Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Hacking. Show all posts
Mobile Security
Android Cyber Hacking Cyber Security MaaS Malware Attack Mobile Cyber Attacks Mobile Security

Unveiling the MaaS Campaign: Safeguarding Android Users in India

 

In the vast landscape of cybersecurity threats, a new campaign has emerged, targeting Android users in India. Dubbed as the "MaaS Campaign," this nefarious operation has caught the attention of security experts worldwide due to its sophisticated nature and potential for widespread damage. Let's delve into the intricacies of this campaign, understanding its modus operandi and the measures users can take to protect themselves. 

The MaaS Campaign, short for Malware-as-a-Service, represents a significant evolution in cybercrime tactics. Unlike traditional cyberattacks that require substantial technical expertise, the MaaS Campaign allows even novice hackers to deploy sophisticated malware with minimal effort. This democratization of cybercrime poses a severe threat to users, particularly in regions like India, where Android devices dominate the market. 

At the heart of the MaaS Campaign lies the exploitation of Android's vulnerabilities. Android, being an open-source platform, offers a fertile ground for cybercriminals to exploit security loopholes. Through various means, including malicious apps, phishing emails, and compromised websites, hackers lure unsuspecting users into downloading malware onto their devices. Once the malware infiltrates a device, it operates stealthily, often evading detection by traditional antivirus software. One of the primary objectives of the MaaS Campaign is to steal sensitive information, including personal data, financial credentials, and login credentials for various online accounts. 

This information is then used for a range of malicious activities, including identity theft, financial fraud, and espionage. What makes the MaaS Campaign particularly concerning is its targeted approach towards Android users in India. With India's burgeoning smartphone market and increasing reliance on digital services, the country has become a lucrative target for cybercriminals. 

Moreover, the diversity of Android devices and the prevalence of outdated software versions exacerbate the security risks, leaving millions of users vulnerable to exploitation. To mitigate the risks associated with the MaaS Campaign and similar cyber threats, users must adopt a proactive approach to cybersecurity. Firstly, maintaining vigilance while downloading apps or clicking on links is crucial. Users should only download apps from trusted sources such as the Google Play Store and avoid clicking on suspicious links or email attachments. 

Additionally, keeping software and operating systems up-to-date is paramount. Developers frequently release security patches to address known vulnerabilities, and failing to update exposes devices to exploitation. Users should enable automatic updates wherever possible and regularly check for updates manually. 

Furthermore, investing in robust cybersecurity solutions can provide an added layer of defense against malware and other cyber threats. Antivirus software, firewalls, and anti-malware tools can help detect and neutralize malicious activity, safeguarding users' devices and data. Education also plays a pivotal role in combating cyber threats. Users should familiarize themselves with common phishing tactics, malware warning signs, and best practices for online security. By staying informed and vigilant, users can avoid falling victim to cyberattacks and protect their digital identities. 

In conclusion, the MaaS Campaign represents a significant threat to Android users in India and underscores the importance of robust cybersecurity measures. By understanding the tactics employed by cybercriminals and adopting proactive security practices, users can minimize the risk of falling victim to such campaigns. Ultimately, safeguarding against cyber threats requires a collective effort involving users, cybersecurity professionals, and technology companies to create a safer digital environment for all.
Read more »
WordPress Plugin
Cyber Attacks Cyber Hacking Pop-ups Website Website Hack WordPress hacks WordPress Plugin

Hackers Exploit Vulnerability in Popup Builder Plugin for WordPress

 

In a concerning development for website owners and administrators, hackers have been exploiting a vulnerability in the popular Popup Builder plugin for WordPress, resulting in the infection of over 3,300 websites worldwide. This security flaw, officially tracked as CVE-2023-6000, allows malicious actors to execute cross-site scripting (XSS) attacks on websites that are using outdated versions of the Popup Builder plugin, specifically versions 4.2.3 and older. 

The vulnerability was initially disclosed in November 2023, raising alarm bells in the cybersecurity community. Despite this disclosure, many site administrators failed to promptly update their systems, leaving them vulnerable to exploitation by hackers. Now, the consequences of this oversight are becoming apparent, with Sucuri, a prominent cybersecurity firm, reporting a recent surge in attacks targeting WordPress sites through this vulnerability. 

At the core of the exploit is the injection of malicious code into the Custom JavaScript or Custom CSS sections of the WordPress admin interface. This injected code is then stored within the 'wp_postmeta' database table, allowing hackers to manipulate the behavior of the Popup Builder plugin. By leveraging event handlers within the plugin, such as popup open or close events, hackers can execute various malicious actions, including redirecting unsuspecting visitors to phishing pages or malware-dropping sites. Sucuri's analysis has revealed that the attacks originate from domains such as "ttincoming.traveltraffic[.]cc" and "host.cloudsonicwave[.]com." 

As a proactive measure, site owners are advised to block access to these domains to mitigate the risk of infection. However, blocking domains alone may not be sufficient to fully protect websites from exploitation. To effectively safeguard against this threat, website owners must update to the latest version of the Popup Builder plugin, currently version 4.2.7. 

This updated version addresses CVE-2023-6000 and other security vulnerabilities, providing enhanced protection against malicious attacks. Despite the availability of patches, WordPress statistics indicate that a significant number of active sites continue to use outdated versions of the plugin, leaving them vulnerable to exploitation. 

In the unfortunate event of a website being infected, swift action is necessary to mitigate further damage. Site administrators should immediately remove any malicious entries injected into the Popup Builder's custom sections and conduct thorough scans to detect and eliminate any hidden backdoors that could facilitate reinfection. The prevalence of this vulnerability underscores the importance of maintaining robust cybersecurity practices for WordPress sites. 

By staying vigilant, promptly applying software updates, and implementing proactive security measures, website owners can better protect their sites and mitigate the risk of falling victim to malicious attacks. As the threat landscape continues to evolve, proactive security measures are essential to safeguarding the integrity and security of WordPress websites.
Read more »
User Security
Cyber Hacking Data Breach Epic Games Ransomware User Security

Epic Games Faces Alleged Ransomware Attack

 


Recently, Epic Games, the renowned publisher of Fortnite, is reportedly under threat from a hacking group named Mogilevich. However, the legitimacy of this ransomware attack is yet to be confirmed. Epic Games has stated that they are actively investigating the situation but have found zero evidence supporting the claims made by Mogilevich.

The hacking group asserts that it has nearly 200GB of sensitive data, including emails, passwords, full names, payment information, and source code. This information is claimed to be up for sale on the dark web, raising concerns about a potential security threat for many individuals. Mogilevich has set a deadline of March 4th for purchasing the data, but as of now, there is no concrete proof that they possess the stated information.

