Search This Blog

Showing posts with label Personal Data. Show all posts

Japanese City Worker Loses USB Containing Resident's Personal Data

 

A Japanese city has been compelled to apologise after a contractor admitted to losing a USB memory stick holding the personal data of over 500,000 inhabitants following an alcohol-fueled night out. 

Amagasaki, western Japan, officials claimed the man – an unidentified employee of a private contractor hired to administer Covid-19 compensation payments to local homes – had taken the flash drive from the city's offices to transfer the data to a contact centre in neighbouring Osaka. 

After spending Tuesday evening drinking at a restaurant, he realised on his way home that the bag holding the drive, as well as the personal information of all 460,000 Amagasaki residents, had gone missing. The next morning, he reported the loss to the police. 

According to the Asahi Shimbun, the information contained the residents' names, residences, and dates of birth, as well as data on their residence tax payments and the bank account numbers of those receiving child benefits and other welfare payments. There have been no complaints of data leaks because all of the information is encrypted and password secured. 

“We deeply regret that we have profoundly harmed the public’s trust in the administration of the city,” an Amagasaki official told reporters. The city told in a statement that it would “ensure security management when handling electronic data. We will work to regain our residents’ trust by heightening awareness of the importance of protecting personal information.” 

Not a new affair 

Last month, a man in Abu was handed £279,000/US$343,000 in Covid-19 relief payments meant for 463 low-income people. Local officials said this week that they had recovered all of the money via internet payment services after the individual claimed he had gambled it all away. 

The Amagasaki event highlights worries about some Japanese organisations' ongoing usage of obsolete technologies. According to media reports last week, dozens of businesses and government agencies were rushing to transition away from Internet Explorer before Microsoft retired the browser at midnight on Wednesday. 

According to Nikkei Asia, a sense of "panic" seized businesses and government organisations who were slow to abandon their dependency on IE before Microsoft formally ceased support services, leaving surviving users susceptible to flaws and hacks.

Personal Data of 30,000+ Students Disclosed in Unsecured Database

 

The security experts at SafetyDetectives reported that the private details of over 30,000 students were discovered on an inadequately secured Elasticsearch server. 

According to the researchers, the server was left linked to the Internet and did not require a password to retrieve the data contained therein. It disclosed more than one million records including personally identifiable information (PII) of 30,000 to 40,000 students. 

As per the report, the exposed data included complete names, email addresses, and phone numbers, as well as credit card information, transaction and purchased meal specifics, and login information saved in plain text. According to SafetyDetectives, the badly protected server was being upgraded at the time it was discovered, and server logs revealing student data were also discovered. 

The 5GB database looked to contain information about students who have Transact Campus accounts, according to the researchers. Because Transact Campus partners with higher education institutions in the United States, the most of affected students are citizens of the United States. 

Transact Campus offers an application that students may use to make payments and purchases using a unique personal account (called Campus ID), as well as for activities such as event access, class attendance tracking, and more. The researchers were unable to identify whether malicious actors had access to the unsecured database before it was protected. They do, however, warn that if criminal actors did get the data, the afflicted students may be subjected to a variety of assaults, including phishing, spam marketing, and malware. 

As per SafetyDetectives, they alerted Transact Campus about the unsecured server in December 2021 but did not obtain a response until January 2022, despite also contacting US-CERT. Although the information had previously been safeguarded at the time, Transact Campus refuted responsibility for the breach.

“Apparently, this was set up by a third party for a demo and was never taken down. We did confirm that the dataset was filled with a fake data set and not using any production data,” Transact Campus told SafetyDetectives. 

The researchers, on the other hand, informed SecurityWeek that they examined a sample of the data discovered on the site and believe it belongs to real individuals. 

“We use publicly available tools to perform random searches for the people exposed and see if they actually exist. We, of course, performed this process when we discovered this server and found out that the data seemed to belong to real people,” SafetyDetectives stated. 

When contacted by SecurityWeek, Transact Campus stated that they promptly initiated an investigation into the breach after learning of the exposure. The exposed information was discovered to belong to a third party, according to Chief Information Security Officer Brian Blakley, and none of Transact's systems was accessed without authorization. 

When asked if the possibly impacted students had been notified in any manner about the data breach, Blakley advised SecurityWeek to contact Sodexo, which appears to be accountable for the hack. 

“Sodexo in conjunction with its payment provider for dining services, Foundry, provided a Notice of Data Breach to impacted clients and users explaining the incident,” he said. 

Sodexo is a global provider of food, facilities management, and home and personal services. SecurityWeek reached out to the organisation for further information on the incident but has yet to get a reply.

