Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Security Breach. Show all posts
Vulnerabilities and Exploits
CISA cyber threat DLL hijacking North Korea North Korea Hackers Security Breach Vulnerabilities and Exploits

Navigating the Complex Landscape of Cyber Threats: Insights from the Sisense Breach and North Korean Tactics

 

In the intricate tapestry of cybersecurity, recent events have thrust vulnerabilities and threats into the spotlight once again. The breach of data analytics powerhouse Sisense, coupled with the emergence of novel sub-techniques utilized by North Korean threat actors, underscores the dynamic and relentless nature of cyber warfare. Let's delve deeper into these incidents and glean valuable insights for bolstering our defenses against evolving cyber threats. 

Sisense, a formidable player in the realm of business intelligence software, recently found itself ensnared in a security breach that rippled through critical infrastructure organizations. With offices sprawled across strategic locations such as New York City, London, and Tel Aviv, and a prestigious clientele including Nasdaq, ZoomInfo, Verizon, and Air Canada, Sisense's allure to cyber adversaries is palpable. 

The breach, currently under scrutiny by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), serves as a stark reminder of the precarious balance between innovation and security in today's digital landscape. At the heart of the Sisense breach lie two sub-techniques that have become favoured tools in the arsenal of North Korean threat actors. The first involves the manipulation of Transparency, Consent, and Control (TCC), a foundational security protocol governing application permissions on Apple's macOS. 

Despite the robustness of security measures such as Full Disk Access (FDA) and System Integrity Protection (SIP), attackers have exhibited a remarkable ability to circumvent these controls, gaining unfettered access to macOS environments. This tactic underscores the imperative of continuous monitoring and adaptive security strategies to thwart the nefarious designs of cyber adversaries. 

The second sub-technique, colloquially known as "phantom" Dynamic Link Library (DLL) hijacking, sets its sights on Windows environments, leveraging nonexistent DLL files referenced by the operating system. By capitalizing on this loophole, threat actors such as the Lazarus Group and APT 41 can inject malicious code undetected, posing a grave threat to system integrity. 

The clandestine nature of this tactic exemplifies the ingenuity and adaptability of cyber adversaries in navigating the labyrinthine landscape of cybersecurity defenses. Mitigating these sophisticated threats necessitates a multifaceted approach that encompasses both technical fortifications and user awareness initiatives. For macOS users, safeguarding the integrity of System Integrity Protection (SIP) and exercising caution with app permissions are imperative steps in mitigating the risk of TCC manipulation. 

In Windows environments, proactive monitoring, robust application controls, and preemptive measures to block remote DLL loading are indispensable in thwarting phantom DLL attacks. Moreover, fostering a culture of collaboration and information sharing between industry stakeholders and government agencies is paramount in confronting the ever-evolving threat landscape. 

By pooling resources, sharing threat intelligence, and adopting a unified front against cyber adversaries, organizations can amplify their collective resilience and fortify their defenses against emerging threats. 

In conclusion, the Sisense breach and the intricate tactics employed by North Korean threat actors serve as poignant reminders of the relentless onslaught of cyber threats. By remaining vigilant, proactive, and collaborative, organizations can navigate the turbulent waters of cybersecurity with resilience and fortitude, safeguarding their digital assets and preserving the integrity of our interconnected world.
Read more »
Vulnerabilities and Exploits
Cyber Breach Cyberattacks CyberCrime Cybersecurity Cyberthreats Security Breach Software update UAE Vulnerabilities and Exploits

Security Advisory: Protecting Mobile Devices for UAE Residents

 


In a security update released by Microsoft on Thursday, 61 high-risk vulnerabilities, including critical ones, were addressed. The cyber threat actor may be able to exploit some of these vulnerabilities to gain control of a computer that has been affected. To prevent the breach or leak of information or personal data, UAE Cyber Security Wednesday advised users to implement Microsoft updates. 

The UAE authorities have emphasized the importance of heightened awareness of the vulnerability of their devices and the need for proactive measures to combat it. As the digital world is increasing, it has become increasingly important to secure users' mobile devices to ensure that they are protected against potential risks.

By taking proactive steps, residents can mitigate these threats and protect their data. The Cyber Security Council has provided a real-life example to educate residents regarding the dangers posed by online disrupters. A report issued by the UAE Cyber Security Council and CPX Holding jointly published in 2024 on UAE's cybersecurity highlights a worrying reality. 

There are currently 155,000 cyber assets in the UAE that are vulnerable, with over 40 per cent of them over the age of five. In light of the escalating cyber threats, including sophisticated attacks such as ransomware, the need for advanced cybersecurity measures is urgent, particularly now that the nation has faced an increase in cyberattacks. 

In general, software updates are not thought to be solely relevant to smartphones. However, they play an important role in ensuring security across all types of devices and applications - computers, tablets, smart appliances and even wearables - as well as ensuring security and protecting the user's data. It is imperative to keep devices up to date to ensure security and safeguard them, particularly when they are intertwined with a variety of aspects of life for users.

Users who prefer to update their devices and apps via Wi-Fi might want to set a reminder for when they need to update their apps so they don't have to consume their data plan while doing so. Tips for making updating software a more secure decision: 

To ensure that the data is protected, it is important to periodically update your device's operating system and applications. Ensure that you are up-to-date on software updates from the appropriate source to avoid cyber attacks. Back up important files to prevent losing updates. Ensure that automatic updates are enabled on the device so that manual intervention is minimized. It is important to consider updates for all devices, including smartphones, laptops, wearables, and tablets, when updating software and apps.
Read more »
sensitive files
confidential documents Data Breach Data protection data security European Union Europol Investigation Law Enforcement Personal Information Security Breach sensitive files

Sensitive Documents Vanish Under Mysterious Circumstances from Europol Headquarters

 

A significant security breach has impacted the European Union's law enforcement agency, Europol, according to a report by Politico. Last summer, a collection of highly confidential documents containing personal information about prominent Europol figures vanished under mysterious circumstances.

The missing files, which included sensitive data concerning top law enforcement officials such as Europol Executive Director Catherine De Bolle, were stored securely at Europol's headquarters in The Hague. An ongoing investigation was launched by European authorities following the discovery of the breach.

An internal communication dated September 18, revealed that Europol's management was alerted to the disappearance of personal paper files belonging to several staff members on September 6, 2023. Subsequent checks uncovered additional missing files, prompting serious concerns regarding data security and privacy.

Europol took immediate steps to notify the individuals affected by the breach, as well as the European Data Protection Supervisor (EDPS). The incident poses significant risks not only to the individuals whose information was compromised but also to the agency's operations and ongoing investigations.

