Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Sensitive data. Show all posts
Sensitive data
Cyber Attacks Data Leak data security Data Theft Hacker attack Indian Cyber Security Pakistan Hacker Personal Data Sensitive data

Pakistan-Based Hackers Launch Cyber Attack on Indian Defence Websites, Claim Access to Sensitive Data

 

In a concerning escalation of cyber hostilities, a Pakistan-based threat group known as the Pakistan Cyber Force launched a coordinated cyber offensive on multiple Indian defence-related websites on Monday. The group claimed responsibility for defacing the official site of a Ministry of Defence public sector undertaking (PSU) and asserted that it had gained unauthorized access to sensitive information belonging to Indian defence personnel. According to reports, the targeted websites included those of the Military Engineering Service (MES) and the Manohar Parrikar Institute of Defence Studies and Analyses (MP-IDSA), both critical components in India’s defence research and infrastructure network. 

The group’s social media posts alleged that it had exfiltrated login credentials and personal data associated with defence personnel. One particularly alarming development was the defacement of the official website of Armoured Vehicle Nigam Limited (AVNL), a key PSU under the Ministry of Defence. The hackers replaced the homepage with the Pakistani flag and an image of the Al Khalid tank, a symbol of Pakistan’s military capabilities. A message reportedly posted on social platform X read, “Hacked. Your security is illusion. MES data owned,” followed by a list of names allegedly linked to Indian defence staff. 

Sources quoted by ANI indicated that there is a credible concern that personal data of military personnel may have been compromised during the breach. In response, authorities promptly took the AVNL website offline to prevent further exploitation and launched a full-scale forensic audit to assess the scope of the intrusion and restore digital integrity. Cybersecurity experts are currently monitoring for further signs of intrusion, especially in light of repeated cyber threats and defacement attempts linked to Pakistani-sponsored groups. 

The ongoing tensions between the two countries have only heightened the frequency and severity of such state-aligned cyber operations. This latest attack follows a pattern of provocative cyber incidents, with Pakistani hacker groups increasingly targeting sensitive Indian assets in attempts to undermine national security and sow discord. Intelligence sources are treating the incident as part of a broader information warfare campaign and have emphasized the need for heightened vigilance and improved cyber defense strategies. 

Authorities continue to investigate the breach while urging government departments and defense agencies to reinforce their cybersecurity posture amid rising digital threats in the region.
Read more »
Sensitive data
Chinese Hackers CISA Cyber Security Ghost MFA Sensitive data

Chinese Ghost Hackers Focus on Profits, Attack Key Sectors in the US and UK


 

In the world of cybercrime, criminals usually fall into two groups. Some target individuals, tricking them for money. Others go after important organizations like hospitals and companies, hoping for bigger payouts. Although attacks on healthcare are less common, they cause major harm when they happen. Incidents like the New York Blood Center hack, where hackers stole a million patient records, show how serious the risk is. Now, a new report warns about Chinese cybercriminals, known as Ghost, who are attacking government offices, power companies, banks, factories, and hospitals. Most of their attacks have affected North America and the United Kingdom.


Ghost Hackers Active in Over 70 Countries

According to research shared by Rebecca Harpur from Blackfog, the Ghost hacking group is based in China and acts on its own without links to the government. Their main goal is to make money, not to steal secrets. Over time, this group has changed its identity multiple times, previously using names like Cring, Crypt3r, Hello, and Phantom. By rebranding, they make it harder for law enforcement agencies to track them as one single group.

Despite their tricks, agencies like the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have raised alarms about the damage Ghost can cause. The Blackfog report explains that victims usually receive a message demanding money, threatening to either destroy stolen information or release it publicly if they refuse to pay.


How Ghost Carries Out Its Attacks

The way Ghost hackers break into systems usually follows the same pattern:

• They first find and exploit weaknesses in systems that are open to the internet, such as VPN devices, websites, and email servers.

• After getting inside, they install secret programs like Cobalt Strike and web shells to stay hidden. They often create fake accounts and disable security software once they have high-level access.

• With these privileges, they move across the network quietly and transfer sensitive data to their own servers.

• Once enough data is stolen, they release ransomware programs (often named Ghost.exe or Cring.exe) across the network. This encrypts files, destroys backup copies, and leaves a ransom note demanding payment.


Tips to Stay Protected

Although the FBI has provided detailed steps to defend against these attacks, Blackfog suggests a few important actions:

1. Keep backups of all important data and store them separately from your main network.

2. Always install the latest updates for your operating systems, applications, and firmware.

3. Use multi-factor authentication to add an extra layer of security to user accounts.

4. Divide your network into smaller parts to make it harder for hackers to move around freely if they break in.


The Ghost hacking group is not interested in spying — their focus is on making money. Organizations need to stay alert, strengthen their defenses, and act fast to prevent serious damage from these ongoing threats.






