Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Leak. Show all posts
Threat Intelligence
APT Group Cyber Attacks Data Leak Telecom Firm Threat Intelligence

ToddyCat APT Is Siphoning Data on 'Industrial Scale'

 

ToddyCat, an advanced persistent threat (APT) gang that targets the government and defence industries, has been seen collecting stolen data "on an industrial scale" from victim organisations in Asia-Pacific. 

Kaspersky researchers first disclosed details regarding the elusive gang's actions in 2022, despite the fact that it has been functioning since December 2020. ToddyCat is believed to be a Chinese-speaking gang, though its origins and ties are unknown.

Initially, the threat group targeted only certain organisations in Taiwan and Vietnam. When the ProxyLogon vulnerabilities in Microsoft Exchange Server were discovered in early 2021, it broadened the scope of its operations, now targeting multiple European and Asian organisations. 

ToddyCat upgraded its tools and strategies in 2023, and launched a long-running attack against government entities and telecom providers in multiple Asian countries. 

In Kaspersky's most recent review of the group, published last week, researchers Andrey Gunkin, Alexander Fedotov, and Natalya Shornikova explained the techniques the gang had lately been seen employing to exfiltrate massive volumes of data. 

“During the observation period, we noted that this group stole data on an industrial scale,” researchers explained. “To collect large volumes of data from many hosts, attackers need to automate the data harvesting process as much as possible, and provide several alternative means to continuously access and monitor systems they attack.”

One of the group's attacks was its predilection for creating many tunnels with various tools to gain access to the infrastructure of the organisations it targeted. This allowed the gang to continue using the compromised systems even after one of the tunnels was identified and eliminated, according to the experts.

ToddyCat used reverse SSH tunnels to get access to remote network services. The gang also employed SoftEther VPN, an open-source tool that allows for the establishment of VPN connections using a variety of popular protocols.

“In virtually every case we observed, the attackers renamed vpnserver_x64.exe to hide its purpose in the infected system,” the researchers added. “To transfer the tools to victim hosts, the attackers used their standard technique of copying files through shared resources, and downloaded files from remote resources using the curl utility.” 

To protect against the gang, the researchers advised defenders to add the resources and IP addresses of cloud providers that allow traffic tunnelling to their firewall deny lists. The researchers also recommended limiting the tools administrators can use to remotely access hosts.
Read more »
Threat actor
CD Projekt data Cisco breach Cyber Security Cybersecurity Dark Web Data Leak digital decryption keys HelloGookie rebrand HelloKitty ransomware Threat actor

HelloKitty Ransomware Renames to 'HelloGookie,' Unveils CD Projekt and Cisco Data

 

The operator behind the HelloKitty ransomware has rebranded it as 'HelloGookie,' with passwords for previously leaked CD Projekt source code, Cisco network data, and decryption keys from earlier attacks being released.

Identified as 'Gookee/kapuchin0,' the threat actor claims to be the original creator of the now-defunct HelloKitty ransomware, coinciding the rebranding with the launch of a new dark web portal for HelloGookie. To mark the occasion, four private decryption keys were disclosed, enabling the recovery of files from previous attacks, alongside internal data stolen from Cisco in 2022 and passwords for leaked CD Projekt source code.

Developers have already utilized the leaked Witcher 3 source code to compile the game, showcasing screenshots and videos of development builds. The leaked source code contains binaries to launch a developer build of Witcher 3, with efforts underway to compile the game from the source.

HelloKitty, initially launched in November 2020, garnered attention for targeting corporate networks, encrypting systems, and stealing data. Notably, the ransomware group breached CD Projekt Red in February 2021, encrypting servers and pilfering source code, including for Witcher 3.

In 2022, Yanluowang's data leak site was allegedly hacked, revealing conversations linking the group closely to the HelloKitty developer. Gookee/kapuchin0 subsequently leaked the HelloKitty builder and source code, signaling the end of operations. However, rebranded as HelloGookie, the threat actor has not disclosed new victims or evidence of recent attacks but released stolen data from prior breaches.

The leaked data includes NTLM hashes from Cisco's breach, indicating a closer relationship between HelloGookie and Yanluowang. Cisco acknowledged the incident, referring to a 2022 blog post by Cisco Talos detailing the security breach.

The future success and notoriety of HelloGookie remain uncertain, contrasting with the operational achievements of HelloKitty.
Read more »
Identity Theft
Customer Information cyber attack Data Breach Data Leak data security Experian Identity Theft

Wells Fargo Data Breach: Safeguarding Customer Information in a Digital Age

 

In a digital age where data breaches have become all too common, the recent disclosure of a data breach at Wells Fargo, a prominent multinational financial services corporation, has once again brought cybersecurity concerns to the forefront. The breach, impacting the personal information of two clients, underscores the challenges faced by financial institutions in safeguarding sensitive data and maintaining customer trust. 

The breach exposed clients' names and mortgage account numbers, raising significant concerns about the security of personal information within the financial services sector. According to Wells Fargo, the breach was not the result of a cyberattack but rather an employee breaching company policy by transferring information to a personal account. While the exact timeline and duration of unauthorized access remain unclear, Wells Fargo has taken swift action to address the situation and mitigate risks to affected individuals. 