Epic Games, responsible for the popular Fortnite game, holds substantial payment data due to its Games Store and the sheer size of its user base. If the claims by Mogilevich turn out to be true, it could pose a significant risk to user privacy and security.

As of the latest update, Epic Games has not officially commented on the situation. It is crucial for users to stay informed about developments in this case.


Security Measures for Epic Games Account Holders

Taking a proactive approach, it is advisable for all Epic Games account holders to secure their accounts. Regardless of the validity of the alleged attack, changing passwords and enabling two-factor authentication (2FA) is a prudent step towards enhancing account security. Using unique passwords for different online platforms is stressed, as it mitigates risks associated with potential data breaches.


Background on Mogilevich

Mogilevich, identified as a relatively new threat by cybersecurity sources, is reportedly responsible for a limited number of attacks. Prior to the alleged targeting of Epic Games, the group targeted Infiniti USA, a subsidiary of Nissan, just over a week ago. Their tactics involve leveraging dark web platforms to sell stolen data, making it imperative for users to take precautions.

In a Tweet, Mogilevich hinted at a demand for $15,000 and 'proof of funds' to release the purported data, adding an additional layer of complexity to the situation.

The situation with Epic Games and Mogilevich highlights the increasing importance of cybersecurity in the gaming industry. While the hack remains unverified, users are encouraged to stay vigilant, update their passwords, and implement 2FA. The potential impact on users and the gaming community is substantial, emphasising the need for urgent and transparent communication from Epic Games as they navigate this security challenge.

This ongoing situation forces the broader issue of cybersecurity threats faced by prominent entities, and how imperative it is to adopt robust protective measures and user awareness in a world drowning in technology. As more information unfolds, it will be crucial for users to stay informed and take necessary actions to safeguard their online accounts.



Read more »
Phishing Attack
Cyber Attacks Cyber Hacking DNS Investment Scam Phishing Attack

Savvy Seahorse: The DNS-based Traffic Distribution System Undermining Cybersecurity

 

In the vast landscape of cyber threats, a new player named Savvy Seahorse has emerged, showcasing a distinctive modus operandi that sets it apart from its counterparts. While the investment scam it orchestrates is unfortunately commonplace, it's the intricate infrastructure supporting it that demands attention. 

Savvy Seahorse employs a sophisticated Traffic Distribution System (TDS), capitalizing on the Domain Name System (DNS) to perpetually alter its malicious domains, making takedowns a formidable challenge. This TDS, as detailed in a recent report by Infoblox, leverages Canonical Name (CNAME) records to maintain a fluid network of thousands of diverse domains. 

Traditionally associated with HTTP-based TDS networks, the use of DNS in this context is a novel approach that poses unique challenges for cybersecurity professionals. Renée Burton, Head of Threat Intelligence at Infoblox, emphasizes that DNS-based TDSs are often overlooked, with a prevailing focus on HTTP-based systems. 

However, Savvy Seahorse has been operational since at least August 2021, operating in the shadows and evading conventional detection methods. The key to Savvy Seahorse's success lies in its exploitation of CNAME records. In the DNS realm, CNAME allows multiple domains to map to a single base (canonical) domain. This seemingly innocuous feature is manipulated by Savvy Seahorse to rapidly scale and relocate its operations. 

When one phishing site is shut down, the threat actor effortlessly shifts to a new one, relying on CNAME as a map to mirror sites. CNAME not only applies to domains but extends to IP addresses. In the event of a hosting infrastructure shutdown, Savvy Seahorse can swiftly redirect its CNAME to a different address, ensuring resilience and evading detection. 

The attacker's ability to advertise any subdomain for a brief period further complicates tracking and takedown efforts. Crucially, CNAME serves as both Savvy Seahorse's strength and vulnerability. While the threat actor has cunningly utilized 30 domain registrars and 21 ISPs to host 4,200 domains, they all trace back to a single base domain: b36cname[.]site. This centralized link becomes Savvy Seahorse's Achilles' heel, presenting a unique opportunity for defenders. 

From a threat intelligence perspective, countering Savvy Seahorse involves a relatively straightforward approach – blocking the one base domain to which the CNAME points. Renée Burton notes that despite the existence of thousands of malicious domains, there's only one malicious CNAME. This single point of failure provides defenders with a potent strategy, allowing them to neutralize the entire threat with one decisive action. 
 
While attackers theoretically have the option to build malicious networks using multiple CNAMEs, Burton highlights a trend among cybercriminals to aggregate towards a smaller set of CNAMEs. This strategic choice, possibly driven by a desire to avoid detection, simplifies the task for defenders, who can focus efforts on a limited number of CNAMEs associated with the threat. 

Savvy Seahorse's exploitation of DNS-based TDS with CNAME records presents a new frontier in cyber threats. The intricate dance between attackers and defenders highlights the importance of understanding and adapting to evolving tactics. As defenders fortify their strategies, the hope is to stay one step ahead of sophisticated threat actors like Savvy Seahorse, ensuring a safer digital landscape for individuals and organizations alike.
Read more »
Digital healthcare system
Consumer Data Cyber Attacks Cyber Hacking Data Theft Digital healthcare system

Nation-State Cyber Attacks Cause Pharmacy Delays: A Critical Healthcare Concern

 

In recent weeks, pharmacies across the United States have experienced significant delays, leaving patients waiting for essential medications. The cause of these delays is now being attributed to a wave of cyber attacks orchestrated by nation-state hackers, raising serious concerns about the intersection of healthcare and cybersecurity. 

Reports suggest that multiple pharmacy chains have fallen victim to sophisticated cyber campaigns, disrupting their operations and causing delays in prescription fulfillment. The attacks have targeted not only large pharmacy conglomerates but also smaller, independent pharmacies, highlighting the broad scope and indiscriminate nature of these cyber threats. 

The nation-state hackers responsible for the attacks are believed to be employing advanced tactics to compromise pharmacy systems, gaining unauthorized access to sensitive patient data and disrupting the pharmaceutical supply chain. The motives behind these attacks remain unclear, but the potential impacts on patient health and the healthcare system at large are alarming. 

The attacks on pharmacies come at a time when the healthcare sector is already grappling with various cybersecurity challenges. The COVID-19 pandemic has accelerated the adoption of digital health technologies, making the industry more susceptible to cyber threats. Pharmacies, in particular, have become attractive targets due to the wealth of sensitive information they handle, including patient prescriptions, personal details, and healthcare records. 

One of the primary concerns arising from these cyber attacks is the potential compromise of patient privacy. Nation-state hackers with access to pharmacy systems could harvest valuable personal information, creating opportunities for identity theft, financial fraud, or even targeted phishing attacks. The compromised data could also be used for more extensive espionage or to gain insights into the health conditions of specific individuals. 

