Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyberthreats. Show all posts
Security
8Base Cyber Attacks CyberCrime Cyberscoop Cybersecurity CyberThreat Cyberthreats Data Breaches Security

UN Agency Faces Data Crisis: Ransomware Hack Exposes Extensive Data Theft

 


It is reported that the United Nations Development Programme (UNDP) is investigating a cyberattack involving human resources information stolen from its IT systems due to a breach. To eradicate poverty, fight inequality, and eliminate exclusion from society, UNDP, the UN's global development network, works in more than 170 countries and territories.

Donations are received from UN member states, private companies, and multilateral organizations. According to a statement released by the organisation published Tuesday, there was a hack in the local IT infrastructure at UN City, Copenhagen, in late March. In a statement released by the UNDP on Tuesday, the organization said that a “data extortion actor” had stolen human resources and procurement information in UN City, Copenhagen and that the IT infrastructure was targeted.

In the statement, it was not disclosed what kind of data had been stolen from the organization that is the lead agency on international development for the UN. According to notifications shared with affected parties and viewed by CyberScoop, hackers were able to access several servers and steal data that was significant in scope. 

CyberScoop was informed that the notification information included in its notification may include data about former and current employees' family members, as well as information about contractors, including dates of birth, social security numbers, bank account information, passport details, and information about their bank accounts, bank accounts, and passports. 

A UNDP entry on the 8Base ransomware gang's dark web data leak website has been added to its dark web data leak website since March 27, but the UN agency has yet to identify a specific threat group responsible for the attack. In their assertions, the attackers claim their operators were able to exfiltrate large amounts of sensitive information through the documents they were able to acquire during the breach. 

They allegedly leaked a large amount of confidential information via a now-extinct link, including personal information, accounting data, certificates, employment contracts, confidentiality agreements, invoices, receipts, and much more, according to the reports. They emerged in March 2022, and they spiked their activity in June 2023 after they began attacking companies across a greater range of industry verticals and switched to double extortion to increase their revenue. 

Data leaks were a major issue for the extortion group in May of 2023 when they claimed to be "honest and simple" pen testers that targeted "companies that neglected employees' and customers' privacy and the importance of their data." There have been over 350 victims listed on the site of this ransomware group so far, with some days announcing up to six victims at the same time. 

In 8Base, a custom version of Phobos ransomware has been used, a malicious program that emerged in 2019 and has many code similarities to the Dharma ransomware family. Additionally, in January 2021, the United Nations Environmental Programme (UNEP) announced that over 100,000 employee records containing personally identifiable information (PII) were made available online after a data breach. 

In July 2019, there was also a breach of UN networks in Geneva and Vienna, where a Sharepoint vulnerability allowed access to personnel records, health insurance data, and commercial contract data in an event, that a UN official described as a "major meltdown."
Read more »
Threat Researchers
Cheat cryptocurrency Cyberattacks CyberCrime Cyberthreats GitHub Info-stealing JIT malware McAfee Passwords Threat Researchers

Information Stealer Malware Preys on Gamers via Deceptive Cheat Code Baits

 


There is a new info-stealing malware that appears as a cheat on a game called Cheat Lab, and it promises downloaders that if they convince their friends to download it too, they will receive a free copy. It is possible to harvest sensitive information from infected computers by using Redline malware, including passwords, cookies, autofill information, and cryptocurrency wallet information, which is one of the most powerful information-stealing malware programs. 

As a result of the malware's popularity among cybercriminals and its widespread distribution channels, it has become widespread. According to McAfee threat researchers, the new malware leverages Lua bytecode to evade detection. This makes it possible to inject malicious code into legitimate processes for stealth, while also benefiting from Just-In-Time compilations (JIT). 

Using a command and control server associated with the malware, the researchers link this variant to Redline, which has been linked to the malware for a long time. The tests BleepingComputer conducted revealed that the malware does not exhibit the typical behaviour associated with Redline, such as stealing browser information, saving passwords, and stealing cookies. 

Through a URL linked to Microsoft's 'vcpkg' GitHub repository, the malicious Redline payloads resemble demonstrations of cheating tools named "Cheat Lab" and "Cheater Pro". When the malware is executed, it unpacks two files, compiler.exe and lua51.dll, once the MSI installer is installed.  The malicious Lua bytecode is also dropped in a file called 'readme.txt'. 

The campaign uses an interesting lure to spread the malware even further by telling victims that if they convince their friends to install the cheating program, they will receive a free, fully licensed copy of the cheating program. As an added layer of legitimacy, the malware payload is distributed in the form of an uncompiled bytecode rather than an executable to avoid detection. 

To make sure that the malware is not detected, it comes in the form of an activation key included. Upon installation of the compiler.exe program, Lua bytecode is compiled and executed by it, and it also creates scheduled tasks that execute during system startup when the program is installed. The same executable also sets up persistence by creating scheduled tasks. 

McAfee reports that a fallback mechanism is used by the malware to persist the three files, copying them to a long random path under the program directory that the malware is active on the infected system, it will communicate with a C2 server and send screenshots and system information to the server, then wait for commands to be executed by the server on the host system. 

Even though it is unknown exactly how information thieves first infect computers, they are typically spread through malvertising, YouTube video descriptions, P2P downloads, and deceptive software download sites that can lead to infection. The Redline virus is a highly dangerous one, which is why users are urged not to use unsigned executables or download files from unreliable websites. 

As a result of this atta seemingly trustworthy programs, such as those found on Microsoft's GitHub, are at risk of infection by the Even though BleepingComputer contacted Microsoft about the executables that were distributed via its GitHub URLs, the company had not respond to the publication date.
Read more »
Ukrainian Hackers
Cyber Attacks Cyber Warriors CyberCrime Cybersecurity Cyberthreats Data Center Internet Services Russian Military Telecom Ukrainian Hackers

Under Siege: Ukrainian Cyber Warriors Erase Vital Russian Military Data Center

 


On April 8 of this year, sources in the Ukrainian Security Service of Ukraine (SBU) told the Kyiv Independent that Ukrainian hackers, possibly linked to the SBU, destroyed a data centre used by Russian military, energy, and telecommunications companies. In a recent attack, Ukrainian hackers connected to the SSU cyber department destroyed a data centre belonging to a Russian industrial giant. 

They included Gazprom, Lukoil, Telecom and some of the leading military companies in the country. Sources have stated that more than 10,000 entities involved in the Russian military industry have stored their data in OwenCloud.ru cloud services, which the hackers targeted. 

A number of these companies, including Ural Works of Civil Aviation, Rubin, Ural Plant Spectechniks, Gazprom, Transgaz, Lukoil, Rosneft, Nornickel, Rostelecom, or MegaFon, reportedly make up this group: the oil and gas industry, the metallurgical and aerospace industry, as well as major telecommunication giants. 

A source stated that over 300 TB of data were taken out of circulation on 400 virtual and 42 physical servers. This operation involved the Ukrainian hacking group BLACKJACK and the cyber division of the Ukrainian Security Service. In addition to internal documents and backups, these servers had software used to manage production processes remotely, according to a source. 