Personal Data of More than 142 million MGM Hotel Customers Leaked on Telegram

 

On 22 May 2022, cybersecurity researchers from vpnMentor unearthed four archives of files containing 8.7GB of data on Telegram. The data dumped on Telegram contained customer information from before 2017 including names, postal and email addresses, phone numbers, and dates of birth. 

Although there were 142 million records in total, the number of impacted customers is believed to be around 30 million. The data seems to have been stolen from MGM Resorts, an American chain of hotels and an entertainment company whose endpoints were compromised in February 2019. 

The records included government officials, chief executive officers, and others, notable among them, then Twitter Inc. CEO Jack Dorsey and singer Justin Bieber. 

Forward to July 14th, 2020, a hacker going by the online handle of NightLion listed the 142 million MGM hotel guest records stolen from the breach monitoring site DataViper for sale at a price of $2,900 on now seized Rainforums and dark web marketplaces. 

Nearly two years later, the same database comprising 142 million records has been shared on Telegram for the public to download for free. It is worth noting that lately, Telegram groups have become a new home to data leaks. Earlier this month, the private details of 21 million SuperVPN, GeckoVPN, and ChatVPN users were also dumped on several Telegram groups for download.

Repercussions of data leak 

Malicious actors can exploit the data to launch phishing email campaigns and scams. They can trick the victim via email and SMS by using their business or residential addresses to gain trust and even perform identity theft. 

Since the breach is around two years old, people may not be expecting to be targeted, making them more susceptible to attacks. However, through the date of birth details, fraudsters may target unsuspected users. 

"Bad actors could send phishing messages and scams to exposed users via SMS and email, using the victims' full names and home or business addresses to build trust," researchers at vpnMentor noted.

According to the FBI's annual Internet Crime Report, which was published earlier this month, in 2021 51,629 identity-theft complaints were recorded, compared to 43,330 in 2020 — that's a 19 percent increase. These crimes resulted in the loss of more than $278 million to companies and individuals.

The DLBI Expert Called the Cost of Information about the Location of any Person

Ashot Oganesyan, the founder of the DLBI data leak intelligence and monitoring service, said that the exact location of any Russian on the black market can be found for about 130 dollars. 

According to him, this service in the illegal market is called a one-time determination of the subscriber's location. Identification of all phones of the client linked to the card/account using passport data costs from 15 thousand rubles ($200). 

"The details of the subscriber's calls and SMS for a month cost from 5 thousand ($66) to 30 thousand rubles ($400), depending on the operator. Receiving subscriber data by his mobile phone number cost from 1 thousand rubles ($13)", he added. 

Mr. Oganesyan said that fixing movement on planes, trains, buses, ferries, costs from 1.5 thousand ($20) to 3 thousand rubles ($40) per record. Data on all issued domestic and foreign passports will cost from 900 ($12) to 1.5 thousand rubles ($20) per request. Information about crossing the Russian border anywhere and on any transport costs from 3 thousand rubles ($40) per request, Ashot Oganesyan clarified, relying on the latest data on leaks. 

According to him, both law enforcement agencies and security services of companies are struggling with leaks, but only banks have managed to achieve some success. The staff of mobile network operators, selling data of calls and SMS of subscribers, are almost weekly convicted, however, the number of those wishing to earn money is not decreasing. 

The expert noted that under the pressure of the Central Bank of Russia and the constant public scandals, banks began to implement DLP systems not on paper, but in practice, and now it has become almost impossible to download a large amount of data unnoticed. As a result, today it is extremely rare to find a database with information about clients of private banks for sale. 

However, another problem of leakage from the marketing systems of financial organizations has emerged. The outsourcing of the customer acquisition process and the growth of marketplaces have led to information being stored and processed with a minimal level of protection and, naturally, leaking and getting into sales.

Washington State Database Breach May Expose Personal Data

 

The Washington State Department of Licensing stated that the personal information of possibly millions of licenced professionals may have been compromised, after discovering unusual activity on the online licencing system.

According to agency spokesperson Christine Anthony, the agency licences around 40 types of enterprises and professionals, ranging from auctioneers to real estate agents, and it temporarily shut down its web platform after discovering the activities in January. 

Social Security numbers, birth dates, and driver's licences could be among the information held on the POLARIS system. According to Anthony, the agency does not yet know whether such data was accessed or how many people may have been compromised. 

As per The Seattle Times, Anthony stated the agency has been working with the state Office of Cybersecurity, the state Attorney General's Office, and a third-party cybersecurity firm to determine the magnitude of the issue. 

Meanwhile, the POLARIS system's shutdown is creating problems for some professionals and businesses who need to apply for, renew, or update their licences. The outage occurs at a busy period for real estate brokers, appraisers, and home inspectors as the state's real estate market begin to recover from its seasonal slowdown. 

