Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Stolen. Show all posts
New York Times
Critical Data Data Breach Data Leaks data security Data Stolen DevOps Leak Source Code Mercedes Benz Microsoft New York Times

DevOps data breaches expose Microsoft, Schneider Electric, Mercedes-Benz, and New York Times

 

Source code forms the backbone of every digital enterprise, and platforms such as GitHub and Atlassian are trusted to safeguard this critical data. Yet, organizations must remember that under the Shared Responsibility Model, users retain accountability for the security of their data. Even the smallest mistake can trigger a devastating cascade, from large-scale leaks of proprietary code to stolen credentials and severe reputational and financial consequences. 

Recent breaches across industries highlight how valuable DevOps environments have become to cybercriminals. Companies as diverse as Mercedes-Benz, The New York Times, and Schneider Electric have all suffered from security lapses, showing that innovation without adequate protection leaves no organization immune. The growing threat landscape underscores the scale of the problem, with cyberattacks occurring roughly every 39 seconds worldwide. IBM has observed a 56% increase in active ransomware groups, while Cybersecurity Ventures predicts that cybercrime costs will rise from $10.5 trillion in 2025 to more than $15 trillion by 2029. The CISO’s Guide to DevOps Threats further identifies technology, fintech, and media as the sectors most at risk, with 59% of ransomware activity concentrated in the United States. Data breaches typically ripple beyond the initial target, affecting partners, customers, and supply chains. 

The ransomware group HellCat has demonstrated how exposed credentials can become a doorway to widespread damage. By exploiting stolen Atlassian Jira logins, they infiltrated global enterprises including Schneider Electric, Orange Group, Telefonica, Jaguar Land Rover, and Ascom. Schneider Electric alone had 40GB of data stolen in 2024, including user records, email addresses, and sensitive project information, with a ransom demand of $125,000. Telefonica was breached twice in 2025, losing over 100GB of internal documents and communications. Similar compromises at Jaguar Land Rover and Ascom revealed thousands of employee records and sensitive corporate data, illustrating how poor credential management fuels recurring attacks. 

Mismanaged access tokens also pose severe risks. Mercedes-Benz faced exposure when an employee accidentally embedded a GitHub token in a public repository, potentially granting attackers access to confidential assets like API keys and database credentials. Threat actors have also weaponized GitHub itself, using trojanized proof-of-concept code and malicious npm dependencies to exfiltrate hundreds of thousands of WordPress credentials and cloud keys. Even unexpected groups, such as fans of Disney’s discontinued Club Penguin, exploited exposed Confluence logins to access corporate files and developer resources. The New York Times confirmed that leaked credentials on a third-party code platform exposed 270GB of internal data, though it reported no operational disruption. 

The cumulative impact of these incidents is staggering, with terabytes of stolen data, millions of records exposed, and reputational harm that far exceeds immediate costs. As regulatory penalties intensify and compliance standards grow stricter, the financial fallout of DevOps data breaches is likely to escalate further, leaving organizations with little choice but to prioritize security at the core of their operations.
Read more »
Ransomware attack
Cyber Fraud Data Stolen MathWorks Ransomware attack

MathWorks Confirms Ransomware Incident that Exposed Personal Data of Over 10,000 People

 




MathWorks, the company behind MATLAB and Simulink, has confirmed a ransomware attack that disrupted several of its online services and internal systems. The company said the disruption affected services customers use to sign in and manage software, and that it alerted federal law enforcement while investigating the incident. 

According to state notifications filed with regulators, the attack resulted in the unauthorized access and theft of personal information for 10,476 people. These filings list the full count reported to state authorities. 


What was taken and who is affected

The company’s notices explain that the records exposed vary by person, but may include names, postal addresses, dates of birth, Social Security numbers, and in some cases non-U.S. national ID numbers. In short, the stolen files could contain information that makes victims vulnerable to identity theft. 

MathWorks’ own statements and regulatory notices put the window of unauthorized access between April 17 and May 18, 2025. The company discovered the breach on May 18 and publicly linked the outage of several services to a ransomware incident in late May. MathWorks says forensic teams contained the threat and that investigators found no ongoing activity after May 18. 


What is not yet known 

MathWorks has not identified any named ransomware group in public statements, and so far there is no verified public evidence that the stolen data has been published or sold. The company continues to monitor the situation and has offered identity protection services for those notified. 


What you can do 

If you use MathWorks products, check your account notices and follow any enrollment instructions for identity protection. Monitor financial and credit accounts, set up fraud alerts if you see suspicious activity, and change passwords for affected services. If you receive unusual messages or requests for money or personal data, treat them with suspicion and report them to your bank or local authorities.

Keep an eye on financial activity: Regularly review your bank and credit card statements to spot unauthorized transactions quickly.

Consider credit monitoring or freezes: In countries where these services are available, they can help detect or prevent new accounts being opened in your name.

Reset passwords immediately: Update the password for your MathWorks account and avoid using the same password across multiple platforms. A password manager can help create and store strong, unique passwords.

Enable multi-factor authentication: Adding a second layer of verification makes it much harder for attackers to gain access, even if they have your login details.

Stay alert for phishing attempts: Be cautious of unexpected emails, calls, or texts asking for sensitive information. Attackers may use stolen personal details to make their messages appear more convincing.



Read more »
Ransomware
BYOVD Attack Cyber Crime Data Stolen EDR Ransomware

New Hacking Tool Lets Ransomware Groups Disable Security Systems

 



Cybersecurity experts have discovered a new malicious tool designed to shut down computer security programs, allowing hackers to attack systems without being detected. The tool, which appears to be an updated version of an older program called EDRKillShifter, is being used by at least eight separate ransomware gangs.

According to researchers at Sophos, the groups using it include RansomHub, Blacksuit, Medusa, Qilin, Dragonforce, Crytox, Lynx, and INC. These criminal gangs use such programs to disable antivirus and Endpoint Detection and Response (EDR) systems software meant to detect and stop cyberattacks. Once these protections are switched off, hackers can install ransomware, steal data, move through the network, and lock down devices.


How the Tool Works

The new tool is heavily disguised to make it difficult for security software to spot. It starts by running a scrambled code that “unlocks” itself while running, then hides inside legitimate applications to avoid suspicion.

Next, it looks for a specific type of computer file called a driver. This driver is usually digitally signed, meaning it appears to be safe software from a trusted company but in this case, the signature is stolen or outdated. If the driver matches a name hidden in the tool’s code, the hackers load it into the computer’s operating system.

This technique is called a “Bring Your Own Vulnerable Driver” (BYOVD) attack. By using a driver with security weaknesses, the hackers gain deep control of the system, including the ability to shut down security tools.

The driver pretends to be a legitimate file, sometimes even mimicking trusted products like the CrowdStrike Falcon Sensor Driver. Once active, it terminates the processes and services of security products from well-known vendors such as Microsoft Defender, Kaspersky, Symantec, Trend Micro, SentinelOne, McAfee, F-Secure, and others.


