Threat Intelligence Report - June 29, 2023.
The NetFire Threat Intelligence Report contains a weekly collection of key developments to be aware of along with action tips from NetFire.
NetFire Threat Intelligence Team
OpenAI with Microsoft Face Class Action Lawsuit
OpenAI, the maker of AI tool ChatGPT, is facing a class-action lawsuit over allegations of unauthorized data scraping from social media, blogs, and other sources without users' consent, potentially violating the Computer Fraud and Abuse Act. The lawsuit contends that OpenAI used this data, including private user information, in a reckless manner to develop unstable, experimental technology, thereby placing users at significant cybersecurity risk. Microsoft has been named as a co-defendant.
NetFire link: https://netfire.link/openai-class-action-lawsuit
Mondelez Compromised through Third-Party Law Firm
Mondelēz International, the multinational confectionery, food, and beverage conglomerate, has suffered a data breach through its legal services provider, Bryan Cave Leighton Paisner LLP, exposing sensitive personal information of over 50,000 current and former employees. The breach, which was detected from February 23 to March 1, 2023, did not compromise Mondelēz's internal systems but revealed victims' names, social security numbers, addresses, dates of birth, marital statuses, and more, highlighting the significant cybersecurity risk posed by third-party relationships.
Patient Records Stolen Through GoAnywhere File Transfer Tool
Intellihartx, a patient payment balances and collections company, confirmed that personal and health data of 489,830 patients was stolen during a mass ransomware attack on its technology vendor, Fortra. The cyberattack, claimed by the Clop ransomware group, targeted Fortra's GoAnywhere file-transfer software and resulted in the breach of names, addresses, dates of birth, Social Security numbers, as well as patient medical billing, insurance information, diagnoses, and medication data.
LetMeSpy Android Spying App Breach Exposes Users Data
Android-based phone monitoring app LetMeSpy has suffered a data breach, in which an unauthorized third party accessed sensitive information of thousands of users, including email addresses, telephone numbers, and content of messages collected on accounts. The breach, which took place on June 21, 2023, was reported to law enforcement and data protection authorities.
NetFire link: https://netfire.link/letmespy-data-breach
SEC Notices Put CISOs and Cybersecurity Executives on Alert
The US Securities and Exchange Commission (SEC) has issued Wells Notices to executives of SolarWinds, including the CFO and CISO, indicating possible legal action in response to the company's handling of the 2020 cyberattack on its infrastructure. This move could potentially set a new precedent in holding individual cybersecurity professionals accountable for such incidents, signaling increased liabilities for those in these roles.
Follow NetFire and stay tuned for more insights.
#NetFireThreatIntelligence #SecureCloud #OpenAI #ThreatIntelligence #ChatGPT #Microsoft #GoAnywhere #BryanCave #Mondelez #Lawsuit #NetOnFire