Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cybersecurity Breach. Show all posts
security measures
Cyber Attacks Cybersecurity Breach data security Hotel Chains Ransomware attack Restaurant Chain security measures

Panera Bread and Omni Hotels Hit by Ransomware Outages: What You Need to Know

 

In a tumultuous turn of events, Panera Bread and Omni Hotels were thrust into the chaos of ransomware attacks, unleashing a cascade of disruptions across their operations and customer services. 

Panera Bread, celebrated for its culinary delights and pioneering loyalty programs, found itself in the throes of a massive outage that paralyzed its internal IT infrastructure, communication channels, and customer-facing platforms. The ransomware strike, striking on March 22, 2024, encrypted critical data and applications, plunging employees and patrons into disarray amidst the ensuing turmoil. 

Among the litany of grievances, Panera Sip Club members were left disheartened by their inability to savour the benefits of their subscription, notably the tantalizing offer of unlimited drinks at a monthly fee of $14.99. The frustration reverberating among members underscored the profound repercussions of cyber incidents on customer experience and brand loyalty. 

As of January 23, 2024, Panera Bread and its franchise network boasted an extensive presence with 2,160 cafes sprawled across 48 U.S. states and Ontario, Canada. However, the ransomware onslaught cast a shadow over the company's expansive footprint, laying bare vulnerabilities in cybersecurity defenses and underscoring the imperative for robust incident response protocols. 

In tandem, Omni Hotels grappled with a parallel crisis as ransomware-induced IT outages wreaked havoc on reservation systems and guest services. The bygone week witnessed a flurry of disruptions, from protracted check-in delays averaging two hours to resorting to manual interventions to grant access to guest rooms. 

The financial fallout of these cyber calamities remains nebulous, yet the toll on customer trust and brand reputation is palpable. The opacity shrouding the attacks has only exacerbated apprehensions among employees and patrons alike, accentuating the exigency for fortified cybersecurity measures and transparent communication strategies.

Amidst the evolving threat landscape, organizations must fortify their cybersecurity defenses and hone proactive strategies to avert the pernicious impact of cyber threats. From regular data backups and comprehensive employee training to the formulation of robust incident response blueprints, preemptive measures are pivotal in blunting the impact of cyber onslaughts and fortifying resilience against future incursions. 

The ransomware assaults on Panera Bread and Omni Hotels serve as poignant reminders of the pervasive menace posed by cyber adversaries. By assimilating the lessons gleaned from these incidents and orchestrating proactive cybersecurity initiatives, businesses can bolster their resilience and safeguard the interests of stakeholders, employees, and patrons alike.
Read more »
security measures
Axie Infinity co-founder crypto community cryptocurrency theft Cyber Security Cybersecurity Breach Digital Assets Hackers personal accounts security measures

Hackers Steal Nearly $10 Million from Axie Infinity Co-founder’s Personal Accounts

 

A significant amount of cryptocurrency, valued at nearly $10 million, has been reported stolen from personal accounts belonging to Jeff "Jihoz" Zirlin, one of the co-founders associated with the video game Axie Infinity and its affiliated Ronin Network.

According to reports, Zirlin's wallets were compromised, resulting in the theft of 3,248 ethereum coins, equivalent to approximately $9.7 million. Zirlin took to social media to confirm the incident, stating that two of his accounts had been breached. 

However, he emphasized that the attack solely targeted his personal accounts and did not affect the validation or operations of the Ronin chain or Axie Infinity,as reiterated by Aleksander Larsen, another co-founder of the Ronin Network.

The method through which the intruders gained access to Zirlin's wallets remains unclear. The Ronin Network serves as the underlying infrastructure for Axie Infinity, a game renowned for its play-to-earn model based on ethereum, particularly popular in Southeast Asia. 

Notably, the system had previously fallen victim to a $600 million cryptocurrency heist in March 2022, an attack attributed by U.S. prosecutors to the Lazarus Group, a cybercrime operation allegedly backed by North Korea.

Analysts tracking the recent theft traced the stolen funds to activity on Tornado Cash, a cryptocurrency mixer designed to obfuscate the origin of funds. It's worth noting that Lazarus had previously utilized this mixer to launder proceeds from the 2022 hack. The U.S. government, in response, had separately imposed sanctions on Tornado Cash.

Blockchain investigator PeckShield described the incident as a "wallet compromise," indicating a breach in security measures. Despite the breach, Zirlin assured stakeholders of the stringent security protocols in place for all activities related to the Ronin chain.
Read more »
Remote Access Software
cyber attack Cyber Attacks Cyber Hacking Cybersecurity Breach data security Remote Access Software

Security Breach at AnyDesk: Production Servers Hacked, Password Reset

 

AnyDesk, a widely used remote desktop application, is currently grappling with a significant security breach that has raised alarm among its user base. The company recently disclosed that malicious actors successfully infiltrated its production servers, gaining unauthorized access to sensitive information and triggering a large-scale password reset for its users. 