Shared Development, Not Leaks

Sophos notes that while the tool appears in attacks by many different groups, it is not a case of one stolen copy being passed around. Instead, it seems to be part of a shared development project, with each group using a slightly different version — changing driver names, targeted software, or technical details. All versions use the same “HeartCrypt” method to hide their code, suggesting close cooperation among the groups.


A Common Criminal Practice

This is not the first time such tools have been shared in the ransomware world. In the past, programs like AuKill and AvNeutralizer have been sold or distributed to multiple criminal gangs, allowing them to disable security tools before launching attacks.

The discovery of this new tool is a reminder that ransomware operators are constantly improving their methods and working together to overcome defenses. Security experts stress the need for updated protections and awareness to defend against such coordinated threats.

Read more »
protecting sensitive data
Data Breach Data Sale data security Data Stolen Data Theft Database Leaked Database Security Infostealer Personal Data Personal Information protecting sensitive data

Startup Sells Stolen Personal Data Online for $50, Raising Alarms Over Privacy and Ethics

 

A new controversy is brewing over a U.S.-based startup accused of making stolen personal data widely accessible—for as little as $50. Farnsworth Intelligence, founded by 23-year-old Aidan Raney, is openly marketing a product called “Infostealers,” which allows customers to search a massive database of sensitive information, including passwords, browser autofill data, and private account credentials. 

According to investigative reporting by 404 Media, this information isn’t simply scraped from public directories or legally collected sources. Instead, it appears to come directly from major data breaches—information illegally obtained from hacked websites and platforms. Users can buy access through the company’s online portal, Infostealers.info, raising serious questions about the legality and ethics of such transactions. 

While services like people-search websites have long existed, Farnsworth’s platform seems to go far beyond what’s commonly available. Some of the information for sale includes usernames, passwords, browser history, addresses saved in auto-fill fields, and more—data types typically leaked only after breaches. Their advanced offering, the Infostealer Data Platform, promises even deeper access. Although not available to everyone, it can be granted upon request for uses like journalism, cybersecurity, private investigations, or law enforcement. The company doesn’t appear to require a court order or warrant for access. 

Farnsworth Intelligence makes bold claims about its reach and capabilities. Its website boasts about human intelligence operations and even claims to have infiltrated a North Korean laptop farm via social engineering. It promotes use cases like “corporate due diligence,” “background checks,” and “asset searches,” without clearly explaining how it acquires its “trillions” of data points. The lack of transparency, coupled with the open sale of sensitive data, is alarming. 

Experts argue that while security researchers and cybersecurity firms often monitor breach data to help protect users, monetizing it so brazenly is a different matter entirely. As Cooper Quintin from the Electronic Frontier Foundation notes, “It would be illegal and unethical to sell stolen cell phones even if you didn’t steal them yourself, and I don’t see how this is any different.”  

Even more concerning is the potential for abuse. With no real verification or oversight, bad actors—including stalkers or authoritarian agencies—could exploit this platform to target individuals, especially those already at risk. The implications for personal safety, privacy rights, and digital ethics are profound. 

This development underscores how data breaches don’t just disappear—they become weapons for profit in the wrong hands.
Read more »
Zoomcar
Data Breach Data Stolen India US SEC Zoomcar

Zoomcar Data Breach Exposes Personal Information of 8.4 Million Users

 



Zoomcar, a well-known car-sharing platform, recently reported that a cyberattack exposed the personal details of approximately 8.4 million users. The information that was accessed includes users’ names, phone numbers, and vehicle registration details.

The company, based in Bengaluru, India, disclosed this security incident in a filing with the U.S. Securities and Exchange Commission (SEC). According to the filing, Zoomcar discovered the issue on June 9 after some of its employees received direct messages from an unknown individual who claimed to have broken into the company’s systems and gained access to its data.

In response, Zoomcar quickly launched its incident response plan — a set of steps companies take to control damage and secure their systems after a cyberattack. The company explained that, so far, there is no sign that financial information, unencrypted passwords, or highly sensitive personal identifiers were stolen in this breach.

Zoomcar has since introduced additional security measures to strengthen its internal systems and cloud services. These steps include improved system monitoring and a careful review of user access controls to prevent future attacks. However, the company did not give detailed explanations of these new protections.

The company also confirmed that it is working with independent cybersecurity experts to investigate the incident further. Relevant law enforcement agencies and regulatory authorities have been notified and are now involved in the case.

At this point, Zoomcar has not provided any public updates on whether it has directly informed the affected users or if it has managed to identify the hacker responsible.

As of now, the company says this breach has not affected its day-to-day business operations.

Zoomcar, founded in 2013, is a platform that allows users to rent cars by the hour, day, week, or month. It currently operates in 99 cities with a fleet of over 25,000 cars and has built a user base of more than 10 million people. Apart from India, the company also runs services in Egypt, Indonesia, and Vietnam.

Earlier this year, Zoomcar reported that it had seen a 19% increase in car rentals compared to the previous year, totaling over 103,000 bookings. The company also noted a significant improvement in its contribution profit, which rose by over 500% to $1.28 million. However, despite these gains, the company’s net loss still stood at $7.9 million.

Cyberattacks like this highlight the importance of strong cybersecurity practices and continuous monitoring, especially for companies that handle large amounts of personal user information. It also raises questions about how quickly companies notify customers after discovering such breaches.

For now, Zoomcar says it is taking the situation seriously and is fully cooperating with all ongoing investigations.

Read more »
Password
AI Privacy Credentials Stolen CyberCrime CyberThreat Data Breach Data Stolen Datasafety Password

Global Data Breach Uncovers 23 Million Stolen Credentials

 


As a consequence of the fact that a single set of login credentials can essentially unlock an individual's financial, professional, and personal life, the exposure of billions of passwords represents more than just a routine cybersecurity concern today- it signals a global crisis in the trust of digital systems and data security. 

Cybernews has recently reported a staggering number of 19 billion passwords that circulate on underground criminal forums right now, according to their findings. According to experts, this massive database of compromised credentials, which is one of the most extensive collections of credentials ever recorded, is intensifying cyberattacks around the globe in an attempt to increase their scale and sophistication. 

As opposed to isolated breaches of the past, this latest leak seems to have come from years of data breaches, reassembled and repurposed in a way that enables threat actors to launch highly automated and targeted attacks that can be used by threat actors. Not only is the leaked data being used to breach individual accounts, but it is also allowing credential stuffing campaigns to run on a large scale against banks, corporations, and government systems, involving automated login attempts using the leaked credentials. 

Due to this rapid development of the threat landscape, cybersecurity professionals are warning that attacks will become more personal, more frequent, and harder to detect in the future. Considering the sheer number of compromised passwords, it is evident that it is essential to implement more comprehensive digital hygiene practices, such as multi-factor authentication, regular password updates, and educating the public about the dangers associated with reused or weak credentials. Today's hyperconnected world is a powerful reminder that cybersecurity isn't an optional issue. This development serves as a strong reminder of the importance of maintaining strong digital hygiene.

As the threat posed by infostealer malware continues to grow, a thriving underground economy of stolen digital identities will continue to thrive as a result. Infections are silently carried out by these malicious programs that harvest sensitive information from devices. These details include login credentials, browser-stored data, and session cookies. These data are then sold or traded between cybercriminals. With billions of compromised records currently circulating within these illicit networks, it is alarming to see the scale of this ongoing data theft. 

