Twitch Says No Password, Payment Card Data Were Leaked in Breach, Blames Attack on Configuration Error

Fin12 works fast and targets healthcare orgs, Russian state hackers becoming more successful, SVR obtained valuable counterintelligence info, Google issues 14,000 state attacker warnings, much more

In a blog post, Amazon-owned video gaming giant Twitch told users that no passwords or payment card numbers were stolen or leaked online from its massive hack.

Twitch also said it reset all stream keys as a result of the incident. Users who stream on the site will likely need to obtain a new one from their Twitch profile backends. Twitch believes the breach, which resulted in a massive torrent of its system data posted on 4chan, occurred because of an error in a Twitch server configuration change that a malicious third party subsequently accessed. (Catalin Cimpanu / The Record)

Related: Reddit - cybersecurity, Silicon Republic, IT World Canada, Channel Daily News, The Hacker News, GovernmentCyber.com, Techradar, Bleeping Computer, Economic Times, Verdict, Heimdal Security Blog, SlashGear » security, Memeburn, SlashGear » security, TIME, 9to5Mac, BBC News, Engadget, ZDNet, BGR, Security Affairs, Rock, Paper, Shotgun, Security Affairs, TechRaptor, Benzinga, Ubergizmo, Bleeping Computer, Security - Computing, Gadgets Now, Evening Standard, Technology - CBSNews.com, Gadgets Now, Mirror, Silicon UK, Windows Central, Protocol, Business Insider, MSPoweruser, The Sun, The Daily Swig, WRAL Tech Wire, SlashGear, Security News | Tech Times, MobileSyrup.com, Engadget, NDTV Gadgets360.com, Security - Computing, Light Reading, DataBreaches.net, IT Pro, Business Insider, TechCentral, The Verge, Verdict, Heimdal Security Blog, MobileSyrup.com, WebProNews, WRAL Tech Wire, HotHardware.com, TechRaptorbreach, Twitch

Researchers from Mandiant report that the Russian threat group Fin12 takes less than two days to execute on the target network a file-encrypting payload, usually the Ryuk ransomware. They also say that nearly 20% of their incident response engagements since September 2020 are for FIN12 intrusions.

They further note that many FIN12 victims are in the healthcare sector, and most Fin12 victims are located in North America, with 71% in the United States and 12% in Canada. (Ionut Ilascu / Bleeping Computer)

Related: ZDNet Security, Cyberscoop, Dark Reading, IT Pro, Security Week, Mandiant, CNBC, The Hill, CBS, IT Pro, Bleeping Computer, Mandiant

Microsoft said that Russian state-backed hackers are having greater success at breaching targets in the United States and elsewhere, making government organizations the primary focus of their attacks.

Government organizations accounted for more than half of the targets for Moscow-linked hacking groups for the year through June 2021, up from just 3% the previous year. The success rate of Russian intrusions into government and non-government targets has gone from 21% to 32% over the same period. (Sean Lyngaas / CNN)

Related: WGRZ - News, CTV News, AP Top News, Security Week, Microsoft on the Issues, The Hill: Cybersecurity, Windows Central, New York Daily News, Courthouse News Service, WRAL Tech Wire, Security Week, Dark Reading, Voice of America, UPI.com, Windows Central, The Hill: Cybersecurity, Neowin, Slashdot, The Times of Israel, OpIndia, Cybersecurity Insiders, Infosecurity Magazine, Radio Free Europe / Radio Liberty, Microsoft Digital Defense Report

The suspected Russian SVR foreign intelligence service hackers behind the intrusion of SolarWinds and Microsoft software emerged with information about counter-intelligence investigations, policy on sanctioning Russian individuals, and the country’s response to COVID-19, according to people familiar with the investigation.

One of the people involved said that the exposure of counter-intelligence matters pursued against Russia was the worst of the losses. (Joseph Menn and Chris Bing / Reuters)

Related: iTnews - Security, Silicon UK, DataBreaches.net

Shane Huntley, the head of the Threat Analysis Group or TAG, Google's anti-hacker team, said Google alerted approximately 14,000 users that they had been targets of Russian government-sponsored hackers, an"above average batch" of warnings.

Huntley said the warnings were related to a recent phishing campaign "targeting a large volume of Gmail users" by APT28. The same group hacked the servers of Hillary Clinton and other Democratic party targets in the run-up to the 2016 election. (Lorenzo Franceschi-Bicchierai / Motherboard)

Related: TechXplore, Cyberscoop, The Record by Recorded Future, Security Affairs

The U.S. campaign against the Chinese telecom tech giant, based on fears that the company is a security threat because it is beholden to Beijing and could implement spyware and other malware in its technology on behalf of the government, has worked.

The company’s revenues have fallen, and its telecom market share has shrunk since the U.S. stepped up its campaign to choke off Huawei from U.S. technology and banned its products in government offices. (Dan Strumpf / Wall Street Journal)

United States Senator Elizabeth Warren (D-MA) and Representative Deborah Ross (D-NC) introduced the bicameral Ransom Disclosure Act, which would require ransomware victims to report to the government when they have paid a ransom.

The bill requires the Department of Homeland Security to make a public website for individuals to report ransom payments, publish the disclosed data from the previous year (excluding identifying information of ransomware victims), and conduct a study on commonalities between ransomware attacks. (Grace Dille / Meritalk)

Related: The Block, Channel Futures, National Law Review, Executive Gov, Daily Dot

Researchers at Pentest Partners say that BrewDog, the Scottish brewery and pub chain famous for its crowd-ownership model, exposed the details of 200,000 of its shareholders and customers for over 18 months.

The exposure stemmed from a flaw in its token-based authentication system. As a result of this flaw, anyone could append any customer ID to the end of the API endpoint URL, and access sensitive PII (personally identifiable information) for that customer. (Bill Toulas / Bleeping Computer)

Related: Candid.Technology, Pentest Partners, Sky News

Tenacity, a software-as-a-service company, focused on cloud compliance for businesses, has raised $3 million in a venture funding round.

Hyde Park Angels led the round with participation from Sandalphon Capital, Base Investments UK, and others. (Nick Manes / Crain’s Detroit Business)

Related: Business Wire Technology: Security News

Photo by ELLA DON on Unsplash