AnyDesk functions as a remote desktop solution, allowing users to access and control their computers from anywhere in the world. Renowned for its user-friendly interface, high performance, and cross-platform compatibility, AnyDesk has become a popular choice for both personal and professional remote connectivity. 

However, the recent security incident sheds light on the inherent vulnerabilities in remote desktop software, particularly in ensuring robust security measures. Despite encryption and authentication protocols in place, hackers often exploit weaknesses in these systems to gain unauthorized access. The breach of AnyDesk's production servers indicates a potential lapse in the platform's security infrastructure. 

The extensive user base of AnyDesk, consisting of millions relying on the platform for remote work and other activities, makes it an attractive target for cybercriminals. The breach not only allowed unauthorized access to user accounts but also led to a mass password reset, creating additional challenges for users and emphasizing the significant impact of such security compromises. 

In response to the breach, AnyDesk promptly acknowledged the incident and urged users to reset their passwords immediately. The company is actively investigating the extent of the compromise and is committed to enhancing its security measures to prevent future breaches. AnyDesk reassures its users that measures are being taken to safeguard the integrity of the platform. 

The forced password reset has left AnyDesk users facing potential disruptions to their remote work and personal activities. As a precautionary measure, users are advised to regularly update their passwords, enable two-factor authentication where available, and remain vigilant for any suspicious activities on their accounts. 

The AnyDesk security breach underscores the ongoing challenges faced by remote desktop software providers in maintaining the security of user data. In an era where remote connectivity has become the norm, ensuring the safety of personal and professional information must be a top priority. Users are encouraged to adopt best cybersecurity practices, stay informed about security updates, and take proactive measures to enhance their overall online security.
Read more »
North Korean Hackers
Cybersecurity Breach Data Breach LinkedIn messaging scam malicious software download Meta recruiter impersonation North Korean Hackers

Security Breach: Hacker Poses as Meta Recruiter, Targets Aerospace Company

 

The Lazarus Group, an entity linked to North Korea, has been identified in a cyber espionage operation aimed at an aerospace firm based in Spain. The scheme involved impersonating a Meta recruiter on LinkedIn to approach employees of the targeted company. 

These individuals were then tricked into opening a malicious file that masqueraded as a coding challenge or quiz. This attack is part of a broader spear-phishing campaign known as Operation Dream Job. Its goal is to entice employees from potential strategic targets with enticing job opportunities, thereby initiating the infection process.

In a recent technical report shared with The Hacker News, ESET security researcher Peter Kálnai shed light on the attack. In a previous incident this March, the Slovak cybersecurity company had outlined an attack focused on Linux users, where fake HSBC job offers were used to deploy a backdoor named SimplexTea.

The latest intrusion, designed for Windows systems, aims to install an implant referred to as LightlessCan. Kálnai emphasized the significance of this new payload, highlighting its sophistication and representing a substantial advancement compared to its predecessor, BLINDINGCAN. BLINDINGCAN, also known as AIRDRY or ZetaNile, is a multifaceted malware capable of extracting sensitive data from compromised hosts.

The attack unfolded as follows: the target received a message on LinkedIn from a counterfeit recruiter claiming to represent Meta Platforms. This recruiter sent two coding challenges as part of the supposed hiring process, ultimately convincing the victim to execute the test files (named Quiz1.iso and Quiz2.iso) hosted on a third-party cloud storage platform.

ESET pointed out that these ISO files contained malicious binaries (Quiz1.exe and Quiz2.exe), which were downloaded and executed on a device provided by the company. This resulted in the system compromising itself and the corporate network being breached.

This attack sets the stage for an HTTP(S) downloader known as NickelLoader. This allows the attackers to deploy any desired program into the victim's computer memory, including the LightlessCan remote access trojan and a variant of BLINDINGCAN referred to as miniBlindingCan (aka AIRDRY.V2).

LightlessCan boasts support for up to 68 distinct commands, with 43 of them currently functional in its present version. Meanwhile, miniBlindingCan primarily focuses on transmitting system information and downloading files from a remote server.

One noteworthy feature of this campaign is the use of execution guardrails to prevent the payloads from being decrypted and run on any machine other than the intended victim's.

Kálnai highlighted that "LightlessCan emulates the functionalities of a wide range of native Windows commands, enabling discreet execution within the RAT itself instead of noisy console executions." This strategic shift bolsters stealthiness, making it more challenging to detect and analyze the attacker's activities.

In recent months, the Lazarus Group and other threat clusters originating from North Korea have been notably active. They have conducted attacks spanning various sectors, including manufacturing and real estate in India, telecoms companies in Pakistan and Bulgaria, and government, research, and defense contractors in Europe, Japan, and the U.S., as per Kaspersky.
Read more »
Small Businesses
Business hacking Cyber Attacks Cyber Protection Cyber Threats Cybersecurity Breach IT Experts Small Businesses

How can Small Businesses Protect Themselves From Cyber Threats?