Beyond privacy concerns, the disruptions caused by these cyber attacks pose a direct threat to public health. Patients relying on timely medication refills may face life-threatening consequences if supply chains are disrupted for an extended period. The interconnected nature of the healthcare ecosystem means that disruptions at pharmacies can have cascading effects on hospitals, clinics, and other healthcare providers. The evolving tactics of nation-state hackers in targeting critical infrastructure and essential services underscore the need for heightened cybersecurity measures across the healthcare sector. 

Pharmacies, in particular, must prioritize robust cybersecurity protocols to safeguard patient information and ensure the continuity of healthcare services. Healthcare organizations should invest in advanced threat detection systems, employee training on cybersecurity best practices, and regular security audits to identify and mitigate vulnerabilities. Collaborative efforts between the public and private sectors are essential to share threat intelligence, enhance cybersecurity awareness, and develop proactive strategies to counter the evolving tactics of nation-state hackers. 

In response to the recent wave of attacks, federal agencies and cybersecurity experts are urging pharmacies to enhance their cybersecurity posture. The Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued guidelines to help healthcare organizations strengthen their defenses against cyber threats. 

The pharmacy delays across the United States attributed to nation-state hackers serve as a stark reminder of the vulnerabilities inherent in the healthcare sector's increasing reliance on digital technologies. As the industry continues to evolve, addressing these cybersecurity challenges becomes imperative to safeguard patient well-being, protect sensitive medical data, and ensure the resilience of essential healthcare services in the face of evolving cyber threats.
Read more »
Remote Access Software
cyber attack Cyber Attacks Cyber Hacking Cybersecurity Breach data security Remote Access Software

Security Breach at AnyDesk: Production Servers Hacked, Password Reset

 

AnyDesk, a widely used remote desktop application, is currently grappling with a significant security breach that has raised alarm among its user base. The company recently disclosed that malicious actors successfully infiltrated its production servers, gaining unauthorized access to sensitive information and triggering a large-scale password reset for its users. 

AnyDesk functions as a remote desktop solution, allowing users to access and control their computers from anywhere in the world. Renowned for its user-friendly interface, high performance, and cross-platform compatibility, AnyDesk has become a popular choice for both personal and professional remote connectivity. 

However, the recent security incident sheds light on the inherent vulnerabilities in remote desktop software, particularly in ensuring robust security measures. Despite encryption and authentication protocols in place, hackers often exploit weaknesses in these systems to gain unauthorized access. The breach of AnyDesk's production servers indicates a potential lapse in the platform's security infrastructure. 

The extensive user base of AnyDesk, consisting of millions relying on the platform for remote work and other activities, makes it an attractive target for cybercriminals. The breach not only allowed unauthorized access to user accounts but also led to a mass password reset, creating additional challenges for users and emphasizing the significant impact of such security compromises. 

In response to the breach, AnyDesk promptly acknowledged the incident and urged users to reset their passwords immediately. The company is actively investigating the extent of the compromise and is committed to enhancing its security measures to prevent future breaches. AnyDesk reassures its users that measures are being taken to safeguard the integrity of the platform. 

The forced password reset has left AnyDesk users facing potential disruptions to their remote work and personal activities. As a precautionary measure, users are advised to regularly update their passwords, enable two-factor authentication where available, and remain vigilant for any suspicious activities on their accounts. 

The AnyDesk security breach underscores the ongoing challenges faced by remote desktop software providers in maintaining the security of user data. In an era where remote connectivity has become the norm, ensuring the safety of personal and professional information must be a top priority. Users are encouraged to adopt best cybersecurity practices, stay informed about security updates, and take proactive measures to enhance their overall online security.
Read more »
Social Engineering
Click Bait Cyber Attacks Cyber Hacking CyberCriminal Email Scams Password Social Engineering

Guarding Your Finances: The Art of Phishing Attacks and Social Engineering

 


Malware, hacking techniques, botnets, and other types of technologies are becoming increasingly sophisticated as cyber crimes become more sophisticated. Nevertheless, online criminality exploits tactics that have been refined over decades by criminals long before the internet existed. 

A cybercriminal knows how to control a human tendency for trust as well as trickery, coercion, and the movement of humans to use their faith in them to achieve their criminal goals. "Social engineering" is a term referring to a method of gaining confidence online that is most often used in confidence scams.   

Cybercriminals can glean a nuanced understanding of users by exploiting social media sites, professional profiles, blogs, websites, or local news reports. Using data harvested from these sources over weeks or months will allow them to gain a nuanced understanding of users and even their families. 

It is a collective term for a range of scams or scams that rely on social engineering to seek money directly from a victim or to gain confidential information to enable the perpetrator to commit further crimes after the victim has fallen victim to the scam. The preferred channel for contact is now social media. However, if you want to make contact by phone or in person, it is not uncommon to do that too. 

An individual who uses social engineering to gain access to a company's computer system or information about a client, or to compromise an organization's data, is known as a social engineer. If a malicious individual attempt to pose as a new employee, technician, or researcher, it may appear unassuming and respectable, with credentials that may support the claim that he or she is a new employee, technician, or researcher.

It is still a possibility that a hacker could obtain enough information by asking questions to gain entry into an organization's network. The attacker may also contact a second source within the same organization if he or she cannot gather enough information from one source and then rely on the information gathered from the first source to build credibility in the eyes of the authorities in the organization. 

Phishing scams are responsible for the loss of tens of millions of dollars each year, and the number is increasing every year, according to the authorities. A phishing scheme differs largely from scams in the form of the now-famous "Hi Mum" scheme in the sense that no overt request is made to send money to an account as the tactic. 

To effectively persuade people to provide any personal information to the scammers, they use subterfuges, doctored websites, and carefully calibrated software scripts to get them to divulge personal information. It is a technique that has become popular as a "social engineering" technique in the cybersecurity community as this technique is based on people's typical emotions and behaviours.

Scams may appear in the form of e-mails or text messages claiming to be from an official company or organization, such as the Australian Taxation Office or Netflix, that appear to be from the real thing. Upon receiving a warning message from the company, victims will be directed to a page that resembles the one used by the company and will be asked to fix a problem with their account or to confirm their contact details as soon as possible. 

A phishing kit, which contains HTML assets and scripts that you will need to create a fake website, is available for as little as $10, but scammers will probably pay anywhere from $100 to $1,000 for one. Using this information, the scammer can access bank accounts to transfer money to themselves at any time at his convenience. Phishing has evolved into an underground industry inside Australia's cybersecurity sector, according to Craig McDonald, founder of Australian cybersecurity company MailGuard. 