In response to the breach, Wells Fargo has prioritized the welfare of its customers and has taken proactive steps to assist those impacted. The company has offered complimentary two-year subscriptions to Experian IdentityWorks5M, a comprehensive identity theft detection service. This includes daily monitoring of credit reports, internet surveillance to monitor identity-related activity, and full-service identity restoration in the event of theft. Affected individuals are encouraged to activate their subscriptions within 60 days from the date printed on the notification letter, either online or by phone. The team is available via phone during specified hours and offers language assistance services for non-English speakers, as well as support for individuals with hearing or speech difficulties. 

While the specifics of the data breach are still under investigation, Wells Fargo remains committed to enhancing security measures and preventing similar incidents in the future. The breach serves as a stark reminder of the evolving nature of cyber threats and the importance of remaining vigilant in protecting sensitive information. This incident also highlights a recurring issue within the banking industry, as Wells Fargo is not the only financial institution to experience a data breach in recent months. 

In February 2024, Bank of America, another one of the Big Four Banks in North America, announced a data breach affecting its customers. The Bank of America data breach was attributed to a cyberattack targeting one of its service providers, Infosys McCamish Systems. 

As investigations into the breach continue, Wells Fargo reassures its customers of its unwavering commitment to security and vows to implement additional measures to safeguard customer information. Despite the challenges posed by cyber threats, Wells Fargo remains dedicated to maintaining customer trust and protecting sensitive data in an increasingly interconnected world.
Read more »
Palestinian Hackers
Anonymous Hackers Cyber Attacks Data Leak IDF Palestinian Hackers

Anonymous Hackers Threaten To Publish IDF’s ‘Top Secret Projects’

 

The Anonymous hacker group has published a video claiming to have infiltrated Israel's military and stolen some of its "top secret" documents.

Two weeks after Israel's Justice Ministry admitted a cybersecurity breach that may have taken hundreds of gigabytes of data, the Anonymous hacker group claims to have hacked the Israel Defence Forces (IDF), a much more significant target. On April 18, Anonymous posted a video on X stating, "Today we want to introduce their terrorist army to the world, after hacking their justice ministry.” 

Given the nature of the fighting on the ground, the cyber aspect of the Gaza conflict has not garnered much attention. However, with the most recent escalation, Iran has come out from behind its proxies, and as a result, two of the most cyber-active nations in the world are now participating much more publicly. This includes unsubstantiated allegations made by an Iranian hacker group that they were able to break into Israeli radar systems. 

In contrast, Israel possesses offensive cyber capabilities much beyond anything Iran can produce, despite Tehran's continuous efforts to improve its capabilities. As a result, there will likely be a digital uptick as the ballistic engagement winds down. 

None of this is related to the more theatrical hacking charges levelled at Israel's military. Anonymous is best understood as an umbrella agenda, with self-proclaimed members starting and coordinating activities that are subsequently promoted. It would be incorrect to view this as a globally organised group with any sort of structure. The most recent claims appear to come from a pro-Palestinian group called Anonymous for Justice. 

The Jerusalem Post adds that "according to IDF security assessments, the likelihood of an actual breach is minimal..." The IDF's computer system is highly secure and classified at multiple levels." According to the Post, if there was a breach, the material was most likely "obtained from civilian computers." 

With a total of 20GB of data distributed across more than 230,000 files, the Anonymous video alleges that compromised material contains "the identity of the generals, military bases, military contracts and top secret projects." The hacking operation was "conducted with the assistance of certain freedom seekers from your army," the video further warns IDF.
Read more »
User Privacy
Data Breach Data Leak Identity Theft Private Data User Privacy

AT&T User Discusses Safety Measures Following Data Breach

 

AT&T has periodically tried to downplay the gravity of its recent data breach, but the US telecoms company has now sought to reassure worried consumers with a slew of new security features. 

In the most recent development in the ongoing story of the AT&T data hack, the firm has announced that all of its users—affected or not—can now take advantage of a number of complimentary security and identity protection offerings. 

These include a free identity theft insurance policy that offers up to $1 million in coverage, which seems to indicate that the company is now beginning to take the data leak seriously. 

AT&T new announcements

AT&T has announced numerous additional security measures in response to the March disclosure that data belonging to up to 73 million of its customers had been exposed on an online hacker forum.

In addition to the previously mentioned $1 million identity protection insurance, these also come with access to an identity restoration team and "one year of complimentary credit monitoring, identity theft detection, and resolution services.” 

According to KPRC-TV, AT&T appears to have hired the assistance of Experian's IdentityWorks protection arm to help reassure the more than seven million current AT&T customers who have been affected by the hack. 

How many AT&T customers were affected by the data breach?

Most estimates suggest that as a result of the historic data breach, the personal information of around 71 million AT&T customers was exposed online. 

However, AT&T has attempted to dispute this number on several occasions, having first denied culpability for the breach completely. It has instead stated that it believes approximately 51 million consumers were affected, the majority of whom are former customers.

That is perhaps predictable, given that many individuals would leave a provider who had disclosed their information. As previously stated, the number of current AT&T users believed to be affected is approximately 7 million. 

To make it easier to secure your online accounts with hard, unique passphrases, experts advise setting up a password manager.
Read more »
User Privacy
Data Breach Data Leak GMA Social Security Number U.S. Firm User Privacy

Hackers Siphon 340,000 Social Security Numbers From U.S. Consulting Firm

 

Greylock McKinnon Associates (GMA) has discovered a data breach in which hackers gained access to 341,650 Social Security numbers. 

The data breach was disclosed last week on Friday on Maine's government website, where the state issues data breach notifications. In its data breach warning mailed to impacted individuals, GMA stated that it was targeted by an undisclosed cyberattack in May 2023 and "promptly took steps to mitigate the incident." 