The extent of the breach is undetermined. POLARIS processes data from 23 state-licensed professions and business kinds, according to Anthony. The agency has roughly 257,000 active licences in its system, including bail bonds brokers, funeral directors, home inspectors, and notaries, according to Anthony. He added that there are likely more records that will be uncovered while doing our investigation. 

The State Auditor's Office has set up a website with more details on the security breach as well as links to additional guidance and resources for protecting the identity and credit. That website will be updated with the most recent information on a regular basis. If anyone has any queries, they can contact the Auditor's Office dedicated call centre at 1-855-789-0673 from Monday to Friday, 8 a.m. to 5 p.m. Pacific Time.

Durov Suspected WhatsApp of Intentionally Introducing Vulnerabilities

 

Russian entrepreneur and founder of the Telegram messenger Pavel Durov while criticizing the WhatsApp service said that the messenger, owned by Meta, was hardly ever secure, in his Telegram channel.

Durov also suspects that the service may intentionally introduce vulnerabilities. "Since the creation of WhatsApp, there has hardly been a moment when it was secure: every few months, researchers discover a new security problem in the application," he added. 

Durov noted that every few months researchers find a new security issue in the application. He recalled that he had already spoken out about the danger of the service in 2020. Since then, as the creator of Telegram considered, the situation with WhatsApp has not changed. 

As an illustration of his words, he cited a study by the American information technology company Boldend, which revealed a vulnerability in WhatsApp. The gap in the messenger has existed for several years and allows attackers to gain access to the correspondence of their victims unnoticed. 

In addition, the creator of Telegram commented on a Forbes report, which claims that Facebook investor Peter Thiel secretly funded a startup with the ability to hack WhatsApp. "WhatsApp users' messages have been available for attacks by potential hackers for years," Durov said about the report. 

"It would be hard to believe that WhatsApp technicians are so often incompetent. Telegram, a much more technically sophisticated application, has never had such serious security problems," Durov concluded. 

In December, Durov said that his Telegram remains protected from the influence of third parties. He cited the example of the FBI report, which claimed that the bureau has access to Viber, iMessage, WhatsApp, and Line, but Telegram, Threema, Signal, and Wickr do not transmit correspondence to third parties. At the same time, it was noted that Telegram can, at the request of law enforcement officers, issue the IP address and phone number of the user. 

Earlier, Pavel Durov's team advised the Ministry of Finance of Ukraine on cryptocurrencies. The Minister said that he actively uses the Telegram messenger for fast communications.

More than 90% of Russians do not Finish Reading User Agreements on the Internet

A study by the information security company ESET showed that Russian Internet users do not read user agreements on websites in 81% of cases. 

13% of respondents said that they completely ignore the submitted contracts and agree with them without looking. Nearly half of Russians (49%) are either vague about user agreements on the Internet or have no idea what they mean. The absolute majority (92%) do not worry if their data is transferred to third parties: they do not try to leave the site or application, in the user agreement of which such a function is indicated. 

In comparison with citizens of Europe and the United States, Russians, in general, are less responsible for reading user agreements, said Fedor Muzalevsky, Director of the technical department of RTM Group. Experts noted that the reason for the digital illiteracy of Russians maybe those user agreements in the Russian Federation began to be applied later than in Western countries. 

Negligent attitude to user agreements can be fraught with consequences, warned Kirill Podgorny, Director of the ESET Marketing Department. According to him, there are sometimes exotic or impossible conditions in contracts. 

"A good example is the experiment of the British wireless Internet operator Purple, which introduced the clause "I undertake to go to voluntary work on cleaning public toilets" into the agreement. Out of 22 thousand users who agreed with the terms of service, only one noticed this point and complained to the provider," the experts said. 

However, far more often there are potentially dangerous ones. Thus, a condition on automatic consent to the processing of personal data is illegally added to user agreements, said Lyudmila Kurovskaya, head of the Center for Legal Assistance to Citizens in the Digital Environment.

"When citizens submit their data without going into the purpose of its processing, automatically check the boxes on websites and report excessive information about themselves, it can create conditions for leakage of their personal data," she said.

ESET: Criminals will be Able to Steal Personal Data Using Smartwatches

 

ESET analysts reported that cybercriminals can use smartwatches to steal personal data and warned Russians about the main dangers associated with this gadget. 

"According to our estimates, the market for smartwatches and fitness trackers will grow by 12.5 percent annually and will exceed $118 billion by 2028. Such indicators cannot but attract scammers. Therefore, it is worth understanding in advance the security and privacy risks associated with this," the ESET study says. 

The threat of data interception is due to the fact that many smartwatches and fitness trackers are synchronized with the owners' smartphones, including some applications such as e-mail or messengers. Thus, attackers can hijack both devices, which threatens, in particular, the loss of passwords. ESET further warns that the stolen personal data can then be sold on the darknet. 