Many people don't realize the fact that they have made personal information available to swindlers through the use of social engineering because they do not monitor the amount of information that they disclose. There are usually privacy controls on social media sites and forums, for instance, which may be able to help users restrict how much information about them and their lives is visible publicly to others. The problem is that a large number of users consistently ignore these filters and allow any information they post to remain visible to the public.   

Some cyber criminals spend as much time as they can on building their personas as they do building their websites. They may be able to anticipate a person’s reaction to a certain situation with a good understanding of how they would react, which would in turn allow them to act and respond in a way that establishes trust once they reach out to them - as a fellow alumnus, a school parent, or an avid sports enthusiast, to name just a few examples. 

There are many ways that scams can be perpetrated. Gifts and charitable contributions are often requested during the holidays since it is the season for giving. In some cases, criminals may send emails that contain malicious links that permit them to access a person's device, account, or data as well as their personal information. The release of a device or the release of information stolen may be subject to ransom demands.   

Social Engineering: How to Spot It   


A Message of Urgency or Threat  


In case users receive an email, text message, direct message, or any other sort of message that seems overly exciting or aggressive then it is something to be cautious about. These scare tactics are used by scammers to force users into taking action without first thinking through what is being done to them. 

Click Bait for Winning Prizes 


There is a multitude of stories that scammers will tell to pry your personal information from users. Some scammers use bogus prizes and sweepstakes to win money from unsuspecting people. To make the payments out of the winnings, scammers are given users' bank information or sometimes even their tax ID number. 

Users are never going to receive the winnings they are claiming. The scammer is interested in this information so that they can hack users' accounts and steal their identities in a wide variety of ways.  

The Message Appears to be Strange in Some Way. 


A scammer will often pose as a person user knows to get your money. It can be anyone, including friends, family members, coworkers, bosses, vendors, or clients when users are working, or any other person for that matter. The message users receive when they do does seem a bit odd at first, but users will soon get used to it.  

How Can You Prevent Being Phished in The Future? 


When phishing victims become the victim of a scam, there can be difficulties in obtaining recourse. While Australians lost an unprecedented $3.1 billion through scams last year, the big banks only compensated about $21 million in compensation to their customers, even though the banks have each developed their policies for dealing with cybercrime. 

Australian Financial Complaints Authority (AFCA) is a consumer complaints body that is responsible for investigating complaints from the general public about banks. The federal government has provided some indication that it will be reforming Australian online banking law shortly, even if consumer groups maintain that the laws are not robust enough to protect victims of scams. Deputy Treasurer Stephen Jones stated several steps are being taken by the government to impose strict new codes of conduct on the industry.
Read more »
ViLE
Blackmailing Cyber Attacks Cyber Hacking Cybercrimes Cybersecurity DEA ViLE

The DEA Portal Hack was Perpetrated by Two Cybercriminals Last Year


During the investigation into the hacking of the DEA portal in 2022, one of the young American men was accused of breaking in and stealing data from the site. The portal breach provided criminals with access to sensitive information because it was connected to 16 data repositories of federal law enforcement organizations.  

In addition to Nicholas Ceraolo, 25, also known as "Convict" or "Ominus," the suspects are Sagar Steven Singh, 19, commonly known as "Weep." According to the Justice Department, Singh and Ceraolo pretended to be police officers to gain access to Bangladeshi police officials' email accounts. 

Ceraolo is also accused of accessing Bangladeshi police officials' emails. As a result, he got his fake identity used to contact various US-based social networking platforms, claiming members were either in danger or committing crimes to get their personal information. 

In a press release issued by the Justice Department, it was noted that Ceraolo and Singh face five years in prison for conspiring to infiltrate computers. Moreover, they could be sentenced to up to 20 years in prison for conspiring to commit wire fraud, which would represent a significant punishment. 

Because the complaint only contains allegations, the defendants will always be considered innocent until proven guilty. “ViLE,” a notorious cybercrime organization, was occupying the apartment, where doxing experts kept gathering and using personal information for intimidation, harassment, or extortion. The group is infamous for providing shelter to doxing experts who specialize in gathering personal information for illegal purposes and collecting personal information from people. Currently, at large, Ceraolo could be sentenced to up to 20 years in prison for wire fraud and computer crimes for which he is facing multiple charges. He faces up to five years in prison if convicted of the charges against him, which he was charged with in Rhode Island this week. 

In this case, Singh was taken into custody due to an error by an official, which allowed authorities to connect him to the incident, wherein the suspect accessed a social media account using the same email address as the login to access the portal. According to reports, an investigator from Homeland Security verified that Singh had utilized the portal through a raid at his home. 

There is a report that the compromised DEA portal granted access to 16 different law enforcement databases which contain sensitive information on Ceraolo, Singh and their cybercriminal group called "ViLE" which they were a part of.  

Singh in one case claimed to have access to a victim's Social Security number, home address, and driver's license information by utilizing data gathered from the hack. In response, the victim complained that he had been scammed. When they refused to comply with Singh's demands, Singh told them if they did not comply he would "harm" their families. 

A Bangladeshi police officer's email account was used by Ceraolo to gain an official account on social media platforms for his social media operations. In this case, personal information was requested about one of its subscribers. A company employee claimed Ceraolo had allegedly received threats from Bangladeshi officials and had accused them of "child extortion" and blackmailing the subscriber. 

Earlier today, United States Attorney Breon Peace announced the charges against Singh and Ceraolo. The prosecutor noted that Singh and Ceraolo belonged to a group called 'Vile' because of their crime or conduct. As alleged in the complaint, the defendants shamed, intimidated, and extorted others online as a form of harassment. To protect citizens,  the  Office said that it will not tolerate those who misappropriate the public safety infrastructure by impersonating law enforcement officers.

Furthermore, Ivan J. Arvelo, a Homeland Security Investigations official, stated: “These charges highlight how serious these offenses are, and criminals who perpetrate these schemes will be held accountable for their crimes,” in response to the allegations of unauthorized access to and impersonation of a US federal law enforcement system.
Read more »
SSRF
CIA Cyber Attacks Cyber Hacking FIFA Hacking Investigation SSRF

SRF: Investigation Links Qatar to FIFA Hacking and Ex-CIA Operative’s Firm

 

Qatar reveals to have launched a large-scale and long-standing operation against FIFA officials via ex-CIA operatives. With Switzerland serving as a key operator, the highest circles of the Qatari government were as well involved in the espionage operation that was working in secret. 

With the intelligence agents involved planned on swaying the world events in the operation and hackers stealing controversial information and data, the operation was in fact funded by an anonymous client with hundreds of millions of dollars. 