Read more »
telecommunications
Data Breach Orange Group Security Systems Sensitive data telecommunications

Hacker Leaks Stolen Data After Cyberattack on Orange Group

 


A hacker has claimed responsibility for breaking into the systems of Orange Group, a well-known French telecommunications provider. The attacker alleges that they stole a large number of internal files, including confidential details about customers and employees. After failing to extort the company, the hacker released some of this data on an underground forum.  


Orange Verifies the Cyberattack  

Orange Group has acknowledged the breach, stating that the attack targeted a non-essential system. The company has started an internal investigation and is taking steps to limit the damage. However, reports suggest that significant amounts of data have already been exposed.  

The hacker, who goes by the online name Rey, is associated with a cybercriminal group called HellCat. Despite this, Rey insists that this was not a ransomware attack. The breach primarily impacted Orange Romania, a regional branch of the company.  


What Information Was Compromised?  

According to the hacker, the stolen files contain nearly 380,000 email addresses, as well as confidential company records. The leaked data includes:  

• Customer and employee details  

• Business contracts and invoices  

• Internal source code  

• Payment card information, though many of these details are outdated  

Some of the email addresses in the leaked files belonged to former employees and business partners who had been associated with Orange Romania over five years ago. Additionally, the breach affected records from Yoxo, Orange’s subscription-based mobile service.  


How Did the Breach Occur?  

Rey claims to have accessed Orange’s systems for over a month before stealing data. The hacker reportedly gained entry using stolen login credentials and weaknesses in Jira, a software tool the company uses for project management and issue tracking.  

On the day of the attack, the hacker extracted company files for about three hours without triggering any security alerts. They also left a ransom note, but Orange did not respond or engage in negotiations.  


Orange’s Official Statement  

When asked about the breach, an Orange spokesperson confirmed that their Romanian operations had been targeted by hackers. The company’s cybersecurity and IT teams are currently working to understand the full extent of the breach and are focused on reducing its impact.  


A Pattern of Attacks?  

This is not the first time attackers have used Jira security flaws to steal information from large corporations. In similar cases, cybercriminals have managed to extract huge amounts of data, including 40GB in one breach and 2.5GB in another.  

This incident shows us the reality of weakened security systems and stolen login details can allow hackers to infiltrate major organizations. Companies must regularly update their cybersecurity measures to prevent such attacks. Employees and customers affected by this breach should remain cautious of phishing scams or fraudulent activities that may arise from their leaked data.  

As the investigation progresses, more details about the Orange Group breach may emerge. For now, the company is working on securing its systems and preventing further exposure of sensitive information.

Read more »
Sensitive data
Builder.ai Data Breach database Identity Theft Sensitive data

Builder.ai Data Breach Exposes Sensitive Information of Over 3 Million Users

 

A huge data security breach has come to light, with the data platform Builder.ai. It's a service that lets organizations build their own proprietary, custom software applications, which don't need heavy programming. According to a blog post by a security researcher, sensitive information from more than three million users' accounts was inadvertently leaked to the internet, leaving an open question of what now?

Jeremiah Fowler, a cybersecurity expert known for discovering unsecured online databases, found a Builder.ai archive with over 3 million records. This archive reportedly contained 1.29 terabytes of data, including very sensitive materials such as invoices, NDAs, email screenshots, and tax documents.

Worryingly, files contained access keys and configurations of two cloud storage systems. These keys, in the wrong hands, could grant hackers access to even more sensitive data.  


What Was Exposed

The exposed database included the following:  

337,434 invoices: The documents comprised transactions between Builder.ai and its clients.

32,810 master service agreements: Most agreements included user names, e-mail addresses, IP details and project estimations of the cost associated with a particular project giving a holistic overview of their sensitive information.  


Such data left unprotected poses grave risks. This information could be used for phishing scams, identity theft, or even financial fraud by criminals. Phishing is the art of making people give up their personal information by claiming to be a trusted person. The presence of cloud storage keys in the database further increases the worry, as this may also open access to more sensitive files elsewhere.

Fowler quickly notified the company, Builder.ai. However, the company, in its defense, showed that it could not tighten the database security due to "complexities with dependent systems." It is already a month, and nobody knows if the problem persists.  

Misconfigured databases are one of the constant problems of the digital era. Companies don't realize they have a shared responsibility to secure the data when it comes to cloud services, leaving large repositories of information exposed unintentionally. 

For businesses, this is an important wake-up call regarding comprehensive cybersecurity practices- periodic checks and ensuring the databases are properly secured for users' data protection.

For users, vigilance is key. Anyone who's interacted with Builder.ai should keep an eye out on their accounts for anything weird and be on their toes for phishing scams.

And in this hyperconnected world, security breaches such as this remind us that vigilance is key, too, for companies as much as it is for their users.



Read more »
Sensitive data
CAPTCHA Mobile Security phishing Sensitive data

Executives Targeted by Advanced Mobile Phishing Attacks

 

Mobile phishing attacks have continued to advance, targeting corporate executives. A report from mobile security firm Zimperium describes these attacks as highly sophisticated means of exploiting mobile devices. Thus, there is an emerging need for awareness and security measures.