The OwenCloud.ru website, at the moment of publication, displays what is alleged to be a message left by a group called Blackjack, stating that the centre's "information technology infrastructure has been destroyed." The Ukrinform news service reports nearly 4,500 cyberattacks on Ukraine are carried out by Russian hackers every year. Kyivstar was attacked by a powerful hacker on December 12, 2023, which caused the company to experience a technical breakdown.

Communication and internet services stopped working. It is estimated that around 16,000 Russian companies are affected by the strike, such as Lukoil, Rosneft, The Ural Works of Civil Aviation (which is part of the Roselectronika holding), Ural Special Equipment Plant, Gazprom, Transgaz, Norilsk Nickel, Rostelecom, Telecom, and Megafon. As a result, the source asserted that OwenCloud.ru is hosting over 10,000 legal entities, including the military-industrial sector, oil and gas industry, metallurgical and aerospace companies, and telecommunication giants. 

It was reported that the hack affected various organizations, such as companies in the oil and gas and telecommunications sectors and the country's military. In the Kyiv Independent report, there was a list of victims that included Ural Works of Civil Aviation, Rubin, Ural Plant Spectechniks, Gazprom, Transgaz, Lukoil, Rosneft, Nornickel, Rostelecom, and MegaFon, among others. 

The source of NV's report revealed on March 18 that Ukrainian hackers were able to access correspondence between Russian CEC member Nikolai Levichev and Boris Nadezhdin, a candidate in the so-called presidential election. As a result of being denied registration as a presidential candidate, Nadezhdin actively contacted representatives of the Russian Central Election Commission and resolved personal and political issues, including addressing the refusal of the Russian Central Election Commission. 

According to the hacker group, this suggests that a "fake presidential candidate" is at play. Ukrainian hackers are known for regularly stealing information about Russian websites, payment systems, and state-owned companies. Thousands of Russian organizations were accessed by Ukrainian hackers in January, and 200 gigabytes of data was obtained. 

A Russian state-owned company that builds military facilities across the entire Russian territory has also been crashed by the BLACKJACK hacker group. They have also stolen documentation for 500 military facilities maintained by the Russian Ministry of Defense. On the servers of the Russian Ministry of Defense, a DDoS attack was launched by hackers from the Defense Intelligence Department.
Read more »
Vulnerabilities and Exploits
Cyber Breach Cyberattacks CyberCrime Cybersecurity Cyberthreats Security Breach Software update UAE Vulnerabilities and Exploits

Security Advisory: Protecting Mobile Devices for UAE Residents

 


In a security update released by Microsoft on Thursday, 61 high-risk vulnerabilities, including critical ones, were addressed. The cyber threat actor may be able to exploit some of these vulnerabilities to gain control of a computer that has been affected. To prevent the breach or leak of information or personal data, UAE Cyber Security Wednesday advised users to implement Microsoft updates. 

The UAE authorities have emphasized the importance of heightened awareness of the vulnerability of their devices and the need for proactive measures to combat it. As the digital world is increasing, it has become increasingly important to secure users' mobile devices to ensure that they are protected against potential risks.

By taking proactive steps, residents can mitigate these threats and protect their data. The Cyber Security Council has provided a real-life example to educate residents regarding the dangers posed by online disrupters. A report issued by the UAE Cyber Security Council and CPX Holding jointly published in 2024 on UAE's cybersecurity highlights a worrying reality. 

There are currently 155,000 cyber assets in the UAE that are vulnerable, with over 40 per cent of them over the age of five. In light of the escalating cyber threats, including sophisticated attacks such as ransomware, the need for advanced cybersecurity measures is urgent, particularly now that the nation has faced an increase in cyberattacks. 

In general, software updates are not thought to be solely relevant to smartphones. However, they play an important role in ensuring security across all types of devices and applications - computers, tablets, smart appliances and even wearables - as well as ensuring security and protecting the user's data. It is imperative to keep devices up to date to ensure security and safeguard them, particularly when they are intertwined with a variety of aspects of life for users.

Users who prefer to update their devices and apps via Wi-Fi might want to set a reminder for when they need to update their apps so they don't have to consume their data plan while doing so. Tips for making updating software a more secure decision: 

To ensure that the data is protected, it is important to periodically update your device's operating system and applications. Ensure that you are up-to-date on software updates from the appropriate source to avoid cyber attacks. Back up important files to prevent losing updates. Ensure that automatic updates are enabled on the device so that manual intervention is minimized. It is important to consider updates for all devices, including smartphones, laptops, wearables, and tablets, when updating software and apps.
Read more »
Policy
Cyber Crime Cyber Safety Cyberattacks Cybersecurity Cyberthreats Data Safety Europol Policy

Cracking Down on Crime: Europol Shares Data on Europe's Top Threats

 


There has been a considerable increase in serious organized crime over the past few years, and it continues to pose a significant threat to the EU's internal security. The most threatening criminal networks operating in and affecting the EU need to be clearly understood by law enforcement and policymakers if they are to effectively prioritise resources and guide policy action. 

Certain traits make successful companies agile and resilient, able to anticipate trends and pivot to new environments rapidly while maintaining their operations at the same time. Europol released a report on Friday that indicated that the most threatening criminal networks across the EU are also equipped with these skills. 

Europol has presented a report today (April 5) detailing the state of crime in Europe, highlighting 821 criminal networks that exist within the EU territory, flagged as the most dangerous criminal networks within the EU. Making the invisible visible so that we can know, fight, and defeat it. To produce the report, we consulted with law enforcement agencies from 27 of the member countries, as well as 17 other states, who provided information and participation. 

As Europol pointed out, some key characteristics distinguish the 821 most threatening criminal networks: they are agile as they can adopt business processes in a short time, which is characteristic of economies of scale, overcoming challenges that law enforcement agents may face as well. 

Despite their activities remaining concentrated in a single country, criminal networks are borderless: they can operate within EU and non-EU countries without any significant difficulty. Controlling: They can perform excellent surveillance over everything within the organization, and they generally specialize in a specific criminal activity. In addition to corrupt activities, the 821 networks also engage in significant damage to internal security due to corruption. 

As a result of Europol's report on terrorism, 50 per cent of the most dangerous criminal networks are involved in drug trafficking. For 36 per cent of those networks, drug trafficking is their sole business. A total of 15 percent of the organizations deal with fraud exclusively while the remaining 6 percent deal with human trafficking. 

Regarding drugs, aside from heroin, cannabis, and cocaine, there is also the concern that there is the arrival of new substances on the European market such as Fentanyl, which has already caused thousands of deaths in the United States and has already reached a critical point. Recent months have seen massive shipments of drugs hidden in bananas that have been shipped throughout Europe. 

A shipment of bananas in the British Isles contained a shipment of more than 12,500 pounds of cocaine, which was found in February, breaking the record of the most drugs seized in a single seizure in British history. In August of last year, customs agents in the Netherlands discovered that 17,600 pounds of cocaine had been hidden inside banana crates inside Rotterdam's port. 

In the Italian port of Gioia Tauro, a police dog sniffed out 3 tons of cocaine hidden in a case of bananas three months earlier. As part of the top ten criminal groups identified, nine of them specialize in cyber crimes and are actively operating in France, Germany, Switzerland and the U.S. These organizations, mainly run by Russians and Ukrainians, are active in France, Germany, Switzerland and the U.S. 

