Cyber Threats, Thursday Threats

General Motors Announces Data Breach; Zoom Releases Security Patch

June 2 blog

Data breaches are not a new occurrence, but if you feel as though they have become much larger in scale over the past couple of years, those feelings are not misguided. According to research conducted by AtlasVPN, around 5.9 billion records were affected by a data breach in 2021, a new record high.

In this week’s BlackCloak Thursday Threat Update, we’ll take a look at a data breach disclosed by General Motors and a security patch recently released by Zoom.

General Motors discloses data breach

What we know: General Motors announced it was the victim of a data breach, as the automotive manufacturer discovered malicious login activity between April 11 and April 29. While details are still unfolding, cybercriminals may have had access to the personal information of GM online and mobile application accounts, including users’ names, home and email addresses, phone numbers, and usernames. General Motors said in its data breach notification letter that cybercriminals were able to login through credentials they gathered from other data breaches not tied to the company.

Recommendation: In order to access an account, GM is requiring all users to reset their passwords. When you do, create a password that is long, complex and is completely unique from all of your other passwords. Since the incident occurred because of compromised credentials from other data breaches, now is a good time to reset the passwords for all of the services you use to ensure they are all completely unique. Be on the lookout for phishing scams as well. While they are commonly conducted via email, cybercriminals can also perform these scams through text messages and phone calls, practices known as “smishing” and “vishing,” respectively.

Zoom releases security patch for ‘zero click’ vulnerability

What we know: Zoom has released a security patch to address a vulnerability affecting Windows, macOS, iOS and Android users. A Google Project Zero security researcher discovered the vulnerability, which can give cybercriminals the ability to compromise a victim’s account through Zoom’s chat functionality without any user interaction. Should a cybercriminal exploit this flaw, they could force the targeted device to connect to malicious servers, known as a man-in-the-middle attack, which could allow them to send spoofed or controlled malicious messages. 

Recommendations: Anyone who uses Zoom on a Windows, macOS, iOS or Android device should download this update as soon as possible to ensure they are running version 5.10.0. You should always update Zoom, or any other software and application, when you are prompted to patch any future vulnerabilities that may be discovered.

Knowledge is essential in preparation for a cyberattack 

While the cyber threat landscape can seem overwhelming, preparation can go a long way into demystifying some of those threats and give you the knowledge you need to protect yourself, company and family. 

Of relevance to today’s blog, BlackCloak has previously published an article breaking down man-in-the-middle attacks  and how poor password practices can be costly.