A major data breach has impacted the online survey platform SurveyLama, putting the sensitive data of over four million individuals at risk. The breach, which occurred in February of this year, was confirmed by the company to Troy Hunt, the creator of the well-known website Have I Been Pwned?, which tracks email addresses exposed in data breaches.
What Happened:
Unknown attackers gained unauthorised access to SurveyLama's database, compromising users' names, dates of birth, email addresses, IP addresses, passwords, phone numbers, and postal addresses. This breach leaves users vulnerable to identity theft and phishing scams.
Implications for Users:
SurveyLama rewards its users for completing surveys, making them potential targets for phishing emails. While passwords were stored in encrypted forms (salted SHA-1, bcrypt, and argon2 hashes), some could still be susceptible to brute-force attacks, especially those hashed with SHA-1, which has known vulnerabilities. Users are strongly advised to update their passwords immediately as a precautionary measure.
Protective Measures:
SurveyLama has reportedly notified affected users via email about the breach. However, users should remain cautious of any suspicious emails, particularly those promising rewards in exchange for quick action. Although the stolen information has not yet been publicly posted or sold on the dark web, proactive steps should be taken to secure accounts.
Expert Insight:
Troy Hunt, upon receiving information about the breach, independently verified the data's authenticity. SurveyLama confirmed the security incident and assured users that passwords were stored in encrypted forms. Nonetheless, users are encouraged to reset their passwords not only on SurveyLama but also on other platforms where similar credentials may have been used.
While SurveyLama has taken steps to address the breach and notify affected users, the potential risks remain significant. The possibility of the stolen data being exploited privately or leaked to cybercriminals underscores the importance of immediate action by users to safeguard their personal information.
All in all, the SurveyLama data breach serves as a reminder of the ever-present threats to online security and the importance of vigilance in protecting personal data. Users must stay informed, remain cautious of suspicious activities, and take proactive measures to enhance their online security posture.
In a recent set of events, reports have surfaced of a significant cyberattack on Microsoft, allegedly orchestrated by Russian hackers. This breach, attributed to a group known as Midnight Blizzard or Nobelium, has raised serious concerns among cybersecurity experts and the public alike.
The attack targeted Microsoft's source code repositories, exposing sensitive company information and communications with partners across various sectors, including government, defence, and business. While Microsoft assures that no customer-facing systems were compromised, the breach has far-reaching implications for national and international security.
Cybersecurity experts warn of the potential for increased zero-day vulnerabilities, which are undiscovered security flaws that can be exploited by hackers. Access to source code provides attackers with a "master key" to infiltrate systems, posing a significant threat to organisations and users worldwide.
The severity of the breach has prompted strong reactions from industry professionals. Ariel Parnes, COO of Mitiga, describes the incident as "severe," emphasising the critical importance of source code security in the digital age. Shawn Waldman, CEO of Secure Cyber Defense, condemns the attack as a "worst-case scenario," highlighting the broader implications for national security.
The compromised data includes emails of senior leadership, confidential communications with partners, and cryptographic secrets such as passwords and authentication keys. Larry Whiteside Jr., a cybersecurity expert, warns of potential compliance complications for Microsoft users and partners, as regulators scrutinise the breach's impact on data protection laws.
As the fallout from the breach unfolds, there are growing concerns about the emergence of zero-day vulnerabilities and the need for proactive defence measures. Experts stress the importance of threat hunting and incident response planning to mitigate the risks posed by sophisticated cyber threats.
The incident underscores the ongoing battle in the global cyber warfare landscape, where even tech giants like Microsoft are not immune to attacks. With cybercriminals increasingly targeting supply chains, the need for enhanced security measures has never been more urgent.
The breach of Microsoft's systems serves as a wake-up call for individuals and organisations alike. It highlights the ever-present threat of cyberattacks in an increasingly interconnected world and underscores the need for enhanced cybersecurity measures. By staying vigilant and proactive, establishments can mitigate the risks posed by cyber threats and protect their digital assets from exploitation.
As the field of cybersecurity keeps changing and developing, stakeholders must work together to address the underlying threats and ensure the protection of critical infrastructure and data. This recent breach of Microsoft's security by Russian hackers has raised serious concerns about the vulnerability of digital systems and the need for robust cybersecurity measures.
You expect a message to reach the intended recipient without any errors when you send it via email. There is a small group of people who are within this group as cybercriminals. They are constantly trying to hijack emails. They also trick people into opening malicious attachments or clicking on links that will provide them with malware to install on their devices.
