GoTo’s data breach is even worse than previously thought

GoTo, the parent company of password manager LastPass, has confirmed that many of its customers’ encrypted backups were compromised in last November’s data breach. LastPass users’ information had been stored on a third-party cloud service which was made vulnerable due to another data breach earlier in August.

In their recent statement, GoTo said that the cyberattack had impacted several of its products, including business communications tool Central; online meetings service Join.me; hosted VPN service Hamachi; and its Remotely Anywhere remote access tool. The attackers were able to exfiltrate the company’s encryption key for securing its customers’ data.

The attackers were then able to access the contents of customers’ encrypted password vaults, along with their names, email addresses, phone numbers, and some billing information. It is unclear how many of GoTo’s 800,000 customers were affected, as the company declined to respond to TechCrunch reporter’s questions.

The company’s CEO, Paddy Srinivasan, said that they were contacting affected customers directly while advising others to reset passwords and reauthorize their MFA settings “out of an abundance of caution.” The company has been criticized for its delayed response and for offering no remediation guidance for its affected customers.

Read: https://techcrunch.com/2023/01/24/goto-customer-backups-stolen-lastpass/

Social Networking Giant Meta Sues Surveillance Firm Voyager Labs for Unlawful Data Scraping

Meta, a social networking platform, has filed a lawsuit against Voyager Labs, a surveillance firm, for violating its terms and rules and California law. Voyager Labs is alleged to have created 38,000 fake identities on Facebook and Instagram and used its own monitoring tools to collect data from them.

In addition, Meta also claims that Voyager engaged in similar conduct on other online services like Twitter, YouTube, LinkedIn, Telegram, VK, Tumblr, Pinterest, Medium, and Vimeo. The company is seeking a permanent injunction against Voyager, compensation for losses, and for the court to impose its rules and regulations and deactivate Voyager Labs from Facebook and Instagram.

The complaint claims that Voyager Labs intentionally violated Meta’s terms and rules by creating these fake identities on its platforms at least as early as February 2016. Meta claims that Voyager Labs engaged in scraping more than half a million pieces of accessible profile information from various social media platforms, including likes, comments, friends lists, photographs, and Facebook Groups and Pages information.

The company allegedly promoted its scraping tool as “untraceable” and offered it to clients “who wished to perform surveillance on social networking networks without being caught.” Meta had been aware of Voyager’s scraping operations long before formally bringing a case against the firm and had delivered a stop-and-desist notice in October 2017.

Voyager Labs is referred to as a “scraper-for-hire service” by Meta, and according to the company, businesses like Voyager are a part of a sector that offers scraping services to anyone, regardless of the consumers they target and the reason for their usage. The case highlights the growing concern over the unethical and illegal scraping of personal data from social media platforms and the need for stricter regulations and oversight in this area.

Read: https://www.malwarebytes.com/blog/news/2023/01/untraceable-surveillance-firm-sued-for-scraping-facebook-and-instagram-data

North Korean Cyber Criminal Group Diversifies Tactics in Illicit Revenue Generation

TA444, a North Korean nation-state group known for stealing cryptocurrencies, has been linked to a new wave of malicious email attacks. This marks a significant change in their tactics, as the group is now using a variety of methods, including blockchain-related lures, fake job opportunities, and salary adjustments to trick victims, says enterprise security firm Proofpoint.

Unlike most state-sponsored groups, TA444 is financially motivated and aims to generate illicit revenue for the North Korean government instead of stealing data and carrying out espionage.

They use phishing emails tailored to the victim’s interests that contain malware-laced attachments to infect the victim’s device. They also use fake LinkedIn accounts belonging to legitimate company executives to approach and engage with targets before delivering booby-trapped links.

However, in recent campaigns, TA444 has changed its strategy and has been observed using phishing emails to prompt recipients to click on a URL that redirects to a credential harvesting page.

The email blast, which used email marketing tools like SendGrid to distribute the phishing links, targeted several industries in the U.S. and Canada, including finance, education, government, and healthcare.