Another serious risk for a cybercriminal's victim is tracking the GeoPosition of the device. Such data allows hackers to draw up a detailed diagram of the user's movements in order to attack his home or car. "The safety of children's smartwatches, which can be monitored by outsiders, is even more worrying," ESET states. Speaking about the specific vulnerabilities of smart fitness trackers, cyber specialists pay attention to Bluetooth technology, in which "numerous vulnerabilities have been discovered over the years," weak software of gadgets and paired smartphone applications that may contain coding errors. 

According to ESET analysts, risks can be reduced via the use of two-factor authentication, the use of a strong password to lock the screen, as well as a ban on external connections to smartwatches will also prevent threat. 


Data can be leaked both via the Internet and via Bluetooth a critical Bluetooth vulnerabilities allow executing arbitrary malicious code on the device and gaining full control over the device's system, as well as carrying out a man-in-the-middle attack (MiTM), which leads to the unauthorized interception of user data.

Russia Recorded the Largest Botnet Attack on Retail

 

The new botnet is not used to damage the IT infrastructure of companies through DDoS attacks, but to collect internal information; large chains of retailers became victims. 

According to Alexander Lyamin, the founder and CEO of Qrator Labs, the main danger of data mining for retail companies is that attackers can conduct competitive analysis based on the collected data. In addition, data mining is often used in fraudulent schemes with theft or fraud of bonus points, as a tool of unfair competition. 

One of Russia's largest retail chains Lenta acknowledges that the number of cyberattacks on retail has increased. The attackers target the personal data of employees and customers of the company. Botnet attacks can cause serious damage to businesses. X5 Group and Inventive Retail Group declined to comment. 

Experts add that data mining could be a competitive intelligence tool. "The retail sector is well suited for this since all chain stores have online versions, and analyzing the availability of goods on the site, customer reviews or price changes allows competitors to build their business more efficiently," experts explain. 

Using data-mining in retail, it is possible to collect information that is valuable on the black market, for example, credit card numbers, or from competitors: customer patterns and other statistics. 

According to experts, the introduction of network traffic analysis technologies and process control at network endpoints will help to cope with the threat. 

In general, according to Qrator Labs, at the end of 2021 the victims of attacks on information security, including DDoS, were services to create websites, organizations from the field of education, and e-commerce. 

“DDoS attacks follow business: in those industries where there is maximum growth, the number of attacks proportionally increases,” explains Alexander Lyamin. In the fourth quarter, users continued to study remotely, and the number of online orders for goods broke all records, so the attackers focused their attention on these profitable segments.

Watch out for Christmas 2021 Credential Stuffing Attacks!

 

As per Arkose Labs' research, there were over two billion credential stuffing attacks (2,831,028,247) in the last 12 months, with the number increasing exponentially between October 2020 to September 2021. 

This form of online fraud has increased by 98 percent over the previous year, and it is projected to spike during the Christmas shopping season. Credential stuffing attacks in 2021 accounted for 5% of all web traffic in the first half of 2021. 

Credential stuffing is the most recent cyber-attack technique used by online criminals to obtain unauthorized access to users' financial and personal accounts. Cybercriminals take control of real user accounts and monetize them in a variety of ways. These include draining money from compromised accounts, collecting and reselling personal information, selling databases of the known verified username and password combinations, and exploiting compromised accounts to launder money obtained from other illegal sources. People who reuse the same username/password combination across various sites are frequently targeted by cybercriminals. 

The anti-fraud community has highlighted credential stuffing as an increasing problem in recent years. However, due to the jump in internet activity in the pandemic and the growth of online purchasing, it has risen in recent months. Credential stuffing increased 56 percent during the Christmas and New Year shopping season last year, according to research analysts, with forecasts that the same period in 2021 will witness up to eight million attacks on consumers every day. 

The Arkose Labs network detected and blocked 285 million credential stuffing assaults in the first half of 2021, with spikes of up to 80 million in a single week. In just one week, one intensively targeted social media organization experienced 1.5 million credential stuffing attacks. 

Kevin Gosschalk, CEO at Arkose Labs stated, “The global e-commerce landscape is more connected than ever before and personal information has become the currency of fraudsters. Credential stuffing is prolific. It’s become an enormous concern to online businesses and is fast overtaking other well-known attack tactics, such as ransomware, as THE cyber attack to watch out for.” 

“Fraudsters are compelled to this type of cybercrime as the low barrier to entry makes it easy to deploy and online criminals can generate profits with just one successful compromised account. Their volumetric approach can come on abruptly, quickly overloading businesses’ servers and putting customers at risk.” 

