Breach Roundup: Google Phases Out Passwords for PasskeysAlso: Microsoft Will Bid VBScript Goodbye; Magecart's Novel Page-Not-Found Attack
Every week, Information Security Media Group rounds up cybersecurity incidents and breaches around the world. This week: Google began phasing out passwords, Microsoft will bid VBScript goodbye, payment card information exposed via an Air Europa hack, a Magecart attack uses a sneaky page-not-found tactic, U.S. voter registration data stolen from the District of Columbia, and Volex reports a hack attack.
Google Phases Out Passwords
Google on Tuesday announced it is phasing out passwords as the default sign-in method for users in favor of passkeys. Passkeys based on the WebAuthn standard create an asymmetric keypair, with the private key stored on the user's device and the public key by the service provider. A successful match works as a logon credential, without the necessity of a service provider having to store passwords. Users unlock the private key by verifying their identity through methods that include facial recognition, fingerprint scanning or a PIN.
The tech giant asserts that passkey logins are 40% faster than password-based logins.
Microsoft Bids VBScript Goodbye
Microsoft is bidding farewell to VBScript after being in use for 30 years. A programming language akin to Visual Basic or Visual Basic for Applications, VBScript has also served hackers as a pathway for Windows hacking. Trojans including Emotet and Qbot - also known as Qakbot - have spread via VBS. The notorious ILOVEYOU worm from the year 2000 was a VBS file.
Before nuking the feature entirely, Microsoft plans to make VBScript an on-demand feature, to give users time to adapt before its retirement. Microsoft began the slow road to removing VBScript from Windows in 2016 when it deprecated VBS in Internet Explorer 11.
Credit Cards Exposed in Air Europa Hack
Spanish airline Air Europa urged customers to cancel their credit cards after a recent data breach. The airline disclosed that hackers compromised sensitive details, including full payment card numbers, CVV numbers and expiration dates. While the extent of the breach and potential financial impact remain undisclosed, angry customers shared emails on social media advising card cancellation. Air Europa asserted there's no evidence of the breached data being used for fraud so far, though that is no guarantee for what might happen in the future. The company has yet to say how attackers breached its site.
Spanish consumer advocacy organization Ocu recommends consumers follow the airline's advice and cancel payment cards used to purchase airfares on Air Europa. It also asked the Spanish data protection agency to investigate the incident. Spanish authorities fined Air Europa 600,000 euros in December 2020 for a payment card data breach affecting 489,000 individuals.
Magecart Cyberattack Uses Sneaky Page-Not-Found Tactic
Akamai researchers discovered Magecart online skimmer malware being hidden in "HTTP 404 page not found" error pages displayed by online shops that use the Magento and WooCommerce platforms.
US Voter Registration Data Stolen
The government agency overseeing elections in the U.S. capital is investigating a breach of voter records, prompted by claims from the threat actor RansomedVC. The District of Columbia Board of Elections says it has confirmed that "some D.C. voter information was accessed through a breach" of its website hosting provider DataNet Systems.
Volex Suffers Hack Attack
British power and data transmission product manufacturer Volex told investors Monday that hackers gained unauthorized access to "certain IT systems and data, at some of the group's international sites."
Volex has initiated an investigation, engaged third-party specialist consultants to assess the extent of the breach and to formulate an incident response plan. The 131-year-old company, with operations in 27 locations across 24 countries, emphasizes that it remains operational, experiencing only "minimal disruption" to production. Volex, headquartered in the United Kingdom, primarily serves markets in Europe, North America and Asia.