Adding to the gravity of the situation, Politico's report highlighted the unsettling discovery of some of the missing files by a member of the public in a public location in The Hague. However, key details surrounding the duration of the files' absence and the cause of the breach remain unclear.

Among the missing files were those belonging to Europol's top executives, including Catherine De Bolle and three deputy directors. These files contained a wealth of sensitive information, including human resources data.

In response to the breach, Europol took action against the agency's head of Human Resources, Massimiliano Bettin, placing him on administrative leave. Politico suggests that internal conflicts within the agency may have motivated the breach, speculating on potential motives for targeting Bettin specifically.

The security breach at Europol raises serious concerns about data protection and organizational security measures within the agency, prompting an urgent need for further investigation and safeguards to prevent future incidents.
Read more »
Security Breach
Cyber Security Fujitsu Japan malware ProjectWEB Tool Security Breach

Is Your Data Safe? Fujitsu Discovers Breach, Customers Warned

 


Fujitsu, a leading Japanese technology company, recently faced a grave cybersecurity breach when it discovered malware on some of its computer systems, potentially leading to the theft of customer data. This incident raises concerns about the security of sensitive information stored by the company.

With a workforce of over 124,000 and an annual revenue of $23.9 billion, Fujitsu operates globally, providing a wide range of IT services and products, including servers, software, and telecommunications equipment. The company has a strong presence in over 100 countries and maintains crucial ties with the Japanese government, participating in various public sector projects and national security initiatives.

The cybersecurity incident was disclosed in a recent announcement on Fujitsu's news portal, revealing that the malware infection compromised several business computers, possibly allowing hackers to access and extract personal and customer-related information. In response, Fujitsu promptly isolated the affected systems and intensified monitoring of its other computers while continuing to investigate the source and extent of the breach.

Although Fujitsu has not received reports of customer data misuse, it has taken proactive measures by informing the Personal Information Protection Commission and preparing individual notifications for affected customers. The company's transparency and swift action aim to mitigate potential risks and restore trust among stakeholders.

This is not the first time Fujitsu has faced cybersecurity challenges. In May 2021, the company's ProjectWEB tool was exploited, resulting in the theft of email addresses and proprietary data from multiple Japanese government agencies. Subsequent investigations revealed vulnerabilities in ProjectWEB, leading to its discontinuation and replacement with a more secure information-sharing tool.

Fujitsu's response to the recent breach highlights the urgency of safeguarding sensitive data in these circumstances. The company's commitment to addressing the issue and protecting customer information is crucial in maintaining trust and credibility in the digital age.

As Fujitsu continues to investigate the incident, it remains essential for customers and stakeholders to remain careful and implement necessary precautions to mitigate potential risks. The company's efforts to enhance security measures and improve transparency are essential steps towards preventing future breaches and ensuring the integrity of its services and systems.


Read more »
Security Breach
CNIL cyber attack Cybercricme Cybersecurity CyberThreat Data Disaster Healthcare Breach Security Breach

Data Disaster: 33 Million French Citizens at Risk in Massive Leak

 


A massive security breach at two third-party healthcare payment servicers has exposed the information of nearly half of all French citizens by way of a major breach of personal information, the French data privacy watchdog revealed last week. As the National Commission on Informatics and Liberty (CNIL) warned in late January, the two leading payment processing outfits, Viamedis and Almerys, both suffered breaches of their systems, resulting in the theft of data belonging to more than 33 million customers from their systems. 

The information that has been compromised includes information such as the date of birth, marital status, social security number, and information about insurance coverage of customers and their families. According to the CNIL, the company did not compromise any banking information, medical records, or contact information. 

As a result of the sophisticated phishing attack that compromised the Almeras and Viamedis third-party payment portals late last month, both payment portals were affected as well. There was no further information provided on the causes of Almery's loss, but there is a high probability that it was a similar incident. 

As Viamedis reported, the attacks occurred within a matter of five days around the beginning of February. Hackers obtained login credentials for health professionals via phishing attacks and gained unauthorized access to the system as a result. 

Even though the exposed information does not include personal financial data, it is still sufficient to increase the likelihood of individuals being targeted by phishing scams, social engineering, identity theft, and insurance fraud as they are exposed to the information. 

According to CNIL, they will ensure Viamedis and Almerys inform impacted individuals personally and directly, to prevent them from falling victim to phishing scams in the aftermath of the attack in compliance with the General Data Protection Regulation (GDPR). In the meantime, Almerys clarified that the central system was not compromised, but the health professional portal had been infiltrated by hackers. 

As confirmed by CNIL, the compromised data includes sensitive information about the affected individuals, including their marriage status, date of birth, social security numbers, insurance details, and insurance coverage, among others. 

As the attackers accessed the two companies' systems in a targeted raid, they were using credentials stolen from healthcare professionals. Following the General Data Protection Regulation of the European Union, the CNIL is working with Viamedis and Almerys to reach out to all affected individuals. Due to the sheer number of customers involved, the process of completing the project will take some time since there are so many of them. 

The third-party payment system which allows patients to not pay for their medical services in advance will not be available for providers for some time as a result of this attack, but users will still be able to access the system. 

Since the massive amount of compromised data has now been in the wrong hands, the French data authority has issued an alert to beware of phishing attacks, and while a detailed investigation is ongoing to determine exactly how the massive breach happened and if Viamedis or Almerys is to blame, a new warning has been issued regarding phishing attacks.
Read more »
Vulnerabilities and Exploits
Cyber Breach Cyberhacking Gaming Community Security Breach Vulnerabilities and Exploits

Playdapp's $31M Token Heist and Silent Reward Controversy

 

In a surprising and concerning turn of events, the gaming world faced a significant security breach as Playdapp, a prominent gaming platform, fell victim to a cyber intrusion. The breach resulted in a hacker successfully minting tokens with an estimated worth of $31 million. Adding an intriguing twist to the incident, the gaming platform has chosen an unconventional approach by offering a reward for silence, sparking debates over transparency and cybersecurity practices. 
 
Playdapp, known for its interactive and immersive gaming experiences, recently faced a severe security breach. A cyber intruder managed to exploit vulnerabilities within the platform, orchestrating a complex attack that allowed them to mint tokens valued at an astonishing $31 million. The scale and sophistication of the breach have raised concerns not only within the gaming community but also across the broader cybersecurity landscape. 
 
The hacker responsible for the Playdapp breach successfully capitalized on the compromised security, minting tokens that hold substantial monetary value. This financial windfall poses not only an immediate threat to the platform but also highlights the potential long-term repercussions for both Playdapp and its user base. Adding an unusual twist to the narrative, Playdapp has opted to issue a reward for silence regarding the breach. 