Other key information 

According to the research team's newest findings, 
  • The top attacked industries by sector include gaming, digital and social media, and financial services. 
  • Credential stuffing assaults accounted for over half of all attacks aimed at the gaming industry. 
  • The United Kingdom was also named as one of the top three regions that carried out the most credential stuffing attacks against the rest of the world. 
  • Alongside, Asia and North America, both demonstrated massive amounts of fraudulent activity emanating from their respective regions.
  • During the first half of 2021, mobile-based attacks accounted for approximately one-quarter of all attacks.

Panasonic Suffers Data Breach After Network Hack

 

Panasonic, a Japanese multinational giant, revealed a security breach this month after unidentified threat actors got access to computers on its network. 

The company stated in a press release issued Friday, "Panasonic Corporation has confirmed that its network was illegally accessed by a third party on November 11, 2021. As the result of an internal investigation, it was determined that some data on a file server had been accessed during the intrusion." 

Panasonic has reported the issue to the appropriate authorities and has taken steps to restrict external servers from accessing its network. The Japanese electronics behemoth has also recruited a third party to examine the attack, which Panasonic described as a "leak" in a press release, and determine whether any of the data acquired during the hack included customer personal information. 

"In addition to conducting its own investigation, Panasonic is currently working with a specialist third-party organization to investigate the leak and determine if the breach involved customers' personal information and/or sensitive information related to social infrastructure," the company added. 

When approached by BleepingComputer, a Panasonic official was not immediately available for comment. 

"Panasonic would like to express its sincerest apologies for any concern or inconvenience resulting from this incident", said the organization. 

In June, Panasonic servers were reportedly hacked

While the press statement does not include many specifics about the attack timeframe, Japanese media sites such as Mainichi and NHK stated that the attackers gained access to Panasonic's systems between June and November, as originally reported by The Record. 

Furthermore, they acquired access to critical customer and customer and employee data until Panasonic discovered the illicit activity on November 11. The attack on Panasonic's server is the latest in a lengthy line of instances affecting Japanese corporations in recent years. 

Security incidents and, in some circumstances, data breaches have also been reported by Kawasaki, NEC, Mitsubishi Electric, and defence contractors Kobe Steel and Pasco.

Hacker Steals Private Details of Thousands of Argentine Citizens

 

An anonymous hacker has reportedly breached the Argentinian government’s IT network and put up on sale the private details of thousands of Argentineans. 

Last month, the hacker targeted Argentina’s National Registry of Persons a.k.a. RENAPER, responsible for issuing ID cards to all citizens with data stored in digital formats as a database accessible to government agencies for queries on any citizen’s private information. The agency is a crucial cog in most government queries for citizen’s personal information. 

According to a report by The Record, the first evidence of breach surfaced earlier this month on Twitter when a newly registered account named @AnibalLeaks published ID card photos and private details for 44 Argentinian celebrities which included famous footballers Lionel Messi Sergio Aguero and Argentina’s president Alberto Fernandez. Now, the hacker is evidently looking for a buyer to sell the private details of Argentina’s entire population. 

The leaked data includes names, home addresses, birthdays, Trámite numbers, citizen numbers, government photo IDs, labor identification codes, ID card issuance and expiration dates. There have been speculations that a VPN from someone within the Ministry of Health had been used to access the Digital Identity System right before the Twitter account leaked the initial data on the high-profile Argentines. However, the law enforcement agencies are currently investigating eight to ten employees about having a possible role in this serious cybercrime. 

“The black market for stolen data is big business, and cybercriminals will stop at nothing to find their next big payday. This attack should be a warning to governments: cybercriminals have the means to execute large-scale, sophisticated attacks, and their citizens' data is under threat," Tony Pepper, CEO of cybersecurity firm Egress Pepper said. 

"With the data of millions at risk, Argentinian citizens are now prime targets for follow-up attacks, such as financial fraud, sophisticated phishing attempts and impersonation scams, aimed at stealing further personal data, identities and even their money." 

According to security experts, this is one of the biggest breaches in the history of Argentina where the private details of 45 million Argentinian people have been put at great risk. Cybercrime is evolving and the government should strengthen their security protocols to protect its integrity.

Mozilla: Maximum Breached Accounts had Superhero and Disney Princes Names as Passwords

 

The passwords that we make for our accounts are very similar to a house key used to lock the house. The password protects the online home (account) of personal information, thus possessing an extremely strong password is just like employing a superhero in a battle of heroes and villains. 

However, according to a new blog post by Mozilla, superhero-themed passwords are progressively popping up in data breaches. Though it may sound absurd - following the research done by Mozilla using the data from haveibeenpwned.com, it was evident that most frequent passwords discovered in data breaches were created on either the names of superheroes or Disney princesses. Such obvious passwords make it easier for hackers to attack and hijack any account or system. 