Therefore, what are the best ways to protect yourself, your family, your friends, and your employees from these risks? By implementing a secure email gateway, you can prevent these threats from occurring.
There are several types of secure email gateways (SEG), some of which are used by businesses, organizations, or governments to protect their internal email servers from cyberattacks that can infiltrate the email servers of those organizations. SEGs ensure that outgoing and inbound emails contain no malicious elements. Using this feature, users can keep track of emails they have sent and received and decide if they should be processed according to their previous instructions.
To protect email communications, secure email gateways are placed to connect the organization's server to the public internet. As any message enters or leaves the server, it is scanned by the SEG.
Essentially, SEGs are designed to prevent unwanted emails from being able to reach the servers of your email service provider to cause any damage. In this way, SEGs offer a level of protection for confidential information from cyber criminals, provide data privacy, and encrypt sensitive emails to protect data from being breached.
Several types of emails could be harmful, including
What Are the Functions of a Secure Email Gateway?
SEGs are designed to scan and filter incoming and outgoing emails on an email server. They employ a set of rules that the system uses to assess the potential for spam. Both inbound and outbound emails are protected against harmful content that can be transmitted between your devices and your network.
As part of the scanning process, SEGs confirm whether any malicious content has been included in the domain, its contents, and any attachments inside the email. If the messages are found free of malware following the scanning process, the SEG routes them to the email server. The SEG also routes them to the user's mailbox if they do not contain malware.
What are the features of secure email gateways?
SEGs have their unique functions and features, but here are some of the most common security features that SEGs offer.
Filtering spam mail
Technology for spam filtering uses algorithms to identify spam from known spam email domains and quarantine or block it.
Spammers use specific patterns of email content to detect new emails with spam-related patterns, such as keywords and malicious links, as well as new emails. In addition, this feature will allow users to report spam and block the sender if certain spam emails pass the gateway and enter your mailbox.
Protection against malware and viruses
Additionally, it protects you against malware and viruses that may infect your email network due to malware on your computer. The company employs antivirus software to scan emails and block or quarantine any that have viruses or malware in them, thereby protecting the company from liability. As cybercrime continues to evolve, it is imperative to keep your antivirus software up to date at all times.
Archiving of e-mails
Email services are managed by SEGs. You can use them to store and manage your organization's emails so that you can meet your organization's data management and legal compliance requirements.
Security Email Gateways Can Help You Keep Your Emails Safe
Various cyber threats can be found in the form of phishing, spam, denial-of-service attacks, and extremely advanced fraud attacks. Thus, individual, business, corporate, and government entities, along with their employees, should employ SIEGs to secure their email accounts from malicious entities that often seek to steal data or cause harm through other means.
Threat actor SharpTongue, which is linked to North Korea, was found using a malicious extension on Chromium-based browsers to keep surveillance on victims' Gmail and AOL email accounts. Experts from cybersecurity agency Volexity found the hackers as SharpTongue, but its activities coincide with one of the Kimsuky APT groups.
The SharpTongue's toolset was covered by Huntress in 2021 in a published report, but in September 2021, Volexity started noticing usage of earlier unreported Malware strain, in the past year. Volexity has looked over various cybersecurity cases which involve SharpTongue and in most of the incidents, hackers use a malicious Microsoft Edge or Google Chrome extension known as "SHARPEXT."
Contrary to other extensions in use by the Kimsuky APT group, SHARPEXT doesn't steal passwords or usernames, however, it accesses the target's webmail account while they're browsing it. The present version of the extension backs three browsers and is capable of stealing the contents of e-mails from AOL webmail and Gmail accounts.
The report analysis says that SHARPEXT is a malicious browser extension deployed by SharpTongue following the successful compromise of a target system. In the first versions of SHARPEXT investigated by Volexity, the malware only supported Google Chrome.
The current variant 3.0 supports three browsers:
The attack chain begins with hackers manually extracting files required to install extensions from the malicious workstation. After a breach of the victim's Windows system, the hackers change the web browser's Preferences and Secure Preferences.
After that, hackers manually deploy SHARPEXT via a VBS script and enable the DevTools panel in the active tab to keep surveillance on the email contents and steal file attachments from the target's mail account. This is done via PowerShell script, hackers also conceal warning messages running developer mode extensions.
Security Affairs report, "experts pointed out that this is the first time the threat actor used malicious browser extensions as part of the post-exploitation phase. Stealing email data from a user’s already-logged-in session makes this attack stealthy and hard to be detected by the email provider. The researchers shared the YARA rules to detect these attacks and Indicators of Compromise (IOCs) for this threat."