Cybersecurity Weekly: Vulnerabilities, Exploits, and More
Cybercriminals were active last week, with high-profile attacks on Air Canada and Microsoft’s Exchange email server software. In this post, we will review the top cybersecurity events from the last week of September.
1. Air Canada Data Breach
On September 23, Air Canada disclosed a data breach that affected the personal information of some employees and “certain records.”
The company said in a statement that an unauthorized group of people obtained “limited access” to an internal system, but did not say when the breach occurred or what types of data were accessed. Click Here for the full article.
2. Crypto Firm Nansen Data Breach
On September 25, Nansen issued a data breach alert, revealing that a hacker gained access to its admin system and used it to provision customer accounts. The company also sent emails to affected users asking them to reset their passwords.
“On September 20, Nansen was notified by one of our third-party vendors that their systems had been compromised. A breach on the vendor’s side gave an attacker access to admin rights to an account used to provision customer access to our platform,” Nansen said in a notice shared on X. Click Here for the full article.
3. BORN Data Breach
The personal data of 3.4 million Ontarians has been exposed in a data breach at the Better Outcomes Registry and Network (BORN). BORN is a provincial agency that collects and stores data on pregnant people, newborns, and children up to the age of 20. Click Here for the full article.
4. Mixin Data Breach
Mixin has announced that the hackers stole around $200 million in a data breach that occurred on September 23. After learning about the data breach, the company temporarily suspended the services.
“In the early morning of September 23, 2023, Hong Kong time, the database of Mixin Network’s cloud service provider was attacked by hackers, resulting in the loss of some assets,” the company wrote on X on Monday. Click Here for the full article.
5. Microsoft’s Exchange Email Server Breach
A Senate staffer has alleged that Chinese hackers stole emails from the US State Department in a breach of Microsoft’s Exchange email server software. The staffer, who asked to remain anonymous, said that the hackers were able to access the emails of at least 60,000 State Department employees. Click Here for the full article.
Apart from this, Cybersecurity researchers have discovered that cybercriminals are increasingly merging ‘vishing’ techniques (voice phishing) with new OTP grabber services to amplify their malicious activities, a new report said on Monday. According to the cybersecurity company CloudSEK, vishing involves manipulating individuals into revealing sensitive information over the phone.
A jury in Los Angeles convicted three individuals for their roles in laundering proceeds of large-scale consumer fraud schemes through gift card transactions. Blade Bai, Bowen Hu, and Tairan Shi were convicted of conspiracy to launder proceeds of wire fraud. Bai was also convicted of a separate money laundering conspiracy count.
The cybersecurity events of the last week of September are a reminder that cybercriminals are constantly evolving their tactics and techniques. It is important for individuals and organizations to stay informed about the latest threats and trends, and to take steps to protect themselves.