This decision has sparked controversy and ignited discussions about the ethical considerations surrounding such incentives. Critics argue that this approach may compromise transparency and hinder the dissemination of crucial information that could benefit the broader cybersecurity community. As Playdapp grapples with the aftermath of the breach, the incident sheds light on the vulnerabilities prevalent in online gaming platforms. 

The industry, already a lucrative target for cybercriminals due to the value associated with in-game assets, now faces heightened scrutiny regarding the robustness of its security measures. The breach serves as a stark reminder for gaming platforms and other online services to reevaluate and fortify their cybersecurity protocols. 

With a surge in cyber threats targeting the gaming community, the need for robust defense mechanisms and proactive security measures has never been more apparent. Playdapp's decision to offer a reward for silence introduces an ethical quandary. While the platform may argue that such incentives are intended to protect users and prevent panic, critics contend that transparency is paramount in building trust. Striking a balance between safeguarding sensitive information and providing users with the transparency they deserve becomes a pivotal challenge in the aftermath of such breaches.
Read more »
Victim
bank account Cyber Fraud FBI warning Financial crime Identity Theft loss Phone Scam Security Breach Sim-swapping scam Victim

Phone Scam Siphons Over $200,000 from Bank Account Holder

A bank account holder recounts losing over $200,000 due to phone accessibility issues. Heidi Diamond became a victim of a cyber scam known as sim-swapping, resulting in the depletion of her bank account. Sim-swapping involves fraudsters deceiving cell phone companies by assuming someone else's identity, enabling them to access personal information and manipulate phone services.

The fraudulent tactic begins with perpetrators obtaining personal details online and contacting phone service providers, claiming the loss or theft of the targeted individual's device. Once convincing the company of ownership, they activate the phone using the victim's SIM card, thereby gaining control over the device and its data. This renders the original owner's SIM card and phone inactive.

Diamond said this factor made the ordeal particularly tedious,  according to InvestigateTV. “It was such a panic that you know that something was so out of your control,” she said.

Sim-swapping circumvents typical security measures such as two-factor authentication, allowing criminals to breach sensitive accounts like bank accounts. Despite her bank reimbursing the stolen funds, Diamond remains dissatisfied with the lack of apprehension of the perpetrators, expressing a desire for justice.

Acknowledging the increasing prevalence of sim-swapping, the FBI has cautioned the public about its risks. Many remain unaware of this form of fraud, unlike more commonly recognized scams. The FBI disclosed that sim-swapping has resulted in a staggering $141 million in losses thus far.

Echoing Diamond's plight, other victims have shared their harrowing experiences, including Sharon Hussey, who lost $17,000 despite having robust security measures in place. Hussey received an unauthorized purchase confirmation from Verizon before her funds vanished, underscoring the severity and sophistication of sim-swapping attacks.
Read more »
Traders
Cybersecurity Data Breach Data Exposure Direct Trading Technologies Fintech Security Breach Traders

Direct Trading Technologies Exposes Data of 300K Traders in Major Security Breach

 

Direct Trading Technologies (DTT), an international fintech enterprise, has compromised the security of more than 300,000 traders by inadvertently exposing their confidential information and trading histories, potentially exposing them to the risk of unauthorized account access.

On October 27th, the research team at Cybernews identified a misconfigured web server containing backups and development code believed to be associated with Direct Trading Technologies. The company, which operates globally and specializes in providing trading platforms for various financial instruments, including stocks, forex, precious metals, energies, indices, Contracts for Difference (CFDs), and cryptocurrencies, also extends its services through white-label solutions. 

While its primary clientele is situated in Saudi Arabia, Direct Trading Technologies maintains offices in multiple countries, including the UK, Lithuania, UAE, Kuwait, Colombia, Turkey, Bahrain, Lebanon, and the Republic of Vanuatu. Within the identified directory, several database backups were found, each containing substantial amounts of sensitive information concerning the company's users and partners. The breach introduces a spectrum of potential risks, ranging from identity theft to the takeover and unauthorized withdrawal of funds from traders' accounts.

Upon discovery, Cybernews promptly notified the company of their findings. Although the identified issues were rectified, an official response from Direct Trading Technologies is still pending.

The leaked data encompasses the trading activities of more than 300,000 users spanning the last six years, including names, email addresses, correspondence sent by the company, and IP addresses. Notably, individuals using the company's email addresses, possibly employees, had their passwords exposed in plaintext. Hashed passwords for accessing user accounts on the DTT trading platform were also among the leaked information. Furthermore, certain clients had their home addresses, phone numbers, and partial credit card details exposed.

The comprehensive list of leaked data includes:
  • Trading account activity
  • Contents of emails sent by DTT
  • User IP addresses, emails, usernames, and plaintext passwords
  • Notes on outreach calls
  • Names
  • Email addresses
  • Phone numbers
  • Home addresses
  • Hashed passwords
  • Database endpoints and plaintext credentials of white-label customers (endpoints were protected by IP whitelists)
  • Locations where KYC documents are stored, filenames, types, expiration dates, and other metadata
While the KYC documents themselves were not compromised, the leaked files disclosed the locations where the documents are stored and additional metadata.

The credentials of clients utilizing the white-label service were exposed in plaintext, alongside details regarding database locations and negotiated commission percentages. The leaked information also contained internal comments from the company's outreach team, including derogatory terms used to categorize certain clients in the company's system.

Given the rapid growth of the fintech industry, this breach serves as a stark reminder of the crucial importance of robust cybersecurity measures. Fintech companies, entrusted with managing highly sensitive customer data, become prime targets for threat actors, especially considering the substantial value held in traders' accounts. 

With access to leaked data from a trading platform, attackers possess ample information to launch various malicious activities, including account takeovers, phishing, identity theft, and malware exploits based on leaked IPs. The potential threat is heightened by the fact that Direct Trading Technologies offers white-label services to numerous firms, storing credentials for clients' databases. While this could pose an additional threat, accessing these databases would require attackers to compromise a trusted network, adding an extra layer of complexity to the potential threat.
Read more »
Threat Landscape
Cyber Crime Data Theft Game Studio Security Breach Threat Landscape

Game Studio Ubisoft Investigates Claims of Data Security Incident

 

Video gaming company Ubisoft revealed that it is looking into reports that hackers attempted to steal data this week by breaching into its networks. 

Ubisoft officials were "aware of an alleged data security incident and are currently investigating. At this point, we don't have anything further to share," a spokesperson for the French firm stated.

The claims were made in a series of social media posts by vx-underground, which hosts the internet's largest collection of malware source code, samples, and publications. The account has become well-known for its interactions with hackers and ransomware gangs, and it frequently shares threat actors' information. 

