According to ComputerWeekly, it was a Sodinokibi ransomware attack that infiltrated the company.

A conversation between BleepingComputer and the Sodinokibi group revealed that the malicious actors have “encrypted the entire Travelex network and copied more than 5GB of personal data, which includes dates of birth, social security numbers, card information and other details.” Furthermore, the Sodinokibi group states that they’ve deleted the backup files and are demanding a $3 million ransom.

Information on how the attackers gained an initial foothold on the Travelex network has not been revealed; however, Travelex has been known to utilize insecure services in the past.

Read more here

Microsoft: RDP Brute-Force Attacks Last 2-3 days on Average

Microsoft recently published a months-long study into the impact of RDP brute-force attacks throughout various organizations in the corporate world. In the study, over 45,000 workstations running Microsoft Defender Advanced Threat protection collected data on RDP-login related events. And researchers for in total, 0.08% of RDP brute-force attacks are successful, and they last an average of 2-3 days.

RDP stands for Remote Desktop Protocol; it’s a feature within the Windows operating system that allows users to log in to a remote computer using a similar interface as a standard desktop.

According to Microsoft, “successful brute force attempts are not uncommon; therefore, it’s critical to monitor at least the suspicious connections and unusual failed sign-ins that result in authenticated sign-in events.”

Recommendations for system administrators to lessen the risk of a successful RDP attack include combining and monitoring multiple signals that incorporate the:

hour of the day and day of the week of failed sign-in and RDP connections

timing of a successful sign-in following failed attempts

Event ID 4625 logon type (filtered to network and remote interactive)

Event ID 4625 failure reason (filtered to %%2308, %%2312, %%2313)

cumulative count of distinct usernames that failed to sign in without success

count (and cumulative count) of failed sign-ins

count (and cumulative count) of RDP inbound external IPs

count of other machines having RDP inbound connections from one or more of the same IP

Read more here

School Software Provider Active Network Discloses Data Breach

Active Network, a web-based school management software for kindergarten to twelfth-grade schools and counties, has suffered a significant security breach affecting thousands of individuals. According to the company’s breach notice, parents who accessed a portion of their accounting software to pay school fees or pay for materials between October 1, 2019, and November 13, 2019, may have had their personal information stolen.

Exposed data includes:

Names,

Store username and password,

Payment card number,

Payment card expiration date,

Payment card security code.

Malicious actors were able to steal payment data through a software skimmer as parents sent payments through the Active Network web application.

Active Network has launched an investigation with the help of a cybersecurity firm to analyze the issue further.

Get more information here

Google Boots Security Camera Maker From Nest Hub After Private Images Go Public

A Reddit user named Dio-V first reported the issue, stating that their Google Nest Hub (which is connected to a Xiaomi Mijia 1080p Smart IP camera) shows videos of strangers instead of their footage. The post drew a great deal of attention, including Google Support – who stated that Google would disable “all Xiaomi integrations on [their] devices” while they work on the issue.