GMA provides economic and litigation support to companies and government agencies in the United States, including the Department of Justice, that are involved in civil action. According to their data breach notification, GMA informed affected individuals that their personal information "was obtained by the U.S. Department of Justice ("DOJ") as part of a civil litigation matter" supported by GMA.

The purpose and target of the DOJ's civil litigation are unknown. A Justice Department representative did not return a request for comment. 

GMA stated that individuals that were notified of the data breach are "not the subject of this investigation or the associated litigation matters," adding that the cyberattack "does not impact your current Medicare benefits or coverage.” 

“We consulted with third-party cybersecurity specialists to assist with our response to the incident, and we notified law enforcement and the DOJ. We received confirmation of which individuals’ information was affected and obtained their contact addresses on February 7, 2024,” the firm noted. 

GMA notified victims that "your private and Medicare data was likely affected in this incident," which included names, dates of birth, home addresses, some medical and health insurance information, and Medicare claim numbers, including Social Security numbers.

It remains unknown why GMA took nine months to discover the scope of the incident and notify victims. GMA and its outside legal counsel, Linn Freedman of Robinson & Cole LLP, did not immediately respond to a request for comment.
Read more »
User Privacy
Dark Web Data Breach Data Leak Private Data Tech Firm User Privacy

Private Data of 7.5 million BoAt Users Leaked in Massive Data Breach

 

More than 7.5 million boAt customers' customer information has surfaced on the dark web. It is possible to purchase personally identifiable information (PII) such as a name, address, contact number, email ID, customer ID, and more. The threat actor leaked around 2GB of data on the forum. 

On April 5, a hacker dubbed ShopifyGUY claimed to have accessed the data of audio products and smartwatch maker boAt Lifestyle. The threat actor leaked data breach files comprising 75,50,000 entries of personally identifiable information (PII) from consumers. Forbes India validated the report by speaking with a number of the consumers who have recently purchased boAt items. 

These data breaches have implications that extend beyond the immediate loss of private data. People are more susceptible to monetary fraud, phishing scams, and identity theft. Threat Intelligence Researcher Saumay Srivastava notes that sophisticated social engineering assaults could be carried out by threat actors who employ users' personal information to get access to bank accounts, carry out transactions, and fraudulently use credit cards.

“The consequences for companies include a loss of customer confidence, legal consequences and reputational harm. The major implications make it even more essential to implement adequate security practices,” Saumya added. 

The leaker's profile (ShopifyGUY) is rather new, with only this leak under his belt. Because the data is genuine, the hacker will establish a good reputation among the forum community, increasing future data purchases, explains Rakesh Krishnan, senior threat analyst at NetEnrich. 

"Considering the timeline, we can assume that the hackers gained access to the boAt customer database at least one month ago and put the data on the forum yesterday.”

Ideally, the company should notify all users, conduct a thorough investigation into how the attackers gained access and what else they could access, and then overhaul their security measures to ensure this does not happen again, but realistically, it will deny and move on, explains Yash Kadakia, founder of Security Brigade. 

The data is available for eight credits on several forums, thus it practically costs two euros to purchase it. It will most likely be available for free on Telegram within a few days. Many scammers will use this information to carry out various phone and email scams, Kadakia noted. 

According to an IDC report, boAt, which was founded in 2016 by Aman Gupta, a judge on Shark Tank, and Sameer Mehta, is now the second most popular wearable brand as of the third quarter of 2023. The Gurugram-based business is well-regarded by Indian customers and is renowned for its affordable headphones and other audio equipment. In addition, it produces speakers and smartwatches.
Read more »
User Privacy
Data Breach Data Leak Financial Firm SEC filing User Privacy

Prudential Financial Notifies 36,000 Victims of Data Leak

 

Last Friday, Prudential Financial began informing over 36,000 people of a data incident that occurred in early February 2024. 

The breach, first disclosed in a regulatory filing with the SEC in February, occurred on February 4 and was purportedly discovered the next day. 

Prudential reported at the time that the attackers had gained access to systems including business administrative and user data, as well as employee and contractor accounts. 

A week later, the ransomware gang Alphv/BlackCat claimed credit for the attack and added Prudential to their Tor-based leak site. This organisation was also responsible for a large outage in the US health system last month, hitting Change Healthcare systems and services. 

As per a March 29 complaint with the Maine Attorney General's Office, Prudential has verified that the hackers have gained access to the personal data of 36,545 people. 

We discovered through the investigation that on February 4, 2024, an unauthorised third party gained access to our network and removed a small percentage of personal information from our systems, the report reads. 

“Companies are always likely to remain wary of really rapid disclosure, given the financial impact these things can have on them, and use all the ‘tricks’ they can to delay,” commented Nick France, chief technology officer at Sectigo. 

“Ultimately, I believe that the new SEC regulations should make these processes work faster; however, given the wording of the regulation and the fact that it only came into effect at the very end of 2023, it may take some time before we see disclosures happening at the 4-day pace.” 

Individuals impacted by the Prudential breach are being notified of the issue by written notice. Names and other personal identifiers, as well as driver's licence numbers or non-driver identity card numbers, were among the compromised data.
Read more »
Russia
Anti Kremlin Data Breach Data Leak Hacktivist group Russia

Navalny's Revenge? Hackers Siphon Huge Russian Prisoner Database: Report

 

Following the murder of Russian opposition leader Alexey Navalny, anti-Kremlin militants seized a database comprising hundreds of thousands of Russian prisoners and hacked into a government-run online marketplace, according to a report. 

