[Security News] Air Europa Discloses Data Breach of Full Payment Card Details
October 2023
1. Air Europa discloses data breach involving complete payment card details
The third-largest airline in Spain, Air Europa, suffered a data breach that exposed the full payment card information of an undisclosed number of customers.
The airline sent an email notification on October 10 to customers who have recently made purchases from the airline. Recipients of the email were told that their full credit card details, including the 16-digit card number, CVV, and the expiry date, were recently compromised by an unauthorized third party.
The airline advised all impacted customers to immediately cancel and replace their credit cards, but did not specify which systems were accessed and how many people were affected.
Data breaches involving payment card information are not uncommon. But a breach of the complete payment details is rare, as sensitive financial data must be encrypted according to PCI DSS. The nature of the incident indicates that it might be the result of a magecart attack.
To prevent attackers from exploiting web application vulnerabilities for magecart campaigns, an advanced web application firewall (WAF) is a must.
Sources: Bleeping Computer, SUR
2. Chinese APT ToddyCat targets Asian governments and telecoms with custom malware
A malicious cyberespionage campaign tracked as “Stayin’ Alive” was discovered by Check Point Research, who linked the campaign to the Chinese-affiliated advanced persistent threat (APT) “ToddyCat”. Active since at least 2021, the campaign has been targeting governments and telecommunications companies in Central and Southeast Asia.
The typical attack pattern begins with spear-phishing emails targeting specific individuals from high-profile organizations. Recent targets include organizations in Kazakhstan, Uzbekistan, Pakistan, and Vietnam. A ZIP folder is attached to these emails, containing a digitally signed executable file named to match a part of the email context with a malicious DLL that exploits a vulnerability (CVE-2022-23748) in Audinate’s Dante Discovery software.
A number of custom-made malware was deployed, including CurKeep, CurLu, CurCore, and StylerServ, establishing backdoors and installing trojans in the targeted system.
What makes the campaign especially difficult to trace is that the attackers have been using a diverse range of disposable custom tools. These tools contain no overlapping code with one another nor any other known toolset, making it extremely difficult to draw links between them and trace the attackers’ activities.
Sources: Check Point Research, Infosecurity
3. Amazon adopts passkey as Google makes it default login method
Amazon announced on October 23 that it is now adopting passkey as a login method, offering support for its mobile apps and in-browser applications.
A PKI-based technology, passkey is promoted by the FIDO Alliance as an alternative to passwords and traditional multi-factor authentication (MFA) methods. A passkey is a unique private key stored locally in the user’s device, protecting the account from not just hackers but also the service provider itself.
Passkey provides an easy and secure way to log in to online accounts by enabling users to use the same login method as the one they use for their Android, iOS, Windows, and macOS devices. Passkey has now been adopted by Google, Microsoft Office 365, PayPal, Shopify, Adobe, GitHub, and more.
Also in October, Google took it one step further by making passkey the default login option for Google accounts. This means users will be prompted to set up a passkey the next time they log in. Traditional passwords will remain as an alternative.
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Database Encryption: D’Amo
Identity and Access Management: iSIGN+
Car, Energy, Factory, City Solutions: Penta IoT Security