Earlier this week on Thursday night, hackers told vx-underground that they had "roughly 48 hours" access to Ubisoft servers and accounts before the firm realised something was amiss and cancelled their access. 

“They aimed to exfiltrate roughly 900gb of data but lost access,” the vx-underground account explained. “The Threat Actor would not share how they got initial access. Upon entry they audited the users' access rights and spent time thoroughly reviewing Microsoft Teams, Confluence, and SharePoint.” 

Alleged screenshots of Microsoft Teams accounts and other points of access were published by the hackers via the vx-underground account. 

The Egregor ransomware group first attacked the video game publisher in 2020. The publisher is primarily renowned for titles including Assassin's Creed, Far Cry, and Prince of Persia. The organisation disclosed a well-known game's source code. 

Additionally, in 2021, the company acknowledged that player data from its Just Dance video game franchise was compromised due to a vulnerability in its IT structure. If confirmed, the incident would be the latest in a string of high-profile hacks on one of the biggest game studios.

Arion Kurtaj was sentenced to an indefinite hospital order by a UK court on Thursday for his role in many attacks on large businesses, the most notorious of which involved Rockstar Games, the developer of Grand Theft Auto. 

Kurtaj will be held in a secure hospital for the rest of his life or until doctors believe he is no longer a threat to society, according to Judge Patricia Lees of Southwark Crown Court, who stated that he was "determined to commit further serious offences if the opportunity arose.”
Read more »
Security Breach
Cryptopolitan Cyber Attacks DeFi DeFi Platforms GitHub hack Security Breach

Hackers Steal Assets Worth $484,000 in Ledger Security Breach


Threat actors responsible for attacking Ledger’s connector library have stolen assets valued at approximately $484,000. This information was given by the blockchain analysis platform Lookonchain. Ledger has said that the security breach might have a large effect, possibly totalling hundreds of thousands of dollars, even if they are yet to confirm the actual valuation. 

Direct Impact of the Hack

According to a report by Cryptopolitan, the breach happened when malicious code was added to Ledger's Github repository for Connect Kit, an essential component that is required by several DeFi protocols in order to communicate with hardware wallets for cryptocurrencies. Every application that used the Connect Kit had issues with its front end due to the malicious code. Notable protocols affected by this security flaw were Sushi, Lido, Metamask, and Coinbase.

In regards to the incident, Ledger informed that one of its employees had fallen victim to a phishing attack, resulting in the unauthorized leak of a compromised version of the Ledger Connect Kit. The leaked code revealed the name and email address of the former employees. It is important to note that the developer was first believed to be behind the exploit by the cryptocurrency community. Ledger subsequently stated, nevertheless, that the incident was the consequence of a former employee falling for a phishing scheme.

Ledger, after acknowledging the incident, identified and removed the exploited version of the software. However, despite the swift response, the damage was already done, since the software was left vulnerable for at least two hours, in the course of which the threat actors had already drained the funds. 

The company acted promptly, identifying and removing the harmful version of the software. However, despite Ledger’s quick response, the damage had already been done in approximately two hours, during which the hackers drained funds.

Broader Implications for the DeFi Community

This incident has raised major concerns regarding the security infrastructure of decentralized applications. DeFi protocols frequently rely on code from multiple software providers, including Ledger, which leaves them vulnerable to multiple potential points of failure.

This incident has further highlighted the significance of boosting security protocols across the DeFi ecosystem.

The victims who were directly affected by the attack included users of services such as revoke.cash. Also, the service normally used in withdrawing permissions from DeFi protocols following security breaches was compromised. Users who were trying to protect their assets were unintentionally sent to a fraudulent token drainer, which increased the extent of the theft.  

Read more »
WALA
CyberCrime Cybersecurity Data Breach Health Reports Pet Owners Private Data Security Breach Software WALA

WALA's Shocking Data Leak: 25GB of Personal Information from Pet Owners Revealed

 


The Worldwide Australian Labradoodle Association (WALA) has been the target of a new cyberattack in which private data of pet owners, pet microchip numbers, veterinarians, and testing laboratories affiliated with WALA have been leaked to the public as a result of the latest cybersecurity incident. WALA is a prominent worldwide dog breeding organization based in the United States. No security authentication or password was used for this breach to occur. 

Security researcher Jeremiah Fowler was the one who brought the incident to light. Fowler explained that the data leak occurred as a result of a misconfiguration of the WALA cloud server. There were approximately 56,000 documents that were exposed in the leaky server, together with a size of 25 gigabytes, which represented a trove of sensitive and personal information. 

Fowler's analysis concluded that the exposed records contained PII information, which can include names, addresses, phone numbers, email addresses, microchip numbers, and other medical-related information regarding the owners of the pets, the records also contained other medical information about these pets. 

An openly available cloud storage database contained 56,624 files in formats such as .pdf, .png, and .jpg, all with sizes of 25 GB, and which were stored as a total of 25,512,680 documents. The database appears to belong to a group called the Worldwide Australian Labradoodle Association (WALA). This was further investigated upon finding out who owned the database. 

Australian Labradoodles is a breed that is promoted by an international breed organization dedicated to breeding. There is a large number of members and affiliate breeders in WALA across the world, however, the organization's main office is located in the state of Washington, United States. In addition to its headquarters in the United States, WALA has regional offices throughout the world, namely Australia, Europe, and Asia. 

It is, by definition, a non-profit organization, which brings together Australia's Australian Labradoodle breeders worldwide, and in particular its members are committed to ensuring the long-term success of the breed through the stabilization of high breeding standards, and the building of a comprehensive and accurate pedigree repository, as well as the preservation of health records. 

Documents contained in the package included health reports, DNA tests, and a pedigree or lineage history of all of the dogs that showed the offspring, parents, grandparents, and so on. It was also found in the files that the information about the dogs' owners, veterinarians, and testing laboratories was also included, and that other information was also included, such as the digital chip numbers or the tattooed identification numbers of the dogs. 

There are many kinds of documents with names, addresses, phone numbers, and email addresses in them. It all depends on what the document is about. Pet medical data has a lot of implications that have never been considered when users think of a data breach involving health records. The pet industry generates tremendous amounts of money every year, and history has shown that there is always an element of risk involved when there is a possibility of making money. 

Approximately 67% of US households - or 85 million families - own one or more pets which is about the number of households in this country. This means that they spend about 123.6 billion U.S. dollars a year on pets, according to the American Pet Products Association (APPA). Pet insurance policies typically cover accidents, illnesses, and, in some cases, routine care. 