Navalny was the most prominent Russian opposition figure and a strong critic of Russian President Vladimir Putin. He died on February 16 at a penal colony in Russia's Arctic region while serving his jail sentence. 

CNN reported that an international group of 'hactivists', comprising Russian expats and Ukrainians, stole prison documents and hacked into the marketplace by acquiring access to a computer linked to the Russian prison system. 

Following Navalny's death in February, overseas 'hactivists' allegedly acquired a Russian database containing hundreds of thousands of convicts, relatives, and contacts. 

As per the report, the hackers also targeted the jail system's online marketplace, where relatives of inmates purchase meals for their family members. The rate of products like noodles and canned meat was changed by the hackers from nearly $1 to $.01 once they gained access to the marketplace.

It took many hours for the administrators of the prison system to realise that something was wrong, and it took an additional three days to undo the hacker's work completely. 

The hackers also posted a photo of Navalny and his wife, Yulia Navalnaya, on the jail contractor's website, along with the statement "Long live Alexey Navalny". While the hackers claimed the database included information on approximately 800,000 prisoners, the report said there were some duplicate entries, but the data spilt by the hackers "still contains details on hundreds of thousands of inmates". 

What is 'hacktivism' and why did hackers siphon Russian databases? 

The terms "hacking" and "activism" are combined to form the phrase "hacktivism." It alludes to hacking operations in which hackers participate in activism for a specific cause. 

According to Clare Stouffer of the cybersecurity company Norton, hacktivism is a lot like activism in the real world, when activists create disruption to push for the change they want.

"With hacktivism, the disruption is fully online and typically carried out anonymously. "While not all hacktivists have malicious intent, their attacks can have real-world consequences," Stouffer wrote in a Norton blog.
Read more »
User Security
Cyber Security Data Leak Data tracking Kiosks User Security

Kiosks in Brookline is Tracking Cell Phone Data

 

Data is everywhere. It is at your fingertips. It's all over town, yet your info may be shared around without your knowledge. Brookline put digital signs throughout town, which have gotten people talking since they are collecting individual cell phone data. 

Glen Gay, who was passing by one of the Washington Street kiosks, stated, "I guess everything is tracked in today's world whether you like to or not." "I am just a little curious what they are doing with the data?” 

Brookline.News initially reported on the kiosks, which are created by a local US company called Soofa. They display a wide range of information, including bus arrival times and local activities. The boards contain sensors in the kiosks that detect a unique identity in your phone when WiFi is turned on. The company claims that the data is encrypted before it is delivered to their data site. The information helps the city in tracking how often people cross the boards. 

Town officials said the data will help them determine the size of the audience the board is reaching. The town hopes to use the boards to send out localised messages ahead of the Boston Marathon. The foot traffic data will also help them learn how many people visit the kiosks throughout the marathon, allowing them to better adapt the board content to high-traffic regions next year. Phone users will not see a prompt indicating that the kiosk is keeping track of their data.

"I linger here 10 to 15 minutes a day, so knowing that freaked me out a little bit," stated Jenna Woods, as she sits near a kiosk. "I wish that it was more public knowledge. I mean, I have nothing to hide, so they can collect as much as they want. Will it be interesting? Probably not.” 

Cyber experts claim that, contrary to popular belief, all of this is completely legal. Usually, the data they monitor is broadcast data from a mobile device.

"It says I am here, and a clock that says I am here for a certain period of time. There is no personal identifiable information," notes Peter Tran, Chief Information Security Officer with the IT security firm Infersight. "With cell phones, users have to be aware that you are broadcasting out certain types of information, so the cell towers can authenticate you and know it's your cellphone. What you are normally broadcasting is some basic information about your hardware, your place in the network of AT&T, Verizon, T-Mobile.” 

Tran claims that while these are individual bits of public information, integrating them can be financially beneficial. Soofa claims that no data correlation is performed, nor that any data is sold to a third party. Only your phone's unique identification is collected. To avoid collecting, Tran recommends turning off your WiFi while you are not using it. The same goes for your Bluetooth.
Read more »
User Privacy
Cyber Security Data Encryption Data Leak Message Snooping Secret Project User Privacy

Facebook Spied on Users' Snapchat Traffic in a Covert Operation, Documents Reveal

 

In 2016, Facebook initiated a secret initiative to intercept and decrypt network traffic between Snapchat users and the company's servers. According to recently revealed court filings, the purpose was to better analyse user behaviour and help Facebook compete with Snapchat. Facebook dubbed it "Project Ghostbusters," an apparent homage to Snapchat's ghost-like emblem.

On Tuesday of this week, a federal court in California disclosed fresh documents acquired during the class action case between consumers and Meta, Facebook's parent company. 

The newly revealed documents show how Meta attempted to gain a competitive advantage over its competitors, namely Snapchat and later Amazon and YouTube, by analysing network traffic to see how its users interacted with Meta's competitors. Given that these apps use encryption, Facebook had to design specific technology to get around it. 

Facebook's Project Ghostbusters is described in one of the documents. In the letter, the customers' attorneys stated that the project was a part of the company's In-App Action Panel (IAPP) programme, which employed a method for "intercepting and decrypting" encrypted app traffic from users of Snapchat, and later from users of YouTube and Amazon. 

The document includes internal Facebook emails about the project. 

“Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them,” Meta chief executive Mark Zuckerberg wrote in an email dated June 9, 2016, which was published as part of the lawsuit. “Given how quickly they’re growing, it seems important to figure out a new way to get reliable analytics about them. Perhaps we need to do panels or write custom software. You should figure out how to do this.” 

Facebook developers' idea was to employ Onavo, a VPN-like service that the company acquired in 2013. In 2019, Facebook shut down Onavo after a TechCrunch investigation revealed that the business had been secretly paying teens to use Onavo so that it could monitor all of their web activity. 

Following Zuckerberg's email, the Onavo team took on the project and proposed a solution a month later: so-called kits that can be installed on iOS and Android to intercept traffic for specific subdomains, "allowing us to read what would otherwise be encrypted traffic so we can measure in-app usage," reads a July 2016 email. "This is a 'man-in-the-middle' approach.” 

A man-in-the-middle attack, also known as adversary-in-the-middle, is one in which hackers intercept internet communication passing from one device to another over a network. When network communication is not encrypted, hackers can read data such as usernames, passwords, and other in-app activity.

Given that Snapchat's traffic between the app and its servers is encrypted, this network research technique is ineffective. This is why Facebook developers advocated adopting Onavo, which, when engaged, scans all of the device's network data before it is encrypted and transferred over the internet. 

Sarah Grabert and Maximilian Klein filed a class action lawsuit against Facebook in 2020, alleging that the company misled about its data collecting activities and used the data it "deceptively extracted" from users to find competitors and then unfairly compete with the new firms.
Read more »
Greek Diaspora Email
Data Breach Data Leak Government Greece Greek Diaspora Email

Leak of Greek Diaspora Emails Shakes Government: A Closer Look


The recent leak of Greek diaspora emails has sent shockwaves through the conservative government of Prime Minister Kyriakos Mitsotakis. The scandal, which unfolded in March 2024, has raised questions about privacy, data protection, and political accountability. Let’s delve into the details.

The Email Barrage and Its Fallout

What Happened? A New Democracy Member of the European Parliament (MEP) bombarded voters abroad with emails minutes after they were informed about voting by mail.

Resignation: Interior Ministry General Secretary Michalis Stavrianoudakis stepped down.

Dismissal: Nikos Theodoropoulos, New Democracy’s Secretary for Diaspora Affairs, faced dismissal.

Withdrawal: MEP Anna-Michelle Asimakopoulou announced she would not contest in the upcoming June election.

The Investigation

An internal probe revealed that in May 2023, a list of email addresses was allegedly acquired by an associate of Stavrianoudakis and forwarded to Theodoropoulos. The list eventually reached Asimakopoulou.

Asimakopoulou had previously denied any wrongdoing, claiming she collected contact information during her tenure as an MEP and sought consent from Greeks abroad to communicate with them regularly.

Legal Action: Grigoris Dimitriadis, Prime Minister Mitsotakis’ nephew, initiated legal proceedings related to the scandal.

Further Actions: The Athens Prosecutor’s Office and the country’s Data Protection Authority (DPA) are actively involved in addressing the case.

European Parliament Elections: The upcoming European Parliament elections in June serve as a barometer of party strength in various countries.

Privacy, Accountability, and Political Fallout

The leak has ignited a fierce debate on several fronts

Privacy Concerns: The unauthorized use of email addresses underscores the need for robust data protection measures. Citizens rightly expect their personal information to be handled responsibly.

Political Accountability: Asimakopoulou’s withdrawal from the European ballot reflects the gravity of the situation. The scandal has implications beyond party lines, affecting public trust in politicians.

Mitsotakis’ Leadership: The Prime Minister’s handling of the crisis is under scrutiny. How he navigates this scandal will shape his political legacy.

What can we learn from this?

The leak of Greek diaspora emails serves as a stark reminder that even in the digital age, privacy breaches can have far-reaching consequences. As investigations continue, the fallout from this scandal will reverberate through Greek politics, leaving citizens questioning the integrity of their elected representatives.

Read more »
User Privacy
Data Breach Data Leak Streaming Platform Tech Giant User Privacy

Roku Data Breach: Over 15,000 Accounts Compromised; Data Sold for Pennies

 

A data breach impacting more than 15,000 consumers was revealed by streaming giant Roku. The attackers employed stolen login credentials to gain unauthorised access and make fraudulent purchases. 

Roku notified customers of the breach last Friday, stating that hackers used a technique known as "credential stuffing" to infiltrate 15,363 accounts. Credential stuffing is the use of exposed usernames and passwords from other data breaches to attempt to enter into accounts on other services. These attacks started in December 2023 and persisted until late February 2024, as per the company. 

Bleeping Computer was the first to reveal the hack, pointing out that attackers used automated tools to undertake credential-stuffing assaults on Roku. The hackers were able to bypass security protections using techniques such as specific URLs and rotating proxy servers. 

In this case, hackers probably gained login credentials from previous hacks of other websites and attempted to use them on Roku accounts. If successful, they could change the account information and take complete control, locking users out of their own accounts. 

The publication also uncovered that stolen accounts are being sold for as few as 50 cents each on hacking marketplaces. Purchasers can then employ the stored credit card information on these accounts to purchase Roku gear, such as streaming devices, soundbars, and light strips. 

Roku stated that hackers used stolen credentials to acquire streaming subscriptions such as Netflix, Hulu, and Disney Plus in some instances. The company claims to have safeguarded the impacted accounts and required password resets. Furthermore, Roku's security team has discovered and cancelled unauthorised purchases, resulting in refunds for affected users. 

