By From the plethora of news surrounding cybersecury, I’ve picked several topics of my interest including. verall, cybersecurity is a huge and diverse domain, but keeping up to date with news, I can’t help but feel like we’re fighting an already lost battle.
Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments
A recent Palo Alto campaign uncovered consequences of cloud misconfigurations. Attackers compromised and extorted multiple organizations by exploiting publicly exposed .env files.
Other key security failures included:
- Using long-lived credentials.
- Absence of least privilege architecture. Overly permissive access rights facilitated data exfiltration.
Cyberattack disrupts AutoCanada’s IT systems
AutoCanada, a major North American auto dealership, is dealing with a cyberattack that could disrupt operations. The attack’s full scope is not yet known, but it follows recent disruptions caused by a ransomware attack on AutoCanada’s software provider.
Source: https://www.scmagazine.com/brief/cyberattack-disrupts-autocanadas-it-systems
Toyota disclosed a data breach after ZeroSevenGroup leaked stolen data on a cybercrime forum
In another automotive security incident, Toyota has confirmed a data breach after a threat actor leaked 240GB of data stolen from its infrastructure on a cybercrime forum.
ZeroSevenGroup, claims to have breached a U.S. branch of Toyota, stealing sensitive information on employees, customers, contracts, and finances.
Source: https://securityaffairs.com/167274/data-breach/zerosevengroup-toyota-data-breach.html