Reading Time: ~ 2 min.
Honda Customer Database Exposed
Officials have been working over the past work to secure a
database containing highly sensitive information belonging to more than 26,000
North American customers of the Honda
motor company. The database in question was originally created in October and
was only discovered on December 11. While no financial information was included
in the leak, the records did contain names, VIN numbers, and service details
for thousands of customers.
Boeing Contractor Data Leak
Nearly 6,000 defense contractors working for Boeing
have had personal information leaked after a user error left an Amazon web
service bucket publicly exposed. The 6,000 Boeing staff are only a small
portion of the 50,000 individual records found on the leaked server, many of whom
were involved in confidential projects for the Department of Defense. These
types of data leaks are increasingly common as more users are not properly
securing their servers or using any form of authentication.
Sextortion Email Campaign Shutdown
After months spent chasing them across Europe, authorities
have arrested the authors responsible for the Nuclear
Bot sextortion campaign. With their Nuclear Bot banking trojan, the team was
able to compromise roughly 2,000 unique systems and use them to help distribute
malicious emails. Though it’s been verified that the original authors are in
custody, the source code for Nuclear Bot was made public in the hope no money
would be made from its sale.
Emotet Sent from Phony German Authorities
A new email campaign has been disguising itself as several German
government agencies and spreading the Emotet trojan, infecting multiple
agency systems. This campaign differs from previous Emotet attacks by appearing
as a reply from a prior email to appear more legitimate. To best defend against
these attacks, users are strongly encouraged to check both the sender’s name
and address as well as ensuring that macros aren’t enabled in their Office
LifeLabs Pays Ransom After Cyber-Attack
Canadian testing company LifeLabs decided to pay a ransom
after attackers illicitly accessed the sensitive information for all 15
million of its customers. Oddly, many of the records being found date back
to 2016 or earlier and have yet to be identified on any illicit selling sites.
LifeLabs has since contacted all affected customers and has begun offering
identity monitoring services.