Follow ISA on LinkedIn to get notified of the latest cybersecurity news.
Peel District School Board suffers ransomware attack
The school board of Peel District in Ontario, Canada (comprising the cities of Mississauga and Brampton) has advised that it has suffered a suspected ransomware attack on its internal systems, resulting in the “encryption of certain Peel board files and systems”. While e-learning and cloud services are still operational, the PDSB website has been down for several days, internal email delivery delays are being reported, and deadlines for report cards, processing of French immersion program applications, kindergarten registrations, and other programs are being delayed.
Emails to staff indicate that the breach likely occurred on the evening of January 18, and was first detected by staff on January 19.
Taking to Twitter on January 21, the board advised that there is no reason to believe any personal or sensitive had been compromised, but qualified that position by advising that in the event “the investigation determine[s] that personal or sensitive information was at risk, Peel board will notify affected individuals as soon as possible”.
The board is reportedly confident that the systems and encrypted data can be restored. The board’s Learning Technology Support Services team is continuing to investigate, and the board has enlisted the assistance of a cybersecurity firm and Peel Police Cyber Security Services.
U.S. Cellular suffers data breach
U.S. Cellular, the fourth largest mobile carrier in the United States, has reported that a suspected social engineering attack on staff at some of their retail stores has resulted in the disclosure of customer data. According to a notice of data breach to consumers filed with the Vermont Attorney General’s office, employees at an undisclosed number of locations were duped into installing malware onto store computers. From there, the hackers were able to remotely access the systems and connect to the carrier’s central CRM system using the employees’ credentials. An undisclosed number of customer records containing name, address, PIN, phone number(s), and wireless service plan details were exposed in the incident.
The first incident is believed to have occurred on January 4, and was detected by January 6, somewhat limiting the scope of the damage. PINs on all affected user accounts have now been changed, all users have been notified of the breach, and the affected store computers were permanently removed from service.
According to a bulletin posted on the U.S. Cellular website on January 21 (since removed), the carrier confirmed that some customers actually had their mobile numbers “stolen”. The bulletin advised, “We also have worked with those who had a number ported to provide a new temporary number while working to retrieve the fraudulently ported number or provide a new number at the customer’s choice. When a number is ported, the unauthorized individuals do not obtain access to information contained on the customer’s mobile device such as contacts or applications. Nevertheless, we advised these customers to be diligent about monitoring and reviewing their online accounts and financial statements for unauthorized access and transactions and recommend changing the usernames and passwords of online accounts,” a narrative omitted from the official AGO filing.
MeetMindful dating site database leaked to dark web
Hacker organization ShinyHunters has made news again by leaking the personal details of nearly 2.3 million subscribers of the MeetMindful dating site. The stolen database, now available as a free 1.2Gb download on the ShinyHunters dark web hacking forum, includes such information as the users’ real names, addresses, email addresses, personal physical descriptions, dating preferences, marital status, birthdates, encrypted passwords, and Facebook cross-references.
In a statement released January 20, MeetMindful issued an apology, explaining that the data breach was caused by a hacker exploiting a now-closed vulnerability in their systems. MeetMindful has reportedly contacted all users affected by the data breach, and have “increased our level of security on all servers and within our application”.
ShinyHunters also recently published databases of men’s clothing store Bonobos and custom T-shirt design website Teespring.com. Further, a huge transactional database belonging to online PDF and digital document portal NitroPDF – reportedly stolen in October 2020 – was released on the hackers’ portal.
The MeetMindful breach is the latest in a series of dating site breaches over the years. January 2015 saw the theft of nearly 20 million usernames and email addresses from Russian dating site Topface. The highest profile dating site breach ever occurred later the same year: the Ashley Madison breach of the personal and financial data of some 37 million registered users hit the news in July 2015. In April 2016, the data of over one million users was stolen from BeautifulPeople.com, followed by breaches at the Muslim Match dating website in June 2016 disclosing 150,000 records, and at AdultFriendFinder where over 412 million user accounts were disclosed in November 2016. In May 2017, UK newspaper The Guardian had its Guardian Soulmates database breached at a third-party website, affecting an undisclosed number of subscribers.
Direct site hacks aren’t the only source of concern for users of online dating services. Unsecured or loosely protected cloud backup copies of databases have caused unintentional disclosures for several other “personal” sites in recent years, as recounted in reports in Wired online and ZDNet news.
Critical vulnerabilities reported in Fuji Electric industrial control software
Manufacturers using Fuji Electric’s Tellus Lite V-Simulator and V-Server Lite software are warned to patch their systems as soon as possible. Five separate vulnerabilities in these applications have been identified, any of which can be exploited with minimal technical expertise. The vulnerabilities are not exploitable remotely, so the threat is currently limited to inappropriate internal access to the systems involved. Compromising the software could result in production disruptions, quality control issues, or even significant damage to manufacturing equipment.
Patches are available for all five of the vulnerabilities, which are described in more detail on the NIST website:
- Multiple stack-based buffer overflow issues (CVE-2021-22637)
- Multiple out-of-bounds read issues (CVE-2021-22655)
- Multiple out-of-bounds write issues (CVE-2021-22653)
- An uninitialized-pointer issue (CVE-2021-22639)
- A heap-based buffer overflow issue (CVE-2021-22641)