They have up to 100 members, but have a core of criminals who are responsible for distributing ransomware to affiliates so that they can conduct cyber attacks. A core group of individuals are responsible for managing the negotiation and payment of ransoms, often in cryptocurrency, and usually pay affiliates 80% of their fee for carrying out an attack. 

As a result of their involvement in fraud schemes and providing cyber services and technology solutions, service providers provide crucial support to criminal networks. The methods used in these campaigns include mass mailings and phishing campaigns, creating fake websites, creating fake advertisements and creating social media accounts. 

According to Europol, the firm has also been supporting online fraud schemes and advising on the movements of cryptocurrencies online. Law enforcement personnel sometimes use countermeasures, such as encrypted telephones to avoid detection by criminal networks, to avoid being detected by them. The other group of people avoid the use of electronic devices in all forms of communication and meet in person instead to avoid leaving any digital footprint on their activities.  

A report released by the European Commission stated that drug trafficking continues to stand out as the most significant activity in the EU countries and is witnessing record seizures of cocaine in Europe, as well as an increase in violent crimes linked to drugs, such as in Belgium and France.  

Half of the most dangerous networks in the criminal world are involved in drug trafficking in some form or another, whether on their own or as part of their overall portfolio. According to the report, more than 70% of networks engage in corruption “to facilitate criminal activity or obstruct law enforcement or judicial processes. 68% of networks use violence as an inherent element of their approach to conduct business,” which is consistent with their criminal or nefarious activities.

It has been reported that gang violence has been rife in Antwerp for decades as the city serves as the main entry point for Latin American cocaine cartels into the European continent. Federal authorities say that drug trafficking is rapidly affecting society as a result of an increase in drug use throughout the whole country. 

In Ylva Johansson, EU Commissioner for Home Affairs, the threat of organised crime is one of the biggest threats facing the society of today, a threat which threatens it with corruption and extreme violence. During a press conference, Europol explained the data it collected would be shared with law enforcement agencies in countries of the EU, which should help better target criminals.
Read more »
WordPress
Cyberattacks Cybersecurity Cyberthreats LayerSlider Plugin Vulnerabilities and Exploits WordPress

LayerSlider Plugin Imperils 1 Million WordPress Sites, Urgent Fixes Mandated!

 


The LayerSlider WordPress slider plugin has been installed by more than one million people and offers a full package of features for editing web content, creating digital visual effects, and designing graphic content in a single application. 

Considering that WordPress is the most popular website builder in the world, as well as used by roughly half of all websites on the planet, it makes it an ideal target for cybercriminals all over the world. Despite that, hackers have turned their attention and focus to third-party themes and plugins, which are seldom as secure as the platform itself, because most people consider this platform to be relatively secure. 

In addition, Defiant’s Wordfence team stated that unauthenticated attackers can append SQL queries to existing queries to extract information such as password hashes due to the lack of sufficient escape of the parameter supplied by the user, as well as the lack of sufficient preparation of the existing SQL query. 

There is a vulnerability of over 1 million WordPress sites attributed to a premium plugin referred to as LayerSlider, requiring administrators to prioritize applying security updates to that plugin. In addition to being a visual web content editor, LayerSlider also offers graphic design software, as well as digital visual effects that enable users to create animations and rich content for their websites. It is noted by its website that there are millions of people using it globally. 

During the week of March 25, 2024, a researcher named AmrAwad found a critical vulnerability (CVSS score: 9.8) affecting WordPress security firm Wordfence through their bug bounty program. He received $5,500 for his responsible reporting. AmrAwad was recognized for his responsible reporting. 

If an attacker has access to sensitive data from the site's database, such as password hashes, from versions 7.9.11 through 7.10.0 of the plugin, the website could be put at risk of a complete takeover or data breach in the future. In LayerSlider, SQL injection is possible as well as the function that queries slider pop-up markups is done by the “ls_get_popup_markup” function. 

If the “id” parameter of this function is not a number, it is not sanitized before it is passed to “find”. Moreover, even though the plugin escapes $args values with the “esc_sql” function, the “where” key is not included in this function, so attacker-controlled inputs within “where” can be used to query the victim's database by the attacker-controlled inputs. 

 By manipulating “id” and “where”, an attacker can craft a request in such a way that sensitive data from the database, such as password hashes, can be extracted by manipulating those variables. As the structure of possible queries limits the attack to a time-based blind SQL injection, attackers must observe the database's response times to determine the data from the database. There are several ways in which threat actors can enter WordPress sites through vulnerable WordPress plugins to steal data or compromise a website. 

It has been shown that, in January, more than 6,700 WordPress sites were exploited by Balada Injector malware triggered by a cross-site scripting flaw in the Popup Builder plugin logged under CVE-2023-6000. In addition to the thousands of sites that were exposed to the TagDiv Composer plugin flaw tracked as CVE-2023-3169 in October, Balada Injector was installed on over 9,000 sites. In the past six years, over a million WordPress sites have been compromised by the Balada Injector campaign. 

According to Sucuri, the Balada Injector has been responsible for more than a million WordPress sites that have been compromised in this campaign. It is important to note that CVE-2024-2879 still allows malicious actors to access sensitive user information and password hashes from a compromised website's database, despite this limitation. Malicious actors can do this without having any authentication on the website. 

There is a further complication because the queries are not prepared using WordPress' '$wpdb->prepare()' function, which ensures that usernames and passwords are sanitized before a query is sent to the database. This prevents SQL injection because the input is therefore sanitized before it is submitted to the database. It was quickly acknowledged by the Kreatura Team of the plugin's creators that the plugin had been prone to the flaw and it was immediately addressed. 

It has been less than 48 hours since the developers contacted me about the release of a security update. There are critical vulnerabilities in LayerSlider, which are addressed in version 7.10.1, but it is strongly recommended that all users upgrade to version 7.10.1. A WordPress site admin should in general make sure that all their plugins are up-to-date, remove any plugins that are not required, use strong passwords for their accounts, and deactivate any dormant accounts that could be hacked. 

In the world of WordPress, there are thousands of themes and plugins available, each of which builds upon the WordPress experience for the user and makes it better. Some of these are free programs, but the commercial ones tend to have a dedicated team who work on improving them as well as maintaining the security of the program. This happens mainly because hackers choose to target free-to-use themes and plugins.

Many of these are used by millions of people today, but their developers have abandoned them and they are prone to vulnerabilities that have never been addressed (or rarely) by the developers. A safe and secure installation process involves administrators installing themes and plugins that they intend to use, and ensuring that they are always updated to the most recent version of those themes and plugins.
Read more »
Social Media
Cyber Criminal Cyberattacks CyberCrime Cybersecurity Cyberthreats Instagram Mobile Security Passwords Social Media

Heightened Hacking Activity Prompts Social Media Security Warning

 


Having social media software for managing users' privacy settings, and security settings, and keeping track of recent news and marketing opportunities can provide a great way to keep in touch with family, and friends, and stay updated on recent news. However, it is important to abide by these settings to keep information safe. 

When social media is used improperly, it can introduce several risks to a person's personal information, as online criminals are devising new and in-depth methods for exploiting vulnerabilities more frequently than ever before. There are many things users need to know about keeping their Facebook, X and Instagram accounts secure - from finding out how accounts are hacked, to recovering accounts. 

