Links

https://en.yna.co.kr/view/AEN20230203008600325

https://www.websiteplanet.com/news/8twelve-leak-report/

LG Uplus’ data breach impacted 290,000 users

• LG Uplus Corp
  • Friday updated impacted users to 290,000
    • 110,000 reported on Jan 10
• Leaked Data
  • Names
  • birth dates
  • phone numbers
  • does not include financial information
• Working with:
  • Seoul Metropolitan Police Agency
  • Personal Information Protection Commission
  • Korea Internet & Security Agency

Mortgage Financial Technologies Company Exposed Hundreds of Thousands of Records Online

• Jeremiah Fowler together and Website Planet research team
  • Found open and non-password protected database
    • Contained 717,814 records
      • Personally Identifiable Information (PII) of thousands of Canadian citizens
  • data contained “mortgage leads”
    • home mortgage loan
      • Names
      • phone numbers
        • Work
        • Home
        • Cell
      • email addresses
      • physical addresses
    • Employee Data
  • Individuals
    • who want to buy a house
    • Refinance
    • obtain an equity line of credit
    • purchase an investment property.
• 8Twelve Financial Technologies Inc
  • “8Twelve streamlines the home financing process by providing its partners a one-stop financing solution for all their mortgage needs. 8Twelve’s proprietary technology platform INFIN8 identifies the best possible mortgage from Canada’s largest marketplace of bank, alternative, and private mortgage products”.
  • Canadian Based
  • Team sent responsible disclosure notification
  • restricted public access within hours of our discovery.

India’s Largest Truck Brokerage Company Leaking 140GB of Data

• FR8
  • Anurag Sen working with Italian cyber security firm FlashStart
    • discovered the server on Shodan
  • exposed more than 140 gigabytes of data, which is available to the public without any password or security authentication
  • Researchers contacted them
    • Public email bouncing back
• Data
  • sensitive information
    • customer records
    • Invoices
    • payment details
      • Users across India.
  • other personal information
    • Names
    • Addresses
    • contact numbers
      • both customers and employees.

CyberSec Professionals’ Inability to prevent bad things from happening

• Study – Exabeam
  • 83% of organizations experienced more than one data breach in 2022
  • 97% of respondents feel confident that they are well-equipped with the tools and processes needed to prevent and identify intrusions or breaches
  • 46% of all respondents operate more than one cloud or on-premises SIEM platform
    • 64% of those who have one platform are very confident they can detect cyberattacks based on adversary behavior alone
    • 59% of those with two or more platforms are very confident.
  • 4% of U.S. security professionals report not using a SIEM platform
    • 81% were confident.
  • 17% of all respondents can see 81–100% of their network
• Prevention
  • 65% still prioritize prevention over detection, investigation, and response as their most important security goal.
  • Just 33% said detection was the highest priority.
  • 71% spend 21-50% of their security budgets on prevention.
  • 59% invest the same percentage on threat detection, investigation, and response
• Staff
  • 43% of respondents cited being unable to prevent bad things from happening as the worst part of their job
  • Lacking full visibility due to security product integration issues (41%)
  • An inability to centralise and understand the full scope of an event or incident (39%)
  • Being unable to manage the volume of detection alerts, with too many false positives (29%)
  • Not feeling confident that they’ve resolved all problems on the network (29%)
• Credential Compromise
  • 90% of security professionals are battling compromised credential cases
  • Just 11% can scope the overall impact of detected malicious behaviours in less than one hour.
  • 52% report they can analyse it in one to four hours.
  • 34% take five to 24 hours to identify high-priority anomalies.