The Rundown Oct 11

October 11, 2024
David Harris
comcast breach
Marriott legal fine
moneygram hack
Sniper Dz
phishing
quishing
qr code phishing

Data Breach Exposes SSNs of Over 230,000 Comcast Customers

A data breach has compromised the personal information of over 237,700 Comcast customers, including names, addresses, Social Security numbers, and birthdates. The breach originated from a security incident at Financial Business and Consumer Solutions, a debt collection agency Comcast previously utilized. The agency disclosed in February that a breach exposed the sensitive data of more than 4.2 million people. In July, Comcast was informed that its customer data was among the affected information, with the agency stating that “an unauthorized party downloaded data from the Agency’s systems and encrypted some systems as part of a ransomware attack."

Comcast noted that the breached data dates back to around 2021, and the company had ceased using the agency’s services in 2020. Truist Bank also reported that some of its customers were impacted by the same breach. Comcast is offering identity theft protection and credit monitoring services to those affected.

Last December, Comcast reported a separate massive data breach that impacted over 35 million people, compromising names, contact details, partial Social Security numbers, and birthdates.

Marriott Fined $52 Million for Multiple Security Breaches Due to Weak Security

The hospitality giant Marriott continues to face repercussions for several cybersecurity incidents over the past decade. On Wednesday, the Federal Trade Commission and a coalition of states penalized the company in two separate settlements for failing to properly protect customer data. Between 2014 and 2020, Marriott experienced three major data breaches, with the largest linked to its $13.6 billion acquisition of Starwood Hotels in 2016.

In September 2018, Marriott discovered an unauthorized access attempt on the Starwood guest reservation database, revealing that the security breach had occurred as early as 2014, prior to the acquisition. The breach, publicly disclosed three months later, exposed the personal information—including contact details, birthdates, and credit card numbers—of 500 million customers globally, including 132 million in the U.S. In addition, 5 million unencrypted passports, including 663,000 belonging to Americans, were compromised.

On Wednesday, a coalition of 50 attorneys general announced a $52 million settlement with Marriott, which agreed to improve its data security practices. While significant, the fine represents only 1.6% of Marriott’s $3.08 billion profits from fiscal year 2023. The company also faced recovery costs, legal penalties, and ongoing reputational damage. Marriott and Starwood have offered U.S. customers the option to request deletion of personal data linked to their email addresses or loyalty accounts.

MoneyGram Hack: Social Security Numbers, Bank Data, and Other Sensitive Information Compromised

MoneyGram is back online after a cybersecurity breach left users unable to access their accounts between September 20 and 22. The breach allowed unauthorized parties to access personal information from certain MoneyGram customers, including names, contact details, dates of birth, Social Security numbers, government-issued ID copies, and bank account numbers. While the breach impacted a limited number of individuals, it also compromised MoneyGram Plus Rewards numbers and transaction information. The company, working with external cybersecurity experts and law enforcement, is still investigating the incident.

Sniper Dz Phishing Platform Facilitates Over 140,000 Credential Theft Attacks

Over 140,000 phishing websites have been linked to Sniper Dz, a phishing-as-a-service (PhaaS) platform that enables cybercriminals to carry out large-scale credential theft. The platform offers a catalog of phishing pages accessible via an admin panel, allowing attackers to either host phishing pages on Sniper Dz infrastructure or download templates to host elsewhere. Credentials stolen through these phishing sites are also exfiltrated to the platform operators, a technique Microsoft refers to as "double theft."

Sniper Dz has attracted over 7,170 subscribers to its Telegram channel since its creation in May 2020. The group configures proxy servers to load phishing content, avoiding direct communication between the attacker and the victim’s browser. Since July 2024, there has been a surge in phishing activity targeting U.S. users.

Quishing: QR Code Phishing Attack Evades Email Security Scanners

QR code phishing, or “quishing,” is evolving as attackers use QR codes to bypass email security systems. A recent campaign, dubbed “Quishing 2.0,” uses sophisticated techniques to evade detection by incorporating widely trusted platforms like SharePoint and legitimate QR scanning services. Attackers send emails with spoofed business domains and attached PDFs that contain QR codes. When scanned, the QR code directs the recipient to a SharePoint page connected to the impersonated business, masking the true intent of the attack.

The victim is then led to a fake Microsoft 365 login page designed to steal their credentials. The campaign uses a "double QR code" evasion technique, where one QR code leads to a legitimate page before redirecting to the malicious phishing page, making it difficult for traditional email security solutions to detect the attack.

The Rundown Nov 17
11/17/2024
David S. Harris
The Rundown Oct 25
10-25-2024
David S Harris
The Rundown Aug 20
The Rundown Aug 20
Aug 20, 2024
David Harris
The Spider's Web: Unraveling the MGM Grand Cyber Assault and Safeguarding the Future
The Spider's Web: Unraveling the MGM Grand Cyber Assault and Safeguarding the Future
Oct 10, 2023
James McGill
Zacks Data Breach: What We Know So Far
Zacks Data Breach: What We Know So Far
August 3, 2023
James McGill
Razer Data Breach: What We Know So Far
Razer Data Breach: What We Know So Far
August 2, 2023
James McGill