When fraudsters gain access to the details of the users' accounts, they can take advantage of their contacts, sell their information on the dark web, and steal the identity of the users. According to reports by Action Fraud, some victims of email and social media hacking have been forced into extortion by criminals who have stolen their private photos and videos and used them to extort them. 9 out of 10 of the people who participated in the survey (89%) stated that they knew or were aware of people whose profiles had been compromised, and 28% said they knew at least five to ten people who had been hacked. 

The survey found that 15 per cent of the respondents knew someone who was hacked on social media more than ten times. With 76% of respondents indicating they have increased concerns within the last year compared to the previous year, it appears that the fears are growing. What scammers do to hack accounts Online users' accounts can be accessed in a variety of ways by fraudsters to gain access to their money. 

The hacked account user may be wondering how they managed to gain access to one of their accounts if they discover that one of theirs has been hacked. There are times when hackers gain access to a system which carries highly confidential data about a person and causes the system to be breached. This information is then used by fraudsters to gain access to accounts that have been compromised. 

Phishing attacks are designed to entice users into divulging their details by impersonating legitimate companies and containing links that lead them to malicious websites that can harvest their data. As a result, users may end up downloading malicious code to the devices they use to steal their information once they enter the information on the website. 

A chain hack which takes place on a social media platform involves a fraudster posting links to dubious websites in the comment section of a post. After the victim clicks on the link, the fraudster will then ask them to enter their social media account details. This will allow the fraudster access to the victim's account information. It has been reported that fraudsters are known to send messages to victims impersonating one of their contacts in an attempt to get them to share their two-factor authentication code with them. 

Hackers who use credentials they have previously been successful in obtaining access to other accounts belonging to a particular person are known as credential stuffers. When a scammer watches a user log into an account while an account is being used, they are shoulder surfing the user. It is possible to download a malicious app to the users' phones, which will, in turn, install malware onto their devices, enabling the fraudster to steal the username and password for their account and use it to steal users' money. 

When users' accounts have been hacked, take precautions to avoid recovery scammers contacting them on social media and saying they can retrieve their accounts for them if only they would follow their instructions. This is just another scam that they cannot fall victim to, and they would not be able to do this. 

Find out who to contact to get help with a hacked account by going to the help page of the account provider. All devices must be logged out of the users' accounts as well as their passwords must be changed on all devices. Please examine to ascertain the presence of any newly instituted protocols or configurations within users' email accounts, which may have been established without their explicit authorization. 

These modifications could potentially dictate the redirection of emails about their accounts. It is incumbent upon users to promptly notify their contacts of a potential security breach and advise them to exercise caution, as any received messages may not be legitimately sent by them.
Read more »
Security
Cyberattacks CyberCrime Cybersecurity Cyberthreats Data Breach data security ID IntelBroker Pandabuy Passcodes Security

1.3 Million Customers Affected: Pandabuy Grapples with Data Breach Fallout

 


A data breach allegedly occurred on Sunday at Pandabuy, an online store that aggregates items from Chinese e-commerce sites. As a result, 1,348,307 accounts were affected. A large amount of information has been leaked, including user IDs, first and last names, phone numbers, emails, login IP addresses, full addresses, and order information. 

Sanggiero and IntelBroker both exploited multiple vulnerabilities to breach the company's systems, allegedly leading to the leakage of the company's data. People throughout the world can use Pandabuy’s marketplace to access products from Chinese online marketplaces, such as JD.com, Tmall, and Taobao. 

Approximately 1.3 million PandaBuy customers' data has been accessed after two threat actors exploited multiple vulnerabilities to gain access to PandaBuy's system, according to PandaBuy's website. In addition to allowing international customers to purchase goods from a variety of Chinese e-commerce platforms, including Tmall, Taobao, and JD.com, PandaBuy is offering international users to purchase products from different e-commerce platforms. 

There was a breach at PandaBuy yesterday claimed by an individual known as 'Sanggiero', allegedly performed by 'IntelBoker' in conjunction with the threat actor 'Sanggiero'. The breach, according to Sanggiero, was possible as a result of exploiting critical API vulnerabilities, which allowed unauthorized access to internal platform services.

It has been found that over 3 million unique user IDs are now available on underground forums. These data include personal information such as names, phone numbers, e-mail addresses, and even more. For interested parties to obtain this information, they will need to pay a nominal fee in cryptocurrency, further aggravated by the breach itself. 

PandaBuy has reported that 1,348,407 PandaBuy accounts are being compromised, according to data breach aggregation service Have I Been Pwned (HIBP), which confirmed the breach. Furthermore, Sanggiero has provided a sample of leaked data containing email addresses, customer names, transaction information, and order details as well as a sample of the leaked data to verify the authenticity of it. 

A password reset request that Troy Hunt, the creator of HIBP, submitted by PandaBuy users confirmed the breach, confirming that at least 1.3 million email addresses were indeed linked to PandaBuy accounts. In any case, the initial claim of three million entries made by the threat actors appears inflated, with some entries being manufactured or duplicates. 

There are several forums where PandaBuy shoppers' information was leaked, and any registered members can obtain it by paying a symbolic payment of cryptocurrency in exchange for the data. The PandaBuy company has not yet acknowledged an incident of this nature, but one of its administrators on the firm's Discord channel pointed out that the incident was a result of old information, which was already dealt with. 

As a precautionary measure, PandaBuy users have been urged to reset their passwords immediately and to be vigilant against scam attempts. Consequently, PandaBuy customers are facing a significant security threat since their customer data was leaked on underground forums. During the test period, threat actors provided a sample dataset containing email addresses, customer names, order details, and payment information as a means of verifying the authenticity of the breach. 

Troy Hunt's validation of the leaked email addresses further corroborated the breach's legitimacy, emphasizing the urgency of corrective action required for it. The PandaBuy users who have been affected by the breach should act immediately to mitigate the risks. Resetting their passwords will help protect their accounts from unauthorized access in the future. 

It is also important to be vigilant against potential scams and to be very sceptical when receiving unsolicited communications. In addition to timely notifications, Have I Been Pwned integrations with data breach aggregation services ensure users can take proactive measures to protect their online security when data exposure occurs? It is essential that companies, particularly those that handle large amounts of consumer data, prioritize the security of their platforms to prevent such incidents. 

Consumers should remain vigilant and adopt best practices in terms of digital security to keep themselves safe, including strong, unique passwords, and be wary of phishing attempts that may try to steal personal information.
Read more »
Data Safety
Cyberattacks CyberCrime Cybersecurity Cyberthreats Data Breach Data Safety

AT&T Data Breach Reveals 73 Million Users' Info on Hacker Forum

 


A telecommunications company, AT&T Inc., has confirmed that data that has recently been found to be on the dark web relating to 73 million of its past and present customers may have come from 2019 or earlier. Originally, the data was being for sale on the now defunct Raid Forums hacking forum in 2021 with the name Social Security numbers and dates of birth and was rumoured to have been for sale for that long. 

