Incident & Breach Response
,
Security Operations
Wuhan Earthquake Monitoring Center Suffers Cyberattack; NATO’s COI Portal Breached
Every week, Information Security Media Group rounds up cybersecurity incidents and breaches around the world. This week, a Zenbleed flaw exposed AMD Ryzen CPUs, Facebook was fined AU$20 million in Australia, NATO’s COI Portal was breached, Quinn Emanuel reported a cyberattack, VirusTotal apologized for a data leak, Wuhan Earthquake Monitoring Center had a cyberattack and Yamaha Canada had a data breach.
Zenbleed Vulnerability Exposes AMD Ryzen CPUs
A critical vulnerability affecting AMD’s Zen 2 processors, including popular CPUs such as the Ryzen 5 3600, was uncovered by Google security researcher Tavis Ormandy. Dubbed Zenbleed, the flaw allows attackers to steal sensitive data such as passwords and encryption keys without requiring physical access to the computer. Tracked as CVE-2023-20593, the vulnerability can be exploited remotely, making it a serious concern for cloud-hosted services.
The vulnerability affects the entire Zen 2 product range, including AMD Ryzen and Ryzen Pro 3000/4000/5000/7020 series, and the EPYC “Rome” data center processors. Data can be transferred at a rate of 30 kilobits per core, per second, allowing information extraction from various software running on the system, including virtual machines and containers. Zenbleed operates without any special system calls or privileges, making detection challenging.
While AMD released a microcode patch for second-generation Epyc 7002 processors, other CPU lines will have to wait until at least October 2023. The company hasn’t confirmed if updates will affect system performance, but it remains a possibility.
Facebook Fined in Australia
An Australian court fined social media giant Facebook AU$20 – approximately $14 million – on Wednesday in a judgment in a lawsuit brought by the Australian Competition and Consumer Commission. The lawsuit involved a Facebook-owned smartphone VPN called Onavo that aggregated user data including location, device identifiers and app usage, including the apps users interacted with the most frequently. It also transmitted back to Facebook information about users’ web-surfing habits including URLs.
The lawsuit says the collection took place between February 2016 and October 2017. In a statement, Facebook said it proposed the fine amount to the Australian Competition and Consumer Commission and emphasized that Onavo data “was anonymised and aggregated.” It also said Onavo was a functional VPN. “There was no allegation by the ACCC that the app did not function properly as an online security tool.”
In a statement, ACCC Chair Gina Cass-Gottlieb said her agency had taken on Facebook out of concern “that consumers seeking to protect their privacy through a virtual private network were not clearly told that in downloading and using this app they were actually facilitating the use of their data for Meta’s commercial benefit.” Meta is Facebook’s official corporate name.
Facebook must also pay AU$400,000 – approximately $268,000 – to the ACCC for its legal costs.
NATO’s COI Portal Breached
Hacktivist group SiegedSec launched a cyberattack on NATO’s Communities of Interest Cooperation Portal, claiming to have stolen hundreds of documents. The COI Cooperation Portal serves as NATO’s unclassified information-sharing platform. CloudSEK estimated 845 megabytes worth of files containing sensitive information -including user-related details, unclassified documents, and user account access information – had been leaked. The data leak potentially affects 31 member nations of the NATO alliance.
Quinn Emanuel Reports Cyberattack
U.S. law firm Quinn Emanuel Urquhart & Sullivan suffered a data breach incident following a ransomware attack against its third-party data center provider between May 13 and May 14, 2022, the firm said in a notice filed on Monday.
The attackers accessed client data after compromising the network of the data center the law firm uses for e-discovery data collection and processing. The firm informed fewer than 2,000 individuals of the incident, Reuters reported.
VirusTotal Apologizes for Data Leak
Google’s malware-scanning platform VirusTotal issued an apology on July 20 for a data leak that affected more than 5,600 customers. Last month, an employee mistakenly uploaded a CSV file containing names and corporate email addresses of premium account holders to the platform. The incident did not result in any cyberattack or platform vulnerability, but the leak exposed information such as accounts associated with various government agencies worldwide, including U.S. Cyber Command, the FBI, the NSA, and German intelligence services, among others. The company removed the file within an hour of its posting.
Wuhan Earthquake Monitoring Center Suffers Cyberattack
The Wuhan Earthquake Monitoring Center in China fell victim to a cyberattack by a hacker group allegedly associated with an “overseas government.” The Wuhan Municipal Emergency Management Bureau disclosed the attack and said the affected equipment is isolated. The Global Times, a Chinese Communist Party-owned newspaper, reported the incident, asserting that preliminary evidence pointed to the United States as the source of the government-backed attack.
Yamaha Canada Suffers Data Breach
Yamaha’s Canadian music division confirmed a recent cyberattack after two separate ransomware groups claimed responsibility for attacking the company. While the details of the attack were not disclosed, Yamaha Canada Music promptly responded to contain the unauthorized access and data theft. The BlackByte and Akira ransomware groups have claimed responsibility for the attack.
Other Coverage From Last Week