The issue came to light when an investigation by Swiss media SRF’s investigative team ‘SRF Investigativ’ shared details of how the state of Qatar had officials of the world football spied on. Additionally, the investigations showed how the non-FIFA critics of the upcoming World Cup were targeted as well. 

According to the English- version of the report by Tariq Panja from The York Times, The SRF News revealed that Qatar hired an ex-CIA operative Kevin Chalker’s “Global Risk Advisors” firm for “predictive intelligence” on FIFA officials who would attempt on moving the World Cup from the country, via their predictive intelligence efforts allegedly involving computer hacking through intermediaries. 

The ultimate goal of the said efforts is to prevent Qatar from losing the World Cup bid, following the massive criticism that was raised when FIFA awarded the tournament to the authoritarian country in 2010. 

The scope of the covert activities remains considerable, since at least 66 operators were expected to be deployed over the course of one sub-operation alone for over nine years. Moreover, a budget of $387 million was allocated for the operation, with the activities spanning five continents. 

The SRF investigations dig the credentials against the ex-CIA agent Chalker. The investigation deduces that initially, before the World Cup awarding in December 2010, Chalker apparently served as an espionage operator for various bids. But as the criticism raised regarding corruption and human rights violation after the 2010 World Cup was awarded, the target was eventually changed. Now, the goal shifted to preventing FIFA, from taking the World Cup from Qatar, at all costs. 

The investigation showed that Switzerland was the most prominent factor to Qatari intelligence operation. Since, Chalker travelled to Zurich at the demand of Qatar with the intention of bugging the hotel rooms of journalists and members of the Executive Committee. One of the documents revived, included photos taken covertly as a part of surveillance operation. These photographs were reportedly taken at Zurich’s plush Baur au Lac hotel, and showed individuals connected to FIFA meeting with officials and journalists. 

Apparently, FIFA mostly remined oblivious to the spy operation. Sepp Blatter, FIFA’s former President, commented in an interview with SRF, “That there was an organized espionage affair in FIFA, that surprised me. And it's alarming.” Although, several documents indicate that Blatter was of great interest to the spies. The documents mention, for instance, that Blatter’s “plans and intentions” ought to be known in advances. 

Besides, Chalker and Global Risk Advisors are currently dealing with a civil lawsuit, in regard to connection to similar alleged activities. The lawsuit was filed by former US president Donald Trump ally Elliot Broidy. Broidy accused Chalker and his company of a hacking attack on behalf of Qatar, after Broidy’s personal data was leaked to newspapers in 2018. Although, Chalker denies all allegations. The lawsuit is still pending.
Read more »
United States
Cyber Attacks Cyber Hackers Cyber Hacking Elections Hacking United States

US Government Says Election Hacking Does Not Pose Any Threat

 

Despite the U.S. government's efforts to chill everyone out about election hacking less than a month before the midterm elections, the topic is still on many minds. 
 
According to a public service announcement, carried out on Tuesday, the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency (CISA) said they are aware that, as far as they know, an election hack has never been successful in the United States, and that it's unlikely there will be one anytime soon if it strikes.  
 
As stated in the announcement, "Neither the FBI nor CISA believes there is any evidence that cyber activity has prevented a registered voter from casting a ballot, compromised the integrity of any ballots cast, and affected the accuracy of voter registration information in their investigations" (emphasis in original). Considering the extensive safeguards in place and the distributed nature of election infrastructure, the FBI and the CISA continue to assess that it would be very difficult for any attempts to manipulate votes at scale to be unwittingly carried out."  
 
There has been a persistent campaign by some pro-Trump and GOP operatives and sympathizers for the past two years, including MyPillow CEO Mike Lindell, who spread unfounded conspiracy theories and sometimes even flat-out made-up claims of vote manipulation and hacking against voting systems across the country, leading to the announcement. Election security experts believe that the FBI and CISA's announcement appears to be all set to pre-empt these types of allegations. 
 
Matt Bernhard, a research engineer at the non-profit organization Voting Works, which focuses on election cybersecurity, told Motherboard in an online chat that this feels like a pre-bunking exercise.   
 
According to Professor Dan Wallach, an expert in electronic voting systems who taught at Rice University for many years. He has studied them; electronic voting systems are the future.  
 
“If we take it for what it says, it both focuses our attention on misinformation and ‘pre-bunks’ more sophisticated hacking operations,” Dan told Motherboard via email. 
 
It is pertinent to clarify, however, that “this does not mean we can relax about these sorts of sophisticated attacks. The election administrators are, to a specific degree, implementing cyber defenses, and they are currently working on improving them," he added. “Even though it is much easier to convince people that there has been tampering with the election than to do the tampering itself.”

Although election hacks have been rare and ineffective, and are unlikely, federal and state governments are prepared for any eventuality.  
 
"At the Department of Homeland Security, we are very intensely focused on the security of the elections," Minister Mayorkas, who serves as the secretary for the Department of Homeland Security, said earlier this week. There have been past reports on potential vulnerabilities in voting machines by Motherboard as well. However, there has not been any evidence that voting machines have been breached during an actual election that has happened in the past.
Read more »
Sensitive data
China Cyber Crime Cyber Hacking NSA Equation Group Sensitive data

A U.S. Group Hacked Top Research Institutes in India, Russia and China

 

According to a new report from a Beijing-based cybersecurity firm, hackers associated with the United States National Security Agency (NSA) were discovered to have inserted "covert backdoors" that could have given them access to sensitive information in dozens of countries, including India, Russia, China, and Japan. According to the report, it is getting traction in China's media after the country was accused with cyber hacking by the US. 

China's cyber-attacks target sensitive data stored by US institutions. It has become a thorn on the side of bilateral relations between the US and China. On the other side, Indian organisations believe that China hacks into sensitive data from government agencies and institutions. 

The National Security Agency (NSA) is a United States Department of Defense national-level intelligence agency that reports to the Director of National Intelligence (DNI). The NSA is in charge of worldwide information and data monitoring, gathering, and processing for foreign and domestic intelligence and counterintelligence purposes, specialised in a field known as signals intelligence (SIGINT). The NSA is also in charge of protecting the United States' communication networks and information systems. 

Among the allegedly hijacked websites named in the report were those associated with one of India's leading microbial research labs, the Institute of Microbial Technology (IMTech) under the Council of Scientific and Industrial Research, as well as the Indian Academy of Sciences in Bengaluru. Websites associated with the Banaras Hindu University were also reported to have been hacked.

Pangu Lab, a Beijing-based cybersecurity firm, published a technical study outlining how it discovered the backdoors and linked them to "unique IDs in the operating manuals of the NSA" discovered in the 2013 leak of NSA documents by insiders. 

