Infosec Round-Up Sep 3rd

Play Video

Firearms Data Leak, Coinbase Mistake & Insider Threat

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

Credit Union Insider Threat

A former employee of a New York credit union has pled guilty to the unauthorized accessing of company computer systems, as well as the destruction of over 21 gigabytes of sensitive data.

As an act of revenge following her termination, Juliana Barile “surreptitiously accessed the computer systems of her former employer” and proceeded to delete over 20,000 files and 3,500 company directories, relating to customers’ mortgage applications and anti-ransomware protection software.

Fired on the 19th of May, remote access credentials were meant to have been revoked, though two days after, Barile managed to log on: enabling her destructive rampage.

Facing up to 10 years imprisonment and a fine, FBI Assistant Director-in-Charge, Michael J. Driscoll noted on the case, “Ms. Barile may have thought she was getting back at her employer by deleting files, however she did just as much harm to customers”.

Adding, “An insider threat can wreak just as much havoc, if not more, than an external criminal. The bank and customers are now faced with the tremendous headache of fixing one employee's selfish actions.”

Firearms Data Leak

The UK authorities have launched an investigation following the publication of a map claiming to show the addresses of thousands of UK firearms owners.

Originally stolen from Guntrader, an online marketplace, the breached information contains the names, mobile numbers, email addresses and even the home addresses of 111,000 firearms owners.

Publicly leaked last week via an animal rights activist’s blog, the data was being advertised as useful for members of the public to “contact as many [firearms owners] as you can in your area and ask them if they are involved in shooting animals.”

Presenting an obvious threat to those affected by the leak, the UK’s National Crime Agency has launched an investigation, working closely with the South West Regional Cyber Crime Unit.

Responding to the leak, The British Association for Shooting and Conservation has stated, the “BASC is concerned about this latest development… we advise the shooting community to maintain vigilance around security and report any concerns to the police.”

Coinbase Email Panic

The cryptocurrency exchange, Coinbase, has mistakenly sent around 125,000 emails and texts, wrongly informing users that their two-factor authentication (2FA) settings had been changed.

Causing some alarm to affected users, some of whom reasonably feared their accounts may have been hacked, the company were quick to note the erroneous messages were “not the result of malicious behaviour.”

Assuring users that the error was due to an issue with its notification systems, the company also stated via a customer support subreddit that they would be crediting a small number of affected users with $100 worth of Bitcoin.

Noting, alongside an apology, that “issues like this can hurt [customer] trust”, Coinbase additionally stated, “we're laser focused on building trust and security into the crypto community so that the open financial system we all want is a reality.”

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.

Security Awareness for your Organisation

Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.

Featured

Infosec Round-Up Aug 27th

Infosec Round-Up Aug 27th - Hut Six

Ethical hacker rewarded with $500K after returning stolen crypto. Japanese exchange attacked. US loses $2.3 million to BEC scam.

Infosec Round-Up Aug 20th

Infosec Round-Up Aug 20th - Hut Six

48 million T-Mobile customers' data breached. Secret 'no-fly' list exposed on internet. Brazil Government hit with another ransomware attack.

Infosec Round-Up Aug 13th

Infosec Round-Up Aug 13th - Hut Six

Apple responds to CSAM scanning criticism. Crypto hacker returns over $300 million worth of tokens. Crytek game developer confirms data leak hack.

Infosec Round-Up Aug 6th

Infosec Round-Up Aug 6th - Hut Six

Zoom to pay $86 million on privacy lawsuit. LockBit 2.0 cyber criminals recruiting insider threats. Isle of Wight schools hit with ransomware attack.

InfoSec Round-Up July 30th

InfoSec Round-Up July 30th - Hut Six

Israeli government raids NSO Group offices. Biden warns cyber breach could lead to "hot-war". Irish DoH data leak.

InfoSec Round-Up July 23th

InfoSec Round-Up July 23th - Hut Six

NSO responds to international criticism. Saudi Aramco hacked for a second time. Chinese government denies involvement with Microsoft Hack.

InfoSec Round-Up July 16th

InfoSec Round-Up July 16th - Hut Six

UK Police seize £180 million in money laundering investigation. REvil ransomware website mysteriously disappears. Iran targets British academics in phishing attack.

InfoSec Round-Up July 2nd

InfoSec Round-Up July 2nd - Hut Six

Member of public finds Ministry of Defence (MoD) documents. Salvation Army loses data in cyber attack. Denmark's Central Bank affected by SolarWinds hack.

InfoSec Round-Up June 25th

InfoSec Round-Up June 25th - Hut Six

Prolific phishing scammer arrested for 25k SMS messages. Scotland's EPA announces 4 thousand files were stolen. Security icon John McAfee found dead.

InfoSec Round-Up June 11th

InfoSec Round-Up June 11th - Hut Six

New York Time, the Guardian, Reddit and more unavailable. JBS pays $11 million ransom to attackers. FBI created fake end-to-end encrypted chat app.