Fortunately, the data breach did not compromise critical information such as social security numbers or full credit card information. So hackers should be unable to perform fraudulent transactions outside of the Roku ecosystem. However, it is recommended that you update your Roku password as a precaution. 

Even if you were not affected, this is a wake-up call that stresses the significance of proper password hygiene. Most importantly, change your passwords every few months and avoid using the same password across multiple accounts whenever possible.
Read more »
Tech Giant
Cyber Attacks cyber intrusion Data Leak Russian Hackers Tech Giant

Microsoft Claims Russian Hackers are Attempting to Break into Company Networks.

 

Microsoft warned on Friday that hackers affiliated to Russia's foreign intelligence were attempting to break into its systems again, using data collected from corporate emails in January to seek new access to the software behemoth whose products are widely used throughout the US national security infrastructure.

Some experts were alarmed by the news, citing concerns about the security of systems and services at Microsoft, one of the world's major software companies that offers digital services and infrastructure to the United States government. 

The tech giant revealed that the intrusions were carried out by a Russian state-sponsored outfit known as Midnight Blizzard, or Nobelium.

The Russian embassy in Washington did not immediately respond to a request for comment on Microsoft's statement, nor on Microsoft's earlier statements regarding Midnight Blizzard activity.

Microsoft reported the incident in January, stating that hackers attempted to break into company email accounts, including those of senior company executives, as well as cybersecurity, legal, and other services. 

Microsoft's vast client network makes it unsurprising that it is being attacked, according to Jerome Segura, lead threat researcher at Malwarebytes' Threatdown Labs. He said that it was concerning that the attack was still ongoing, despite Microsoft's efforts to prevent access. 

Persistent Threat

Several experts who follow Midnight Blizzard claim that the group has a history of targeting political bodies, diplomatic missions, and non-governmental organisations. Microsoft claimed in a January statement that Midnight Blizzard was probably gunning after it since the company had conducted extensive study to analyse the hacking group's activities. 

Since at least 2021, when the group was discovered to be responsible for the SolarWinds cyberattack that compromised a number of U.S. federal agencies, Microsoft's threat intelligence team has been looking into and sharing research on Nobelium.

The company stated on Friday that the ongoing attempts to compromise Microsoft are indicative of a "sustained, significant commitment of the threat actor's resources, coordination, and focus.” 

"It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found," the company added. "Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures.”
Read more »
United States
China Confidential Data Cyber Crime cyber espionage Data Leak United States

Former Google Employee Charged with Stealing AI Secrets

 

A former Google software engineer has been charged with stealing the company's artificial intelligence trade secrets while surreptitiously working for two Chinese companies, the Justice Department announced Wednesday. 

Linwei Ding, a Chinese national, was arrested in Newark, California, for four charges of federal trade secret theft, each punishable by up to ten years in prison. 

Attorney General Merrick Garland announced the case against Ding, 38, at an American Bar Association conference in San Francisco. Garland, along with other law enforcement leaders, has repeatedly warned about the threat of Chinese economic surveillance as well as the national security concerns posed by developments in artificial intelligence and other novel technologies.

“Today’s charges are the latest illustration of the lengths affiliates of companies based in the People’s Republic of China are willing to go to steal American innovation,” FBI Director Christopher Wray noted in a statement. “The theft of innovative technology and trade secrets from American companies can cost jobs and have devastating economic and national security consequences.” 

Google said it came to the conclusion that the employee had stolen "numerous documents" and had referred the case to law enforcement. 

“We have strict safeguards to prevent the theft of our confidential commercial information and trade secrets,” Google spokesman Jose Castaneda explained. “After an investigation, we found that this employee stole numerous documents, and we quickly referred the case to law enforcement. We are grateful to the FBI for helping protect our information and will continue cooperating with them closely.”

Artificial intelligence is the primary battleground for high-tech competitors, and who dominates can have far-reaching commercial and security repercussions. In recent weeks, Justice Department leaders have warned that foreign foes may use AI technologies to target the United States. 

Deputy Attorney General Lisa Monaco stated in a speech last month that the administration's multi-agency Disruptive Technology Strike Force would prioritise AI enforcement, and Wray told a conference last week that AI and other novel technologies had made it easier for attackers to try to interfere with the American political process. 

The indictment, unsealed Wednesday in the Northern District of California, alleges that Ding, who was hired by Google in 2019 and had access to sensitive information regarding the firm's supercomputing data centres, began uploading hundreds of files to a personal Google Cloud account two years ago. 

According to prosecutors, Ding was offered the post of chief technology officer at an early-stage technology business in China that advertised its use of AI technology and gave him a monthly salary of around $14,800, plus an annual bonus and company stock, just weeks after the theft started. The indictment says Ding travelled to China to attend investor meetings and seek funding for the company. 

In January, the FBI filed a search warrant at Ding's house and seized his electronic equipment, followed by an additional warrant for the contents of his personal accounts, which contained more than 500 distinct files of classified data that investigators claim he stole from Google.
Read more »
Workplace Security
Artificial Intelligence Cyber Security Data Leak Tech Giant Third Party Apps Workplace Security

Amazon Issues ‘Warning’ For Employees Using AI At Work

 

A leaked email to employees revealed Amazon's guidelines for using third-party GenAI tools at work. 

Business Insider claims that the email mandates employees to refrain from using third-party software due to data security concerns.