According to the Chinese firm, in 2013, CIA analyst Edward Snowden leaked very relevant NSA files. Because they reveal the NSA's unique IDs. The company discovered a key that unlocks a backdoor Bvp47. It is a hacking tool created in partnership with the National Security Agency by The Equation Group. It also led to the detection of a number of similar cyberattacks that used the same unique IDs as the NSA platform. 

According to the report, which outlined how the backdoor operated, this was a backdoor communication technology that has never been seen before, indicating an organisation with considerable technological capabilities behind it. “As an advanced attack tool, Bvp47 has allowed the world to see its complexity,” it said. “What is shocking is that after analysis, it has been realised that it may have existed for more than 10 years.”
Read more »
VPN
Anonymous hacktivists API Cyber Hacking Data Breach E-mail Fraud malacious RSA VPN

SEGA's Europe Security : AWS S3 Bucket Exposed Provides Steam API Access

 


During a cloud-security assessment, SEGA Europe discovered that critical data was being kept in an unsecured Amazon Web Services (AWS) S3 bucket, and it's sharing the story to encourage other companies to double-check their own systems. VPN Overview researcher Aaron Phillips collaborated with SEGA Europe to protect the leaked data. SEGA's revelation, according to Phillips, is designed to assist the broader cybersecurity community in improving their own defenses.

The unsecured S3 bucket may be used to access user data, including information on thousands of members of the Football Manager forums at community.sigames.com. The following are the issues that have been detected in SEGA Europe's Amazon cloud: 

  • Developer key for Steam 
  • RSA keys are a type of cryptography. 
  • PII and passwords that have been hashed 
  • API key for MailChimp 
  • Credentials for Amazon Web Services 

Sensitive data in hands of a malicious actor could be disastrous for any company, but as Lookout's Hank Schless explained to Threatpost, gaming companies continue to be of particular interest to attackers. To threat actors, gaming firms hold a gold mine of personal data, development information, proprietary code, and payment information. Gaming firms must ensure that their data is protected while consumers from all over the world play their games, thanks to data privacy rules like the CCPA and GDPR.

Indeed, well-known brands like Steam, Among Us, Riot Games, and others have been hacked and utilized to deceive innocent gamers. There is no evidence that malevolent third parties had previously accessed sensitive data or exploited any of the disclosed vulnerabilities, according to the security firm. Researchers were able to upload files, run scripts, edit existing web pages, and change the settings of critically susceptible SEGA domains, according to the researchers. Downloads.sega.com, cdn.sega.com, careers.sega.co.uk, sega.com, and bayonetta.com are among the affected sites. The domain authority scores of several of the afflicted domains are high. 

This cybersecurity research should serve as a wake-up call for enterprises to evaluate their cloud security procedures. The researchers are hoping that more companies follow SEGA's lead in researching and addressing known vulnerabilities before fraudsters use them. There is no evidence that malevolent third parties had previously accessed sensitive data or exploited any of the disclosed vulnerabilities, according to the security firm.
Read more »
Hacking
Angling Direct Cyber Crime Cyber Hacking Hacking

Angling Direct Hacked: Website Visitors Directed to Pornhub

 

Wrongdoers have taken over Angling Direct's computers, redirecting visitors from its websites to Pornhub, and threatened to delete its internal information. In addition to the website redirect, their Twitter account has also been hijacked, referencing a porn site and posting contact information for the attacker. 

The London Stock Exchange-listed supplier of fishing gear and equipment said it is now handling a cyber security problem after they found suspicious activity on its network late Friday, November 05.

It further told the City: "This unauthorized activity shut down the Company's websites and these remain inactive. Some of the Company's social media accounts have also been compromised. The Board has appointed external cyber security specialists whose investigations are underway to establish what happened. Work continues round the clock to bring the websites back online while our 39 retail stores across the UK have remained open and continue to trade." 

However, Angling Direct stated that it is unclear whether any personal information has been hacked - and that no payment information has been exposed. The attacker also included an email address and a promise to return "information and access" to the website. There were no public ransom requests. 

Apart from the phishing, this incident will send chills down the spines of firm executives. Indeed, this assault has all the signs of an immature adolescent hacker having a good time, but it is undoubtedly generating major issues for the victim. 

The team has further informed that indicators point to staff login credentials being taken, permitting hackers to take over the company's website and, simultaneously, its Twitter account. The motivation is clear: cybercriminals want to be compensated before relinquishing control to the company. 

In the meanwhile, the firm is losing a lot of money on prospective sales, not to mention trust and brand harm, as clients feel embarrassed or worse when they visit an explicit website by accident.

In a statement, the company said: "We are mindful of our obligations regarding data; it is too soon yet to make any determination around the impact this incident has had on personal data. Importantly, the company does not hold any customer financial data, as our website transactions are handled by third parties."
Read more »
Whatsapp Scam
Cyber Crime Cyber Hacking Fraudster Scams Whatsapp Data Whatsapp Scam

Delhi Police: Nigerian Arrested for Scamming People by Hacking Mobile Phones

 

The Intelligence Fusion and Strategic Op (IFSO) unit of Delhi Police uncovered a syndicate that was hacking into people's mobile devices and WhatsApp accounts using custom-made malware. 

According to sources, the syndicate's leader recently hacked a senior bureaucrat's WhatsApp account, prompting a full-fledged inquiry. The mastermind of the module, identified as Chimelum Emmanuel Aniwetalu alias Maurice from Nigeria, has been arrested, according to DCP (IFSO) KPS Malhotra. His associate has also been found, and operations are underway to capture him. The syndicate was operating in Delhi and Bangalore. 

DCP Malhotra stated, “The syndicate was sending malware through WhatsApp and thereby accessing call logs, SMSs and contacts and control of the targeted WhatsApp account. After hacking the account, they would pose as the original WhatsApp account holder and communicate with the contact list thereby further hacking into more contacts.” 

“We had received a complaint that a person’s mobile phone was hacked by some unknown persons. Taking over the control of the WhatsApp of the complainant, they started demanding money from the contact list of the complainant by sending various distress messages. The accused had also provided a bank account to the contacts of the complainant for transferring the money."

An FIR was filed at IFSO, and an investigation team comprised of ACP Raman Lamba and inspectors Vijay Gahlawat and Bhanu Pratap was constituted. A technical investigation including IP address analysis (IP-DR) and human intelligence resulted in the recognition of one of the accused, who was caught during a raid. He was captured with a laptop and 15 phones. 

According to the investigation of the confiscated laptop, the gang utilised apps to create and distribute multiple malicious URLs. The accused had delivered malware disguised as an application to the victim's devices. 