One example of this was when a massive dataset, referred to as "ALIEN TXTBASE", was ingested into the widely trusted breach monitoring service, Have I Been Pwned, by cybersecurity expert Troy Hunt, known for being a very prominent case study. In the dataset, 1.5 terabytes of stealer logs are included, which contain approximately 23 billion individual data rows. These logs comprise 1.5 terabytes in total. According to the researchers, over 284 million distinct email accounts around the world were impacted by these breaches, which accounted for 493 million unique combinations of websites and email addresses. This trove of disclosed information underscores the magnitude of these breaches as they are becoming increasingly widespread and indiscriminate.

A malware program known as Infostealer does not target specific individuals but rather casts a wide net, infecting systems en large and stealing personal information without the knowledge of the user. As a result, there is an ever-increasing number of compromised digital identities that are constantly growing, which is a significant contributor to the global increase in the risks of account takeovers, fraud, and phishing attacks, as well as long-term privacy violations. 

It is common for individuals to believe they are unlikely targets for cybercriminals simply because they do not feel that they are "important enough." This belief is very, very false, and it is not possible to find a way to change it. In reality, modern cyberattacks are not manually orchestrated by hackers selecting a specific victim; instead, they are driven by automated tools capable of scanning and exploiting vulnerabilities at a large scale using automated tools. Regardless of whether a person has a professional or personal online presence, anyone can potentially be at risk, no matter what their profession, profile, or perceived importance is. 

The worst part is that, based on recent data, about 94% of the 19 billion leaked passwords were reused on multiple accounts in a way that makes the situation even more concerning. Cybercriminals can successfully infiltrate others using the same credentials once one account has been compromised, increasing the chances of successful attacks. It can be extremely difficult for an individual to cope with the consequences of a successful password breach. 

They may have to give up their email accounts, social media accounts, cloud storage accounts, financial applications, and more if they are hacked. When hackers have access to their accounts, they may use them to commit identity theft, open fraudulent credit lines, or conduct unauthorised financial transactions. As a result of the exposure of sensitive personal and professional information, it is also possible to face public humiliation, blackmail, or reputational damage, especially if malicious actors misuse compromised accounts for the dissemination of misinformation or for conducting illicit activities. 

As a result, cybercrime is becoming more sophisticated and sophisticated, thereby making everyone, regardless of their digital literacy, vulnerable without proper cybersecurity measures in place. Cybercrime risks are no longer theoretical—they are becoming a reality daily. Several leaked records reveal the inner workings of infostealer malware, offering a sobering insight into how these threats function in such a precise and stealthy manner. 

While traditional data breaches are focused on large corporate databases, infostealers typically infect individual devices without the user's knowledge and take a more insidious approach, often without the user being aware of it. In addition to extracting data such as saved passwords, session cookies, autofill entries, and browser history, these malicious tools can also extract a wide range of sensitive data as soon as they are embedded. 

Once the data is stolen, it is then trafficked into cybercriminal circles, leading to a vicious cycle of account takeovers, financial fraud, and identity theft. It has recently been reported that the ALIEN TXTBase dataset, which has received much attention because of its huge scope and structure, is a notable example of this trend. There is a misconception that this dataset stems from a single incident, but in fact, it is actually a compilation of stealer logs from 744 different files that were derived from a single incident. 

It was originally shared through a Telegram channel, where threat actors often spread such information in a very unregulated and open environment. Each entry in the dataset follows the same format as a password—URL, login, and password, which provides an in-depth look at the credentials compromised. Troy Hunt, a cybersecurity researcher, gathered these fragments and compiled them into one unified and analysed dataset, which was then incorporated into Have I Been Pwned, a platform that can be used to identify a user's vulnerability. 

It is important to note that only two sample files were initially reviewed; however, as it became clear that the extent of the leak was immense, the whole collection was merged and analysed to gain a clearer picture of the damage. By aggregating this data methodically, cybercriminals are demonstrating that they aren't merely exploiting isolated incidents; they're assembling vast, cumulative archives of stolen credentials that they're cultivating over time. By sharing and organising this data in such a widespread manner, the reach and effectiveness of infostealer campaigns can be accelerated, presenting a threat to both personal privacy as well as organisational security for many years to come.

Act Without Delay 


As a result of the recent security breaches of passwords, individuals can still protect themselves by taking action as soon as possible to protect themselves and their devices. Procrastination increases vulnerability as threats are rapidly evolving. 

Strengthen Passwords


Creating a strong, unique password is essential. Users should avoid using common patterns when writing their passwords and create passphrases that include uppercase, lowercase, numbers, and symbols, in addition to letters and numbers. Password managers can assist in creating and storing complex passwords securely. 

Replace Compromised Credentials


Changing passwords should be done immediately if they are reused across different websites or remain unchanged for an extended period, especially for sensitive accounts like email, banking, and social media. Tools like Have I Been Pwned can help identify breaches faster. 

Enable Multi-Factor Authentication 


A multi-factor authentication system (MFA) reduces the risk of a security breach by reducing the need to upload multiple authentication credentials. App-based authenticators such as Google Authenticator provide better security than SMS-based authenticators, which are still preferable. 

Use Privacy Tools

Several platforms like Cloaked provide disposable email addresses and masked phone numbers, which minimise the possibility of sensitive information being breached and the exposure of personal information. 

Stay Vigilant and Informed

It is critical to monitor account activity regularly, revoke untrusted entry to accounts, and enable alerts on untrusted devices. Staying informed through a trusted cybersecurity source and educating others on how to protect themselves will further enhance collective security. The growing threat of credential theft can be combated by raising awareness, taking timely action, and establishing strong security habits. 

Protecting a person's digital identity is an ongoing responsibility which requires vigilance, proactive measures, and continuous awareness. As a result of recent credential leaks of unprecedented scale and sophistication, it has become increasingly imperative for individuals as well as organisations to take additional measures to ensure their cybersecurity posture is as secure as possible. Proactive and continuous vigilance must become an integral part of all organisations' cybersecurity practices, incorporating not just robust password management and multi-factor authentication, but also regular security audits and real-time monitoring of digital assets. 

As a precautionary measure against exploitation, companies should implement comprehensive cybersecurity frameworks, which include employee training, threat intelligence sharing, and incident response planning. It is equally important that users adopt privacy-enhancing tools and remain informed about emerging threats to stay ahead of adversaries who continually change their tactics, thereby protecting themselves against the relentless attacks of cyber adversaries. 

In the end, protecting digital identities is a continuous commitment that requires both awareness and action; if you fail to perform these responsibilities, you expose your business and personal data to relentless cybercriminals. Stakeholders need to cultivate a culture of security, mindfulness,sadandeverage advanced protective measures. This will reduce their vulnerability in the increasingly interconnected digital ecosystems of today, preserving trust and resilience to overcome the challenges presented by cybersecurity threats.
Read more »
Seattle Port
Airport Cyber Attacks Data Stolen Ransomware Rhysida Seattle Port

Port of Seattle Battles Ransomware Attack, Refuses to Pay

 



The Port of Seattle and Seattle-Tacoma International Airport have corroborated that the major system outages which took place late August were caused by a ransomware attack. On August 24, a cyberattack partially disrupted the critical operations at the airport with websites, emails, and phone services down and even affected some services at the airport. The attack was immediately detected and in response, the IT team decided to shut the entire system in order to prevent further damage.

