In this week's digest we look at the latest victim of the Accellion attacks, the most recent forum targeted in a series of attacks on Russian-speaking hacker forums and Malaysia Airlines' nine-year-long data breach. Keep reading to get all the information you need.
In December 2020, there has been a wave of attacks targeting the Accellion FTA file-sharing application using a zero-day vulnerability that allowed attackers to steal files stored on the server. The latest victim being Qualys after the Clop ransomware gang posted screenshots of files allegedly belonging to the cybersecurity firm. The leaked data includes purchase orders, invoices, tax documents, and scan reports. Qualys confirmed this week that their Accellion FTA server was breached in December 2020 and affected a limited number of customers.
At least four state-sponsored hacking groups are exploiting the Microsoft Exchange Server vulnerability as part of ongoing attacks to achieve remote code execution without authentication on unpatched on-premises Exchange servers. Microsoft addressed the four zero-days Tuesday via emergency out-of-band security updates. Microsoft identified one of the threat actors as APT group Hafnium who operates out of China. The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive and mandates patching for the issues.
According to Malaysia Airlines, the breach occurred at a third-party IT service provider who notified the airline that member data was exposed between March 2010 and June 2019. The member information exposed during the data breach includes member names, contact information, date of birth, gender, frequent flyer number, status. and rewards tier level. It is unknown how many Enrich members were affected by this breach. Malaysia Air is just the latest organization to fall prey to a supply chain attack of a third-party IT service provider.