At a glance.
- Finastra contains ransomware attack.
- Data from Weibo breach for sale on the black market.
- Data from old breaches collected and exposed online.
- Unidentified database held hundreds of millions of US citizens' records.
- Zoom urged to report privacy and security data.
Finastra took services offline over the weekend to contain ransomware.
Finastra, a London-based provider of technology solutions to the financial services sector, took its services offline Friday to contain an attempted ransomware attack the company's security teams detected. The company has been providing regular updates over the weekend: last night Finastra said that it had brought its servers back online and was in the process of restoring services. KrebsOnSecurity, which calls the company's response "straight out of the playbook for dealing with ransomware attacks," notes that the incident is further evidence that treating a ransomware infestation as tantamount to a data breach is now standard. Finastra's last post Sunday indicated that they caught the attack before things got that far: "We would like to reassure our stakeholders that, to the best of our knowledge, we do not believe that any customer or employee data was accessed or exfiltrated, nor do we believe our clients’ networks were impacted."
Wiebo data for sale.
Information from 538 million users of the Chinese social network Weibo is for sale online. ZDNet, which has seen the black market advertising for the data, says the information offered includes real names, site usernames, gender, and location. About a third of the affected users' phone numbers are also for sale. Still, the data are less valuable than they might have been: passwords aren't included, which accounts for the data's low, low price of just ¥1,799, roughly $250.
Data from old breaches exposed online.
Some 5 billion records were found exposed online last week. Researcher Bob Diachenko discovered an unprotected Elasticsearch database belonging to UK-based cybersecurity firm Keepnet Labs. The database was taken offline within an hour of disclosure. The incident isn't perhaps as serious as it sounds: all the data were from old and apparently for the most part well-known breaches, and none of Keepnet's customer or company information were exposed. The database, which HackRead quotes Diachenko as speculating may have part of Keepnet's threat intelligence solution, was however well-structured and would have been easy for criminals to make some use of, particularly in credential-stuffing attacks. It included "leaked passwords (hashed and plain text), hashtypes, email domains, and email addresses, leak dates, and leak sources."
A large database of unknown ownership was discovered, then wiped by parties unknown.
Cybernews reports that they discovered an unsecured database one of whose folders held some 800 gigabytes of personal information amounting to more than 200 million detailed individual records. The data in that folder included "full names and titles" of individuals, email addresses, phone numbers, dates of birth, credit ratings, home and mortgaged real estate addresses ("including their exact locations"), demographics ("including numbers of children and their genders"), detailed mortgage and tax records, and detailed data profiles ("including information about the individuals’ personal interests, investments, as well as political, charitable, and religious donations").
Cybernews thinks that some of the data may have originated from the US Census Bureaus, because "certain codes used in the database were either specific to the Bureau or used in the Bureau’s classifications." The folder as a whole obviously didn't derive in its entirety from the Census Bureau's Decennial Census of Population and Housing, the survey most Americans associate with Bureau and the one that's currently being conducted, since the data included a great deal of information that particular instrument doesn't collect. But the Bureau does run other surveys and programs that would acquire some of that other data.
There were two other, smaller folders in the database. One was a set of emergency call logs belonging to a fire department somewhere in the US; the other was a list of bike share stations.
There's no indication of who owned the database or why they held it. Cybernews says that the data were wiped on March 2nd, shortly after the database was discovered.
Access Now asks Zoom for transparency.
Zoom's swiftly growing importance to remote work during the COVID-19 pandemic has prompted advocacy group Access Now to ask the company for the same kind of reporting on security and privacy matters (including government requests for data) that large tech companies began providing in 2010.