Ransomware attack, by the criminal group, Rhysida, into the computer systems at the airport accessed unauthorised and encrypted some parts of their data. The spokesperson to the airport, Perry Cooper said that IT noticed some malicious activities in the system on the day of the attack and took immediate actions to stop the spread of malware. The Port of Seattle said the measures by its staff, including forensic experts and law enforcement, were effective in thwarting the attack since no further unauthorised activity was detected following the breach.

Operational Disruptions

Even with these measures being put into place, the attack had a great impact on the day-to-day running of Sea-Tac Airport. Passengers were denied the luxury of getting information on arrival and departure flight schedules from the reader boards for the past several days. The airlines at the airport could not use the digital systems and had to revert back to the old method of pen and paper for marking baggage. In addition to the others, critical services such as check-in kiosks, lost and found, Wi-Fi, and reserved parking were affected too, leaving many of both airline customers and employees greatly inconvenienced.

Its official website, portofseattle.org, is still unavailable, leaving travellers to rely on an alternate website, washingtonports.org, for information and updates. These services have been returning to normal gradually, but the attack affected a number of different parts of airport and port operations across the board.

Port of Seattle Refuses to Pay Ransom

Even at this advanced stage, the Port of Seattle has categorically rejected the ransom demands from the attackers. The executive director of the Port Steve Metruck stated in a public statement that to grant the ransom demand would go against the very purpose of the values of the Port and add nothing to its responsibility to protect the money that the taxpayer entrusts to the Port. The Port is alert to the fact that Rhysida may upload all the stolen data on the dark web in the name of retaliation, but it has been faithfully committed to not paying any ransom to criminals.

Although the nature and extent of the stolen data remain unknown, the Port has vowed to inform any employee or passenger whose personal data may have been compromised that their data was stolen.

Securing a Brighter Tomorrow

Over the past few months, other than trying to regain its systems following an attack, the Port of Seattle is also fortifying its defences against future attacks. On its part, the organisation has taken further actions to fortify its cybersecurity to prevent a future version of such attacks. Metruck says, "This has been a learning experience for us and lessons derived from this attack will be instrumental in building on a more resilient IT infrastructure." Apart from that, Port is working with partners to secure business and critical infrastructure.

Despite the hold-up caused by the attack, Port of Seattle officials assured the public that it is still safe to travel from Sea-Tac Airport and to make use of its maritime facilities. This shows commitment to maintaining the safety and the efficiency of its operations, including response and continued recovery.




Read more »
Ransomware attack
brain cipher Cyber Attacks data security Data Stolen Data Theft Financial Security Olympics Ransomware attack

Ransomware Group Brain Cipher Targets French Museums During Olympics

 

The ransomware group Brain Cipher has claimed responsibility for a cyberattack on several French National Museums that took place during the Olympic Games earlier this month. The attack, which targeted institutions managed by the Réunion des Musées Nationaux – Grand Palais (RMN-GP), allegedly compromised 300 GB of data from a system used to centralize financial information. 

Despite the group’s threat to leak the stolen data, they have not yet revealed the nature of the information. The French Cybersecurity Agency (ANSSI) confirmed it was alerted to the attacks and promptly provided assistance to RMN-GP. ANSSI assured the public that the incident did not affect any systems related to the Olympic Games. Events like taekwondo and fencing, hosted by the RMN-GP, continued without disruption. RMN-GP also confirmed that there were no operational impacts, encrypted systems, or extracted data detected in connection with the attack. 

Nevertheless, the situation remains closely monitored as the countdown to the data leak continues on Brain Cipher’s blog, set to occur at 20:00 UTC. Brain Cipher is a relatively new ransomware group that first emerged in June 2023. Since then, the group has been linked to various cyberattacks targeting different sectors, including medical, educational, and manufacturing organizations, along with Indonesian government servers. Despite their activities, the group has attempted to maintain a controversial public image. 

In one case, they apologized for a cyberattack on Indonesian government servers, claiming they were acting as penetration testers rather than criminals. They even released a decryptor to restore the locked files without being pressured by the government, presenting themselves as ethical hackers or white-hat operators, although their actions and motives remain dubious. The data allegedly stolen from RMN-GP is believed to involve sensitive financial information, but no further details have been disclosed by Brain Cipher. 

The threat of releasing such a large volume of data has sparked concerns over potential exposure of confidential details, which could affect both the organization and the individuals associated with it. As the clock ticks down to the group’s proposed leak, questions are raised about the nature of the stolen data and the potential fallout from its exposure. Cyberattacks like this highlight the growing threat posed by ransomware groups to both public and private institutions worldwide. 

The incident also underscores the importance of robust cybersecurity measures, particularly during high-profile events such as the Olympic Games. Although there has been no impact on the Olympic-related systems, the attack serves as a reminder of the constant vigilance required to protect critical infrastructure and data.
Read more »
OnStar Smart Driver
Automobile Car Data Cyber Security Data Brokers data misuse Data Privacy Data Safety Data Stolen EFF GPS OnStar Smart Driver

The Hidden Cost of Connected Cars: Your Driving Data and Insurance

 

Driving to a weekend getaway or a doctor's appointment leaves more than just a memory; it leaves a data trail. Modern cars equipped with internet capabilities, GPS tracking, or services like OnStar, capture your driving history. This data is not just stored—it can be sold to your insurance company. A recent report highlighted how ordinary driving activities generate a data footprint that can be sold to insurers. These data collections often occur through "safe driving" programs installed in your vehicle or connected car apps. Real-time tracking usually begins when you download an app or agree to terms on your car's dashboard screen. 

Car technology has evolved significantly since General Motors introduced OnStar in 1996. From mobile data enhancing navigation to telematics in the 2010s, today’s cars are more connected than ever. This connectivity offers benefits like emergency alerts, maintenance notifications, and software updates. By 2030, it's predicted that over 95% of new cars will have some form of internet connectivity. Manufacturers like General Motors, Kia, Subaru, and Mitsubishi offer services that collect and share your driving data with insurance companies. Insurers purchase this data to analyze your driving habits, influencing your "risk score" and potentially increasing your premiums. 

One example is the OnStar Smart Driver program, which collects data and sends it to manufacturers who then sell it to data brokers. These brokers resell the data to various buyers, including insurance companies. Following a critical report, General Motors announced it would stop sharing data with these brokers. Consumers often unknowingly consent to this data collection. Salespeople at dealerships may enroll customers without clear consent, motivated by bonuses. The lengthy and complex “terms and conditions” disclosures further obscure the process, making it hard for consumers to understand what they're agreeing to. Even diligent readers struggle to grasp the full extent of data collection. 

