Discord support hack and Toyota location data leak
Discord announces data breach after support agent hack, Toyota exposes car location data of 2 million customers and the new Linux BPFDoor malware. Catch all this and more in this week’s edition of Cybersecurity Weekly.
1. Discord discloses data breach after support staff hack
Discord, a VoIP and instant messaging social platform with 150 million monthly active users, has announced a data breach resulting from the compromise of a third-party support agent’s account. The hack exposed the agent’s support ticket queue containing user email addresses, attachments and communications with Discord support. Although the company has disabled the compromised account and conducted malware scans on the affected device, users are advised to remain vigilant for suspicious activity.
2. Toyota breach exposes location data of 2 million customers for a decade
In a recent announcement, Toyota disclosed that the car location data of over two million Japanese customers was exposed online for a decade. The breach resulted from a cloud misconfiguration, leading to the leakage of sensitive information such as vehicle location and identification numbers. Toyota reassures that the data alone cannot identify individual car owners, and there is no evidence of unauthorized access. The incident follows previous data breaches at Toyota, including the accidental upload of source code and data exposure through its Italian distributor.
3. Researchers spot a new stealthier variant of BPFDoor Linux malware
Cybersecurity firm Deep Instinct has discovered a new and exceptionally stealthy variant of a Linux backdoor named BPFDoor. This previously undocumented malware, associated with the Chinese threat actor Red Menshen, is notorious for being difficult to detect. BPFDoor allows attackers to establish persistent remote access to compromised systems for extended periods. The latest version of BPFDoor incorporates advanced techniques such as encryption using a reverse shell and a static library for command-and-control communication.
4. Swiss multinational firm ABB falls victim to Black Basta ransomware
Swiss multinational company ABB has fallen victim to a ransomware attack, impacting its business operations. The attack by the Black Basta ransomware gang targeted ABB’s Windows Active Directory and affected numerous devices. ABB took swift action by terminating VPN connections with customers to prevent the ransomware from spreading further. The attack has caused disruptions, delaying projects and impacting factories.
5. New Cactus ransomware exploits VPN flaws to attack commercial firms
Security researchers have identified a new ransomware strain that exploits flaws in VPN applications to conduct big-scale attacks. Called Cactus, the ransomware has been active since March and employs unique tactics to avoid detection, including encrypting its own binary files. Cactus also engages in reconnaissance using various tools, steals data and threatens to publish it unless a ransom is paid. Protection measures include data exfiltration monitoring and applying timely software updates.