While analyzing the data it was seen that 368,397 breaches included Superman, 226,327 breaches included Batman, and 160,030 breaches had Spider-Man as their passwords. Further, thousands of breaches featured Wolverine and Ironman as well. And not only this research from 2019 showed that 192,023 breached included Jasmine and 49,763 breached included Aurora as their password.

There were 484,4765 breached that had password as ‘princess’ and some Disney + accounts had password as ‘Disney’. This is one of the biggest reasons that support data breaches by hackers and boost their confidence.

With the increasing frequency of compromised account credentials on the dark web, a growing number of businesses are turning to password-less solutions. Microsoft has expanded its password-less sign-in option from Azure Active Directory (AAD) commercial clients to use Microsoft accounts on Windows 10 and Windows 11 PCs. 

Almost all of Microsoft's employees are passwordless, according to Vasu Jakkal, corporate vice president of the Microsoft Security, Compliance, Identity, and Management group.

"We use Windows Hello and biometrics. Microsoft already has 200 million passwords fewer customers across consumer and enterprise," Jakkal said. "We are going completely passwordless for Microsoft accounts. So you don't need a password at all," he further added. 

Though it's common to reuse passwords, it is highly dangerous, yet it's all too frequently because it's simple and people aren't aware of the consequences. Credential stuffing exploits take advantage of repeated passwords by automating login attempts targeting systems utilizing well-known email addresses and password pairings. One must keep changing their passwords from time to time and try to create a strong yet not so obvious password.

Cyber-Attack on Dotty’s Exposed Personal Data of Customers

 

Customers' personal data was revealed as a result of a cyber-attack on Dotty's, a fast food and gaming franchise in the United States, according to the company. Dotty's has around 300,000 players in its database and runs 120 gambling locations in Nevada. Nevada Restaurant Services (NRS) owns and operates Dotty's, a fast-food franchise with 175 locations that offers gaming services. On January 16, 2021, malware was detected on "some computer systems." 

The investigation found that “an unauthorized person accessed certain systems” on the NRS network, according to the firm. Furthermore, the company admitted that an unauthorized person copied data from those systems on or before January 16 of this year. The NRS discovered that certain users' data may have been impacted after further examination and analysis. 

NRS examined the impacted data thoroughly to establish what sorts of information were implicated and to whom it was linked. Individuals' names, dates of birth, Social Security numbers, driver's license numbers or state ID numbers, passport numbers, financial account and/or routing numbers, health insurance information, treatment information, biometric data, medical records, and taxpayer identification numbers are just some of the data elements that could be involved. 

NRS sent notice letters to those who had proper mailing addresses and had been recognized as possibly affected. Users have told Vital Vegas that they received a letter from Dotty's regarding the breach, but that they just learned about it lately — months after the alleged assault. 

NRS has put in place security measures to secure its systems and the information it holds, and it has worked to improve its environment's technical protections. Following the event, NRS took urgent steps to protect its systems and undertake a thorough investigation into the issue's entire nature and scope. In addition, the firm provided free access to its “credit monitoring and identity theft restoration services, through IDX.” 

According to NRS, this will give an additional layer of protection for consumers who want to utilize it. With that in mind, the NRS emphasized that customers who wish to engage must do it themselves since the business is unable to do so on their behalf. Finally, the NRS expressed regret for any inconvenience or worry that the data breach event may have caused.

JSWorm: A Notorious Ransomware

 

The ransomware threat environment has been shifting over the last few years. Following the major ransomware outbreaks of 2017, such as WannaCry, NotPetya, and Bad Rabbit, many ransomware actors have switched to the covert yet the lucrative strategy of "big-game hunting." The news of ransomware triggering a service interruption at a multinational enterprise has become commonplace. 

Since the discovery of JSWorm ransomware in 2019, numerous variants have gained popularity under various names such as Nemty, Nefilim, Offwhite, and others. As part of each “rebranded” edition, several versions were released that changed various aspects of the code, renamed file extensions, cryptographic schemes, and encryption keys. 

JSWorm is a ransomware variant of the GusCrypter malware family. Its purpose is to extort money from victims by encrypting all personal data and requesting a ransom for the decryption key. It's a member of the GusCrypter clan. JSWorm is typically transmitted via spam email attachments. 

The malware also leaves a ransom note, JSWORM-DECRYPT.html, instructing victims to contact criminals via the NIGER1253@COCK.LI email address if they want their data back. Since JSWorm belongs to a well-known ransomware family, it's possible that the encryption will be permanent. 

Although JSWorm ransomware does not encrypt system files, it does modify your system in other ways. As a result of the altered Windows Registry values, ransomware is launched every time the user restarts the device. These modifications, however, are made after the encryption and ransom demand have been completed. 