This situation leaves consumers under constant surveillance, with their driving data monetized without their explicit consent. This extends beyond driving, impacting various aspects of daily life. To address these privacy concerns, the Electronic Frontier Foundation (EFF) advocates for comprehensive data privacy legislation with strong data minimization rules and clear, opt-in consent requirements. Such legislation would ensure that only necessary data is collected to provide requested services. For example, while location data might be needed for emergency assistance, additional data should not be collected or sold. 

Consumers need to be aware of how their data is processed and have control over it. Opt-in consent rules are crucial, requiring companies to obtain informed and voluntary permission before processing any data. This consent must be clear and not hidden in lengthy, jargon-filled terms. Currently, consumers often do not control or even know who accesses their data. This lack of transparency and control highlights the need for stronger privacy protections. By enforcing opt-in consent and data minimization, we can better safeguard personal data and maintain privacy.
Read more »
Singapore
Cyber Crime Cyber Safety CyberCriminal data security Data Stolen Data Theft Database Breach Hacker attack KYC Singapore

Cybercriminals Threaten Release of Stolen World-Check Database, Exposing Millions to Financial Risk

 

A financially motivated criminal hacking group, self-identified as GhostR, has claimed responsibility for the theft of a confidential database containing millions of records from the renowned World-Check screening database. The stolen data, totaling 5.3 million records, includes sensitive information used by companies for screening potential customers and assessing their links to sanctions and financial crime.
 
World-Check, a vital tool for conducting "know your customer" (KYC) checks, enables companies to identify high-risk individuals with potential ties to money laundering, government sanctions, or other illicit activities. The hackers disclosed that they obtained the data from a Singapore-based firm with access to the World-Check database, though the specific company remains unnamed. 

A portion of the stolen data encompasses individuals sanctioned as recently as this year. The compromised records include details of current and former government officials, diplomats, politically exposed persons (PEPs), individuals associated with organized crime, suspected terrorists, intelligence operatives, and even a European spyware vendor. These individuals are deemed high-risk for involvement in corruption, bribery, or other illicit activities. 

The stolen data comprises a wealth of sensitive information, including names, passport numbers, Social Security numbers, online cryptocurrency account identifiers, bank account numbers, and more. Such a breach poses significant risks, as it could potentially expose innocent individuals to unwarranted scrutiny and financial harm. 

Simon Henrick, a spokesperson for the London Stock Exchange Group (LSEG), which oversees World-Check, clarified that the breach did not originate from LSEG's systems but involved a third party's data set. While LSEG did not disclose the identity of the third-party company, they emphasized their commitment to collaborating with the affected party to safeguard data integrity and notify relevant authorities. 

Privately operated databases like World-Check are not immune to errors, raising concerns about the accuracy and fairness of their content. Past incidents, such as the 2016 leak of an older World-Check database, underscore the potential repercussions of erroneous data, including wrongful accusations and financial repercussions for innocent individuals. 

The breach highlights the critical need for enhanced cybersecurity measures and regulatory oversight to protect sensitive personal information and mitigate the risks associated with data breaches. As investigations into the incident continue, stakeholders must prioritize transparency, accountability, and proactive measures to prevent future breaches and safeguard consumer data privacy.
Read more »
Ransomware attack
Data Breach Data Stolen Data Theft Motel One Ransomware attack

Motel One Says Ransomware Gang Stole Customer Credit Card Information

Motel One, a prominent hotel chain in Europe, recently experienced a ransomware attack, resulting in unauthorized access to customer data. The hotel is recognized for its budget-friendly accommodations and operates a network of 90 hotels across Europe and the United States. The hotel has assured that the impact of the attack was kept to a bare minimum. 

Nevertheless, it has been confirmed that the attackers were able to access specific sensitive customer credentials, including address details and the information associated with 150 credit cards. Prior to the hotel's official statement concerning the attack, the company's name appeared on the dark web leak site associated with the ALPHV ransomware gang. 

The group has stated that they successfully obtained several terabytes of data from the company, notably encompassing portions of customer information. Additionally, TechCrunch company has gained access to a segment of this data, as claimed by the ransomware gang, which is purported to contain details of both employees and specific customers. 

What measures we can take against ransomware attacks? 

1. Extensive research underlines that a significant portion of cyberattacks find their roots in phishing emails. However, through ongoing education and training in social engineering tactics, we have the power to effectively decrease the likelihood of a data breach by as much as 70%. 

2. Insufficient software updates significantly contribute to cybersecurity breaches. It is imperative to uphold a thorough system inventory, conduct comprehensive vulnerability assessments, and apply patches promptly and consistently. 

3. Promote a practice of not reusing passwords and encourage regular password changes among employees. Employing browser-based password managers can be a beneficial tool. The implementation of MFA provides an additional level of user validation and authorization. 

4. Incorporating backups into your risk management and contingency strategies is paramount. Regularly testing and keeping backups isolated from the primary network are critical measures. It's worth noting that while backups are invaluable, they may not always provide complete protection against extortion attempts in the event of a ransomware attack. 

5. Being prepared for unexpected events is essential. A thoroughly rehearsed incident response plan, when coupled with the deployment of endpoint detection and response (EDR) tools, empowers businesses to adeptly handle cyberattacks, lessen the repercussions of a security incident, and accelerate recovery initiatives. 

Additionally, in the event of a ransomware attack, it's crucial not to give in to the extortionists' demands. Instead, we strongly advise reaching out to your local cybersecurity authority, Cyber Watch officers, or the Internet Crime Complaint Center. Remember, paying the ransom will only embolden further ransomware criminal activity.
Read more »
ScarCruft
Data Breach Data Stolen lazarus Mashinostroyeniya Data Breach Missile Program North Korea Hackers NPO Mash ScarCruft

North Korean Hackers Breach Russia’s Top Missile Maker’s Data


Reuters reported on Tuesday about a North Korea-based elite hacker group that is in a bid to steal technology by covertly breaching the computer networks of a Russian missile developer giant. Apparently, the hackers have been running the campaign for nearly five months in 2022. 

The North Korean cyberespionage group has targeted Mashinostroyeniya, a rocket design based in Reutov, Moscow. The hackers group, code-named ScarCruft and Lazarus installed covert digital backdoors into the system at NPO Mashinostroyeniya and was located by Reuters’ James Pearson and Christopher Bing.

However, it has not been made clear as to what data was acquired in the breach. In the following month, the digital break-in Pyongyang introduced several new developments in its banned ballistic missile program, while is not clear if this was in any regards to the breach.

Moreover, no official confirmation has been provided of the espionage by NPO Mashinostroyeniya officials.

About the Targeted Company

The company, commonly known as NPO Mash, specialized in developing hypersonic missiles, satellite technologies and new-generation ballistic armaments. The company was prominent in the Cold War as a premier satellite maker for Russia's space program and as a provider of cruise missiles.

According to experts, the hackers garnered interest in the company after it underlined its mission to develop an Intercontinental Ballistic Missile (ICBM), capable of bringing catastrophe to the mainland United States.

Apparently, the hackers acquired access to the company’s documents and leaked them between 2021, and May 2022. Following this, the IT engineers detected the cybercrime activities, the news agency reported. 

