Yellow Pages Canada Confirms Cyber Attack Following Data Leak by Black Basta - 1

Yellow Pages Canada Confirms Cyber Attack Following Data Leak by Black Basta

  • Written by Ari Denial Cybersecurity & Tech Writer

Yellow Pages (YP) has confirmed a cyberattack that resulted in the theft of personal data. While some of the directory’s information is public, the stolen data has the potential to be used maliciously. The Black Basta ransomware group has claimed responsibility for the attack, and information about the breach was found on the group’s data leak website by analyst Dominic Alvieri.

As per the cyberattack that resulted in the theft of personal data, including ID documents showing dates of birth and addresses, tax documents with Social Insurance Numbers, sales and purchase agreements, budget and debt forecasts for December 2022, and more.

Yellow Pages’ Senior Vice President CFO immediately launched an investigation with the help of external cybersecurity experts to contain the threat and secure the system. The investigation found that the threat actors accessed personal information from servers that impacted both employee and customer data.

The affected parties were notified, along with appropriate authorities. Almost all Yellow Pages services have been restored, according to the latest report. The ransomware group claimed responsibility for the breach but has not made any demands beyond publishing the stolen data on their website.

The Black Basta ransomware group has been increasingly active, with its most recent victim being Capita, which was attacked just last month. At first, the outsourcing company thought the attack was an IT issue, but it was eventually identified as a cyberattack.

Capita reports that it detected the threat early enough that only approximately 4% of its server estate was breached. However, the cyberattack caused an outage that affected its access to Microsoft Office 365 applications. The outage has since been restored by Capita’s technical partners.

Black Basta ransomware group has become increasingly active over the past year, often posting several high-profile victims at once on its data leak website. Cybersecurity analysts have speculated that Black Basta may be a rebrand of the Conti ransomware gang based on its negotiation tactics.

Ghosttoken Exploit Allows Hackers to Backdoor Google Accounts Through GCP Flaw - 2

Ghosttoken Exploit Allows Hackers to Backdoor Google Accounts Through GCP Flaw

  • Written by Ari Denial Cybersecurity & Tech Writer

Astrix Security, an Israeli cybersecurity startup, has uncovered and disclosed details of a zero-day vulnerability in Google Cloud Platform (GCP) that could have allowed attackers to hide an unremovable, malicious application within a victim’s Google account.

This vulnerability, known as GhostToken, affected all Google accounts, including those in the enterprise-focused Workspace accounts. The discovery was reported to Google on June 2022, and after more than nine months of patch development, Google has finally deployed a global patch on April 2023. This flaw could have allowed cybercriminals to backdoor Google accounts and gain unauthorized access to sensitive information.

According to a report by Astrix Security , a new exploit has been discovered that allows a malicious app to be hidden from Google’s application management page. This is the only place where Google users can manage apps connected to their accounts.

The exploit makes the malicious app unremovable from the Google account since users cannot see it or revoke its access. The attacker has the ability to reveal their application at any time and utilize the token to gain entry into the victim’s account.

Once they are done, they can quickly hide the application again to restore its unremovable state. Essentially, the attacker holds a ‘ghost’ token to the victim’s account, making it difficult for users to remove the malicious app from their Google account. This new exploit highlights the importance of being vigilant about the apps connected to your Google account and regularly checking and revoking access to any suspicious apps.

Attackers can gain permanent and unremovable access to victims’ Google accounts by converting authorized third-party apps into malicious trojan apps, according to Astrix Security Research Group.

The vulnerability allows attackers to delete and restore a Google Cloud Platform project repeatedly, which can hide the malicious app and allow access to victims’ personal data. Google’s patch allows users to remove apps in a ‘pending deletion’ state and protect their accounts from hijack attempts. Astrix recommends checking all authorized third-party apps and ensuring they only have necessary permissions.