NPD and FlightAware Data Leaks Affect Billions – Cybersecurity News

The Daily Decrypt
The Daily Decrypt
NPD and FlightAware Data Leaks Affect Billions – Cybersecurity News
Loading
/

In today’s episode, we explore the critical challenges to AI adoption revealed by CISOs, including data privacy concerns, insufficient staff skills, and misaligned organizational priorities, as highlighted in a new survey by Tines. We also discuss how security leaders can address these blockers by leveraging automation, strategic alignment, and continuous training. Additionally, we delve into the rise of malware such as FakeBat, recent data breaches affecting FlightAware and National Public Data, and necessary steps for individuals to secure their personal information. Video Episode: https://youtu.be/HQt1nCHKgxI

00:00 – Intro

01:14 – NPD Hack Exposes Billions of User’s Data

04:01 – FlightAware Configuration Error Exposed User Data

07:35 – FakeBat Malware Targets Brave, Zoom, Notion Users

09:45 – Top AI Adoption Challenges and CISO Solutions

Articles referenced:

  1. https://www.cybersecuritydive.com/spons/the-biggest-blockers-to-ai-adoption-according-to-cisos-and-how-to-remove/723672/
  2. https://thehackernews.com/2024/08/cybercriminals-exploit-popular-software.html
  3. https://www.bleepingcomputer.com/news/security/flightaware-configuration-error-leaked-user-data-for-years/
  4. https://www.cbsnews.com/news/social-security-number-leak-npd-breach-what-to-know/

Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com

Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/

Logo Design by https://www.zackgraber.com/

Tags: Tines, Generative AI, Security, CISOs, FakeBat, malvertising, MSIX, Mandiant, FlightAware, Configuration, Cybersecurity, Data Leak, Data breach, Cybercriminals, Social Security, National Public Data

Search Phrases: What are today’s top cybersecurity news stories?, Tines generative AI security risks, FakeBat malware protection, FlightAware data breach user impact, Cybersecurity measures for CISOs, Understanding malvertising threats, How to safeguard against data leaks, Mandiant findings on malware, Protecting personal information from breaches, Addressing skill shortages in cybersecurity

Transcript:

Aug20

You probably heard about the data breach that alleged the compromised, the personal information of nearly every American citizen exposing social security numbers addresses. And so much more to the dark web cybercriminals.

And so today we’re going to talk about how this happened, what data was impacted and what you can do to make sure you stay safe.

With your social security number on the dark web.

Thousands of flight aware, users are now urged to reset their passwords after a configuration error, exposed, sensitive, personal data. For over three years. How did this FlightAware configuration error managed to leak user data for such an extended period of time.

Cyber criminals are exploiting popular software searches to spread the fake bat malware using malvertising campaigns and Trojan ISED M S I. X installers to infect unsuspecting users.

And finally a recent survey by tines shows that 98% of large tech executives have halted their generative AI projects due to security risks.

What strategic measures are CSOs employing to overcome the biggest blockers to AI implementation in their organization. You’re listening to the daily decrypt..

Hackers have allegedly infiltrated, a company known as national public data or NPD to steal un-encrypted personal information of billions of people, including social security numbers addresses. And family member names. This breach attributed to the hacker group, U S D O D in April of 2024,

puts almost everyone at risk of identity theft.

If your data was a part of this breach, which it likely is.

People can access it or bid on it on the dark web.

So if they could open new financial accounts or take out loans in your name.

Luckily, this type of fraud is very preventable. All you have to do is contact the three major credit bureaus and place freezes on your accounts.

And even before this breach, this is something that I would recommend to everybody. Unless they’re in the process of buying a new home. Or opening up a new credit card. You don’t need your credit accounts to be unfrozen.

And this is something that I actually didn’t do until about a year ago during the, at T and T breach.

Where my social security number was also linked to the dark web. And I was very shocked to see how quickly it could be done. They all have web based interfaces where you can go sign up for an account. And click a button to place a freeze on your credit.

It’s also important to know that once your information is out there, it’s out there forever.

There’s no company that can go and scrub your data from the dark web. If any company is selling you that service? It’s not a real service. It’s a scam. Or if you purchase the services of a specific company, Uh, under the impression that they can do that. Maybe they’re not actually selling that, but maybe that’s what you’re thinking they’re going to do.

They’re not going to be able to do that. What they are going to be able to do is coach you through the process of placing these credit freezes and help inform you about what that will actually prevent. Alternatively, you can listen to this episode of the daily decrypt and continue to for these tips for free.

But placing these freezes on your credit. Essentially just prevents people or entities from running soft or hard credit checks. Against your credit.

Which is the barrier for most lines of credit, like new credit cards or home loans.

And so by proxy, it prevents new home loans and new credit cards from being opened in your name, which is one of the biggest risks for having your social security number out there.

Now if an attacker is really motivated to get you personally, they can use that information to do all kinds of damage, primarily in information gathering about you. To craft more effective phishing campaigns against you.

Which is the secondary risk of this type of data breach. So besides placing these credit checks, just be extra vigilant when you’re looking at and clicking links through texts or emails. Knowing that this information can help craft more effective phishing emails. Look at everything skeptically. And you should be good to go.

Very similarly to that last story.

There’s an app called FlightAware, which is the world’s largest flight tracking platform. That has just revealed a major security data incident.

FlightAware discovered a configuration error dating back to January of 2021, which exposed user data for over three years.