In today’s world where businesses of kinds and shapes are developing into a digitalized body, it has also increased chances of cybercrime in their cyber spaces significantly. Newbie business personnel who are looking forward to set a business in bakeries, renovations, and other fascinating passions now struggle, seeing the complexities in cybersecurity. Due to the fact that cybercriminals are continuously keeping an eye on vulnerabilities, it is crucial for organizations to take proactive measures to safeguard their digital assets and keep their operations running smoothly.

Modern Reality of Cyber Threats 

While pondering over cyberattacks is definitely not the first thing that comes over an entrepreneur’s mind, in today’s world where digital footprints is a known issue in any operation, cyber security needs to be taken into consideration. Data breaches and ransomware assaults are only two examples of the destructive actions that go under the umbrella of "cyber risk," which are frequently carried out by rogue agents, organized crime groups, or even nation-states. The virtual nature of cyberattacks does not lend itself to the straightforward answer of shifting to a "safer neighborhood," unlike conventional physical protection. Attackers benefit from ongoing access and endless opportunities as a result of firms being online all the time.

Adding to this, incorporation of AI technologies into a business has given threat actors a chance to improvise and add more complexities to their attacks. Ransomware-as-a-Service (RaaS) has further aided in expending the gig economy in the cybercrime-space, allowing small-time offenders to use automation and scale up their destructive activities. As a result, the fusion of technology with malicious intent has made the business of cyberattacks a booming one worldwide.

Critical Strategies for Cyber Protection 

There are many measures that could be followed to protect oneself from getting their systems struck by any cybercrime entity. We are listing some them below:

Keep Software Up-to-Date: Software maintenance is an essential practice. Cybercriminals may be able to exploit weaknesses in software that is even decades old. By installing software updates from reputable manufacturers like Microsoft, the danger of cyberattacks can be greatly reduced.

Implement Essential Controls: Leaders from small-size businesses are advised to emphasize on foundation measures in order to protect against known threats, like phishing attacks, malware or hacking. Some of the best safety measures include multifactor authentication, email and web filtering, data security and backups, privileged access management, and endpoint detection and response.

Collaborate with Insurers and IT Experts: Despite effective cybersecurity precautions, hacks can still happen, thus planning and cooperation are crucial. Working together with IT professionals and cyber insurers can result in specialized incident plans and quick recovery plans in the event of a successful attack. Cyber insurance offers access to specialized teams, coaching for crisis response, and financial support.  

Read more »
USA
API API- Application Programming Interface Cybersecurity Breach Data Breach USA

API Security Losses Total Billions, US Companies Hit Hard


According to the analysis of breach data, US companies are the ones affected the most by the APIs. Companies have lost a combined amount of $12 billion to $23 billion in 2022 from compromises linked to Web application programming interfaces (APIs). 

APIs are used in Internet of Things (IoT) applications and on websites. An API is a mechanism that facilitates two software systems to interact. It controls the types of requests that take place between programs, how these requests are made, and the kinds of data formats used. For example, the Google Maps application on a mobile device does not contain names of all the streets, cities, towns, and other landmarks on your device. Instead, it connects to another application within the Google server that contains all of that information and this connection is made possible using an API. 

The data over the last decade suggests that API security has leveled up as a significant cybersecurity problem. Following the information, the Open Web Security Application Project (OWASP) has listed the top 10 APl security issues in 2019. 

It has explained various API weaknesses including broken authorization for objects, weak user authentication, and excessive data exposure as sensitive issues for software makers and companies that rely on cloud services. Thus, API security has become increasingly important. 

APIs work as the backend framework for mobile and web applications. Crucial and sensitive data is transferred between users, APIs, and applications and systems. Therefore, it is important to protect the sensitive data they transfer. 

According to the report 'Quantifying the Cost of API Insecurity' published this week by application-security firm Imperva and risk-strategy firm Marsh McLennan – cybersecurity issues would grow as APIs continue to become a common pattern for cloud and mobile devices.

"The growing security risks associated with APIs correlate with the proliferation of APIs. The volume of APIs used by businesses is growing rapidly — nearly half of all businesses have between 50 and 500 deployed, either internally or publicly, while some have over a thousand active APIs," says Lebin Cheng, vice president of API security for Imperva. 

Further, in Asia, more than 100 combined API security incidents occurred, and in the US more than 600 API security events. To prevent this, companies have to gain visibility into how they are using APIs and create a complete inventory of the API traffic in their network.
Read more »
Tokens
Badger Defi and MonoX Cybersecurity Breach Data Breach Hackers Steal Money Hacking. Tokens

Hackers Drained $120m From Badger Defi and $30m From MonoX

 

Two decentralized finance platforms BadgerDAO and MonoX had witnessed security breaches in two separate attacks in which hundreds of millions of dollars worth of cryptocurrency has been drained by the threat actors. 