DCP Malhotra further stated, “The accused created a dedicated application for each victim which when downloaded and installed on the victim’s phone, sent contacts, call logs and SMSs on the accused’s server.” 

During interrogation and forensic investigation of the devices, it was discovered that the accused employed a variety of methods, the most notable of which was impersonating a girl and befriending males on numerous social media sites. Once trust was established, the gang would give a link allowing him or her to join a group of like-minded peers. 

The DCP further added, once a person clicked on that link, he or she lost control of their social media profiles. Following that, the gang used social media accounts to acquire money. 

Mastermind Maurice was discovered overstaying in the nation despite the fact that his tourist visa had expired in 2018. The investigation also showed that he was scamming individuals under the pretext of selling herbal seeds online. He also befriended elderly men by impersonating ladies from other nations. 

According to police, the man fabricated paperwork claiming to be an UN-approved asylum seeker. A separate case has been opened at the Mohan Garden police station in this matter. The house owner, who rented his property to the foreigner, has also been arrested. 

“Delhi Police appeals to people for being cautious while communicating on social media and avoid clicking on any random web link or URL sent on any social media platform,” the DCP cautioned.
Read more »
Ransom Attack
Cyber Hacking Cyber Security McAffee Ransom Attack

McAfee: Hacking Team Babuk Has Flaws In It's Business Models

 

Recently, ransomware hacking groups have been mostly focusing on Microsoft Windows OS. McAfee researched dedicated Linux and Unix based ransomware, but cross platform ransomware didn't happen. But, hackers are always on the go, McAfee experts recently discovered that from the past few months, many hackers are experimenting with the binary writings in cross-platform script Golang (Go). The worst case scenario was confirmed when Babuk on an underground platform said that it was building a cross-platform focused on ESXi or VMware and Linux/Unix systems. 

Various core backend operating systems in organizations are using the nix operating systems. Besides this, in case of virtualization, wonder about ESXi hosting virtual desktop environment or various servers. McAfee previously wrote a brief blog covering many coding mess ups that Babuk team did while building. McAfee reports "Initially, in our research the entry vector and the complete tactics, techniques and procedures (TTPs) used by the criminals behind Babuk remained unclear. However, when its affiliate recruitment advertisement came online, and given the specific underground meeting place where Babuk posts, defenders can expect similar TTPs with Babuk as with other Ransomware-as-a-Service families." 

Despite Babuk being new to the scene, the group is continuously hacking high profile targets , even though various issues related to binary leading to a stage where files can't be retrieved, even if the transaction was successful. In the end, the problems faced by Babuk developers while creating the ESXi ransomware could've led to change of business model, from extortion to encryption and data theft. To summarise it all, the built and coding of decryption softwares is poorly done, which means that if an organisation is to pay a ransom, the process of files decryption can be delayed without the guarantee that stolen files will be completely retrieved. 

"In its recruitment posting Babuk specifically asks for individuals with pentest skills, so defenders should be on the lookout for traces and behaviors that correlate to open source penetration testing tools like winPEAS, Bloodhound and SharpHound, or hacking frameworks such as CobaltStrike, Metasploit, Empire or Covenant. Also be on the lookout for abnormal behavior of non-malicious tools that have a dual use, such as those that can be used for things like enumeration and execution, (e.g., ADfind, PSExec, PowerShell, etc.) We advise everyone to read our blogs on evidence indicators for a targeted ransomware attack" said McAfee in its blog.
Read more »
Russian Hackers
Cyber Attacks Cyber Hacking DarkSide Ransomware group Russian Hackers

Toshiba Unit Hacked by DarkSide

 

The DarkSide criminal gang, which was also responsible for the assault on Colonial Pipeline, which triggered widespread gas shortages and panic buying across the Southeast, hacked a Toshiba business unit earlier this month. 

Toshiba Tec said in a statement that the cyberattack affected its European subsidiaries, and the company is investigating the extent of the damage. It stated that “some details and data could have been leaked by the criminal gang,” but it did not confirm that customer information was leaked. 

"There are around 30 groups within DarkSide that are attempting to hack companies all the time, and they succeeded this time with Toshiba," said Takashi Yoshikawa, a senior malware analyst at Mitsui Bussan Secure Directions. During pandemic lockdowns, employees accessing company computer systems from home have made businesses more susceptible to cyber-attacks, he said. 

The assault seems to have been carried out by the Russian criminal group DarkSide, according to a company representative who spoke to Reuters. The attack happened on May 4, according to a spokesperson that confirmed the same to CNBC. According to the outlet, the hackers demanded a ransom, but the company refused to pay. Colonial Pipeline, on the other hand, is said to have paid a ransom of approximately $5 million within hours of the attack last week. 

The assault, which resulted in gas shortages and panic buying at US gas stations across the Southeast, likely drew more attention to DarkSide than it had hoped for, with President Biden promising to go after the group. 

According to screenshots of DarkSide's post given by the cybersecurity company, more than 740 gigabytes of data, including passports and other personal details, was compromised. On Friday, Reuters was unable to reach DarkSide's public-facing website. DarkSide's numerous websites, according to security researchers, have become inaccessible. 

Hackers encrypt data and demand payment in cryptocurrency to decrypt it, increasing the number and size of ransomware attacks. They are gradually releasing or threatening to release stolen data unless they are paid more. 

The attack software was distributed by DarkSide, according to investigators in the US Colonial case, which involves Russian speakers and avoids hacking targets in the former Soviet Union. DarkSide allows "affiliates" to hack into targets in other countries, and then manages the ransom and data release.
Read more »
User Data
Cyber Crime Cyber Hacking Dark Web Facebook User Data

533 Million Facebook Users' Phone Numbers And Personal Data Leaked Online

 

On Saturday, a user turned to a low-level hacking forum to leak the personal information of hundreds of millions of Facebook users, free of cost. The sensitive credentials that have been exploited included personal data of over 533 million Facebook users from 106 countries – around 32 million users from the US, 11 million from the UK, and around 6 million from India. Leaked data includes users’ full names, their date of birth, address location, phone numbers, Facebook IDs, bios, and in certain instances email addresses also. 

Alon Gal, a CTO of cybercrime intelligence firm Hudson Rock, analyzed the breach on Saturday and informed about this event on Twitter. Alon Gal is also known for his last research finding that was appeared as the same leaked database previously became accessible via a Telegram bot in January. 

While back then, the situation was different. The hacker who was behind the Telegram bot leaked database was selling the hacked credentials to those clients who were ready to pay for the information, but this time the difference is that that all this leaked data of more than 533 million people is available for everyone for free in a low-level hacking forum. 

“A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks [or] hacking attempts,” Alon Gal stated. 