JSWorm was available as a public RaaS from its inception in 2019 until the first half of 2020, and it was observed spreading through the RIG exploit kit, the Trik botnet, fake payment websites, and spam campaigns. The public RaaS was closed in the first half of 2020, and the operators turned to big-game hunting. An initial intrusion was discovered thanks to the use of weak server-side applications (Citrix ADC) and insecure RDP access. 

The files are encrypted with a 256-bit key using a custom modification of the Blowfish cypher. The key is generated by concatenating the strings user name, system MAC address, and volume serial number at the start of the programme execution. The content of each of the victim's files is encrypted using a custom version of Blowfish. The encryption is limited to 100,000 bytes, most likely to speed up the encryption of large files. The initial data is overwritten by the encrypted data.

Belden Says Health-Related Information Leaked in Cyberattack

 

Belden has uncovered that extra information was accessed and copied during their November 2020 cyberattack related to employees' medical care benefits and family members covered under their plan. Belden Incorporated is an American maker of networking, connectivity, and cable products. The organization designs, manufactures and markets signal transmission products for demanding applications. These items serve the industrial automation, enterprise, security, transportation, infrastructure, and residential markets. Belden is one of the biggest U.S.- based producers of high-speed electronic cables essentially utilized in industrial, enterprise, and broadcast markets. 

At that point, Belden said that the intruders may have copied some “personal information of current and former employees and limited company information regarding some business partners.” The organization portrayed the occurrence as a “sophisticated cyberattack”. 

“Personal information accessed and stolen may have contained such information as names, birthdates, government-issued identification numbers (for example, social security / national insurance), bank account information of North American employees on Belden payroll, home addresses, email addresses, and other general employment-related information. Limited company information accessed and stolen related to some of our business partners include bank account data and, for U.S. partners, their taxpayer ID numbers,” the company told at that point. 

In an update shared this week, Belden said further examination uncovered that the compromised servers additionally stored personal information on the spouses, dependents, and relatives of some employees. The organization likewise verified that some health-related information was exposed. 

“The health-related information that may have been compromised as part of this incident included individuals’ names, gender and benefits information, such as their UMI (member) number, group number, coverage category, primary source of coverage, the effective date of coverage, additional sources of coverages, the effective date of any additional coverage, their relationship to a Belden employee and other benefits information,” Belden said on Wednesday. “At this time we do not have reason to believe that any specific information related to any specific health conditions or diagnostic information was included in the incident,” it added. 

The organization's investigation concerning the incident is ongoing, however, it professes to be certain that the attackers have been bolted out of its systems. Affected people are being informed and offered identity monitoring services.

Hackers Send Fake Census Form Alerts to UK Respondents

 


The United Kingdom, like every other country, runs a census every ten years. The census asks residents a number of questions regarding the address of individuals, their age, name, nationality, employment, health, education, and language. (The census here is mandatory and participants are obliged to provide answers)
 
The census happens in the year that ends with number-1, except Scotland, the census is postponed until 2022 due to the Covid-19 pandemic. Due to the Covid-19 pandemic, most of the respondents are filling their services online, they are getting a unique 16 digit access code from the government to each resident via snail-mail. The participant can go to the official government census website, enter the 16 digit login code, saving him the arduous work of filling the form by hand, and snail-mail it back. If the participant fails to fill the census form before 21-03-2021, the government will send a chain of warning notifications with a unique 16 digit code, requesting the participant to fill the form and also fining €1000 if he fails to do so.
 
Naked Security reports, "the criminals did make some grammatical mistakes in their forms that a native speaker of English might notice, and these would be another giveaway, along with the fake domain name, but the crooks have cloned the UK Office for National Statistics “look and feel” very believably."
 
Stay alert of forged forms-
 
If the participant hasn't filled the form yet but may soon do it, he/she should stay wary of fake "census reminders" that are sent by the hackers. And if you've already filled your form, be on alert if you think there have to be some modifications in the details. The hackers are trying to take advantage of the online census by luring the participants into phishing attacks and stealing their data.
 
The fake form may ask for your postcode instead of your 16 digits unique code (the hackers could've also sent a fake 16 digit code but they chose not to), after that, the hackers will ask you similar questions that you may answer while filling out the original forms. However, in the fake form case, you end up exposing your personal details to the hackers, instead of sending your details to Office for National Statistics.

 
How to stay safe?