The threat security research unit of BadgerDAO Company discovered the attack on 2nd December wherein a malicious group has stolen $120 million, while MonoX lost $31 million to unknown attackers on November 30th. 

As per the blockchain security and data analytics Peckshield organizations, which are working with BadgerDAO to investigate the further heist, the various tokens that have been stolen in the attack are worth more than $120 million, the researchers told in their findings. 

As soon as the Badger got to know about the unauthorized transfers, it had stopped all smart contracts, essentially freezing its platform, and warned its clients to decline all transactions to the hackers’ addresses. 

The company has reported that it has “retained data forensics experts Chainalysis to explore the full scale of the incident & authorities in both the US & Canada have been informed & Badger is cooperating fully with external investigations as well as proceeding with its own.” 

On the other hand, MonoX has acknowledged the breach and explained in a blog post that the breach occurred after a group of hackers exploited a vulnerability in smart contract software; Smart contracts are digital contracts stored on a blockchain that is automatically executed when all terms and conditions are met. 

It is being estimated that the group of hackers has managed to steal more than $ 30 million in funding, mostly MATIC and WETH. A “swap method was exploited and the price of the MONO token has risen to a new high”, the company reported. 

“The exploit was caused by a smart contract bug that allows the sold and bought token to be the same. In the case of the attack, it was our native MONO token. When a swap was taking place and tokenIn was the same as tokenOut, the transaction was permitted by the contract”, the company added.

Furthermore, as listed below, Igor Igamberdiev, an IT security researcher was able to break down the stolen tokens. He uploaded the list on his Twitter handle. 

1. – 5.7M MATIC ($10.5M) 
2. – 3.9k WETH ($18.2M) 
3. – 36.1 WBTC ($2M) 
4. – 1.2k LINK ($31k) 
5. – 3.1k GHST ($9.1k) 
6. – 5.1M DUCK ($257k) 
7. – 4.1k MIM ($4.1k) 
8. – 274 IMX ($2k)
Read more »
Vulnerability and Exploits
Cybersecurity Breach Mac macOS PoC Vulnerability and Exploits

Expert Releases PoC Exploit for MacOS Gatekeeper Bypass

 

Cybersecurity expert Rasmus Sten, an F-Secure software engineer, published a PoC exploit code for MacOS Gatekeeper bypass that Apple fixed earlier in 2021. The PoC (Proof of Concept) exploit attacks CVE-2021-1810 vulnerability, which leads to escaping three protection that Apple has built against harmful file downloads, particularly Gatekeeper, notarization and file quarantine. The vulnerability was discovered in the Archive Utility component of MacOs Big Sur and Catalina and can be compromised using specifically made ZIP file. 

For the compromise to be successful, the attacker has to fool the user into downloading and installing the archive to deploy malicious codes in the system. The vulnerability exploit would allow an attacker to execute unsigned binaries on MacOS systems, including Gatekeeper that enforces code signatures and user wouldn't be aware of the malicious code execution. According to Sten, the vulnerability is linked to a pattern where Archive Utility controls file paths. Especially, if the paths are larger than 886 characters, the com.apple.quarantine feature couldn't be enabled, which will allow Gatekeeper bypass for the malicious files. 

During the investigation of long path file names samples, Sten found that few MacOS parts showed unexpected pattern after the final path length touched a certain point. In the end, experts found that it may be possible to make an archive with a hierarchical structure, in this case, the path length would be long enough for Safari to call Archive Utility to unload it and wouldn't use com.apple.quarantine attribute, but small enough for Finder to browse and MacOS to deploy the malicious codes in the system. 

To lure the victim easily, attacker could hide archive folder structure using a symbolic link in root which is almost indifferent from a single application bundle in an archive root. "Sten, who also released a video demo of the exploit, has published PoC code that creates the archive with the path length necessary to bypass CVE-2021-1810, along with a symbolic link to make the ZIP file look normal.The vulnerability was addressed with the release of macOS Big Sur 11.3 and Security Update 2021-002 for Catalina," reports Security Week.
Read more »
US
CISA Cyber Security Cybersecurity Breach US

US Agencies Hit By Cyberattack, Confirms CISA Investigation

 

Around five federal civilian agencies were breached recently, in a hit to the US government, revealed an investigation by a top Cybersecurity and Infrastructure Security Agency, which followed emergency protocol to minimize damage from the attack. Suspected hackers from China exploited vulnerabilities in Pulse Secure VPN, a popular remote connectivity tool, to hack into government organizations, defense systems, financial agencies across Europe and the US, said a report released earlier this month. 

For the past few weeks, CISA has been constantly working to find out to find the total damage of the attack and help organizations protect their systems, telling organizations to run an "integrity tool" to look for potential breaches. Matt Hartman, Deputy Executive Assistant Director of Cybersecurity said "CISA is aware of at least five federal civilian agencies who have run the Pulse Connect Secure Integrity Tool and identified indications of potential unauthorized access." CISA is coordinating with various agencies to verify if a breach occurred and to provide assistance as a response to the issue. The news came out first when Reuters reported about the affected agencies. Earlier this week, CNN had reported that CISA found 24 Federal Civilian Agencies using Pulse Secure VPN, but were not sure whether they were compromised. 

