury retailer Neiman Marcus confirmed it suffered a data breach after hackers attempted to sell the company’s database stolen in recent Snowflake data theft attacks. An investigation showed that the hacker had gained access to information such as name, contact data, date of birth, and Neiman Marcus or Bergdorf Goodman gift card number. In a data breach notification filed with the Office of the Maine Attorney General, the company says that the breach impacted 64,472 people. Neiman Marcus said they disabled access to the database platform when the breach was detected, investigated with cybersecurity experts, and notified law enforcement.
Source : Bleeping Computer, Security Week, The Cyber Express, Dark Reading
3. Hacker Claims Theft of 30M User Records From Australia Ticketing Company TEG
Ticketek Entertainment Group (TEG) announced that user account information had been compromised after hackers accessed a database stored on a cloud-based platform. No details regarding the cloud-based platform were provided by Ticketek but parent firm TEG was found to have partnered with Snowflake, which has recently been embroiled in a breach that compromised nearly 165 customers, including Santander Bank, Ticketmaster, LendingTree, Advance Auto Parts, and the Los Angeles Unified School District. Snowflake, which has attributed the sweeping hacking operation to the lack of multi-factor authentication on customer environments, did not confirm nor deny having TEG or Ticketek among its customer base.
Sources: Tech Radar, SC Media, Security Week, Hack Read
4. Chemical facilities warned of possible data theft in CISA CSAT breach
CISA warned chemical facilities that its Chemical Security Assessment Tool (CSAT) environment was compromised in January. The attackers may have been able to access sensitive and confidential material relating to facility security assessments after abusing an Ivanti device to plant a webshell. It has now been confirmed by CISA that a threat actor installed a webshell on the Ivanti Connect Secure device to maintain access, which the attacker then exploited multiple times over two days by abusing three vulnerabilities tracked as CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893. While CISA would not share details about the incident, The Record’s sources said it was the Infrastructure Protection (IP) Gateway and Chemical Security Assessment Tool (CSAT).
Sources: Bleeping Computer, Vulnera, Security Affairs, Tech Radar, The Cyber Express
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Database Encryption: D’Amo
Identity and Access Management: iSIGN+
Car, Energy, Factory, City Solutions: Penta IoT Security
Click here for inquiries regarding the partner system of Penta Security
Check out the product lines of Cloudbric by Penta Security:
Cloud-based Fully Managed WAAP: Cloudbric WAF+
Agent based Zero Trust Network Access Solution: Cloudbric PAS
Agentless Zero Trust Network Access Solution: Cloudbric RAS
Blockchain: Blockchain Security Solution
Click here for inquiries regarding the partner system of Cloudbric