This data that it exposed can include your user ID, password, email address. And possibly even more sensitive information like your full name, billing and shipping address, social media accounts, phone number, and even social security number.

The error was fixed by flight aware on July 25th, 2024.

So just a few weeks ago. But the breaches duration leaves significant room for potential misuse of your data.

As we talked about in that last story. So if you have a FlightAware account, you’ll need to reset your password immediately. If you log into the platform, it will prompt you to do so on your next login.

But what they’re not going to tell you is that you also need to change. The password to every account that uses the password to your FlightAware account.

And that’s because the username and combo that was leaked in the FlightAware data breach.

We’ll now be entered into every one of your accounts automatically. It’s not a personal target. They’re just going to. Try their luck and see if you may be reuse that username, Cabo password, if that’s ringing any bells for you. PEI go change your password. To all of those accounts, and if it sounds too daunting to do that task manually. Or you’re not even sure what accounts share passwords. It’s time to start using a password manager.

I personally use one password as do all of my friends. And I have almost a thousand accounts in there just for myself alone. Managing that amount of passwords is impossible, especially trying to maintain unique passwords. Across all of them. Nobody’s memory can handle that.

It will also create secure random passwords for you.

So you don’t have to use your creativity to come up with them or just changing the. The characters that follow the password.

Which, by the way, if you use a password, even similar to the one. That was leaked in your FlightAware bridge. That too is considered compromised because attackers will do manipulations common manipulations to all passwords and just use those to try to log into your accounts as well.

It’s all automated.

So, yeah, if you want more information about a password manager, Check out one password. There’s also a blog on our website@thedailydecrypt.com that will outline. A simple three-step process to converting over to a password manager. It doesn’t have to be as daunting as it may sound.

FlightAware is also offering a free 24 month identity protection package through Equifax.

So given these two stories back to back. Whoever is listening is likely impacted. Go take advantage of that. That will actually. Monitor for any credit inquiries to Equifax. In addition to you placing those freezes. Like I highly don’t. I highly recommend against. Simply monitoring because by the time you get that alert, it’s a little too late, right.

Place the freeze, and then sign up for that free monitoring.

And if you can’t tell.

Passwords are getting breached every day. I don’t like talking about data breaches on this platform. I don’t like hearing about them because they happen so frequently. I don’t consider it cybersecurity news.

The only reason this one made the cut is because they were so long standing. This one has been going on for three years.

But if you’re hearing this and you still don’t use a password manager and you don’t change your passwords, the implications are pretty bad. Go do that. Reach out to us on Instagram or YouTube, if you want any help or guidance along that process.

It really is a lot simpler of a workflow as well. Like it’s a quality of life improvement and a security improvement. I promise you it’s worth it. Cyber criminals are using popular Google searches.

To help them craft more effective info stealing campaigns.

So, what does this mean? They’re letting Google tell them what people are searching for specifically around business-related softwares. So for example, if you’re going to Google and you’re looking for a software that will help you manage personnel. Or manage your tasks or store your documents, et cetera. You’re going to go to Google and you say, what are the best softwares?

For this type of business task. Well, Google will happily give you the information. If you look for it about what is the most common things to search for around this space, right? So hackers are taking that information. And they’re creating fake websites that will offer you services.

Inline with what you’re searching for.

These websites might be carbon copies of actual services.

That you could find on the web that would satisfy your search. Or they could be new services. After they’ve created these imitation websites, they purchase Google ads to get those websites at the top of the search results specifically. For what you’re searching for.

Then within those websites.

You’re going to click a link. That’s going to download a malware called fake bat. This malware will live in the installer for the software. You’re trying to find and download such as brave, like the browser. Key pass, which I’m assuming is a password manager notion, which is like a confluence style thing. Steam for games and zoom for business meetings online.

It’s important to know that even if you know the software you’re searching for like, ah, I’m looking for notion, someone recommended it, you Google the words, notion. That first link. If it’s an ad, can still be malicious. So not everyone is searching for what’s a business software I can use to hold all my documents.

Some of them are just searching for, Hey, where do I go to download notion? That download link. You click from Google. If it’s a paid advertisement, could be malicious.

And we always say it on this podcast. Just don’t click ads. If you don’t have to.

That’s one of the best ways you can avoid this type of thing.

And finally 98% of large tech executives have paused AI initiatives due to security risks.

This was discovered by an automation from tines during a recent survey and reveals the top barriers to AI adoption.

66% of CSOs, worry about losing control over this sensitive information.

This can be anything from customer data, employee data. All the way down to proprietary code, you’re feeding into AI to have it help you fix.

60% of the CSOs report lacking AI expertise.

51% find friction between departments from cross-functional teams to align on AI priorities and risks.

49% face issues without dated systems. So choose AI tools to integrate seamlessly with your existing tech stacks.

This survey by times can be very valuable, especially if you’re someone who’s trying to get your CSO to allow you to use AI. AI. Has a lot of potential for automating a lot of work. And freeing up capacity for more impactful work. But. If you have a good CSO. They’re going to try to push back on the security risks. Check out the article linked in the show notes below for more information on how and what statistics you can use to help combat your CSOs fears. And start using AI in your workplace.

This has been the Daily Decrypt. If you found your key to unlocking the digital domain, show your support with a rating on Spotify or Apple Podcasts. It truly helps us stand at the frontier of cyber news. Don’t forget to connect on Instagram or catch our episodes on YouTube. Until next time, keep your data safe and your curiosity alive.