JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
A server hack exposes the data of 10 million JD Sports customers, a massive ransomware campaign exploits VMware bug targeting ESXi servers and the stealthy HeadCrab malware. Catch all this and more in this week’s edition of Cybersecurity Weekly.
1. JD Sports reveals data of 10 million customers was accessed in a cyber attack
British sports apparel chain JD Sports has reported a data breach that has affected more than 10 million customers. The breach occurred after a server containing online order information for customers was hacked. Information accessed during the breach may include email addresses, names, phone numbers, the last four digits of payment cards, order details and billing addresses. The company said it proactively contacted the affected parties and urged all customers to remain vigilant for fraud and phishing attacks.
2. Massive ransomware campaign exploits VMware bug to target ESXi servers
CERT-FR has warned about a large ransomware campaign that’s targeting VMware ESXi hypervisors across the globe. The attack targets a heap-overflow weakness in VMware ESXi to deploy a new ESXIArgs ransomware. Tracked as CVD-2021-21974, the vulnerability was first reported in February 2021 and patches were made available for it in VMWare’s security advisory. CERT-FR recommends applying the patches as directed in the advisory and deactivating the SLP service on ESXI servers yet to be updated.
3. Stealthy HeadCrab malware infects 1,200 Redis servers
A new malware has infected over 1,200 Redis database servers worldwide since September 2021, and another 2,800 servers remain at high risk of exploitation, according to Aqua Nautilus security researchers. The malware, which they’re calling HeadCrab, is designed to evade detection by running solely in memory and communicating with legitimate IP addresses. The main purpose of the malware is to build a botnet for cryptocurrency mining, but it also has the capability to perform other malicious activities such as executing shell commands, loading fileless kernel modules, and exfiltrating data to remote servers.
4. Instant Checkmate and TruthFinder confirm data breach impacting 20 million users
Owners of background check services Instant Checkmate and TruthFinder recently confirmed they experienced a data breach after adversaries leaked an old database containing the information of millions of users. On 21st January, an associate of the breached hacking and data breach forum published the data of allegedly 20.22 million of the services’ customers. The leaked information includes email addresses, hashed passwords, names and phone numbers. The parent company behind these services, PeopleConnect, is investigating the incident and believes it was an accidental leak.
5. EV charging stations at risk of DoS and DDoS attacks
Security researchers have revealed that hackers could exploit weaknesses in a popular networking protocol for electric vehicle chargers to remotely shut down EV charging stations. The flaws in the OCPP protocol, when exploited, allow a hacker to hijack the connection between the charger and the management platform, potentially leading to a denial of service attack. Sensitive information such as server credentials and payment card data is at risk. Although a fix is available, the slow application of updates in the electric vehicle industry remains a concern.