CNN reports, "The discovery of potential breaches comes a little over a week after CISA issued a rare "emergency directive" ordering all federal civilian agencies to determine how many instances of the product they have, run the "integrity tool," install updates and submit a report to CISA. Emergency directives are used when there is a high potential for compromise of agency systems. Since March 31, CISA has been assisting multiple entities whose vulnerable Pulse Connect Secure products have been exploited by a cyber threat actor, according to a CISA spokesperson." 

The US government is still determining the extent of the attack. The Pulse Secure VPN intrusions don't show any signs of sophisticated attack or supply chain attack, as was the case with the recent SolarWinds attack. The hack was also different from the Microsoft Exchange Server Campaign indiscriminate targetting, where hackers breached thousands of servers.
Read more »
IoT
China Cyber Security Cybersecurity Breach IoT

Hackers Tap Into Home Security Cameras, Record Sex Tapes To Sell Online

Chinese hackers are infiltrating into residents' house security cameras, shooting them having sex and selling the footage online. However shocking this crime may sound, it's pretty common nowadays, according to South China Morning Post. It reports, "the videos are priced based on how exciting they are and are sold via social media, according to an undercover investigative report aired by the television station on Monday. Video clips involving nudity or sexual acts are priced at 50 yuan (US$8) each, while those “normal ones shot in hotel rooms” are 20 yuan (US$3), said an unidentified seller of these videos in the report."  

These videos are always in high demand in the online market. This can be frightening as the sophisticated gadgets that we use for our security can be turned against us, and the internet can put us in such a vulnerable condition. The attackers hacked into candid cameras to spy on hundreds of thousands of victims and record their sex tape, besides this, they were also able to find out about the hidden cameras that hackers used to plant in the hotel rooms.  These sex tapes that are on sale are being called "home videos", hackers have also set up multilevel marketing scheme where the clients are encouraged to sell these videos furthermore. 

The customers were shared the login credentials of the hacked security cameras so that they can tune in themselves. According to one hacker's audio conversation with his VIP clients, he had dozens of people walking around and installing these cameras wherever they went.  Even if these cameras are caught by the hotels, the hackers will only lose around 100 yuan, the losses can be compensated by uploading a couple of videos online. 

"Such videos are primitive,” the hacker said. “Many people like such kind of stuff nowadays, watching people’s privacy, what they’re doing at the moment… You know what, I have sold this video several hundred times," said the hacker, according to South China Morning Post. In a similar incident, hackers hacked into the Amazon ring cameras where the customers were unaware of the breach.
Read more »
Security Breach
Breach Cyberattack Cybersecurity Breach FireEye Security Breach

US Cybersecurity Company FireEye Hacked by 'Nation-Backed' Threat Actors


On Tuesday, one of the leading cybersecurity firms, FireEye said that it has been attacked by "highly sophisticated" state-sponsored hackers who stole the company's valuable hacking tools used for testing customers' security and computer networks. The attack was heavily customized to breach FireEye's systems. 
 
The breach substantiated the biting reality that the most advanced security vendors out there, primarily to protect others from intrusions can also be targeted and consequently hacked. Notably, the attacker mainly sought data of some government customers, using an unprecedented combination of tactics, according to the firm. CEO Kevin Mandia in his blogpost characterized the attack as a 'highly targeted cyberattack', a kind never witnessed before. So far, no customer data seem to be accessed by the attackers. 
 
There are a number of speculations about who might have performed the attack, however, the firm gave no clarity about the origins of the attackers and is investigating the matter along with the FBI. In a similar context, Mandia indicated in his blog post that the nation responsible for the attack is someone with world-class offensive capabilities as the unfamiliarity of the attack speaks volumes about the top-notch capabilities tailor-made to attack FireEye.  
 
On the basis of his 25 years of experience in cybersecurity, Mr. Mandia further said in his Saturday's blog that this attack was “different from the tens of thousands of incidents we have responded to throughout the years,” and “used a novel combination of techniques not witnessed by us or our partners in the past.” 
 
“These tools mimic the behavior of many cyber threat actors and enable FireEye to provide essential diagnostic security services to our customers,” the company said in the filing. “Consistent with our goal to protect the community, we are proactively releasing methods and means to detect the use of our stolen Red Team tools.” 
 