Following a breach by a seller earlier this month, the same data appeared in an online search earlier this month. The information may have included AT&T account numbers, full names, email addresses, mailing addresses, telephone numbers, Social Security numbers, dates of birth, and passcodes. Aside from passcodes and Social Security numbers, AT&T also reported that the hacked data may have included email addresses, mailing addresses, phone numbers, and birth dates in addition to passcodes and Social Security numbers, AT&T said. 

A hacker forum reported the breach nearly two weeks ago. It is unknown if the leak is related to a similar breach in 2021 that was widely reported but AT&T did not acknowledge. Before the leak, the telecom giant denied that the data in question came from its systems, and disputed whether it contained accurate customer data. 

As of now, the “recycled” data includes 49 million email addresses and 44 million Social Security numbers, which were acquired from a third party. This is a repeat leak of customer data from the alleged 2021 hack that AT&T has consistently denied took place, and it was published on the popular hacker marketplace BreachForums on March 17th. 

When Recorded Future News was contacted about the dark web posting two weeks ago, a representative stated that AT&T did not have any evidence that AT&T's systems were ever compromised at the time, but that the company had "no indication" that they had been.  There was an indication by the spokesperson that the data set was similar to a set of data offered for sale in 2021 by the hacker group ShinyHunters, which amounted to 73 million AT&T customers. 

The attack was reported to have occurred in 2021 when a threat actor called Shiny Hunters was allegedly selling the stolen data of 73 million AT&T customers, including names, addresses, telephone numbers, social security numbers, and birth dates for many customers. AT&T denied at the time that they had suffered a breach or that the data was theirs. 

It has been discovered that a massive dataset was leaked on a hacking forum by another threat actor, claiming that it is the same data that Shiny Hunters claimed to have stolen. This incident revealed the same sensitive information that ShinyHunters claimed to have stolen, but not all customers' social security numbers or birth dates were exposed as a result. According to security researchers, ShinyHunters is a notorious hacker gang that is known for its high-profile data breaches, including that of 40 million T-Mobile users, just weeks before the AT&T claim, identified in 2020. 

It was found by security researchers that the gang were trying to sell user data stolen from both carriers on the dark markets within days of each other. ShinyHunters, who have been rumoured since then to have taken over the admin duties at BreachForums since the FBI raided the site last March, have been rumoured to have taken over the administrative duties at BreachForums since then. 

Even though AT&T has denied a breach and claims that the data was their own, they are still refusing to admit that such a breach occurred. It has been revealed that some AT&T and DirectTV customers have used Gmail or Yahoo's disposable email feature to create their own DirectTV or AT&T-specific email addresses and they use them only when they sign up for their service. It was confirmed that these email addresses had not been used on any other platform, suggesting that the data must have been generated by AT&T or DirectTV. 

According to AT&T's statement and a new page devoted to keeping AT&T accounts secure, more information about the breach will be shared with the public in the form of a published statement. As a result of analyzing the data, many reports have determined that it contains the same sensitive information that ShinyHunters claims to have stolen. The AT&T company denied, once again, that the breach occurred and that the data had originated from them. There are, however, not all of the customers whose social security numbers or birthdates have been exposed. 

According to BleepingComputer's interviews with more than 50 AT&T and DirectTV customers who have been interviewed since the data was leaked, the data has been leaked in the form of only AT&T account information, and this information has been accessed for AT&T accounts only. According to cybersecurity expert Troy Hunt, if affected customers are not notified promptly, there is a possibility of class action lawsuits resulting from the breach. 

There are approximately 290 million people within the reach of AT&T's wireless 5G network in the United States, putting it among the country's largest providers of mobile and internet services. AT&T previously came under scrutiny due to security lapses, but this is hardly the first time they have been under scrutiny. There was an incident at the end of last year when the company faced a widespread outage attributed to a coding error that caused the company's mobile phone service to go down. 

The incident has been attributed to vulnerabilities within AT&T's infrastructure, though AT&T has claimed that there was not a malicious attack behind it. It was first revealed in 2019 that AT&T employees had been bribed to set up an unauthorized WLAN (wireless access point) inside the infrastructure of the company by the company's executives.
Read more »
Smart Drivers
Cars Cyberattacks CyberCrime Cybersecurity Cyberthreats Data Issuers Ford Motor Privacy Smart Drivers

Premiums Affected as Internet-Connected Cars Share Data with Insurers

 


All kinds of popular features, such as in-car apps, remote functions, and even Wi-Fi hot spots, are available on most new vehicles that offer internet services. In addition to being a goldmine of data for automakers, these "connected" cars can also serve as a goldmine for insurance companies as well. An article published in the New York Times this week discussed the extent to which tracking driver information can affect insurance rates, as well as how it may affect driver insurance rates. 

The insurance industry has in recent years provided incentives to consumers who install dongles in their cars or download smartphone apps that allow them to monitor a variety of things, including how much they drive, how fast they turn corners, how hard they hit the brakes, and whether or not they speed when driving. 

A patent application by Ford Motor describes how “drivers are traditionally reluctant to participate in such programs,” but instead, car companies are collecting information directly from internet-connected vehicles for use by insurance companies. This is the opposite of what's happening now. As far as tracking users' driving data regarding car insurance adjustments is concerned, it is not a new concept at all. 

If users prove that they are good drivers, they can often reduce their insurance premiums, normally by letting their insurance company track users' vehicle data such as trips taken, speeds, distance driven, etc. This is a way that the insurer will be able to lower users' premiums. Certainly, there is a significant difference between tracking of that type and what is emerging about the Smart Driver from General Motors. 

There are a lot of direct insurer tracking programs that help consumers save money on their bills, but Smart Driver is not a user's typical tracking program, most of its users are not knowingly entering into such an agreement seeking savings; in Smart Driver's case, as well as the way data is transmitted to insurers, the consent is not nearly as clear as it might seem. GM's "connected" services, OnStar Smart Driver, are known to share driver data with other auto manufacturers. 

According to Car and Driver, it was not surprising that other automakers also had a similar data-sharing program. The idea is fine when automakers effectively notify consumers that their data will be tracked and shared with others. A usage-based insurance policy entails that the insurance company monitors the behaviour of the driver to determine the best policy. 

There is a problem with the growing number of internet-connected vehicles that share the personal information of their drivers without these drivers even being aware that they have consented to this practice. Kenn Dahl says he has always been able to drive safely because he was careful as a child. In addition to driving a leased Chevrolet Bolt, he owns a software company near Seattle and owns one of its employees. Neither he nor anyone else in his family has a history of causing accidents. 

The cost of his auto insurance shot up by 21% in 2022, and Mr Dahl, 65, was shocked when he received a bill for a hike of such proportion. It was also not uncommon to receive high insurance quotes from other insurers as well. The insurer told him it was the LexisNexis report that he had on file that was a contributory factor.

It is important to understand that LexisNexis is a global data broker with a stake in the insurance and auto insurance industries and is known for keeping tabs on traffic accidents and speeding tickets in the automobile industry. LexisNexis sent Mr. Dahl his 258-page "consumer disclosure report" at his request as per the Fair Credit Reporting Act, which it is required to provide to customers under the law. 

Typically, someone will agree to the terms of service when they install or update an app on their smartphone, but they need to read the fine print before accepting these terms before installing or updating the app on their smartphone. Even though consumers are advised to carefully read contracts before agreeing to them, there is also a powerful argument that corporations must be transparent as to how and when their personal information is going to be shared with others.