Additionally, certain policies even provide coverage for hereditary conditions and wellness check-ups, ensuring comprehensive protection for your beloved pet's health. It is crucial to consider the potential risks associated with a data breach in the context of pet insurance fraud. The exposed information could be exploited to manipulate and falsify medical documents, thereby facilitating fraudulent insurance claims. This alarming possibility highlights the importance of robust security measures to safeguard sensitive data. 

It is worth noting that historical data reveals a significant surge in this type of fraud between 2010 and 2015, with fraudulent claims witnessing an astounding increase of over 400% during that period. This emphasizes the need for constant vigilance and proactive measures to combat such fraudulent activities. 

The primary purpose of pet microchipping is to find or identify lost pets and reunite them with their owners. This technology plays a crucial role in ensuring the safety and security of our beloved furry companions. Knowing a pet’s microchip number alone does not inherently pose a significant risk to the pet’s safety or security; however, when combined with other information and ownership data, there could be potential risks. 

It is important to be aware of the potential dangers that may arise from the misuse of this information. Hypothetically, criminals could falsely claim ownership of a lost or stolen pet using a publicly leaked microchip number, putting the pet's well-being at risk. This highlights the need for pet owners to be vigilant and take necessary precautions. Pet theft is a real concern — an estimated 2 million dogs are stolen every year in the United States. 

The alarming rise in pet theft cases is a cause for concern among pet owners nationwide. Labradoodles, known for their adorable appearance and friendly nature, can sell for as much as 5,000 USD, making them a potentially valuable target for criminals.

Pet owners need to be proactive in safeguarding their pets and ensuring their well-being at all times. Even if the criminal does not have physical access to the pet, there are other risks. A social engineering scheme would allow criminals to contact pet owners, posing as authority figures, and request personal information from them to update the microchip database, certifications, or other registrations. This would then be done by using social engineering tactics. 

The criminal, if successful, has the potential to acquire both credit and banking information or personally identifiable information (PII) from the owners. This could potentially pave the way for various forms of fraudulent activities, including identity theft. It is worth noting that the chip number is intricately connected to the owner's contact details within the microchip database, thereby raising concerns regarding the exposure of personal information.

In light of this, pet owners are advised to exercise caution when confronted with requests for information about their pet's microchip. As a precautionary measure, it is always advisable to verify the identity of individuals claiming to be authority figures and promptly report any suspicious activity related to their pet's microchip to the appropriate microchip registry and local authorities. By doing so, pet owners can actively contribute to safeguarding their personal information and preventing potential instances of fraud or identity theft. 

Any organization that collects and stores documents on animals or humans should take all possible steps to secure potentially sensitive information. This includes implementing a multi-layered security strategy that ensures all software, including database management systems, is regularly updated with security patches to address known vulnerabilities. 

By regularly updating the software, organizations can stay ahead of potential threats and protect stored information. Another good practice is to regularly monitor your network and database activity for suspicious behaviour. This can help identify any unauthorized access attempts or unusual activity that may indicate a security breach. 

In addition, conducting penetration testing and vulnerability assessments can help proactively identify and remediate weaknesses or misconfigured access settings. These assessments provide valuable insights into the organization's security posture and can guide the implementation of appropriate security measures. Lastly, it is important to notify customers or members of any serious data incident. By doing so, they can be made aware of what was exposed and take necessary precautions if criminals attempt to contact them or use the information for fraud. This level of transparency and communication builds trust with customers and helps them stay vigilant in protecting their personal information.
Read more »
Security Breach
Automakers Cyber Attacks Data Leak Ransomware Gang Security Breach

Toyota Acknowledges Security Breach After Medusa Ransomware Threatens to Leak Data

 

Toyota Financial Services (TFS) announced that unauthorised access was detected on some of its systems in Europe and Africa after the Medusa ransomware claimed responsibility for the attack. 

Toyota Financial Services, a subsidiary of Toyota Motor Corporation, is a global entity that provides auto financing to customers in 90% of the markets where Toyota sells its vehicles. 

The Medusa ransomware gang added TFS to its data leak site on the dark web earlier this week, demanding $8,000,000 to delete data allegedly stolen from the Japanese company. Toyota was given ten days by the threat actors to respond, with the option to extend for an additional $10,000 per day. 

Toyota Finance did not confirm whether data was taken in the attack, but the threat actors say they have files exfiltrated and threaten to release data if the ransom is not paid.

The hackers published sample data, such as spreadsheets, purchase invoices, agreements, passport scans, financial performance reports, internal organisation charts, hashed account passwords, cleartext user IDs and passwords, and more, as proof of the intrusion. 

The file tree structure of all the data that Medusa claims to have taken from Toyota's systems is also included in a.TXT file that they supply. The majority of the documents are written in German, suggesting that the hackers were able to gain access to the systems supporting Toyota's activities in Central Europe.

The Japanese automaker was contacted by BleepingComputer for a comment regarding the leaked data, and a company representative gave the following statement: 

“Toyota Financial Services Europe & Africa recently identified unauthorized activity on systems in a limited number of its locations. We took certain systems offline to investigate this activity and to reduce risk and have also begun working with law enforcement. As of now, this incident is limited to Toyota Financial Services Europe & Africa.” 

The spokesperson informed us that most countries are currently in the process of bringing their systems back online. This information pertains to the status of the affected systems and when they are expected to resume regular operations.

One more breach of Citrix Bleed?

Security analyst Kevin Beaumont brought attention to the fact that the company's German office had an internet-exposed Citrix Gateway endpoint that had not been updated since August 2023, making it susceptible to the critical Citrix Bleed (CVE-2023-4966) security vulnerability earlier today, in response to Medusa's revelation that TFS was their victim. 

It was confirmed a few days ago that the hackers behind the Lockbit ransomware were breaching the Industrial and Commercial Bank of China (ICBC), DP World, Allen & Overy, and Boeing by means of publicly accessible Citrix Bleed exploits.

It's likely that added ransomware groups have begun to utilise Citrix Bleed, capitalising on the extensive attack surface that is believed to encompass thousands of endpoints.
Read more »
Security Breach
ALPHV Blackcat Ransomware Cyber Attacks CyberCrime Cybersecurity Japan Aviation Electronics Security Breach

Japan Aviation Electronics Hit by Cyberattack: Servers Accessed in Security Breach

 


A cyberattack orchestrated by the notorious ALPHV ransomware group has been reported as a direct result of the catastrophic impact on the Japanese Aviation Electronics Industry (JAE). The BlackCat hackers have also been blamed for the attack. 