The incident is not foreign to Facebook, which is indeed a popular platform in the arena of cyberattacks. Before this cyberattack, the platform had already experienced data breaches multiple times, notably so. 

The vulnerability that had been spotted in 2019 exposed sensitive information of millions of Facebook users including their phone numbers to be scraped from Facebook's servers in contravention of its terms of service. Back then, Facebook officially stated that the vulnerability was patched in August 2019. Additionally, Facebook vowed to eliminate mass data-scraping after Cambridge Analytica scraped over 80 million users’ data in violation of Facebook's terms of service to target voters with political ads in the 2016 election.
Read more »
Dark Web
BuyUcoin Cyber Crime Cyber Hacking Dark Web

Indian Crypto Exchange BuyUcoin Hacked

 

In yet another data breach, sensitive information of almost 3.25 lakh clients of India-based global cryptocurrency exchange and wallet, BuyUcoin, have been exposed on the Dark Web. The information leak incorporates names, emails, mobile numbers, encrypted passwords, user wallet details, order details, bank details, KYC details (PAN number, passport numbers), and deposit history. 

Established in July of 2016, BuyUcoin is a crypto wallet and trade stage where merchants and purchasers can transact with digital assets like bitcoin, ethereum, ripple, and so forth. It is based out of Delhi-NCR in India. 

As per independent cybersecurity researcher Rajshekhar Rajaharia, the 6GB document on the MongoDB database contains three backup files containing BuyUcoin information. 

"This is a serious hack as key financial, banking and KYC details have been leaked on the Dark Web," Rajaharia said and shared some screenshots of the leaked information. 

The leaked information could be utilized by attackers to run fraudulent assaults against people, the researcher said. He likewise added that the information could empower hackers to comprehend the credit score of the victims utilizing transaction details. 

Researchers at cybersecurity firm Kela Research and Strategy Ltd originally found the stolen information, connected on a similar forum, from Wongnai Media Co Ltd, Tuned Global Pvt Ltd, BuyUcoin, Wappalyzer, Teespring Inc and Bonobos.com, which looks at the craftsmanship of scandalous hacking group ShinyHunters. "Over this past summer, ShinyHunters was seen publishing leaked information for free, uncovering a large number of individual records from all over the world," Victoria Kivilevich, threat intelligence analyst at Kela Research told. 

As per Rajaharia, the hacker is the same who earlier leaked BigBasket and JusPay information in India. In November a year ago, one of India's well-known online supermarkets BigBasket found that its information of more than 20 million clients had been hacked and was on sale on the dark web for more than $40,000. Recently, Bengaluru-based digital payments gateway JusPay said that about 3.5 crore records with masked card information and card fingerprint were compromised by the hacker. 

While denying the leak, BuyUcoin CEO and Co-founder Shivam Thakral said, “We would like to reiterate the fact that only dummy data of 200 entries were impacted which was immediately recovered and secured by our automated security systems.”
Read more »
Trident Crypto Fund
Cyber Hacking Data Breach Index Fund Passwords Russia Security Trident Crypto Fund

250,000+ Login/Passwords Leaked in The Trident Crypto Fund Data Breach


More than 260,000 customers’ data was compromised online in a gigantic data breach that went down pretty recently.

Trident Crypto Fund, per reports, experienced this data breach which gave rise to the leakage of thousands of customer records including usernames and passwords, online.

Per sources, Trident is a crypto-investment index fund that functions as an arm of the “Dragonara Business Center”, Italy. It also is reportedly the “first coin-based index fund”.

And like scattered sugar for ants, the leaked records were immediately devoured by the cyber-cons right after they were compromised.

Per sources, personal data of over 260,000 registered users of the Trident Crypto Fund was left bare for people to exploit as per they wished to.

Reports mention that the leaked data comprised of phone numbers, encrypted passwords, email addresses, and IP addresses.

The aforementioned data was discovered to be published on several “file-sharing” websites in the past month.

According to researchers, the hackers had evidently de-crypted the stolen files and published an array of over 120,000 passwords at the beginning of March. It was also found out that the password and login ID pairs were matchless with the ones previously leaked.

The details or even the mention of the data breach haven’t appeared on the website or on other communication platforms. But reportedly, a victim of the breach was contacted who confirmed the connection between the fund and the leaked data.

As mentioned on the fund’s website, the company “works hard” to protect its customers’ data and secure accounts. They allegedly are also investigating the “suspected breach”.

The Russians were the ones to get heavily affected by the above-mentioned data leak as the compromised data was a direct key to their accounts. Word has it that more than 10,000 Russian users were impacted by the Trident Crypto Fund data breach.

Even though it’s possible that Russian residents might have had their records leaked previously as well, there are no records of that happening.

Nevertheless, this data breach structured the history of data leakages for Russia as this happens to be one of the first major ‘Personal’ data breaches the country’s citizens have faced that has had such a major impact.

Read more »
Theft
Cyber Crime Cyber Hacking loyality points rewards Theft

Are your rewards and loyalty points getting less? You might want to take a look!


The universe is lazy, everything that occurs follows the principle of least action. It should be no surprise that living things have evolved to obtain the most benefit for the least work; consider the intersection of intelligence and energy. And the same is true for humans, we are inherently lazy - choosing the path of least resistance. No matter the work, we will choose the shortest, most easy and least time-consuming way to do it. No matter the path, we will take the most direct and simplest route.

The same could be said for the cyber world wizards, the hackers who would take the easiest path to hack and earn and hence have chosen a new way to earn and steal - "Loyalty Points".


Loyalty Points 

Digital Banking systems nowadays is as safe and impenetrable as their physical counterparts and require planning, knowledge and a load of luck to hack. And when there are easily accessible, far less secure targets like Loyalty Points, then why do so much work?

 Loyalty Points and schemes are rewards given to customers that they can swap for goods and offers much like currency. Since these are less secure, easy to steal our lazy hackers are now attacking these points instead of the highly secure bank accounts and vaults.

Need to be taken seriously

Andy Still, CTO Netacea writes for Infosecurity Group Website, "People don’t treat loyalty points in the same way as they treat other financial products. When our wallet or purse is stolen or lost, we immediately cancel our credit and debit cards. Our loyalty cards can wait. Retailers tend to treat loyalty points in the same way—logging into an account doesn’t have the same level of security, and two-factor authentication is rare."

People are often careless with their reward accounts, they leave it for months before they check it and the theft goes unnoticed. There's also a benefit that the stolen points will be refunded. In this scam, both the businesses and the customers are affected. The customer doesn't get the benefit of loyalty points nor does the business get what they want- repeat business, customer loyalty and branding. Business needs to take their loyalty points scheme like bank accounts and ask their customers to do the same.
Read more »
Subscribe to: Posts (Atom)