While giving insights, a CISA spokesperson told, "As details are made available we are working to share and implement countermeasures across the federal networks and with our private sector partners," 
 
Meanwhile, FireEye has been said to have a "ringside seat" for some of the most advanced intrusions carried out globally by Mike Chapple, a former NSA official who's currently working at the University of Notre Dame as a cybersecurity expert.
Read more »
Cybersecurity Breach
Cybersecurity Cybersecurity Breach

Every Organization Should Ask These 8 Questions Before Choosing Their Cybersecurity Provider


Being cybersecurity ready offers many advantages, but your organization can always target hackers unless you do not know critical details. According to a Junior Research report in 2019, the expense of cybersecurity breaches in 2024 will reach to $5 Trillion every year from $3 Trillion currently. The data is helpful, especially for large organizations that depend on third-party cybersecurity services for their day to day operations. Data by Opus and Ponemon Institute shows that 60% of organization attacks happen due to the third-party actors. Data breaches can destroy the brand image of any organization and also result in a financial crisis. To limit data breaches, the organization should have a reliable third-party vendor that it can trust.

Here's why any organization should research while preferring a new provider and why third-party threats are pressing. Fewer vendors mean fewer threats. Currently, companies depend on many vendors to perform their day to day operations. For instance, in 2019, Apple alone had 200 supplier companies. In most of the cases, these threats come from third-party vendors. For instance, hackers attacked Agama, a cryptocurrency app which had vulnerabilities in its third party javascript library.

According to Juniper, "the new research, The Future of Cybercrime & Security: Threat Analysis, Impact Assessment & Mitigation Strategies 2019-2024 noted that while the cost per breach will steadily rise in the future, the levels of data disclosed will make headlines but not impact breach costs directly, as most fines and lost business are not directly related to breach sizes. 

How to choose a reliable vendor? 
  1. Are your vendor's offerings compatible with your organization's needs? 
  2. Your cybersecurity provider should have an excellent cyber score. 
  3. Did your vendor experience any data breach or attack in the past? 
  4. If the provider has an immediate incident response project. 
  5. Whether your cybersecurity provider offers 'right to inquire.' 
  6. If the vendor has an intelligence program for potential threats. 
  7. Whether the vendor has industry certification or not. 
  8. If the third party provider has a chief information security officer or a security contact. 
Answers to these questions will help your organization select third-party cybersecurity provider wisely.
Read more »
Data Breach
Bitcoin Cybersecurity Breach Data Breach

The database of Russian car owners is sold for bitcoins


According to the description of the database, it contains 129 million leads obtained from the traffic police register. This is information about vehicles registered in Russia: the place of registration, make and model of the car, date of initial and last registration.

An employee of the car-sharing company whose vehicle data is contained in the registry confirmed the authenticity of the data.
Moreover, cybersecurity experts have already verified the authenticity of the documents. They also noted that this database was most likely stolen from the traffic police or insurance companies.

"Most often leaks occur in the traffic police and insurance companies", said Ashot Hovhannisyan, founder and technical director of DeviceLock, said that the database of motorists is regularly sold on the Darknet.

According to him, now this database is unique, as it contains information about the initial registration of cars since the 1990s.
For an additional fee, sellers offer to provide personal data of car owners, including last name, first name and patronymic, address, date of birth, passport number, and contact information. They also sell the TIN of legal entities where the car is registered.

The full version of the database with all data costs 0.3 bitcoin (approximately $2.8 thousand). 1.5 bitcoins (about $14 thousand) will cost the transfer to exclusive use.

Mikhail Firsov, Technical Director of Information Security Systems, believes that companies that buy such databases can use them to conduct illegal financial transactions, execute transactions, and fake legal documents.

Earlier, E Hacking News reported about the sale of data of 9 million customers of the Express transportation service CDEK in the Darknet. This is the largest leak of personal data in Russian delivery services.
Read more »
malware
Cybersecurity Breach Indian Army malware

Indian Army detected a Malware








Ahead of Independence Day celebrations, the Indian Army has detected a cybersecurity breach which affected a senior officer posted in Jammu and Kashmir under the Northern Command.

"The cybersecurity breach was detected by the Indian Army personnel during a routine check when malware was found in the computer of a senior officer," army sources told ANI.

However, the investigation has been started and it is being investigated how the malware found its to his computer.

Senior Army officers get a computer from the Army to carry out all the official work, and the system is connected with the Army intranet facility.

The Army keeps alerting its personnel about cyber alerts and data theft by WhatsApp and other social media platforms. They are warned of using any Chinese apps.

Recently, Pakistani intelligence agencies have Army personnel by sending them malicious links, which once clicked, downloads malware on their computers or mobile devices and steal all the information from them.

To avert this kind of malware and any kind of threat the Army has been issuing regular warnings against such issues, and ask its personnel to immediately inform the higher authority if they even have a slight doubt about their data.

The Army has been issuing regular warnings about and has asked personnel to be alert while dealing with these issues.

The Udhampur-based battalion is responsible for handling almost the entire territory of Jammu and Kashmir and Ladakh bordering both Pakistan and China.
Read more »
Online data breach
Anonymous web browser CyberCrime Cybersecurity Breach Online data breach

Russian Intelligence Attempts to Crack Tor Anonymous Web Browser



On being breached by cybercriminals, a Russian intelligence contractor has been found to be attempting to crack an anonymous web browser, 'Tor', which is employed by the people who wish to bypass government surveillance and acquire access to the dark web. However, it is unclear how effective the attempt to crack the web browser was because the modus operandi relied largely on the luck factor to match Tor users to their activity.

