[Security News] Authorities investigating massive security breach at Global Affairs Canada
1. Authorities investigating massive security breach at Global Affairs Canada
Canadian authorities are investigating a prolonged data security breach following the “detection of malicious cyber activity” affecting the internal network used by Global Affairs Canada staff. The breach affected at least two internal drives, as well as emails, calendars and contacts of many staff members and working remotely was stopped as of last Wednesday. It’s not clear whether secret information was lost in the breach, which lasted longer than a month. It’s also not clear who was behind the breach.
2. 45k Jenkins servers exposed to RCE attacks using public exploits
Researchers found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2023-23897. On January 24, 2024, project released versions 2.442 and LTS 2.426.3 to fix CVE-2023-23897, an arbitrary file read problem that can lead to executing arbitrary command-line interface (CLI) commands. But the issue arises from CLI’s feature that automatically replaces an @ character followed by a file path with the contents of the file.
3. Vans, Supreme, North Face Parent Hacked: Data of 35 Million Customer Exposed
VF, a globally renowned parent company of iconic fashion brands such as Vans, Supreme, and The North Face, announced a compromise of personal data belonging to approximately 35.5 million customers. This incident occurred last December and it raises concerns about the security of customer information for the fashion giant. The ransomware group ALPHV (also known as Black Cat ransomware) claimed responsibility for this incident.
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Database Encryption: D’Amo
Identity and Access Management: iSIGN+
Car, Energy, Factory, City Solutions: Penta IoT Security
Check out Penta Cloudbric’s product lines:
Cloud-based Fully Managed WAAP: Cloudbric WAF+
Agent based Zero Trust Network Access Solution: Cloudbric PAS
Agentless Zero Trust Network Access Solution: Cloudbric RAS
Blockchain: Blockchain Security Solution