It was confirmed on November 6 that Japan Aviation Electronics was the victim of a cyberattack on November 2, 2023, which was officially confirmed the following day in an official press release. An external party had gained access to some of the company's servers without authorization from the Internet as a result of finding some servers inaccessible. 

It is unclear what type of data the cybercrooks might have gained access to and how many details the attackers provided about the breach. The ALPHV/Black Cat ransomware gang, which is a gang of cybercriminals, recently added Toyota Aviation Electronics to its list of leak websites, but the company has not yet confirmed whether it is a victim of a ransomware attack or not. 

Recent months have seen a spate of incidents targeting some of the country's biggest companies, with the latest attack occurring shortly after. In the past few months, many companies, including watchmaker Seiko, YKK, pharmaceutical company Eisai, and Japan's largest trading port, have been targeted by cybercriminals for ransomware attacks. 

An incident in January had a major impact on millions of Japanese customers, who had their personal information stolen by insurance firms Zurich and Aflac. The Japanese cybersecurity agency was breached by suspected Chinese hackers earlier this year, potentially allowing them access to sensitive data that had been stored on its networks for nine months and was potentially accessed by the hackers. 

The ALPHV/BlackCat ransomware gang claims to have stolen roughly 150,000 documents from the Japan Aviation Electronics company, including blueprints, contracts, confidential messages, and reports as part of the distribution of its ransomware. Japan Aviation Electronics has found no evidence of data exfiltration from its systems. 

On the Tor network, ALPHV/BlackCat has posted screenshots of allegedly stolen documents from Japan Aviation Electronics on its leaked website. These documents were allegedly stolen from Japan Aviation Electronics within the last 18 months. In response to the cyber-attack against Japan Aviation Electronics, an immediate investigation has been launched to determine the extent of the damage and the efforts being made to restore normal operations. 

There are several systems in the organization that have been temporarily suspended to mitigate the adverse effects of the attack. This has led to some delays in sending and receiving emails, despite the company's diligent efforts to mitigate these effects. 

ALPHV/BlackCat has been active since November 2021 and aims to profit from the ransomware-as-a-service (RaaS) model by exploiting the flaws in the DARPA RR-1 and .NET frameworks to execute ransomware. This first ransomware family written in Rust is likely to be connected to the Darkside gang, which is responsible for Blackmatter. 

As a group, the ALPHV/BlackCat group has been accused of exfiltrating victim data to have access to their customers' and employees' information for extortion purposes, deploying ransomware to encrypt their files, and engaging in extortion tactics such as distributed denial-of-service (DDoS) attacks and harassing them. 

A series of highly targeted cyberattacks have been perpetrated by this group in recent years, and over the years it has become known for its sophisticated and highly targeted attacks. It is common practice for so-called ransomware attacks to encrypt the victim's data and then demand a ransom payment to gain access to the decryption keys for the victim's data. 

Among a growing number of organizations that have been targeted by hackers such as these, the Japanese Aviation Electronics Industry is the latest victim to fall victim. Before this incident, the notorious ALPHV group had announced that Currax Pharmaceuticals had been added to their growing list of victims since it had been compromised by the ALPHV ransomware group. 

A cyberattack on the Institut Technologique FCBA in October 2023 expanded their victim list further. The cyberattack on FCBA was first reported when the ALPHV ransomware group listed the organization's website as a victim, but they added CBS Eastern Europe in the same month to their victim list as well. 

CBS Eastern Europe was the victim of a ransomware attack that was exposed by a hacker behind the ALPHV ransomware group, who complained that the company's response to the breach had not been adequate. 

They claimed responsibility for a cyberattack that took place in February of that year against Reddit, for infiltrations at Canadian software company Constellation Software and intrusions at Western Digital during June and May of 2023. 

Both the company as well as cybersecurity experts are closely monitoring the situation given the ongoing investigation into the cyberattack on Japan Aviation Electronics by the ALPHV ransomware group. Both companies are putting in place safeguards to make sure confidential data and sensitive information are not compromised. 

At the moment, the Japan Aviation Electronics Industry is refocusing on restoring its operations and preventing further interruptions, and the next few days will be crucial for assessing the impact of the attack and taking the necessary steps to prevent future security incidents. 

There is a growing interest among stakeholders in the extent of the breach and the potential impact that it may have on the business and its customers. Further details about this breach are eagerly awaited by stakeholders.
Read more »
Sensitive Information
ALPHV ransomware BlackCat gang BlackMatter Cyber Attacks DarkSide FBI warning First Judicial Circuit Florida state courts MGM Resorts Ransomware Operation Security Breach Sensitive Information

Florida Circuit Court Targeted in Attack by ALPHV Ransomware Group

 

The ALPHV, also known as BlackCat, ransomware group has asserted responsibility for a recent assault on state courts in Northwest Florida, falling under the jurisdiction of the First Judicial Circuit. 

The attackers claim to have obtained sensitive information such as Social Security numbers and CVs of employees, including judges. It's a common tactic for ransomware groups to threaten the public release of stolen data as leverage for negotiations.

The presence of the Florida First Judicial Circuit's data leak page on ALPHV's website suggests that the court has either not engaged in talks with the ransomware group or has firmly refused to meet their demands. 

The breach occurred last week, prompting the Florida circuit court to announce an ongoing investigation into the cyberattack, which disrupted operations on October 2nd. A statement released by the court stated that this incident would have a significant impact on court operations across the Circuit, affecting courts in Escambia, Okaloosa, Santa Rosa, and Walton counties for an extended period. 

The Circuit is prioritizing essential court proceedings but has decided to cancel and reschedule other proceedings, along with suspending related operations for several days starting from October 2, 2023.

In the midst of the investigation, judges in the affected counties have been in contact with litigants and attorneys regarding their regularly scheduled hearings. 

Additionally, the court authorities confirmed that all facilities are operating without any disruptions. As of now, the court has not independently verified the ransomware attack claims made by the ALPHV gang.

The ALPHV ransomware operation, originally known as DarkSide, emerged in November 2021 and is believed to be a rebranding of DarkSide/BlackMatter. 

This group gained international notoriety after the Colonial Pipeline breach, drawing the attention of law enforcement agencies worldwide. After a rebranding to BlackMatter in July 2021, their activities abruptly halted in November 2021 when authorities seized their servers and security firm Emsisoft developed a decryptor exploiting a ransomware vulnerability. 

This ransomware operation is known for consistently targeting global enterprises and continuously refining their tactics.

In a recent incident, an affiliate known as Scattered Spider claimed responsibility for an attack on MGM Resorts, asserting to have encrypted over 100 ESXi hypervisors after the company declined ransom negotiations following the shutdown of internal infrastructure. 