This is why the California Privacy Protection Agency (CPPA) has enlisted the help of its Enforcement Division to investigate how and to what extent automobiles equipped with features such as location sharing, smartphone integration, web-based entertainment, and cameras could collect and share consumer data with others, according to a report from Reuters. 

The apprehension echoed by the US Department of Commerce regarding the prospective national security threats posed by Chinese electric vehicles (EVs) finds a parallel in the contemporary discourse surrounding the management of data about driving behaviour in "connected" automobiles.

Individuals keen on understanding the handling of such data by their vehicles are advised to diligently examine the privacy policies associated with any car applications they utilize. Additionally, consumers may avail themselves of consumer disclosure reports provided by LexisNexis, as mandated by the Fair Credit Reporting Act overseen by the Federal Trade Commission.
Read more »
Web AI
Artificial Intelligence Cyberattacks CyberCrime Cyberthreats Innovative Web Proxy Networks Skyvern Technology Web AI

Innovative Web Automation Solutions Unveiled by Skyvern AI

 


People can use Skyvern as more than just an automation tool; it's a comprehensive solution that utilizes cutting-edge technologies such as large language models, computer vision, and proxy networks to streamline their online activities by leveraging cutting-edge technologies. Skyvern reduces human error by automating web browser interactions, which allows users to concentrate more on the more crucial aspects of their business rather than on the most common errors. 

For Skyvern to function effectively, it must be able to interact with web pages similarly to the way a person would. A computer program that uses artificial intelligence Navigates websites, fills out forms, clicks buttons, and extracts data, all the while adapting to changes in the layout or content of the website. 

Feature and Benefit Highlights 


With Skyvern's Debugging and Transparency features, users are provided a visual step-by-step guide that helps them identify and address any issues that may occur during the automation process. Smart AI decision-making processes are transparent and reduce the chances of human error. 

It is possible to target specific geographical locations in Skyvern's architecture when using proxy networks. This makes it ideal when working with geo-based data or when tailoring user automation to certain markets, as Skyvern includes support for proxy networks. 

Skyvern can handle CAPTCHAs, two-factor authentication, and other complicated web interactions to guarantee that their automated workflows will run smoothly without interruption. In addition to efficient data extraction, Skyvern offers several user-friendly formats for retrieving information from the web such as CSV or JSON, allowing the data to be easily handled. 

Intuitive APIs make it easy for the tool to be integrated with your existing systems, allowing users to automate their workflows. Skyvern makes it possible for businesses to streamline procurement processes, navigate government websites, and collect insurance quotes, making it ideal for various applications such as streamlining procurement processes and navigating government websites. 

A Real-World Application 


One of the most effective ways for businesses to automate procurement processes is to use Skyvern, which allows businesses to navigate supplier websites, obtain relevant data, and populate internal systems, thus reducing the need to navigate supplier websites and saving businesses both time and manual effort. 

Getting around a government website can be a challenging process and can take a considerable amount of time. By automating the filling out of forms, obtaining the data, and retrieving the documents, Skyvern makes it easy for businesses and the government to interact with each other, to improve the quality of business and government interactions. 

Retrieval of insurance quotes: Skyvern can bring together insurance quotes from multiple providers and get them in multiple languages with ease, even if there are different languages spoken by the providers. In this way, businesses can inspect several options and make an informed decision without having to manually navigate between the various websites of the different providers. 

The Skyvern User Guide The setup process of Skyvern is quite easy due to the available quick-start tutorial that provides users with all the steps they need to take. For a fuller experience of Skyvern, watch out for the cloud version, currently in private beta. The digital landscape of today is fast-paced, and businesses need every advantage they can get so they can stay ahead of their competition.

Using artificial intelligence, Skyvern can automate web-based tasks in a smart, efficient, and reliable way. It's Skyvern's goal to simplify businesses' online workflows, reduce human error, and free up valuable time for more important tasks by leveraging advanced technologies and an intuitive interface. 

It's time to get rid of repetitive online tasks for good! With Skyvern, users will have access to the power of artificial intelligence-driven automation to revolutionize their web-based workflows. Skyvern's team will be right by users' side, helping them to focus on the things that are most important to them, such as growing their business and achieving their goals.
Read more »
Ransomware
Black Basta Ransomware Cyberattacks CyberCrime Cyberthreats Hyundai Motor IT problems malware Ransomware

Hyundai Motor Europe Grapples with Cyber Threat as Black Basta Ransomware Strikes

 


A California union and Hyundai Motor Europe both announced separately this week that they had suffered cyberattacks in the past month, resulting in the loss of their data. According to Black Basta, a group that first emerged in 2022 as a double-extortionist group, Hyundai Motor Europe's data has been stolen more than 3TBs. 

The carmaker has not confirmed that it has been infected by ransomware, nor does Black Basta agree with its claims. An attack on the Hyundai Motor Europe division of the South Korean company earlier this year has been confirmed by the division's CEO. 

Hyundai Motor Europe was initially reported to have suffered a cyber-attack in the middle of January, however, Hyundai immediately shot the report down, saying it was simply a matter of IT issues. According to BleepingComputer, who first reported the story on Thursday, the South Korean automaker announced in early January that it was having "IT problems" that it was “working to resolve as soon as possible.” 

This news has been spreading fast since then. In the past week, the media outlet has been informed that Black Basta is connected with the incident and the alleged theft of 3TB of data. Cybernews is unaware of any mention of Hyundai or the stolen data on Black Basta's dark leak website at the moment of publishing, but it is very common for extortion groups to wait until ransom negotiations have firmly broken down to post about their victims. 

A further statement from Hyundai has not yet been released about which systems were compromised in the attack, how much sensitive data may have been accessed, and what was the extent of the damage. According to the Black Basta ransomware gang, Hyundai Motor Europe has been hacked and three terabytes of their data were stolen by the gang. 

There is evidence of a data breach from the threat actors, which was revealed. The gang seems to have stolen data from several departments, including legal, sales, and human resources, among others. In addition to having access to email addresses, physical addresses, phone numbers, and vehicle chassis numbers of affected individuals, threat actors were also able to obtain the information that they needed. 

An unauthorized third party has accessed the customer database of Hyundai Italy, as stated in the data breach letter sent to impacted individuals. To determine the scope of the incident, Hyundai Italy has notified the privacy watchdog and hired cybersecurity experts.

In the evidence provided to Bleeping Computer, the crooks revealed that there was a data breach that occurred in multiple departments of the business, such as legal, sales, and human resources. It was announced in April that Hyundai had suffered yet another data breach which affected Italian and French car owners as well as customers who had booked a test drive with them. 

Among the impacted individuals were people with emails, physical addresses, telephone numbers, and vehicle chassis numbers, which could be used to identify threat actors. An unauthorized third party had access to the database of customers according to a letter sent to the impacted individuals advising them of a data breach.

This incident has been reported to the privacy watchdog in Italy and Hyundai has hired a cybersecurity expert from an external company to determine the extent of the issues. A letter sent by the bank indicated that no financial information had been disclosed. 