 
1. Check the Domain name before filling the form on the official website.
 
2. Don't open links that you may receive via SMS or e-mail.
 
3. Stay alert of the text messages that you may receive, please go through the message before filling the form.
 

Forex Broker Leaked Customer Records

 

White hat hackers have disclosed a significant leak of client information by online forex dealer FBS Markets. This incorporates a great many confidential records, including names, passwords, email addresses, passport numbers, national IDs, credit cards, financial transactions and more. Details of the security breach, which has since been rectified after the dealer was cautioned, were uncovered by Chase Williams, a white hat hacker and site security expert, on the website WizCase. At this stage it isn't evident whether any of the leaked information has been utilized for deceitful purposes by threat actors.

The information leak was revealed as a part of a progressing WizCase research project that scans for unstable servers, and tries to set up who the proprietors of those servers are. WizCase informed FBS of the issue. Williams said that FBS left a server containing right around 20 TB of information and over 16bn records exposed. Regardless of containing very sensitive financial data, the server was left open without any password protection of encryption. WizCase's group said the FBS data “was accessible to anyone.” “The breach is a danger to both FBS and its customers,” WizCase said. “User information on online trading platforms should be well secured to prevent similar data leaks.”

The broker said, “The protection of our clients privacy is one of the core values of FBS, and we stick to the highest protection standards. FBS has never had such major accidents. In October 2020 we faced an overheating on the server which affected our logs recording. During the time when we were setting up a new ElasticSearch server, several wrong subnet masks were added accidentally, which led to the possibility to access the server for a very limited number of people only, in a certain part of the world.” 

FBS added that it had completed a technical audit and that to its knowledge no information had been downloaded. It has contacted the customers affected and whose information may have been undermined and encouraged them on what to do. FBS has additionally moved to a more encoded VPN and has introduced an intrusion detection system. New rules for working with the forex brokers infrastructure have been applied and other safety efforts have additionally been carried out.

Experts listed the methods used by fraudsters to obtain personal data

As noted by experts, information leakage in large companies does not often happen, but data theft can occur through contractors

Scammers learn personal data of Russians from gaps in the security of companies or from their informants in them, from social networks of citizens, as well as through phishing sites.

"Often, a person can simply share their name and phone number, for example, on social networks. Such data can also be collected from data leaks," said Sergey Golovanov, a leading expert at Kaspersky Lab.

He clarified that information leaks in large companies do not often happen, as they pay great attention to their cybersecurity. However, data theft can be carried out through contractors who do not always have the necessary resources to ensure security when processing personal data. Also, according to the expert, leaks can occur from small online stores or other services where customers are asked for such information.

As Anastasia Barinova, deputy head of the Group-IB Computer Forensics laboratory, noted, today, fraudsters are actively searching for insiders, including in banks, insurance companies, and financial organizations, since their schemes using personal data are now successful and effective.

“Criminal groups, including fraudulent call centers, can monetize this data, taking advantage of opportunities to steal and withdraw funds,” explained the expert.

In addition, Russians fall into the trap of fraudsters, filling out a form of personal data on a phishing site or publishing photos of documents and bank cards on Internet resources.

Golovanov said that scammers often combine information about potential victims from several sources and use it to gain people's trust. The expert recalled that personal data alone is not enough to conduct financial transactions on behalf of the victim. In this regard, he urged not to disclose bank card details or other confidential information to anyone under any circumstances.

Data Related to Thousands of Foxtons Clients Leaked Online

 

Estate agent Foxtons Group is under tremendous pressure after a daily newspaper named ‘publication i’ asserted that critical information pertaining to customers’ card and other personal details have been uploaded to a dak web site. As per the reports of publication i, on October 12 last year, a customer discovered card information, addresses, and personal messages belonging to over 16,000 individuals. 

The breached data has been linked to consumers before 2010 but what's alarming is that nearly one-fifth of the cards are still active. In most of the cases, threat actors exhibit their haul to the clients by selling a small sample online, before selling privately. The size of the personal data published online is relatively small, however, the total number of clients that have been affected remains the most intriguing question. 

Three weeks ago, Foxtons Group was notified of the published data by the client who discovered the same, however, it can be noted that the agency had not taken any measures to inform clients or the authorities yet. 

As per the reports, in the last three months, leaked files have been viewed over 15,000 times. Estate agent Foxtons Group released a statement saying that its Alexander Hall mortgage broking business was hit by malware in October 2020 during a strike that affected many other firms.

“Some IT systems were affected for several days but were restored without significant disruption to customers. All necessary disclosures have been made and full details of the attack were provided to the FCA and ICO at the time. We are satisfied that the attack did not result in the loss of any data that could be damaging to customers and believe that the ICO and FCA are satisfied with our response”, Foxtons Group stated.

The CTO of Cortex Insight, Stephen Kapp stated that “it is safe to assume the worst, and Foxton customers should look to protect themselves from identity fraud and card fraud as a result of this breach. With both personal information and payment card information lost, Foxtons customers should take some time to validate payments and potential credit history interactions since October and flag anything suspicious to their bank”.