As reported by BleepingComputer, ALPHV's ransomware attack on MGM Resorts resulted in losses of approximately $100 million, as well as the theft of its customers' personal information. The FBI issued a warning in April, highlighting the group's involvement in successful breaches of over 60 entities worldwide between November 2021 and March 2022.
Read more »
Software
Cyber Security Healthcare Malicious actor Manufacturing Organization Patch Fix Protocols Security Breach Sensitive data Software

ICS Security Alert: Over 100,000 Systems Exposed Online

Our world is increasingly interconnected, and the security of Industrial Control Systems (ICS) is essential. Researchers have recently warned that over 100,000 ICS are currently exposed online, putting them at risk of cyberattacks.

According to reports from reputable cybersecurity sources, the number of accessible ICSs has crossed the alarming threshold of 100,000. This revelation underscores the urgency for businesses and organizations to prioritize the safeguarding of their critical infrastructure.

Industrial Control Systems are the backbone of various sectors including energy, manufacturing, transportation, and utilities. They manage and regulate essential processes, making them indispensable for the functioning of modern society. However, their exposure to the internet opens the door to potential cyber-attacks.

The consequences of a successful cyber-attack on ICS can be catastrophic. It can lead to disruptions in production, compromised safety measures, and even environmental hazards. To mitigate these risks, experts emphasize the need for robust cybersecurity measures tailored specifically to ICS.

The report indicates a slight decrease in the number of exposed ICS, which is a positive sign. This may suggest that some organizations are taking steps to bolster their security infrastructure. However, the fact remains that a significant number of ICSs are still at risk.

To enhance the security of ICS, it is imperative for organizations to adopt a multi-faceted approach. This should include regular vulnerability assessments, timely patching of software and firmware, network segmentation, and the implementation of strong access controls.

Furthermore, employee training and awareness programs are crucial. Human error remains one of the leading causes of security breaches. Ensuring that personnel are well-versed in recognizing and responding to potential threats is an essential line of defense.

Collaboration between governments, regulatory bodies, and the private sector is also vital in fortifying the security of ICS. Sharing threat intelligence and best practices can help create a unified front against cyber threats.

The discovery of more than 100,000 vulnerable industrial control systems is a wake-up call for industries around the world. The protection of these vital facilities needs to be a major concern. We can strengthen our defenses against prospective cyber-attacks and ensure the ongoing stability and safety of our contemporary society by implementing stringent cybersecurity measures and encouraging teamwork.

Read more »
User Privacy
API Users Data Breach Security Breach Third Party Vendors User Privacy

OpenSea Warns API Customers of Third-Party Security Breach

 

Following a third-party security breach that left them potentially susceptible to malicious actors, OpenSea issued a security warning to specific users, urging them to rotate their API credentials. 

OpenSea informed impacted customers via email that one of its vendors had experienced a safety concern that may have exposed information connected to consumers' OpenSea API keys. The leak prompted worries regarding the security of these keys, prompting OpenSea to act quickly. 

OpenSea has asked customers to immediately stop using their current API keys and replace them with new ones. They emphasised that the current keys will expire on Monday, October 2. While the breach is not likely to have an immediate impact on users' integration with the platform, OpenSea warned that third-party access could potentially influence users' allotted rate limitations and usage criteria. 

To reassure users, OpenSea stated that the newly created API keys will have the same rights and rate limits as the expiring ones. However, the site did not disclose the exact number of people affected by the incident, nor did it say whether any data besides API credentials was at risk. 

This incident occurred not long after one of Nansen's third-party vendors experienced a similar security breach, which resulted in the exposure of specific customers' email addresses, password hashes, and blockchain addresses. Approximately 6.8% of its user base was impacted, according to Nansen, an on-chain analytics tool. Nansen said that many Fortune 500 businesses employ it, without specifically mentioning the vendor. 

In addition to this new attack, OpenSea has already suffered security issues. OpenSea faced a data leak issue in June of the previous year, when customer emails were exposed owing to an employee's error while working with the email delivery partner, Customer.io. As a result of such data breaches, criminals frequently use compromised emails to start plausible phishing scams targeting clients. 

Furthermore, in May 2022, OpenSea's Discord server was hacked, with cybercriminals promoting a bogus NFT minting event while claiming to be in conjunction with YouTube. These incidents highlight the persistent challenges and security risks that crypto-related platforms face in an ever-changing digital ecosystem.
Read more »
User Security
attacks Crypto Crypto Apps cryptocurrency Data Breach LastPass Security Breach User Data User Privacy User Safety User Security

LastPass Security Breach Linked to Series of Crypto Heists, Say Experts

 

Security experts allege that some of the LastPass password vaults, which were stolen in a security breach towards the end of 2022, have now been successfully breached, leading to a series of substantial cryptocurrency thefts. 

According to cybersecurity blogger Brian Krebs, a group of researchers has uncovered compelling evidence linking over 150 victims of crypto theft to the LastPass service. The combined value of the stolen cryptocurrency is estimated to be over $35 million, with a frequency of two to five high-value heists occurring each month since December 2022.

Taylor Monahan, the lead product manager at MetaMask, a cryptocurrency wallet company, and a prominent figure in the investigation, noted that the common denominator among the victims was their prior use of LastPass to safeguard their "seed phrase" – a confidential digital key necessary to access cryptocurrency investments. 

These keys are typically stored on secure platforms like password managers to thwart unauthorized access to crypto wallets. Furthermore, the pilfered funds were traced to the same blockchain addresses, further solidifying the connection between the victims.

LastPass, a password management service, experienced two known security breaches in August and November of the previous year. 

During the latter incident, hackers utilized information acquired from the first breach to gain access to shared cloud storage containing customer encryption keys for vault backups. We have contacted LastPass to verify if any of the stolen password vaults have indeed been breached and will provide an update if we receive a response.

LastPass CEO Karim Toubba informed The Verge in a statement that the security breach in November is still under active investigation by law enforcement and is also the subject of pending litigation. The company did not confirm whether the 2022 LastPass breaches are related to the reported crypto thefts.

Researcher Nick Bax, who holds the position of Director of Analytics at crypto wallet recovery company Unciphered, also examined the theft data and concurred with Monahan’s conclusions in an interview with KrebsOnSecurity:

“I’m confident enough that this is a real problem that I’ve been urging my friends and family who use LastPass to change all of their passwords and migrate any crypto that may have been exposed, despite knowing full well how tedious that is.”
Read more »
Security Breach
Canada Cyber Attacks Gas Stations Payment Network Petro Canada Security Breach

Cyberattack on Suncor Energy Affects Petro-Canada Gas Stations

 

Customers have been reporting issues with Petro-Canada's loyalty and payment programmes for almost a week now, but the company maintains it is working to find solutions. 

