China Suffers One of the Largest Data Breaches in History of Mankind
Read also: Google fixed a zero-day vulnerability in Chrome browser, Marriott fell a victim of cyber extortionists, and more.
Thursday, July 7, 2022
China allegedly suffers one of the largest data breaches in world’s history
Hackers claimed that they’ve managed to steal databases containing information on over 1 billion Chinese citizens. If their claims are true, this incident would be the most significant data breach in China’s history.
Last weekend, someone who calls themselves HackerDan put up for sale 22TB of data allegedly stolen from Shanghai National Police. According to the seller’s post on a hacker forum Breached.to, stolen databases contained 750,000 records, including names, addresses, birthplaces, national ID numbers, phone numbers, and crime cases details. This post has already been deleted, but The Register saved a PDF copy of it.
The cost of the databases was 10 bitcoins. Data was apparently syphoned from an Aliyun (Alibaba) private cloud server which is a part of the Chinese police network.
Naturally, Chinese authorities remain silent and don’t comment on the incident.
Google fixed yet another zero-day vulnerability in its Chrome browser
Google has issued an emergency update for its Chrome browser to address a zero-day vulnerability which is already exploited by hackers. The heap buffer overflow in WebRTC component (CVE-2022-2294) affects both Windows and Android versions of a browser. This component enables web browsers with Real-Time Communications (RTC) capabilities via simple JavaScript APIs.
By exploiting this flaw, a remote attacker can execute arbitrary code on the victim’s device and compromise it.
Google warned that the vulnerability is already exploited by hackers. Traditionally, the tech giant wouldn’t provide any further details about the attacks. Technical details are yet to be published either. The tech giant usually restricts access to vulnerability details until a majority of users are updated with a fix.
The issue was addressed in Chrome 103.0.5060.114 for Windows and Chrome 103 (103.0.5060.71) for Android.
Cybercrooks stole 20GB of data from hospitality giant Marriott
The unknown hackers told DataBreaches that they have compromised Marriott’s server and stole 20GB of data. According to the threat actors, they breached Marriott last month and exfiltrated credit card information and other sensitive data.
The gang behind the breach remains unidentified. DataBreaches refers to it as “GNN” (Group with No Name) while assuming that it “might be the most successful group” they’ve “never heard about”.
Namely, GNN has compromised BWI Airport Marriott in Maryland (BWIA).
Marriott confirmed the breach and said that the social engineering is to blame. Cybercrooks successfully defrauded an employee in one of the Marriott hotels and got the access to his/her computer.
Both Marriott and the threat actors confirmed that the hospitality giant did not pay any ransom. It follows that GNN could be an extortion gang that breaches organizations’ networks, syphons data from there and demands ransom. Since no data has been encrypted, the use of ransomware is excluded.
Crypto scammers hacked social media accounts of British Army
Cybercriminals hacked British Army's Twitter and YouTube official accounts to promote online crypto scams. Crooks posted on Twitter fake NFT tokens and fraudulent giveaways on behalf of British Army. They renamed an account to “pssssd” and changed the header and profile images.
In case with the British Army's YouTube account, the fraudsters posted “Ark Invest” live streams with an old Elon Musk video with intent to mislead victims into visiting cryptocurrency fraudulent websites.
It is still unknown who is behind the hack. The way the social media accounts were hijacked is yet to be determined. The number of victims (if any) is yet to be determined either.
The UK’s Ministry of Defense refuses to comment further until its investigation is complete.
One of the largest North American IT service providers SHI was hacked on USA Independence Day
One of the largest IT service providers in North America SHI International became a victim “of a coordinated and professional malware attack” on the 4th of July when US celebrated an Independence Day.
According to the company, there is no evidence to suggest that customers’ information was stolen during the attack. The incident hasn’t affected SHI partner’s systems in the supply chain.
SHI’s IT staff quickly identified the attack and took the measures to minimize its impact on corporate systems and operations. In particular, some systems, including public websites and email, were shut down as a precaution, says the company in its blog post.
The IT service provider has notified the FBI and CISA about the incident and started an investigation.
What’s next:
- Follow ImmuniWeb on Twitter and LinkedIn
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law. 