Hackers Read Email Traffic, Jumped Between Networks and Extracted Data from the Company 

According to Tom Hegel, a security researcher with U.S. cybersecurity firm SentinelOne, following the hack, the hackers gained access to the company’s IT environment, which enabled them to read email traffic, jump between networks, and extract data. "These findings provide rare insight into the clandestine cyber operations that traditionally remain concealed from public scrutiny or are simply never caught by such victims," Hegel said.

Digging further into the findings, Hegel’s team of security analysts discovered that one of the NPO Mash IT employees unintentionally exposed his company's internal communications while attempting to investigate the North Korean attack by uploading evidence to a secret portal used by cybersecurity researchers worldwide.

Experts speculate that the data stolen by the hacker group is of great importance, however, it will take a lot more information, effort and expertise for them to actually develop a missile. 

"That's movie stuff[…]Getting plans won't help you much in building these things, there is a lot more to it than some drawings," Hegel further added.

Read more »
Zoom Security
Acoustic Attack CoatNet Cyber Attacks Data Stolen Keyboard security Keystrokes side-channel attacks Zoom Security

With 95% Accuracy, New Acoustic Attack can Steal from Keystrokes


UK universities’ researchers have recently developed a deep learning model, designed to extract information from keyboard keystrokes collected using a microphone, with 95% accuracy. 

The prediction accuracy decreased to 93% when Zoom was used to train the sound classification algorithm, still exceedingly good and a record for that medium.

Such an attack has a significantly adverse impact on the users’ data security since it is capable of exposing users' passwords, conversations, messages, and other sensitive information to nefarious outsiders.

When compared to the other side attacks that need specific circumstances and are susceptible to data rate and distance restrictions, these acoustic attacks are easier to operate because of the popularity of devices that are now equipped with high-end microphones. 

This makes sound-based side-channel attacks achievable and far more hazardous than previously thought, especially given the rapid advances in machine learning.

Listening to Keystrokes

The attack is initiated in order to acquire keystrokes on the victim’s keyboard, since the data is required for the prediction algorithm to work. This can be done via a nearby microphone or by accessing the microphone on the target's phone, which may have been compromised by malware.

Additionally, keystrokes can also be recorded via Zoom call, in which, rogue meeting attendee compares the messages entered by the target with the auditory recording of that person.

The researchers acquired training data by pressing 36 keys on a modern MacBook Pro, 25 times each, further recording the sounds produced on each press. 

The spectrogram images were used to train the image classifier "CoAtNet," and it took some trials and errors with the epoch, learning rate, and data splitting parameters to get the best prediction accuracy outcomes.

The same laptop, whose keyboard has been present in all Apple laptops over the past two years, an iPhone 13 mini positioned 17 cm from the target, and Zoom were utilized in the researchers' tests.

The CoatNet classifier gained 95% accuracy in the smartphone recordings and 93% from the content captured via Zoom. Skype, on the other, produced comparatively lower accuracy, i.e. 91.7%.

Possible Security Measures

In order to protect oneself from side-channel attacks, users are advised to try “altering typing styles,” or generating passwords with randomized keys. 

Another safety measure includes utilizing software in order to generate keystroke sounds, white noise, or software-based keystroke audio filters. 

Moreover, since the attack model proved highly efficient even against a very silent keyboard, installing sound dampeners to mechanical keyboards or shifting to membrane-based keyboards is unlikely to help in any way. 

Finally, using password managers to avoid manually entering sensitive information and using biometric authentication whenever possible also serve as mitigating factors.

Read more »
unauthorised access
Cyber Attacks cybercrime gang Data Stolen Dragos Dragos cybersecurity Dragos hacked Hacked SharePoint cloud platform unauthorised access

Dragos Hacked: Cybersecurity Firm Reveals “Cybersecurity Event”, Extortion Attempt


Industrial cybersecurity company Dragos  recently revealed a “cybersecurity event,” where a notorious cybercrime gang attempted to breach Dragos' defenses and access the internal network to encrypt devices.

The firm disclosed the incident on its blog on May 10, alleging that it took place on May 8 where hackers acquired access to SharePoint and the Dragos contract management system by compromising a new sales employee's personal email address before the employee's start date. The hacker then impersonated the employee to complete the first steps of Dragos' employee-onboarding procedure using the stolen personal information from the hack.

After infiltrating Dragos’ SharePoint cloud platform, the hackers apparently downloaded “general use data” and access 25 intel reports, generally only made available to the customers.

“Dragos' swift response prevented the threat group from achieving its objective — the deployment of ransomware — or to engage in further activity, such as lateral movement, escalating privileges, establishing persistent access, or making changes to any Dragos infrastructure[…]No Dragos systems were breached, including anything related to the Dragos Platform,” the company noted. 

Due to role-based access control (RBAC) regulations, the threat actors were unable to access several Dragos systems during the 16 hours they had access to the employee's account, including its messaging, IT helpdesk, finance, request for proposal (RFP), employee recognition, and marketing systems.

Eleven hours into the attack, after failing to break into the company's internal network, they sent an email of extortion to Dragos executives. Because the message was sent after business hours, it was read five hours later.

Five minutes into reading the extortion message, Dragos disabled the compromised user account, terminated all open sessions, and prevented the hackers' infrastructure from accessing company resources.

The cybercriminal group also attempted to extort the firm by threatening to make the issue public in emails sent to CEOs, senior employees, and family members of Dragos who have public contacts.

One of the IP addresses specified in the IOCs is 144.202.42[.]216, earlier discovered hosting SystemBC malware and Cobalt Strike, both frequently used by ransomware gangs for remote access to compromised systems.

"While the external incident response firm and Dragos analysts feel the event is contained, this is an ongoing investigation. The data that was lost and likely to be made public because we chose not to pay the extortion is regrettable," Dragos said.   

Read more »
Unauthorized data scraped
AI Artificial Intelligence Clearview Clearview AI Clearview Database Data Stolen Privacy Unauthorized data scraped

Clearview AI Scraps 30 Billion Images Illicitly, Giving Them to Cops


Clearview’s CEO has recently acknowledged the notorious facial recognition database, used by the law enforcement agencies across the nation, that was apparently built in part using 30 billion photos that were illicitly scraped by the company from Facebook and other social media users without their consent. Critics have dubbed this practice as creating a "perpetual police line-up," even for individuals who did not do anything wrong. 

The company often boasts of its potential for identifying rioters involved in the January 6 attack on the Capitol, saving children from being abused or exploited, and assisting in the exoneration of those who have been falsely accused of crimes. Yet, critics cite two examples in Detroit and New Orleans where incorrect face recognition identifications led to unjustified arrests. 

Last month, the company CEO, Hoan Ton-That admitted in an interview with the BBC that Clearview utilized photos without users’ knowledge. This made it possible for the organization's enormous database, which is promoted to law enforcement on its website as a tool "to bring justice to victims." 

What Happens When Unauthorized Data is Scraped 

Privacy advocates and digital platforms have long criticized the technology for its intrusive aspects, with major social media giants like Facebook sending cease-and-desist letters to Clearview in 2020, accusing the company of violating their users’ privacy. 

