At a glance.
- Big pharma company leaks data.
- Investment fund exposes business information.
- GO SMS Pro exploited in the wild.
- C-level data sold in criminal markets.
French pharmaceutical firm leaks data.
CyberNews reports that French pharmaceutical software company Apodis Pharma left a database containing over 1.7 TB of private business information unprotected on a public server. Apodis provides software solutions for its clients, which include pharmacies, laboratories, and insurance companies. The database, which included details on more than 250,000 of those clients, also contained sales information and employee data. A data leak of this nature could have significant ramifications, as a threat actor could use the information to blackmail the company or its clients, or even to launch a large-scale disruption of the French pharmaceutical industry. The database was found listed on an IoT search engine, which means it’s likely it was accessed by unauthorized parties before Apodis removed it in mid-November.
Unnamed investment fund leaves data unprotected.
An investment fund (that has wisely requested anonymity) based out of the Cayman Islands neglected to secure business information stored on a Microsoft Azure blob, reports the Register. Anyone with the blob’s URL, which was discovered by an infosec source on a specialized search engine, could easily access the highly sensitive data, which include shareholder identities and even a scanned image of the fund’s banking PIN. Though relatively small, the firm in question boasts $500 million in investments, and clients include major financial institutions like Rothschild & Co. When contacted, the firm at first seemed unaware that the unsecured blob should be a reason for concern and stated that the storage bucket was being used only for backup, but upon further investigation they were convinced of the security issue and removed the files. Microsoft provides blob users with tools to ensure their storage is securely configured, but unfortunately, as in this case, not everyone takes advantage of them. (The Register pointed out that the data were accessible to "the world plus dog," which is quite a few baker's dozens. Plus a dog.)
Cybercriminals abuse messaging app bug.
Always ready to take advantage of any chink in the armor, threat actors have already begun exploiting a recently discovered flaw in the GO SMS Pro messaging app for Android, reports SecurityWeek. Just a couple of weeks ago, researchers at Trustwave’s SpiderLabs announced they’d found the popular communication app was exposing user media files by transmitting them with unsecured, easily guessable URL links. With just minor scripting, the files can be targeted and harvested, and some of the images contain user faces or other sensitive information like driver’s licenses and legal documents. Now, cybercriminals on underground fora have begun creating and sharing methods for taking advantage of the vulnerability. “Several popular tools are updating daily and on their third or fourth revision,” Trustwave said. Upon initial discovery of the issue, the developers of the GO SMS Pro temporarily shut down the faulty feature, but it appears to have been restored, and a full patch has not yet been released.
Black market offering could facilitate business email compromise.
A threat actor is selling access to Office 365 and Microsoft accounts belonging to hundreds of senior executives at a variety of organizations, ZDNet reports. The criminal is selling credentials for the accounts for between $100 and $1,500. The individual claims the accounts belong to CEOs, COOs, CFOs, CMOs, CTOs, presidents, vice presidents, and various senior employees responsible for finances.
ZDNet says a cybersecurity researcher has verified that at least two of the sets of credentials are valid, and the hacker also published valid credentials from two organizations as proof. ZDNet assumes the hacked accounts will primarily be used to carry out business email compromise (BEC) scams.