MarineMax Experiences Data Breach Following Cyberattack
MarineMax, a prominent retailer in the recreational boat and yacht industry, has disclosed a significant data breach following a cyberattack in March. Despite initially stating that sensitive data was not stored in compromised systems, a subsequent filing revealed that personal information belonging to both employees and customers was indeed stolen. The company confirmed that a cybercrime organization accessed a portion of their information environment associated with retail operations, leading to the exfiltration of limited data, including personally identifiable information. Although MarineMax has not attributed the attack to a specific threat group, the Rhysida ransomware gang has claimed responsibility and is attempting to sell the stolen data on the dark web. With over 130 locations globally and substantial revenue, MarineMax’s breach underscores the persistent threat posed by cybercriminals, with the Rhysida group having gained notoriety for targeting various organizations across different sectors.
OWASP’s Data Breach: Wiki Misconfiguration
OWASP Foundation revealed a data breach due to a misconfiguration of its old Wiki server, exposing resumes of members from 2006 to 2014. Personal details like names, emails, and addresses were compromised. Despite no longer collecting resumes, OWASP is reaching out to affected individuals. Measures taken include disabling directory browsing, reviewing configurations, removing resumes, and requesting removal from the Web Archive. OWASP advises caution for individuals with current information and assures that outdated data poses no immediate risk.
Chrome’s New Security Feature: Device Bound Session Credentials
Google has introduced a novel security feature for Chrome called ‘Device Bound Session Credentials’ (DBSC), designed to combat cookie theft by tying cookies to specific devices. Cookies, utilized by websites to remember browsing information and facilitate automatic logins, are often targeted by attackers to bypass multi-factor authentication (MFA) and hijack accounts. DBSC addresses this vulnerability by cryptographically binding authentication cookies to a device’s Trusted Platform Module (TPM) chip, rendering them useless to hackers even if stolen. By generating unique public/private key pairs stored securely on the device, DBSC disrupts the cookie theft industry, as exfiltrated cookies lose their value. This feature, currently in the prototype phase, offers enhanced security without compromising privacy, allowing users to delete generated keys at any time. Upon full deployment, DBSC will provide upgraded security for Google accounts and will eventually extend to Google Workspace and Google Cloud customers, reinforcing account protection against evolving cyber threats.
Ivanti Addresses VPN Gateway Vulnerabilities
Ivanti, an IT security software company, has released patches to address several security vulnerabilities affecting its Connect Secure and Policy Secure gateways. Among these flaws, CVE-2024-21894 stands out as a high-severity issue enabling unauthenticated attackers to execute remote code and trigger denial of service states without user interaction. The vulnerability stems from a heap overflow weakness in the IPSec component across all supported gateway versions. While Ivanti assures that remote code execution risks are limited to specific conditions, details on vulnerable configurations remain undisclosed. Additionally, three other flaws (CVE-2024-22052, CVE-2024-22053, CVE-2024-22023) were patched, all exploitable by unauthenticated threat actors for DoS attacks. With over 29,000 Ivanti Connect Secure VPN gateways exposed online, according to Shodan, and thousands at risk, including those affected by previous zero-day exploits, Ivanti advises prompt application of security patches to mitigate potential threats.
Jackson County in State of Emergency Due to Ransomware Attack
Jackson County, Missouri, faces a state of emergency following a ransomware attack that disrupted several county services. Offices handling tax payment, marriage licenses, and inmate searches will remain closed until the end of the week. Law enforcement, including the FBI and Homeland Security, are investigating alongside external IT experts. While essential services are prioritized, residents’ financial data remains secure, managed by a trusted third-party payment service provider. This proactive response reflects Jackson County’s commitment to protecting sensitive information and ensuring vital services for its 718,000 residents.
Cyberattack Causes Nationwide IT Outage at Omni Hotels
Omni Hotels & Resorts has confirmed a cyberattack as the cause of a nationwide IT outage still affecting its locations. The hotel chain responded by taking down impacted systems and initiating restoration efforts. While the nature of the attack remains undisclosed, sources suggest it was a ransomware attack, with encrypted servers being restored from backups. Despite no ransom demand being made public, there’s a potential threat of data leakage if a ransom isn’t paid. Omni’s IT team is manually restoring affected systems, with services expected to resume by Thursday. The outage disrupted reservation systems, hotel room door locks, and point-of-sale operations, causing issues with credit card payments and reservations. Although Omni Hotels remains operational, the incident echoes a previous data breach in 2016, emphasizing the ongoing challenges posed by cyber threats in the hospitality sector.
HTTP/2 Vulnerabilities Enable DoS Attacks
Newly discovered vulnerabilities in the HTTP/2 protocol, known as “CONTINUATION Flood,” can lead to denial of service (DoS) attacks by crashing web servers with a single TCP connection in some implementations. These vulnerabilities, identified by researcher Barket Nowotarski, exploit weaknesses in the handling of HTTP/2 CONTINUATION frames, allowing threat actors to overwhelm servers with excessive frame requests. Several CVE IDs correspond to affected implementations, including Node.js, Envoy, Tempesta FW, amphp/http, Go’s net/http and net/http2 packages, Apache Httpd, Apache Traffic Server, and Envoy versions 1.29.2 or earlier. Given the severity of these vulnerabilities and their potential impact on widely used systems, immediate upgrades are crucial to mitigate the risk of exploitation.
Acuity Confirms Data Breach on GitHub Repositories
Acuity, a federal contractor working with U.S. government agencies, has acknowledged a cybersecurity incident involving its GitHub repositories. The breach resulted in the theft of documents containing old and non-sensitive data. While Acuity swiftly addressed the vulnerability upon discovery, applying security updates and mitigation measures, the extent of the breach remains under investigation. CEO Rui Garcia assured that no evidence suggests an impact on clients’ sensitive data. However, threat actors, including IntelBroker and Sangierro, claim responsibility for the breach, leaking records purportedly belonging to various government agencies. IntelBroker, known for previous breaches, alleges access to classified documents from the Five Eyes intelligence alliance. Sangierro stated the breach occurred on March 7, exploiting a vulnerability in Acuity’s Tekton CI/CD server to access GitHub credentials. Acuity emphasizes cooperation with law enforcement and ongoing efforts to enhance security measures.
Conclusion
These recent incidents underscore the pervasive threat posed by cyberattacks across various industries, from retail to hospitality and government services. Organizations must prioritize cybersecurity measures to mitigate risks and protect sensitive data.
As experts in ransomware recovery and cybersecurity, we offer specialized services such as Ransomware Recovery Services, Ransomware Negotiation Services, and Ransomware Settlement Services. If your organization requires assistance in recovering from a ransomware attack or bolstering its cybersecurity defenses, contact us today.