It is not yet clear why TA444 has changed its tactics, but it is suspected that they are trying to pivot beyond its traditional targets, or another threat actor might have hijacked their infrastructure.

Regardless of the reason, the group remains a significant threat to the cybersecurity community as they continue to use new methods to generate revenue for the North Korean government.

Read: https://cryptodaily.co.uk/2023/01/north-korean-crypto-hacking-group-adapts-its-attacks

Mailchimp Strikes Again: 133 Accounts Affected in Latest Data Breach

Mailchimp, a leading marketing automation platform, recently fell victim to a data breach on January 11th. The company stated that a hacker had targeted employees and contractors in a social engineering attack, using compromised employee credentials to gain access to some Mailchimp accounts. The attack impacted not only Mailchimp but several other companies, including WooCommerce, FanDuel, Yuga Labs, and the Solana Foundation.

Despite the attack, Mailchimp assures that out of its 13 million active customers, only 133 accounts were affected and that there is no evidence that it impacted any other systems or customer data. In response to the breach, Mailchimp immediately suspended access for the targeted accounts and notified impacted customers. Many of these customers, such as WooCommerce, FanDuel, Yuga Labs, and the Solana Foundation, also started to notify their own customers about the incident.

It’s important to note that this isn’t the first time that Mailchimp has suffered a data breach. In August 2022, the company suspended some accounts following a cyberattack targeting some of its cryptocurrency-related customers. And in March 2022, Mailchimp also discovered a security incident.

Read: https://www.securityweek.com/companies-impacted-recent-mailchimp-breach-start-notifying-customers

Doctors’ group accuses drug maker of buying CBS’s 60 Minutes story

Health advocacy group Physicians Committee accused CBS’s 60 Minutes of violating federal regulations by airing a segment about Novo Nordisk’s weight-loss drug “Wegovy” that claimed to be sponsored. The group argued that the feature violated the FDA’s “fair balance” standard, which requires drug ads to balance risks and benefits.

CBS’ 60 Minutes has been accused by the Physicians Committee of receiving advertising payments from Novo Nordisk before its coverage. Moreover, the segment featured only experts who were also paid by Novo Nordisk. “Highly effective,” “safe,” “impressive,” “fabulous,” and “robust” were some of the words and phrases used in the segment to praise the drug. Still, no information about side effects or alternative weight loss strategies or treatments was presented.

“CBS’s 60 Minutes program looked like a news story, but it was effectively a drug ad,” said Neal Barnard, adjunct professor of medicine at George Washington University School of Medicine. Wegovy has a list of possible risks and side effects that CBS didn’t mention, such as digestive problems, heart problems, gallstones, and pancreatitis.

Physicians Committee intends to have CBS remove all Wegovy-related stories from its website and replace them with a “corrective advertisement” that provides possible medication risks and side effects.

Read: https://arstechnica.com/science/2023/01/drug-maker-paid-for-news-story-on-cbss-60-minutes-doctors-group-alleges/

Elsewhere Online

An attack on Nissan’s data network exposes personal information of customers

https://www.cpomagazine.com/cyber-security/a-third-party-data-breach-exposed-the-personal-information-of-18000-nissan-customers/

Cybercriminals stole crypto from Horizon Bridge, the FBI confirms

https://ambcrypto.com/fbi-confirms-north-korean-cybercrime-groups-stole-crypto-from-horizon-bridge/

Government agencies are infested with cyberattacks via legitimate remote management systems

https://www.darkreading.com/attacks-breaches/federal-agencies-infested-cyberattackers-legit-remote-management-systems

Threat actor Cobalt Sapling created a new persona to target Saudi Arabia.

https://www.infosecurity-magazine.com/news/iran-cobalt-sapling-targets-saudi/

Law enforcement shuts down Hive Ransomware operation

https://www.securityweek.com/hive-ransomware-operation-apparently-shut-down-by-law-enforcement/