[Security News] Authorities investigating massive security breach at Global Affairs Canada

Security News, Penta Security, WAPPLES, Global Affairs Canada, Jenkins Server, VF

January 2024


1. Authorities investigating massive security breach at Global Affairs Canada

Canadian authorities are investigating a prolonged data security breach following the “detection of malicious cyber activity” affecting the internal network used by Global Affairs Canada staff. The breach affected at least two internal drives, as well as emails, calendars and contacts of many staff members and working remotely was stopped as of last Wednesday. It’s not clear whether secret information was lost in the breach, which lasted longer than a month. It’s also not clear who was behind the breach.

Sources: CBC, Global News, CTV


2. 45k Jenkins servers exposed to RCE attacks using public exploits

Researchers found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2023-23897. On January 24, 2024, project released versions 2.442 and LTS 2.426.3 to fix CVE-2023-23897, an arbitrary file read problem that can lead to executing arbitrary command-line interface (CLI) commands. But the issue arises from CLI’s feature that automatically replaces an @ character followed by a file path with the contents of the file.

Sources: Bleeping Computer, The Hacker News, The Register


3. Vans, Supreme, North Face Parent Hacked: Data of 35 Million Customer Exposed

VF, a globally renowned  parent company of iconic fashion brands such as Vans, Supreme, and The North Face, announced a compromise of personal data belonging to approximately 35.5 million customers. This incident occurred last December and it raises concerns about the security of customer information for the fashion giant. The ransomware group ALPHV (also known as Black Cat ransomware) claimed responsibility for this incident.

Sources: The Cyber Express, Security Week, CNBC


Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: iSIGN+ 

Car, Energy, Factory, City Solutions: Penta IoT Security

Check out Penta Cloudbric’s product lines:

Cloud-based Fully Managed WAAP: Cloudbric WAF+

Agent based Zero Trust Network Access Solution: Cloudbric PAS

Agentless Zero Trust Network Access Solution: Cloudbric RAS

Blockchain: Blockchain Security Solution

Click here for inquiries regarding the partner system