All businesses need cybersecurity awareness which safeguards data and all systems connected to the organizational network.
A secure domain minimizes human risk in cyberattacks and ensures better overall protection.
Cyberattacks are everywhere, targeting all kinds of organizations and individuals on a global scale, and these incidents make headlines every day.
In October’s news round-up, we’ve included the latest cybersecurity news stories from around the world.
Data Telstra Employees for Sale on the Dark Web
The first cybersecurity news story we have concerns Australian telecom giant Telstra which suffered a data leak where 30,000 employees were affected.
Telstra published a statement announcing that its systems weren’t affected by the breach, and no customer data was exposed.
The incident arose from a data breach at an obsolete third-party vendor, Work Life NAB. The data was posted on the same dark web forum used by the cybercriminals accountable for the Optus breach.
The stolen Telstra data included first and last names and 30,000 staff members’ work email addresses.
The company announced it’d reset the passwords of all users to master caution.
Over 400 Malicious Mobile Apps Targeted Facebook Users
Moving onto the next cybersecurity news story, Facebook users were targeted by a widespread group of malware-infected applications.
Meta announced its security researchers discovered 400+ malicious mobile apps on Google’s Play Store and Apple’s App Store.
The malicious apps aim to steal Facebook login credentials, which would cause cybercriminals to hijack accounts.
These apps include photo editors, VPNs, games, business utility apps, phone utility apps, and more.
The malicious apps were available in third-party app stores, users were warned to be careful when downloading a new app that requires social media credentials.
In its report, Meta listed the apps, which included:
- Apex Race Game
- Dress up Charming
- Bamboo VPN
- Candles VPN
- Cartoon Face Photo Editor
- Teana Music Player
The credential-harvesting scheme began when the user installed the malicious app.
Meta advised its users to take security measures like deleting the malicious app, resetting Facebook login credentials, and enabling two-factor authentication on Facebook.
Binance Bridge Vulnerability Exploited Causing $566M Theft
Next up, we have 2022’s second major cyberattack in cryptocurrency, which occurred in October.
A threat actor exploited a vulnerability on the world’s largest cryptocurrency exchange platform, Binance, via its native cross-chain bridge. Two million Binance Coins (BNB) (about $566 million) were stolen as a result.
The hacker got the BSC Token Hub to send one million Binance Coins twice before trading the loot for other crypto assets.
The malicious actor used ChangeNOW, an account-free crypto exchange company, to finance the cyberattack
According to a statement, the hacker also moved funds through other crypto exchange platforms, including PancakeSwap, SushiSwap, and Curve Finance.
Binance CEO Changpeng Zhao announced that user funds are safe and the investigation is ongoing.
2.2M MyDeal Users’ Data Compromised
On October 14th, MyDeal marketplace suffered a massive data breach after a hacker accessed the company’s customer relationship management (CRM) system using compromised user credentials.
The cybercriminal compromised 2.2 million customers’ data and tried to sell it on a hacker forum.
The data breach exposed names, phone numbers, email addresses, delivery addresses, birth dates, and more.
After the incident, MyDeal sent data breach notifications to affected customers.
Medibank Breach Exposes 3.9 Million Customers’ Data
In other cybersecurity news, the Australian private health insurance firm revealed on October 26th that it had suffered a ransomware attack. The personal information of all 3.9 million of its customers has been exposed.
The firm stated that the cybercriminals had access to significant amounts of health claims data and personal data belonging to its AHM health insurance subsidiary and international students.
The company also said it’s continuing its probe to determine what specific data has been stolen in the attack and that it’ll directly notify affected customers of the matter.
The incident became the subject of an investigation by the Australian Federal Police when Medibank admitted that it had been contacted by a cybercriminal who claimed to have stolen 200GB of data.
The information contained:
- First names and surnames
- Dates of birth
- Phone numbers
- Addresses
- Medicare numbers
- Policy numbers
- The company assesses the cybercrime to cost approximately AU$25 million to AU$35 million.
Medibank promised to provide free identity monitoring services and financial support for the affected, recommending that its customers stay alert for any phishing attacks.
New York Post Twitter Account Hacked By Employee Posting Offensive Headlines Targeting Politicians
On Thursday, a spokesperson confirmed that an employee hacked the New York Post’s Twitter account.
The employee posted offensive messages designed to look like actual headlines.
The NY Post is one of New York City’s prestigious publications, known for its headlines and conservative-leaning editorials.
The malicious content was immediately removed, but NBC News journalists screenshotted the tweets before they were taken down.
The posts included fake headlines about New York Gov. Kathy Hochul, Democratic Rep. Alexandria Ocasio-Cortez, New York City Mayor Eric Adams, and President Joe Biden’s son, Hunter Biden.
The employee’s identity remains unknown, but The New York Post confirmed that the person had been terminated.
Final Thoughts
Considering how damaging and costly data breaches can be, domain privacy protection should be a priority.
Don’t let your company and customers fall victim to a cyberattack. Secure your domain with EasyDMARC today.