The German media reported in December 2019 that suspected members of the Vietnam-linked APT Ocean Lotus (APT32) group had breached the networks of the automakers BMW and Hyundai as part of the hacking campaign. An intrusion was carried out to steal automotive trade secrets from the company.
Read more »
malware
Advanced Volatile Threats CyberThreat Cyberthreats Google Google Account malware

Time to Guard : Protect Your Google Account from Advanced Malware

 

In the ever-changing world of cybersecurity, a new type of threat has emerged, causing serious concerns among experts. Advanced malware, like Lumma Stealer, is now capable of doing something particularly alarming – manipulating authentication tokens. These tokens are like secret codes that keep your Google account safe. What makes this threat even scarier is that it can continue to access your Google account even after you've changed your password. In this blog post, we'll explore the details of this evolving danger, shining a light on how it manipulates OAuth 2.0, an important security protocol widely used for secure access to Google-connected accounts. 

Of particular concern is its manipulation of OAuth 2.0, leveraging an undocumented aspect through a technique known as blackboxing. This revelation marks Lumma Stealer as the first malware-as-a-service to employ such a sophisticated method, highlighting the escalating complexity of cyber threats. 

The manipulation of OAuth 2.0 by Lumma Stealer not only poses a technical challenge but also jeopardises the security of Google-related accounts. Despite efforts to seek clarification, Google has yet to comment on this emerging threat, giving Lumma Stealer a distinct advantage in the illicit market. 

In a concerning trend, various malware groups, including Rhadamanthys, RisePro, Meduza, Steal Stealer, and the evolving Eternity Stealer, swiftly adopted Lumma Stealer's exploit. This underscores the urgency for users to update their security practices and stay vigilant against the continuously changing tactics employed by malicious actors. 

This vulnerability traces back to an attacker operating under the pseudonym PRISMA, who unveiled a zero-day exploit in late October. Exploiting this flaw provides the advantage of "session persistence," allowing sustained access even after a password change. The revelation emphasises the widespread impact of the vulnerability across various cyber threats, necessitating urgent user awareness and robust cybersecurity measures. 

The exploitation of this vulnerability extends beyond compromising Google accounts, granting threat actors the ability to manipulate various OAuth-connected services. Pavan Karthick M, a threat researcher at CloudSEK, stresses the serious impact on both individual users and organisations. Once an account is compromised, threat actors can control critical services such as Drive and email login, emphasising the urgent need to fortify defences against the ever-evolving cybersecurity landscape. 

As Lumma Stealer and its counterparts exploit vulnerabilities, it's crucial for users to adopt proactive cybersecurity measures. Regularly updating passwords, enabling two-factor authentication, and staying informed about emerging threats are essential steps in mitigating risks. In the face of advancing cyber threats, staying vigilant and taking proactive steps remain imperative to safeguard our online presence.
Read more »
Technology
Artificial Intelligence ChatGPT Cyberattacks CyberCrime Cybersecurity Cyberthreats Technology

Cracking the Code: The Role of AI and UBA in Mitigating Insider Threats to Businesses

 


Artificial Intelligence (AI) is emerging as a marvel in the landscape of rapidly developing digital technologies along with a challenge for organizations across a wide range of industries in the growing field of digital technologies. 

Automating mundane tasks and driving data-driven decisions, big data enables businesses to make better decisions and drive transformation. The use of AI has been shown as an effective way of streamlining operations and enhancing security measures, but it also has to examine its potential role in the facilitation and mitigation of insider threats as well. 

It is imperative to explore this complex interplay to better understand the way it functions. There are new insider threat dimensions that organisations need a deeper understanding of and must be able to control with the introduction of sophisticated technologies such as Large Language Models (LLMs). 

There is a debate about the dual role of AI in the sphere of insider threats as well as the best practices in dealing with these threats, which will lay the groundwork for a deeper discussion on how to mitigate them. Businesses are using machine learning and artificial intelligence to help prevent cybercrime and prevent online attacks such as phishing scams on their websites.

The advanced algorithms that are built into AI can analyze vast quantities of data to identify patterns or patterns in behaviour within a network, so they can alert them to potential risks before they become life-threatening. It is possible to train artificial intelligence to detect the signs of potential malware exfiltration or anomalous log-in activities, which can help prevent the spread of internal threats as a proactive solution. 

A user and entity behaviour analytics (UEBA) tool is one of the most powerful instruments in the arsenal for analyzing user and entity behaviour. In this case, a UEBA tool could make it possible for a user downloading a small amount of data to be detected and disconnected immediately if suddenly he or she starts downloading multiple gigabytes of data. 

An effective security tool, User Behavior Analytics (UBA) identifies unusual behaviour and anomalies in user behaviour by analyzing a variety of different types of data collected from the user. With UBA, a baseline of normal user behaviour is created by analyzing data from a variety of sources, such as logs, network traffic and endpoints, and by using machine learning, automation, and artificial intelligence. 

As soon as UBA detects anomalous behaviour that may indicate an insider threat, it notifies security teams immediately. There has been a significant amount of research conducted on the cost of insider incidents, including findings from IBM’s 2023 Cost of a Data Breach Report, which shows just how much time and money insider incidents can eat into a company. 

Several technologies, including artificial intelligence and machine learning, are coming into the spotlight to combat these issues. By analyzing vast amounts of data, these technologies will identify patterns and irregularities that otherwise would be missed by humans. The use of artificial intelligence and machine learning by organizations can help them identify insider threats with more accuracy and speed as well as enhance their detection capabilities.

In addition to that, UBA also monitors user behaviour and establishes a baseline that typically lasts for a minimum of seven days to identify deviations that could indicate a security threat, so that deviations can be pinpointed. There is no doubt that as the digital world becomes more complex, new security measures have become more and more essential. 

Along with AI, machine learning, and UBA, the combination of these technologies has shown the dynamic nature of cybersecurity, demonstrating how threats evolve as well as how we must respond to them. Those organizations that are looking to safeguard their assets and maintain their competitive edge in a world characterized by the potential to be affected by security breaches (i.e., if they encounter a breach, the consequences can be far-reaching) will benefit from the integration of these technologies into SIEM systems such as Q Radar.

It is no secret that cybersecurity is a constantly changing world. It is very unlikely that today's threats will remain the same as those of tomorrow. In light of this, it is extremely important to integrate AI into security systems to continuously improve security systems. Not only is this beneficial, but it is also essential. 

Using these technologies, organizations will be able to take a proactive approach instead of just reacting to threats, enabling them to stay ahead of threats. As a result, a strong cybersecurity strategy is based on a proactive approach, one that can adapt to the constantly changing threats that are lurking around the corner. 

It is important to remember that there is no doubt that AI-enhanced UBA is a significant achievement in the fight against cyber threats, as it provides businesses and their data with an enhanced level of security. It has demonstrated that technology can be used effectively to achieve better data security, thereby improving businesses' bottom lines.

