Infosec In Brief Nearly half the citizens of France have had their data exposed in a massive security breach at two third-party healthcare payment servicers, the French data privacy watchdog disclosed last week.β¦
More than 70,000 presumably legit websites have been hijacked and drafted into a network that crooks use to distribute malware, serve phishing pages, and share other dodgy stuff, according to researchers.β¦
Two massive data breaches in France have impacted roughly half the nationβs population. The data of an estimated 33 million people has been compromised, making this the countryβs largest-ever data breach.Β
Attackers targeted two French healthcare payment service providers, Viamedis and Almerys. Both companies manage third-party payments for health insurance in France. According to the CNIL, (Commission nationale de lβinformatique et des libertΓ©s) Franceβs data protection agency, data was compromised during two separate breaches that struck in early February.Β
From a statement issued by the CNIL, affected records of policyholders and their families include:Β
The CNIL further stated that data such as banking info, medical data, health reimbursements, postal details, telephone numbers, and emails were not swept up by the breaches.Β Β
The concern with this breach, as with any other, is how this breached info might get combined with info from other breaches. Taken together, bad actors might use that combined info to conduct follow-on attacks, including identity theft.Β Β
As such, the CNIL suggests the following for policyholders:Β
In the meantime, the CNIL stated that itβs investigating the attack further, particularly to determine whether the security measures in place were in line with European data standards and obligations.Β Β
Any time a data breach occurs, it means that your personal info might end up in the hands of a bad actor. In light of this, there are a few steps you can take to protect yourself in the aftermath of a data breach, which involves a combination of preventative steps and some monitoring on your part.Β
Report unauthorized use of your info or accounts immediately.Β
As noted by the CNIL, keep an eye on your account. If you note any unusual activity, notify Viamedis or Almerys immediately.Β Β
Keep an eye out for phishing attacks.Β
With some personal info in hand, bad actors might seek out more. They might follow up a breach with rounds of phishing attacks that direct you to bogus sites designed to steal your personal info. So itβs always wise to keep a skeptical eye open for unsolicited messages that ask you for info, often in ways that urge or pressure you into acting. Always look out for phishing attacks, particularly after breaches.Β
With that, you can look into Text Scam Detector. It uses AI that detects suspicous links in email, texts, and social media messages. Further, it can block risky sites if you accidentally click or tap a link.Β
Change your passwords and use a password manager.Β
While it doesnβt appear that login info was affected, a password update is still a strong security move. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms.β―Using a password managerβ―will help you keep on top of it all, while also storing your passwords securely. Moreover, changing your passwords regularly might make a stolen password worthless because itβs out of date.Β
Enable two-factor authentication.Β
While a strong and unique password is a good first line of defense, enabling two-factor authentication across your accounts will help your cause by providing an added layer of security. Itβs increasingly common to see nowadays, where banks and all manner of online services only allow access to your accounts after youβve provided a one-time passcode sent to your email or smartphone. If your accounts support two-factor authentication, enable it.Β
Consider using identity monitoring.Β
Breached and stolen info often ends up in dark web marketplaces where hackers, scammers, and thieves purchase it to commit yet more crime. Once it was difficult to know if your info was caught up in such marketplaces, yet now an Identity Monitoring service can do the detective work for you.Β Β
McAfeeβs service monitors the dark web for your personal info, including email, government IDs, health IDs, credit card and bank account info, and more. This can help keep your personal info safe with early alerts that show you if your data is found on the dark web, an average of 10 months ahead of similar services.β From there, youβll get guidance that you can act on, which can help protect your info and accounts from potential theft.Β
We also offer identity restoration services through our McAfee+ Ultimate subscriptions. Identity restoration includes access to experts who can help generate an effective and efficient plan to quickly restore your identity, so you donβt have to tackle the issue by yourself.Β
Consider using comprehensive online protection.Β
Aβ―complete suite of online protection software can offer layers of extra security. It offers you the tools and services listed above, along with further features that can protect you online. That includes a VPN to keep your time online more private from online data collection while protecting it from thieves whoβre out to steal credit card and account info. It also includes web browsing protection that can warn you of sketchy websites and malicious downloads that look to steal your info. In all, itβs thorough protection for your devices, privacy, and identity. And in a time of data breaches, that kind of protection has become essential. β―Β
Whether youβre a French citizen or not, word of this data breach offers an opportunity to bolster your defenses. Major breaches like these occur, just as we saw with the Facebook breach in 2021, the PayPal breach in 2023, and the 23andMe breach, also in 2023. Taking preventative steps now can put you a step ahead of the next one.Β Β
Of those steps, using comprehensive online protection software is the strongest. Protection like ours safeguards your privacy, identity, and devices in breadth and depth β protecting you from data breaches and all manner of scams and attacks that often follow them.Β Β
Β
Β
The post France Gets Hit with Its Largest Data Breach Ever β What You Need to Know appeared first on McAfee Blog.
In disclosing yet another vulnerability in its Connect Secure, Policy Secure, and ZTA gateways, Ivanti has confused the third-party researchers who discovered it.β¦
Until earlier this week, the support website for networking equipment vendor Juniper Networks was exposing potentially sensitive information tied to customer products, including which devices customers bought, as well as each productβs warranty status, service contracts and serial numbers. Juniper said it has since fixed the problem, and that the inadvertent data exposure stemmed from a recent upgrade to its support portal.