“While we may find ourselves using GenAl tools, especially when it seems to make life easier, we should be sure not to use it for confidential Amazon work,” the email reads. “Don’t share any confidential Amazon, customer, or employee data when you’re using 3rd party GenAl tools. Generally, confidential data would be data that is not publicly available.” 

This is not the first time that Amazon has had to remind employees. A company lawyer advised employees not to provide ChatGPT with "any Amazon confidential information (including Amazon code you are working on)" in a letter dated January 20, 2023.

The warning was issued due to concerns that these types of third-party resources may claim ownership over the information that workers exchange, leading to future output that might involve or resemble confidential data. "There have already been cases where the results closely align with pre-existing material," the lawyer stated at the time. 

Over half of employees are using GenAI without permission from their employer, according to Salesforce research, and seven out of ten employees are using AI without receiving training on its safe or ethical use. Merely 17% of American industries own vaguely defined AI policies. In sectors like healthcare, where 87% of worldwide workers report that their employer lacks a clear policy on AI use, the issue is particularly noticeable. 

Employers and HR departments need to have greater insight into how their staff members are utilising AI in order to ensure that they are using it carefully.
Read more »
Indian Government
Chinese Hacker Data Breach Data Leak Data Safety Indian Government

Indian Authorities Probes Data Breach Concerns Involving PMO and EPFO

 

The Open-Source Intelligence (OSINT) team at India Today reviewed leaked data that claimed a Chinese state-affiliated hacker group had targeted major Indian government offices, such as the "PMO" (likely the Prime Minister's Office), as well as businesses like Reliance Industries Limited and Air India. 

Over the weekend, thousands of files, images, and chat messages related to I-Soon—a claimed cybersecurity contractor for China's Ministry of Public Security (MPS)—were secretly shared on GitHub.

The leak reveals a complex network of covert attacks, spyware operations, and sophisticated surveillance by Chinese government-linked cyber criminals. 

A machine-translated version of the leaked internal documents, originally written in Mandarin, shows hackers documenting their techniques, targets, and exploits. Targets included the North Atlantic Treaty Organisation (NATO), an intergovernmental military alliance, European governments, and organisations, as well as Beijing's friends such as Pakistan. 

Indian targets 

The data stolen names Indian targets such as the Ministry of Finance, the Ministry of External Affairs, and the "Presidential Ministry of the Interior," which is likely a reference to the Ministry of Home Affairs. 

During the peak of India-China border tensions, advanced persistent threat (APT) or hacker groups stole 5.49GB of data from various offices of the "Presidential Ministry of the Interior" between May 2021 and October 2021. 

"In India, the primary work goals are the ministries of foreign affairs, finance, and other key departments. We continue to monitor this sector closely and want to capitalise on its potential in the long run," reads the translated India section of what appears to be an internal report prepared by iSoon. 

User data for the state-run pension fund management, the Employees' Provident Fund Organisation (EPFO), the state telecom provider Bharat Sanchar Nigam Limited (BSNL), and the private healthcare chain Apollo Hospitals were also allegedly compromised. 

The leaked documents also mentioned about 95GB of India's immigration statistics from 2020, referred to as "entry and exit points data". Notably, following the conflict in Galwan Valley in 2020, India-China relations deteriorated further.

"India has always been a major emphasis for the Chinese APT side of things. The stolen data inevitably covers quite a few Indian organisations, including Apollo Hospital, persons coming in and out of the nation in 2020, the Prime Minister's Office, and population figures," said Taiwanese researcher Azaka, who initially uncovered the GitHub hack. 

This is not the first time China has been blamed for cyberattacks on India. Seven Indian power hubs were reportedly targeted by hackers linked to China in 2022. Threat actors attempted to breach India's power system in 2021 as well.
Read more »
User Privacy
Class Action Lawsuit Data Breach Data Leak Ransomware attack User Privacy

South Staffs Water Faces a Group Action Following Clop Ransomware Attack

 

Following the theft and disclosure of their data by the Clop/Cl0p ransomware group, nearly one thousand victims recently filed a class action lawsuit against South Staffordshire Plc. 

South Staffordshire Plc, which owns South Staffordshire Water and Cambridge Water, served 1.6 million Midlands customers when Clop targeted its networks in August 2022.

The cyber attack on its systems became well-known at the time because Clop falsely claimed it had targeted Thames Water, which serves consumers in Greater London and other parts of south-east England. 

The inept cyber crooks published a lengthy rant against Thames Water, criticising its alleged cyber malfeasance and urged customers to come together to sue them. Two and a half years later, Manchester-based Barings Law is seeking legal action over the breach, for which South Staffs has admitted liability. 

Bank sort codes, account numbers used for direct debit payments and bank transfers, names, residences, and other sensitive information were among the details that Barings said its claimants saw published on the dark web. It states that South Staffs did not fulfil its obligation to safeguard its clients' personal information.

“This cyber attack has exposed a significant number of individuals to potential risks and damages,” stated Adnan Malik, head of data breach at Barings Law. “Our clients are seeking not only financial compensation, but also accountability from South Staffs Water for the lapses in data protection. We are regularly fielding enquiries from the public who are concerned they may have been victims of this terrible incident.” 

“This data breach is a serious infringement of privacy rights, and we will robustly pursue justice on behalf of the claimants to ensure that they receive fair compensation for the potential repercussions of this breach. Barings Law remains committed to championing the rights of those affected and holding accountable any entity that neglects its responsibility to protect sensitive data,” Malik added. 

