Featured Story
Ticketmaster Confirms Breach Potentially Impacting 560 Million Users
Ticketmaster parent company Live Nation has confirmed that internal data was exposed in a cyber-attack identified last month, with threat actors apparently targeting a third-party cloud environment. The ticketing giant said in an SEC filing that the majority of the compromised data came from its Ticketmaster subsidiary, which chimes with earlier reports that as many as 560 million of the company’s customers may have been impacted.
In a since-removed blog post, security researchers at Hudson Rock reported that the threat actor targeted a Snowflake employee’s ServiceNow account with stolen credentials, enabling them to subsequently access the Ticketmaster database.
The recent incidents show why companies storing sensitive data in the cloud must use strong security measures like (phishing-resistant) multifactor authentication (MFA) and IP restrictions that limit access from only trusted locations.While these steps might seem simple, even experienced companies often forget about basic cloud security in their rush to go digital.
Other Stories
Attacks Surge on Check Point’s Recent VPN Zero-Day Flaw
Exploit activity targeting a recent information disclosure flaw in Check Point’s VPN technology has soared in recent days, heightening the need for organizations to address the flaw immediately. Check Point has warned that the vulnerability allows attackers to access sensitive information in security gateways, possibly allowing lateral movement or domain admin access. Exploitation activity reportedly began nearly two months before public disclosure.
This comes as a continuation of last week’s newsletter. The fact that exploitation started before disclosure highlights the importance of proactive patch management.Check Point’s guidance can be found via their support portal. If you need help with patching or incident response related to this CVE, our SOC is here to help.
37 Vulnerabilities Patched in Android
Google released its June 2024 Android update addressing 37 vulnerabilities, including several high-severity privilege escalation issues in the System and Framework components. While there is no evidence of exploitation in the wild, the update closes critical flaws that could lead to elevation of privilege, denial of service, or data leakage.
Keeping Android devices up to date is essential. Even without current evidence of exploitation, unpatched vulnerabilities often become prime targets shortly after patch release.
New Scam Targeting Artists
Several artists have fallen victim to a sophisticated scam encouraging them to sell artwork as NFTs. The scam involves impersonation and gradually builds trust over several days before requesting payments or crypto-based “minting” fees, ultimately defrauding the artist without any legitimate sale taking place.
This scam is subtle and well-practiced. Key takeaways: never send money upfront, verify buyer identity, and consult with trusted sources before engaging in NFT or crypto transactions.
Contact the Approach Cyber SOC team for tailored support and training programs.