Around a week ago, reports that the parent company Suncor had been hacked surfaced, sparking problems within the company. 

Suncor confirmed having a "cybersecurity incident" over the weekend and highlighted that, despite being certain that no employee or customer data had been stolen, "some transactions with customers and suppliers may be impacted."

One of the first sites where such disruptions were discovered was at Petro-Canada, where the chain's more than 1,500 outlets across the country were experiencing difficulties processing debit and credit payments. Other services affected include the loyalty programme app Petro-Points and a car wash-related service. 

Petro-Canada stated on Twitter that it is "making progress on resolving the disruptions customers have been experiencing and will continue to update you as more services come back online." We apologise for any inconvenience this has caused, and we thank you for patience." 

Massive implications 

Suncor has yet to link the cybersecurity incident to Petro-Canada problems, or even say what type of incident it was, but Ian Paterson, CEO of cybersecurity firm Plurilock, says the incident has some of the hallmarks of a "ransomware" attack, in which malicious actors gain access to a company's network and then hold it hostage in exchange for payment. He warns, though, that it might not be. 

"If a company is taking down systems voluntarily to try to figure out what happened, it would actually look very similar to a ransomware attack," Paterson stated. 

Those attacks frequently occur when hackers detect a vulnerability of some kind, hence they often take place during downtimes such as holidays or as we approach the weekend. Whatever the source, Paterson believes the corporation is dealing with a "massive problem" considering the length of the outage. 

Reputational harm

According to Jon Ferguson, general manager of cybersecurity at the Canadian Internet Registration Authority, the company's impact from this cybersecurity issue will be felt for a long time. He mentioned that one of the issues is that it is a huge organisation. 

"If they have to go in and modify critical systems, that can take a very long time to recover, depending on what's been damaged," Ferguson told The Canadian Press. "There's also the cost of disruption.I'm not sure how much gas Petro-Canada didn't sell since customers didn't have cash." 

Additionally, he noted that the cost of the harm to the company's reputation was very difficult to measure, but you're probably going to think twice before you slip your credit card into a Petro-Canada gas machine now. 

Businesses affected by cyber attacks

The incident is only the most recent cybersecurity breach to make headlines. Indigo was targeted by a ransomware attack in February, which disrupted credit and debit card payments for days and the online store for over a month.

In 2021, the American pipeline firm Colonial Pipeline went offline after hackers breached the corporation's servers. This attack halted the flow of gasoline over a critical pipeline that supplies the eastern seaboard, causing major shortages.

The Canadian Centre for Cyber Security warned last week that ransomware attacks — in which hackers gain access to a company's internal system and demand payment in exchange for restoring it — were the most serious cyber threat facing Canada's oil and gas industry.
Read more »
Verizon
Cloud Security Cyber Security data security Security Breach Security Observability SIEM Verizon

Security Observability: How it Transforms Cloud Security


Security Observability 

Security Observability is an ability to gain recognition into an organization’s security posture, including its capacity to recognize and address security risks and flaws. It entails gathering, analyzing, and visualizing security data in order to spot potential risks and take preventative action to lessen them. 

The process involves data collection from varied security tools and systems, like network logs, endpoint security solutions, and security information and event management (SIEM) platforms, further utilizing the data to observe potential threats. In other words, unlike more conventional security operations tools, it informs you of what is expected to occur rather than just what has actually occurred. Security observability is likely the most significant advancement in cloud security technology that has occurred in recent years because of this major distinction. 

Though, a majority of users are still unaware of security observability, which is something that raises concerns. According to a 2021 Verizon Data Breach Investigations Report, cloud assets were included in 24% of all breaches analyzed, up from 19% in 2020. 

It is obvious that many people working in cloud security are responding slowly to new risks, and a select few need to act more quickly. This is likely to get worse as multi-cloud apps that leverage federated architectures gain popularity and cloud deployments become more varied and sophisticated. The number of attack surfaces will keep growing, and attackers' ingenuity is starting to take off. 

Organizations can embrace cloud security observability to get a more complete understanding of their cloud security position, allowing them to: 

  • Detect and Respond to Threats More Quickly: Cloud security allows firms to recognize and respond to threats fasters, in a much proactive manner, all by collecting data from numerous security tools and systems. 
  • Identity Vulnerabilities and Secure Gaps: With a better knowledge about the potential threats, organizations can take upbeat measures to address the issues before the bad actors could manage to exploit them. 
  • Improve Incident Response: Cloud security observability can help organizations improve their incident response skills and lessen the effect of attacks by giving a more thorough view of security occurrences. 
  • Ensure Compliance: Cloud security observability further aids organizations in analyzing and monitoring their cloud security deployment/posture to maintain compliance with industry rules and regulations, also supporting audits and other legal accounting.  

Read more »
Vulnerabilities and Exploits
and Exploits Cloud Service Crypto Wallet Google Imperva Red Security Breach Vulnerabilities Vulnerabilities and Exploits

Over 2.5 Billion Google Chrome Users' Information was Breached

 


It is no longer necessary for a person to commute to a physical location to find information about anything they are interested in. 

Currently, Google can be trusted to provide the most relevant information about anything and everything. Google has a wealth of information available at the click of a button. Data threat risk is also growing along with the acceptance of cloud services leading to the rise of data breaches. 

With billions of users, Google Chrome is gaining an increasing amount of popularity as one of the most popular web browsers. 

According to the cyber security firm Imperva Red, a vulnerability in Google Chrome and Chromium browsers could expose the data of over 2.5 billion users worldwide to the risk of theft or other harm. 

The company is reporting that a vulnerability known as CVE-2022-3656 can be exploited to steal private information, such as the login credentials of cloud providers and crypto wallets. An assessment of how the browser interacts with the file system found a vulnerability in the way the browser works with the file system. According to the blog, the purpose of this experiment was primarily to examine how browsers handle symlinks to find widespread issues. 

It should be noted that a symbolic link is a kind of file that points to a different file or directory, as defined by Imperva Red. A symlink can therefore be treated by the operating system as if it were a regular file or directory. This means that the operating system can access it as though it were physically present. A symlink could be useful if you want to create shortcuts, change the path of a file, or organize your files more flexibly according to the manual. 

There is also a possibility that these links could be exploited to expose vulnerabilities if not managed appropriately.  

The company stated that the flaw, which affected Google Chrome, could have been exploited by hacking and building a false website. This site promoted a newly launched service related to crypto wallets. A website that prompts people to download "recovery" keys might then appear to deceive them into creating a new wallet.   
Read more »
Subscribe to: Posts (Atom)