Sunnyvale, Calif. based Juniper Networks makes high-powered Internet routers and switches, and its products are used in some of the worldβs largest organizations. Earlier this week KrebsOnSecurity heard from a reader responsible for managing several Juniper devices, who found he could use Juniperβs customer support portal to find device and support contract information for other Juniper customers.
Logan George is a 17-year-old intern working for an organization that uses Juniper products. George said he found the data exposure earlier this week by accident while searching for support information on a particular Juniper product.
George discovered that after logging in with a regular customer account, Juniperβs support website allowed him to list detailed information about virtually any Juniper device purchased by other customers. Searching on Amazon.com in the Juniper portal, for example, returned tens of thousands of records. Each record included the deviceβs model and serial number, the approximate location where it is installed, as well as the deviceβs status and associated support contract information.
Information exposed by the Juniper support portal. Columns not pictured include Serial Number, Software Support Reference number, Product, Warranty Expiration Date and Contract ID.
George said the exposed support contract information is potentially sensitive because it shows which Juniper products are most likely to be lacking critical security updates.
βIf you donβt have a support contract you donβt get updates, itβs as simple as that,β George said. βUsing serial numbers, I could see which products arenβt under support contracts. And then I could narrow down where each device was sent through their serial number tracking system, and potentially see all of what was sent to the same location. A lot of companies donβt update their switches very often, and knowing what they use allows someone to know what attack vectors are possible.β
In a written statement, Juniper said the data exposure was the result of a recent upgrade to its support portal.
βWe were made aware of an inadvertent issue that allowed registered users to our system to access serial numbers that were not associated with their account,β the statement reads. βWe acted promptly to resolve this issue and have no reason to believe at this time that any identifiable or personal customer data was exposed in any way. We take these matters seriously and always use these experiences to prevent further similar incidents. We are actively working to determine the root cause of this defect and thank the researcher for bringing this to our attention.β
The company has not yet responded to requests for information about exactly when those overly permissive user rights were introduced. However, the changes may date back to September 2023, when Juniper announced it had rebuilt its customer support portal.
George told KrebsOnSecurity the back-end for Juniperβs support website appears to be supported by Salesforce, and that Juniper likely did not have the proper user permissions established on its Salesforce assets. In April 2023, KrebsOnSecurity published research showing that a shocking number of organizations β including banks, healthcare providers and state and local governments β were leaking private and sensitive data thanks to misconfigured Salesforce installations.
Nicholas Weaver, a researcher at University of California, Berkeleyβs International Computer Science Institute (ICSI) and lecturer at UC Davis, said the complexity layered into modern tech support portals leaves much room for error.
βThis is a reminder of how hard it is to build these large systems like support portals, where you need to be able to manage gazillions of users with distinct access roles,β Weaver said. βOne minor screw up there can produce hilarious results.β
Last month, computer maker Hewlett Packard Enterprise announced it would buy Juniper Networks for $14 billion, reportedly to help beef up the 100-year-old technology companyβs artificial intelligence offerings.
Update, 11:01 a.m. ET: An earlier version of this story quoted George as saying he was able to see support information for the U.S. Department of Defense. George has since clarified that while one block of device records he found was labeled βDepartment of Defense,β that record appears to belong to a different country.
We've had to write the word "Fortinet" so often lately that we're considering making a macro just to make our lives a little easier after what the company's reps will surely agree has been a week sent from hell.β¦
Webinar As artificial intelligence (AI) technology becomes increasingly complex so do the threats from bad actors. It is like a forever war.β¦
Somehow, an hour and a half went by in the blink of an eye this week. The Spoutible incident just has so many interesting aspects to it: loads of data that should never be returned publicly, awesome response time to the disclosure, lacklustre transparency in their disclosure, some really fundamental misunderstands about hashing algorithms and a controversy-laden past if you read back over events of the last year. Phew! No wonder so much time went on this! (and if you want to just jump directly to the Spoutible bits, that's at the 8:50 mark)
The Reserve Bank of India (RBI) announced on Thursday it would make its digital currency programmable, and ensure it can be exchanged when citizens are offline.β¦
Singapore-based infosec firm Group-IB has detected a group that spent the last two months of 2023 stealing personal info from websites operated by jobs boards and retailers websites across Asia.β¦
The US government has placed an extra $5 million bounty on Hive ransomware gang members β its second such reward in a year. And it also comes a little over 11 months since the FBI said it had shut down the criminal organization's network.β¦
Analysis The FBI's latest PR salvo, as it fights to preserve its warrantless snooping powers on Americans via FISA Section 702, is more big talk of cyberattacks by the Chinese government.β¦
LastPass says a rogue application impersonating its popular password manager made it past Apple's gatekeepers and was listed in the iOS App Store for unsuspecting folks to download and install.β¦
Researchers suspect the criminals behind the Raspberry Robin malware are now buying exploits for speedier cyberattacks.β¦
A cybersecurity researcher and his pal are facing charges in California after they allegedly defrauded an unnamed company, almost certainly Apple, out of $2.5 million.β¦