"Clearview AI's actions invade people's privacy which is why we banned their founder from our services and sent them a legal demand to stop accessing any data, photos, or videos from our services," says a Meta spokesperson in an email Insider, following the revelation. 

The spokesperson continues by informing Insider that Meta, since then, has made “significant investments in technology and devotes substantial team resources to combating unauthorized scraping on Facebook products.”

When unauthorized scraping is discovered, the company may take action “such as sending cease and desist letters, disabling accounts, filing lawsuits, or requesting assistance from hosting providers to protect user data,” the spokesperson said. 

In spite of internal policies, biometric face prints are made and cross-referenced in the database once a photo has been scraped by Clearview AI, permanently linking the individuals to their social media profiles and other identifying information. Individuals in the photos have little recourse to try to remove themselves from the photos. 

Searching Clearview’s database is one of the many methods where police agencies can make use of social media content to aid in investigations, like making requests directly to the platform for user data. Although the use of Clearview AI or other facial recognition technologies by law enforcement is not monitored in most states and is not subject to federal regulation, some critics argue that it should even be banned.  

Read more »
online theft
cyber attack Cyber Attacks Data Stolen Latitude Financial online theft

Latitude Financial Reveals Extent of Cyber Attack: 14 Million Customers Affected

 

Recently, Latitude Financial, a company listed on the Australian Securities Exchange (ASX), reported that it had suffered a cyber attack. The company stated that the attack was believed to have originated from a major vendor used by the company and that the attacker had obtained login credentials from an employee. The attacker then used these credentials to steal personal information that was held by two other service providers. 

Latitude Financial provides a range of financial services, including loans, credit cards, and insurance, in Australia, New Zealand, Canada, and Singapore. The company also offers interest-free installments for customers of retailers such as JB Hi-Fi, The Good Guys, and David Jones when they shop online. 

Following the attack, DXC Technology, a global technology services company, issued a statement on its website confirming that its global network and customer support networks were not compromised in the attack on Latitude Financial. 

Ten days after Latitude Financial revealed that it had suffered a cyber attack, the company discovered that the breach was much more severe than initially believed. Data from 14 million people had been accessed, rather than the 330,000 that was initially thought. 

The attacker had used the stolen employee credentials to access customer data stored by both service providers before the incident was patched. As of 27 March, Latitude Financial had identified that 7.9 million Australian and New Zealand driver license numbers were stolen, with approximately 3.2 million of them provided to the company in the last 10 years. Additionally, around 53,000 passport numbers were accessed, and fewer than 100 customers had a monthly financial statement stolen. 

The company further confirmed that 6.1 million records dating back to 2005 had been accessed, including customers' names, addresses, telephone numbers, and dates of birth. 

In response to the breach, Latitude Financial's Chief Security Officer, Ahmed Fahour, stated that the company was committed to working closely with affected customers and applicants to minimize risk and disruption, including compensating the cost of replacing ID documents. The company also urged its customers to be vigilant and report any suspicious behavior relating to their accounts and reminded them that the company would never contact them to request passwords.
Read more »
Stealing of Sensitive data
Credit Card hack Data Breach Data Stolen Global Data Arts IT Companies MS Digital Grow Stealing of Sensitive data

Data Breach: Data of 168 Million Citizens Stolen and Sold, 7 Suspects Arrests


A new case of a massive data breach that would have had consequences over the national security has recently been exposed by Cyberabad Police. The investigation further led to the arrest of seven individuals hailing from a gang, allegedly involved in the theft and sale of the sensitive government data and some significant organizations, including credentials of defense personnel as well as the personal and confidential data of around 168 million citizens. 

The accused were discovered selling data on more than 140 distinct groups of individuals, including military personnel, bank clients, energy sector consumers, NEET students, government employees, gas agencies, high net worth individuals, and demat account holders. 

Another category of victims include Bengaluru women’s consumer data, data of people who have applied for loans and insurance, credit card and debit card holders (of AXIS, HSBC and other banks), WhatsApp users, Facebook users, employees of IT companies and frequent flyers. 

"When an individual calls the toll-free numbers of JustDial and asks for any sector or category related confidential data of individuals, their query is listed and sent to that category of the service provider. Then these fraudsters call those clients/ fraudsters and send them samples. If the client agrees to purchase, they make payment and provide the data. This data is further used for committing crime," stated the commissioner. 

The accused gang apparently operated via registered and unregistered organizations: Data Mart, Infotech, Global Data Arts and MS Digital Grow. 

The accused were found to have access to 2.5 lakh defense personnel's sensitive data, including their ranks, email addresses, places of posting, etc. The thieves gained access to the data of 35,000 Delhi government employees, 12 million WhatsApp users, 17 lakh Facebook users, and 11 million customers of six banks. Also, the defendants had access to information on 98 lakh applicants for credit cards. 

Main suspect Kumar in Noida, Nitish Bhushan had created a call center and obtained credit card records from Muskan Hassan, another defendant. The other suspects, Pooja Pal and Susheel Thomar were reportedly operating as tele-callers at Bhushan’s call center. While, Atul Pratap Singh's business, "Inspiree Digital," gathered credit cardholder data and profitably marketed it. Atul's workplace had employed Muskan as a telemarketer before she started her own business, "MS Digital Grow." She served as a middleman, selling data. She organized the data that Atul had provided and sold it to Bhushan. 

Sandeep Pal founded Global Data Arts and sold private consumer information to fraudsters engaging in online crimes through Justdial services and social media platforms. The seventh defendant, Zia Ur Rehman, shared the database with Atul and Bhushan and offered bulk message services for advertising.  

Read more »
Ring Home Security
Android Central Cyber Safety Cyber Security Data Stolen Eufy Home Security Home Surveillance Ransomware attack Ring Home Security

Home Security: Breaches and Ransomware Making it Impossible to Review Firms and Their Security


The recent Ring home security ransomware incident and Eufy's insecure network has left numerous researchers and users wondering about the cyber safety these home security and surveillance firms possess. 

Product reviewers and tech journalists are even left with a sense of perplexity on what security camera, or security product must they recommend to potential users, knowing for a fact that the backend could or could not be secure. 

According to Michael Hicks, senior editor at Android Central “When I review a product, I try to be as nitpicky as possible. Not because I want to give a bad review, but because it's my job to go past the idealized press releases and spec sheets to see the cracks beneath the surface.” 

While it is possible to cite certain problems pertaining to a security camera, like the video quality or an unreliable AI detection. However, there is always the possibility of some undiscovered breach, even with the some of the best cameras around, that are tested and appreciated. 

Hicks says, this is not something most tech journalists are qualified to detect. With a smartphone, one can examine most software and security for themselves, and users too have almost complete control to block or enable apps from tracking them. The entire data security for a security camera is managed remotely, therefore we can only trust the company to protect ones data safely. 

The issue is that, if ever, we really can trust a security business to provide an honest assessment of its cybersecurity. 