For organizations to be successful in protecting their most valuable assets against insider threats and preventing data breaches, the strategies and tools they employ are essential to thwarting insider threats and preventing data breaches as they continue to navigate the complexities of digital security. It is not just a trend for AI and UBA to be integrated into cybersecurity practices, but it is also an integral part of an effective, resilient cybersecurity strategy.
Read more »
URL Technology
AI cybersecurity Booking com Customers Hacking Cyber Attacks CyberCrime Cybersecurity Cyberthreats Data Breaches Attacks Legal Options URL Technology

Rising Tide of Cyber Threats: Booking.com Faces Surge in Customer Hacking Incidents

 


Dark forums are places where hackers advertise what they can do to increase attacks against Booking.com customers. As cybercriminals continue to target hotel guests by offering up to $2,000 for hotel logins, they are offering up to 2,000 dollars for hotel logins. In the event of a phishing attack occurring at Booking.com on November 12, 2023, reports emerged saying the company had confirmed the attack had happened.

It appears from Booking.com's statements, that it appears that hackers have been able to collect information about credit cards from consumers. An online travel agency with its headquarters in Amsterdam, Netherlands, Booking.com has been operating since 1997. 

With over 2.7 million properties worldwide, including more than 400,000 hotels, Booking.com offers reservations for more than 2.7 million properties. There is also the opportunity for owners of motels, apartment units, and resorts to upload their listings to Booking.com. 

Among the largest online travel agencies, Booking.com is also routinely ranked as one of the most popular travel applications that can be downloaded from the mobile web. It is estimated that the revenue generated by Booking.com exceeds $10 billion annually and that the company employs more than 21,600 people. This incident remains a looming problem for Booking.com, and the investigation into the incident continues. 

It is important to note, however, that Booking.com will be required to send out a letter of data breach notification to each individual whose information was compromised as a result of the recent data security incident when it has completed its investigation. There has been a surprising lack of news about the Booking.com cyberattack over the past few days, and more information is expected to become available shortly. Currently, several news outlets are reporting the incident, and Booking.com has only issued a partial statement confirming the incident. 

Various hotel employees received an email from a hacker posing as a traveller that caused the attack, according to these sources. An employee of the hotel clicked on the link that contained a malicious message in the email and caused the hotel’s computer to get infected with a virus. 

Once the virus had been activated, hackers were able to obtain the passwords and login information of hotels through Booking.com. Once the hacker had obtained those passwords and hotel IDs, he sent fake emails posing as a hotel employee to travellers. 

These emails explained how hackers could obtain travellers' credit card information by tricking travellers into entering their information into a fake Booking.com site, where hackers could easily collect travellers' credit card information. 

As of the moment, Booking.com has been in the process of investigating the impact of the phishing attack and has only recently confirmed the phishing attack. Following Booking.com's investigation, it is expected that the company will be required by federal law to send out information breach notices to all affected by the recent data security incident, once it has completed its investigation. 

A victim's letter should include a list of all the personal information that was compromised as part of the phishing attack. To access the targeted hotel’s system, fraudsters need to call the front desk and pretend to be a guest who left a valuable item behind when recently leaving the hotel. As soon as the criminal on the phone has finished speaking to the receptionist at the hotel, he or she then emails the receptionist with a link to a Google Drive file containing the file. 

A data breach notification that targeted victims receive from Booking.com is crucial for them to understand exactly what is at risk and how they can react to it. If those targeted victims have been the victim of fraud or identity theft, or they need legal advice following a possible Booking.com data breach, a data breach lawyer can help them learn more about how to protect themselves from becoming a victim, as well as talk to them about their legal options. In this example, instead of opening a picture of the product in question, the customer service representative opens a Malware file called Vidar Infostealer which steals the billing information of the hotel system and automatically relays it to the fraudsters to gain access to the payment processing system. 

When the bad actors logged into Booking.com with the stolen credentials, they approached hotel guests and requested bogus payments. Rather than sending the victims directly to Booking.com or the actual hotel website to pay, the hackers send them to a spoofed website or take their credit card information over the phone rather than sending them to Booking.com or an actual hotel website. Since guests are unaware they are being scammed because the messages come from legitimate, but unfortunately hacked, accounts of hotels listed on Booking.com, the attack is extremely successful as a result of a highly effective attack.

In an analysis conducted by the security firm, it was discovered that this issue is very widespread and affects hotels and resorts around the world. As a result of these attacks, substantial financial losses can be sustained, and there are still concerns about the potential for data misuse and trust breaches. According to the security team, there may be more than one reason for the Booking.com phishing attack in the future, as a previous InfoStealer campaign that was targeted at hotels and travel agencies may be part of a larger pattern.  

Users are strongly recommended to check URLs thoroughly before clicking, to take caution when making urgent requests, to contact service providers directly to get answers to their questions, to share knowledge about phishing, and to keep an eye out for unauthorized transactions occurring on their accounts.
Read more »
Data threats
Cyber Security Cybersecurity measures Cyberthreats data security threats Data threats

Does Your Organization Have a False Sense of Cybersecurity?

Many people think that by piling up a bunch of cybersecurity tools, an organization is automatically super secure. Yet, when you look at recent trends in cyberattacks, it becomes clear that reality often paints a different picture. 

In the wake of the pandemic, we have witnessed an alarming 600% surge in cybercrime due to the emergence of new threats. Hackers and scammers employ a spectrum of tactics, ranging from traditional email phishing scams to sophisticated techniques like cross-site scripting (XSS), their aim is to illicitly obtain sensitive information and, in some cases, hold organizations hostage. 

The expanding scope of cyber threats has prompted the cybersecurity sector to develop an array of new security solutions. While this surge in innovation is certainly a positive development, it also brings forth a potential challenge. The abundance of cybersecurity tools within a single organization could lead to a fragmented security approach, potentially leaving vulnerabilities in its wake. 

Furthermore, a recent study conducted by Forbes has revealed an interesting finding, which suggests that organizations that utilize a higher number of cybersecurity tools are more prone to experiencing breaches in their security. It is intriguing to note that organizations armed with a multitude of security tools may inadvertently cultivate a false sense of assurance, rather than establishing a genuinely robust security infrastructure. 

Oftentimes, these tools concentrate on isolated facets of the network, neglecting the broader context and, crucially, lacking seamless communication between them. This can result in a disjointed perspective of the organization's security stance, rendering it difficult to pinpoint potential vulnerabilities. It is like having a bunch of puzzle pieces without knowing what the whole picture is supposed to be. This can make it hard to find out where there might be problems. 

According to Adarma's research, about 61% of cybersecurity experts think that the cybersecurity market is too confusing, scattered, complicated, and crowded. This makes it hard for them to get better at keeping things secure. Using too many different security tools can cause problems. For example, if several tools try to fix the same security problem, like phishing attacks, it can mean doing the same thing over and over, which is a waste of time and resources. 

Protecting a company in today's digital world needs a thorough plan that covers many areas. It is not just about setting up tools initially, but also about looking after them continuously, much like taking care of a garden. Knowing how to handle different security tools is key, as they each have their own special requirements. 

Bringing together different sources of information gives a complete picture of security in the whole organization. Making sure the tools are set up right and kept up to date is really important. While combining all the security measures can make things run smoother, it should be done thoughtfully. 

Recognizing and fixing any gaps in security shows strength and being ready to take action. Trusting in both the tools and the team using them is just as crucial. Following this well-rounded plan helps companies strengthen their defenses and stay on top of the ever-changing digital threats. 
Read more »
Subscribe to: Posts (Atom)