According to the findings of the BBC, the intelligence contractor which is widely known in Russia is also working on various secret projects.

SyTech, a contractor for Russia's Federal Security Service FSB, fell prey to a massive data breach wherein hackers gained illicit access to around 7.5 terabytes of data and included details regarding its projects.

The internet homepage of the company was replaced by a smug smiley face by the hackers from a group namely 0v1ru$ who acquired illegal access to the company on 13th July.

In order to crack Tor, SyTech resorted to Nautilus-S which required them to become an active member of the browser's network.

Whenever a user gets connected to Tor, the usage of the web browser is visible to the internet service providers who later can provide this data to the FSB or any other state authority, on being asked.

Commenting on the viability of SyTech's attempt to crack Tor, a spokesperson for the Tor project said, "Although malicious exit nodes would see a fraction of the traffic exiting the network, by design, this would not be enough to deanonymize Tor users,"

"Large-scale effective traffic correlation would take a much larger view of the network, and we don't see that happening here," he added.


Read more »
Source Code disclosure vulnerability
Anonymous Hacker Antivirus Cybersecurity Breach Networks Breached Russian Hacker Source Code disclosure vulnerability

Russian hackers claim to have breached 3 US antivirus makers

A group of elite Russian hackers claims to have infiltrated their networks and stolen the source code for their software.

Researchers with Advanced Intelligence (AdvIntel) have been tracking the activity of the group on underground forums for some time. The hackers, who operate under the handle Fxmsp, have an established reputation for infiltrating well-protected networks. Their targets typically include highly-sensitive corporate and government information.

Two months ago AdvIntel saw Fxmsp reappear on hacking forums after a half-year hiatus. It's probably no coincidence that the group reported that its campaign against security software firms had kicked off six months earlier.

Fxmsp laid low until it had achieved its goal. When its stealth operation concluded, the hackers allegedly made off with more than 30 terabytes of data from their latest victims. They posted screenshots showing folders, files, and source code.

The asking price for this trove of data: a cool $300,000. They also claimed to still have access to the networks and would throw that in at no extra charge to the lucky buyer.

If what they're offering is the real deal, then this is pretty much a worst-case scenario for the three firms that were compromised. Access to the source code allows hackers the opportunity to locate showstopping vulnerabilities and exploit them, rendering the software useless... or worse. They could even turn what was once legitimate protection from malware into an incredibly effective spying tool.
Read more »
Dell SupportAssist.
Computer Hacking CyberCrime Cybersecurity Breach Dell SupportAssist.

Dell Computers Compromised To Hackers; SupportAssist Software To Blame




Reportedly, a vulnerability in Dell’s SupportAssist application could be easily exploited by hackers via which they could access administrative privileges.


The said administrative privileges would then aid the hackers to execute malicious code and take over the users’ entire system.

The victims of this security error haven’t reached a definable number yet but as all the Dell PCs with the latest Windows have the SupportAssist software all of them are open to attacks.

Since the aforementioned application doesn’t come pre-installed the PCs bought without Windows in them are safe.

The software aids Dell automatic driver updates like debugging and diagnostics.

Furthermore, debugging tools happen to have clear access to device’s systems, so when hackers attack, they gain full control of the system itself.

The hackers first try to get the victim to access a malicious web page and later trick them into downloading SupportAssist.

Henceforth the malware starts to run on the system with all the administrative privileges gained by default.

When the victims are on public Wi-Fi or large enterprise networks that’s when they are the most vulnerable to such an attack.

Then on the attacker would launch an Address Resolution Protocol hoaxing attacks and providing hackers the access to legitimate IP addresses within the network.

DNS attacks are also a strong possibility because of the lack of security on the existing routers.

After a young security researcher alerted Dell about the security flaw, the organization has been working on a patch.

Until then it would be the best choice to simply uninstall the application from the device.

Hackers have already exploited this vulnerability and hacked into a few internal devices of Dell owing it to the SupportAssist.


Per sources, a patch has already been released for the issue which is the version 3.2.0.90 of the SupportAssist application.




Read more »
Singapore
Cybersecurity Breach Data Breach Database Compromised HIV Singapore

Massive HIV Data Leak: Thousands of Detailed Records Compromised.












In a recent major data leak in Singapore, thousands of HIV positive people’s records were compromised.


One of the victims of this leak was informed via a phone call that her record was out in the open along with those of approx. 14,000 others.

This enormous leak came off as really shocking to people as many of them were reluctant to let the fact surface in outer world.

The main target which has emerged in this database leakage incident is the Singaporean media.

The government said that a local doctor who had an American partner, who had access to all the records in question, is the main person who’s at fault.

Reportedly, according to the authorities the leak has been contained but an extreme emotional damage has been caused to the HIV infected.