Barings was established in 2009 and is becoming known for specialising in similar collective claims involving cyberattacks that resulted in the theft and disclosure of personally identifiable information (PII). Notable actions against Capita and Carphone Warehouse have advanced in the last 12 months. 

The Capita lawsuit pertains to two 2023 incidents that compromised common people's data: the first was a ransomware attack that impacted multiple pension funds, and the second was an inadvertent leak of data housed in an insecure Amazon Web Services (AWS) S3 storage bucket. As of mid-January 2024, over 5,000 people had signed up to join. 

Capita has denied the legitimacy of this claim, stating that "no evidence of any information in circulation, on the dark web or otherwise, resulting from the cyber incident, and no evidence linking Capita data to fraudulent activity".
Read more »
User Privacy
Data Breach Data Leak France Health Care Firm User Privacy

Millions are at Risk After a French HealthCare Services Firm's Data Leak

 

Viamedis, a French healthcare services provider, suffered a cyberattack that exposed the private data of policyholders and medical professionals in the country. Though the company's website is currently not accessible, an announcement concerning the data breach has been posted on LinkedIn. 

The data revealed in the hack includes a beneficiary's marital status, date of birth, social security number, health insurer's name, and guarantees that can be paid by third parties.

The firm has clarified that the compromised systems did not contain people's banking details, postal addresses, phone numbers, or emails. Viamedis states that different alerts on the data that was exposed will be sent to healthcare professionals. 

In light of this, Viamedis has contacted the relevant authorities (CNIL, ANSSI), impacted health organisations, and the public prosecutor via complaint. The business is still looking into the implications of the breach. 

Since Viamedis oversees payments for 84 healthcare organisations that serve 20 million insured people, it is evident that the hack has a considerable impact. However, the exact number of individuals impacted has not been disclosed. 

An investigation is being launched to determine the extent of the breach, according to Agence France-Presse (AFP) and the company's general director, Christophe Cande. 

"To date, we do not have the number of insured individuals impacted; we are still in the process of investigation." - GD Viamedis' Cande.

Additionally, Cande stated that ransomware wasn't employed in the cyberattack. Instead, he claimed that the threat actor gained access to its systems through a phishing attempt that was successful against an employee. 

A warning confirming the indirect impact of the Viamedis data breach has been posted on the website of Malakoff Humanis, one of the organisations that works with Viamedis. 

Malakoff Humanis, one of the organisations associated with Viamedis, has put a notification on its website confirming the indirect effects of the data breach. 

In addition, the company is notifying affected consumers of the hack and service disruption through data breach notifications.

The statement reiterates the information mentioned in the Viamedis notification and informs customers that no banking, medical, or contact information saved on the platforms has been compromised.

According to Malakoff Humanis, users can still access their accounts and submit reimbursement claims. However, the temporary disconnection of the Viamedis platform is expected to disrupt the delivery of certain healthcare services. Similar circumstances are foreseen for other Viamedis service providers, such as Carte Blanche Partenaires, Itelis, Kalixia, Santéclair, and Audiens.
Read more »
Online Security
Car Maker Data Breach Data Leak Leak Source Code Online Security

Mercedes-Benz Accidentally Leaked Private Data, Including Source Code

 

Mercedes-Benz unintentionally leaked a trove of internal data by leaving an obscure key online that gave "unrestricted access" to the company's source code, according to the security research team that unearthed it. 

TechCrunch was notified of the exposure by RedHunt Labs' co-founder and chief technology officer Shubham Mittal, who also requested help in notifying the automaker. The London-based cybersecurity firm claimed that during a standard internet scan in January, it found the authentication token of a Mercedes employee in a public GitHub project.

According to Mittal, this token, which is a substitute to using a password for authentication on GitHub, could allow anyone complete access to Mercedes's GitHub Enterprise Server, allowing them to acquire the company's proprietary source code repositories. 

“The GitHub token gave ‘unrestricted’ and ‘unmonitored’ access to the entire source code hosted at the internal GitHub Enterprise Server,” Mittal explained. “The repositories include a large amount of intellectual property… connection strings, cloud access keys, blueprints, design documents, [single sign-on] passwords, API Keys, and other critical internal information.”

Mittal provided TechCrunch evidence that Mercedes source code, a Postgres database, and keys for Microsoft Azure and Amazon Web Services (AWS) were all there in the exposed repository. If any customer data was present in the repositories is unknown. 

Mercedes was informed of the security flaw by TechCrunch on Monday of last week. Mercedes official Katja Liesenfeld stated on Wednesday that the company has revoked the respective API token and removed the public repository immediately. 

“We can confirm that internal source code was published on a public GitHub repository by human error. The security of our organisation, products, and services is one of our top priorities. We will continue to analyse this case according to our normal processes. Depending on this, we implement remedial measures,” Liesenfeld added. 

Mercedes declined to comment on whether it was aware of any unauthorised access by third parties to the leaked data or whether it possesses the technological know-how, such as access logs, to ascertain whether unauthorised access to its data repositories occurred. The representative gave vague security justifications. 

The personal information of Hyundai Motor India customers who had their vehicles serviced at Hyundai-owned stations throughout India, including names, mailing addresses, email addresses, and phone numbers, was exposed due to a bug that was fixed by the company's India subsidiary, as TechCrunch exclusively reported earlier this month.
Read more »
Subscribe to: Posts (Atom)