Companies like LastPass or Eufy, whether they specialize in hardware or software, frequently conceal any ongoing breaches for months until they become public, at which point they play down their seriousness with technical jargons and mitigating factors. 

Some Recent Unsettling Incidents 

According to a report Vice published this past week regarding a third-party associated with Ring being infected by BlackCat ransomware, Ring employees have been instructed to “anything about this,” and that they are unsure yet what user data is at risk if Amazon does not pay. 

Prior to this incident, security researcher Paul Moore found that Eufy cameras were sending users' images and facial recognition data to the cloud without them knowing or consent, that one could stream anyone's private camera feeds from a web browser, and that Eufy's AES 128 encryption was easily cracked due to the use of simple keys. 

In response, Eufy patched some issues and edited its privacy guidelines to provide fewer protections for its users. 

Accepting the Unknown 

The bottom line is: even the renowned security firms with encryption that seems impenetrable can make choices that expose your personal information or home feeds, or they can recruit someone who unethically abuses their position of authority. And even if someone blows the whistle or a security expert notices the error, there is absolutely no guarantee that you will learn about it after that corporation learns about it. 

In an environment like this, casually reviewing any company's security camera on the basis of its merits and recommending online readers seems like an irresponsible take. Michael Hicks in his article wrote “It's my job to do so, and I will write about the Blink Indoor and Blink Mini once it's clear how its parent company handles the Ring ransomware attack.” 

However, in doing so, Michael Hicks adds he will have to include certain big disclaimers that he “just don't know what Blink's (or any company's) weakest link is.” There is a possibility that it could be a dishonest employee, an unreliable third-party team, shoddy encryption, or something else. 

In the meantime, he advises individuals to use security cams with local storage in order to avoid storing their private footages and information on company servers. However, there is no guarantee of security, considering the fact that firms like Eufy was well received and trusted as a local storage option before its numerous problems were revealed.  

Read more »
Ring LLC
ALPHV ALPHV ransomware gang Amazon Data Breach Data Stolen Home Security ransomware attacks Ring Ring LLC

Ring Data Breach: What you Need to Know About the Home Security Company Attack


With innovative doorbells and security cameras making a huge breakthrough for home security across the world, Ring now stores a great amount of data. Although the company has recently been facing ransomware gang threats to expose the data online. 

About Ring LLC 

Ring LLC is a home security and smart home company owned by Tech-giant Amazon. The firm creates home security systems with exterior cameras, such as the Ring Video Doorbell smart doorbell, and runs the Neighbors app, which allows users to share video footage with each other online in a communal setting. 

Ring Data Breach 

According to a report by Motherboard, the ALPHV ransomware gang has claimed to have acquired access to Amazon-owned Ring’s systems and its data. Despite the fact that there is no proof of a system breach, Ring did indicate as much in a statement to the news organization. But, it is well known to them that a ransomware assault has affected one of its third-party providers. 

In a response to Ring, ALPHV shares a post on Twitter saying “There’s always an option to let us leak your data”. The ransomware group has not yet made any of the data it is said to have stolen from the business available. But, there is still cause for alarm when Motherboard discovered a Ring listing on ALPHV's data dump website. 

Ransomware groups like ALPHV have evolved into using data dump sites to entice victims into paying ransoms in order to regain access to their data. In an effort to persuade businesses to cooperate with the hackers holding their data hostage, a tiny percentage of the stolen data from those businesses is frequently posted publicly. 

ALPHV Ransomware Gang 

The ALPHV ransomware gang has attacked companies in the US, Europe, and Asia. The group has also been referred to as BlackCat, named after the malware it deploys. In the past, ALPHV has taken credit for hacking hospitality firms like the Westmont Hospitality Group, which manages IHG and Hilton hotels around the world, as well as leaking medical data from the Lehigh Valley Health Network. 

ALPHV's data dump site, where it posts stolen data in collections referred to as "Collections," is another feature that sets it distinct from other ransomware organizations. Other ransomware organizations may have comparable websites, but ALPHV's is renowned for being indexed and simpler to search. 

Should you be Worried About Your Ring Data? 

Currently, Amazon is looking into a third-party vendor's data breach that ALPHV has claimed responsibility for. We are unlikely to hear anything more until this investigation is over. Ring's products are widely utilized in homes all over the world since they are among the best video doorbells and home security cameras today. 

However, the firm employs end-to-end encryption (E2EE) in the majority of nations to prevent governments and other parties from accessing the data from your cameras and snooping on them. If the ALPHV ransomware gang did end up infiltrating Ring’s third-party vendors, it is possible that the group has also managed to steal corporate or customer data in the attack. 

If you are concerned about your Ring data or even the fact that the firm is charging for features that were previously free, it is a good time to consider some alternatives instead. In any case, we will probably soon learn whether or not the ALPHV ransomware gang managed to steal client data.  

Read more »
Twitter
Cybersecurity Firms Data Breach Data Stolen Email Hacking Hacking Hudson Rock Password Stolen Twitter

No Evidence: Twitter Denies Hacking Claims and The Stolen Data Being Sold Online


Twitter has denied the claim of getting hacked and the stolen data being sold online. 

According to a LinkedIn post last week by Alon Gal, co-founder of the Israeli cybersecurity monitoring company Hudson Rock, stolen data has been discovered, that contained email addresses of more than 200 million twitter users. 

The breach would probably result in "hacking, targeted phishing, and doxxing," according to Gal, who labeled it as a "significant leak" and said that the information had been uploaded on an internet hacker forum. 

He claimed that despite alerting the firm, Twitter, he had not received a response. 

"I urge security researchers to conduct a thorough examination of the leaked data and rule out Twitter's conclusion of the data being an enrichment of some sort which did not originate from their own servers," says Alon Gal. 

Although, Twitter has denied all claims of the emails, allegedly linked to the users’ accounts, being obtained through a hack. 

In regards to the issue Twitter responded by stating “in response to recent media reports of Twitter users’ data being sold online, we conducted a thorough investigation and there is no evidence that data recently being sold was obtained by exploiting a vulnerability of Twitter systems.” 

According to Twitter, the stolen records in question was instead probably a collection of data “already publicly available online.” While it still warns online users to be wary of suspicious emails. 

Gal, meanwhile, disapproved of Twitter's answer in a fresh post on LinkedIn. In contrast to instances of data enrichments, he noted, “The authenticity of the leak is evident in the lack of false positives between Twitter usernames and emails found in the database, opposite to cases of data enrichments.” 

The disclosure came to light following the multiple reports that Twitter data of millions of users – 5.4 million in November 2022, 400 million in December 2022, and 200 million last week – have been exposed online for sale on cybercrime forums. 

The Breach Could Not Be Correlated to Previous or New Incidents 

Twitter, in its latest post says that the latest dataset breach of 200 million users “could not be correlated with the previously reported incident, nor with any new incident or any data originating from an exploitation of Twitter systems.” 

It added that, “None of the datasets analyzed contained passwords or information that could lead to passwords being compromised.” 

Moreover, in December 2022, another set of reports claimed that 400 million email addresses and phone numbers were stolen from Twitter – which the company denied as well.  

Read more »
Subscribe to: Posts (Atom)