In Singapore, as mandated by the law, the aforementioned victim’s HIV status was added to the national database.

The HIV registry was set up in 1985 by the ministry of health to keep a check on the infection and potential cases’ status.

The previously mentioned database is the one which got compromised accompanied by the names and addresses of more than 14,000 people.

According to the sources the name of the American partner has been reported to be as, Mikhy Farrera-Brochez. The data and the access to the registry had been wrested from his Singaporean doctor partner.

Mikhy couldn’t work in Singapore because as the Singaporean law states so. But he got convicted of fraud because he used someone else’s blood to pass a mandatory HIV test.

According to Mikhy there is more to the story of the leakage and it’s not just him who’s behind it all. He also said that he had contracted HIV in prison and that he was denied medication.

He also blamed Singapore for using the HIV database for keeping track of gay men in the country because same-sex sex there is illegal.

To this accusation Singaporean authorities have replied negatively and cited that the statement is absolutely untrue.

Singapore’s health minister is working with the authorities of the US regarding the case.
Earlier there was a total ban on people with HIV entering the borders of Singapore, which got lifted in 2015.

But the people who have married Singaporean citizens or have permanent residencies in the country could dodge it.

This leak has come as a shock as well as emotionally degrading. This chaotic circumstance has made the citizens question the way records are kept in security.

One of the senior doctors who have been working on safeguarding the interests of the HIV patients in Singapore said that many implementations exist which restrict the doctors from accessing such records.

This incident has wreaked a lot of emotional havoc to people who are infected and whose names are in those compromised records.

The victims aren’t even sure that whether the leak has actually been contained or not.

This leaked information could ruin a lot of lives and careers for the infected.

The victims are seriously concerned about the diaspora of the detailed information and the compromised records.


Read more »
Ukraine
Bitcoins. Cybersecurity Breach Russian Hackers Ukraine

NotPetya; a Significantly Greater Danger than Wannacry Malware




With the rising conflict amongst Ukraine and Russia that prompted the killings of more than 10,000 Ukrainians and affected millions more , the Russian hackers, in June 2017 came up with  the most pulverizing cyber security breaches to attack systems of the victims through an encrypted code that ranged from media outlets to railway firms.

Andy Greenberg, author of Sandworm and a senior writer with the WIRED chronicled the birth of this biggest cyber attack , in an excerpt from his book he says,

”For the past four and a half years, Ukraine has been locked in a grinding, undeclared war with Russia that has ultimately led to Ukraine becoming a scorched-earth testing ground for the Russian cyber war tactics. In 2015 and 2016, while the Kremlin-linked hackers known as Fancy Bear were busy breaking into the US Democratic National Committee’s servers, another group of agents known as Sandworm was hacking into dozens of Ukrainian governmental organisations and companies. They successfully managed to penetrate the networks of victims ranging from media outlets to railway firms, detonating logic bombs that destroyed terabytes of data.”

This thought of obliteration brought forth NotPetya, a significantly greater danger to the world than the scandalous Wannacry malware.

Petya is amongst the family of those encrypting ransomware that was first discovered in 2016. It goes for focusing only on Microsoft Windows-based frameworks, infecting the master boot record in the process to execute a payload that encodes a hard drive's file system table thus keeping Windows from booting. At the same time consequently demanding from the user to make a payment in Bitcoin with a specific end goal to recapture access to the system.

NotPetya is simply one more form originating from Petya as both plan to encode the hard drive of infected computers, there exists enough common features between the two.

Now in spite of the fact that NotPetya was focusing on war-ridden Ukraine, the result was felt by the world. The malware could destruct computers, data and wired machines over the world.

In an excerpt from Sandworm published by WIRED, the writer describes how the spread of the malware influenced not simply its expected casualty, i.e. Ukraine, but also machineries all around the world.

The after-effect of this attack was more than $10 billion in aggregation says the Former Homeland Security advisor Tom Bossert, who amid the investigation and analysis of the malware was US President Donald Trump's most senior cyber security-¬focused official. Indeed, even the scandalous WannaCry, that spread a month before NotPetya in May 2017, is assessed to have taken a toll between $4 billion and $8 billion.

Inevitably the attack, which had begun as an impetus to win the war against Ukraine, unequivocally focusing on a few hardware and computers in lodgings, hospitals, government workplaces and many places of importance in the nation, spread like wildfire, wreaking havoc  and causing tremendous destruction across the world.

In any case, even after over a year, the uncouth demonstrations of the NotPetya malware has not been wiped out totally as a few experts assert that the malware still has the potential to emerge as sessions in various parts of the world or even reoccur taking a much bigger frame.
Since the ransomware is digging in for the long haul the admonition pretty much continues as before for the users i.e. not to click on some obscure connections, use of solid and one of a kind passwords, at the same time staying up with the latest reinforcement which requires keeping an up-to-date backup.

Read more »
Subscribe to: Posts (Atom)