How the Attacks Function

One campaign uncovered by Zimperium’s research team (zLabs) impersonated Docusign, a widely trusted e-signature platform. The attackers sent fake emails designed to look like urgent communications from Docusign. These emails urged recipients to click on a link to review an important document, playing on trust and the sense of urgency.

Initial Stage: Clicking the link redirected victims to a legitimate-looking webpage, masking its malicious intent.

Second-level Credibility: Then it led to a phishing site with a compromised university website address, which gave it a third level of credibility.

Mobile Specific Ploys: The phishing site on mobile was a Google sign-in page, created to steal login credentials. Desktop users were taken to actual Google pages to avoid detection.

Using CAPTCHA: To gain user trust, attackers added CAPTCHA verification in the phishing pages, so it resembled a real one.

Why Mobile Devices Are the Target

Mobile devices are generally less secure than traditional computers, making them a preferred target. The attackers planned well and even registered domains and SSL certificates just days before sending phishing emails. This was very hard to detect, because of the time invested in preparation.

Steps to Stay Protected

Experts advise that businesses take several steps to protect themselves from these attacks:

  • Train Employees: Educate employees, especially executives, on how to detect phishing attempts and not to click on suspicious links.
  • Mobile Security: Strengthen security on mobile devices and update policies to address emerging threats.
  • Use Advanced Tools: Implement advanced detection systems that can identify these new, highly hidden attacks.

Mika Aalto, the CEO of the security company Hoxhunt, believes that organizations should think about early prevention and equip employees with the skills to identify phishing attacks. He also advocates for better technical tools to help detect and block schemes more effectively.

Therefore, with the understanding and preparation about these threats, organizations can ensure their executives and sensitive data are protected from this mobile phishing campaign danger.

Read more »
Sensitive data
Bucharest Cyber Security Electrica Group Sensitive data

Electrica Group Under Cyber Attack, Systems Secure

 


Romanian energy provider Electrica Group has confirmed a cyber attack on its systems. Despite the breach, the company assured customers that its critical infrastructure remains secure. 

Incident Overview 
 
Electrica revealed that emergency response protocols were activated in line with cybersecurity requirements. While some operations faced short-term disruptions, these measures were necessary to protect internal systems and maintain business continuity. 
  
Collaboration with Cybersecurity Experts 
 
Electrica's technical teams are working with national cybersecurity agencies to:
  • Identify the source of the breach.
  • Prevent further disruptions.
  • Ensure the protection of sensitive data.
The company remains committed to delivering reliable electricity and safeguarding customer information. 

Customer Safety Advisory 
 
Electrica urged customers to remain vigilant and issued the following recommendations:
  • Avoid sharing personal information through unverified channels.
  • Be cautious of messages claiming to be from Electrica.
These measures are vital to prevent scams during the incident. 
  
Commitment to Transparency 

Electrica pledged to provide regular updates as efforts to mitigate the attack continue. The company is focused on minimizing the impact, restoring normal operations, and addressing vulnerabilities. 

This incident underscores the rising threats utility providers face and the critical need for robust cybersecurity mechanisms to protect infrastructure and public trust. Electrica is addressing the situation proactively, prioritizing reliability and customer safety.
Read more »
Social Security Number
Data Breach Digital Security Passwords Sensitive data Social Security Number

Why Ignoring Data Breaches Can Be Costly




Data breaches are now more rampant than ever, exposing passwords and payment details to hackers. You could be getting breach alerts that pop up every so often, warning you that your data has been exposed. It's a wake-up call on how rampant the breaches are.

A Persistent Problem 

Data breaches have become part of our online lives. From credit card numbers to social security information, hackers never cease their attempts to access sensitive data. In fact, many breaches are financially driven, and about 95% of cyberattacks aim for money or valuable information. Still, despite all the news every day, companies often do not realise they have been breached until almost six months pass. The average time to discovery is 194 days according to Varonis. Therefore, the attackers have sufficient time to use the information before the companies can even initiate their response.

Rise of Breach Blindness

Over time, exposure to breach after breach has created "breach blindness," as if these alerts do not matter anymore. Since most of the time, nothing immediate happens, it is easy to scroll past breach notifications without thinking twice. This apathy is dangerous. Such a lack of care could mean stolen identities, financial fraud, and no one holding the companies accountable for their inability to protect the data.

When companies lose money as a result of these breaches, the consumer pays for it in the form of higher fees or costs. IBM reports that the worldwide average cost of a data breach is nearly $5 million, a 10% increase from last year. Such a high cost is a burden shared between the consumer and the economy at large.

How to Protect Your Data

Although companies are liable for securing data, there are various measures that can be undertaken personally. The first and most obvious measure is that your account should have a very strong and unique password. Hackers rely on frequently used, weakly protected passwords to bypass most accounts. Changing them with complexity makes it even more challenging for attackers to bypass and get to compromising your data.

It is much important to stay vigilant nowadays with data breaches being as common as a part and parcel of the internet. This breach, little by little, erodes privacy online and security. Stop pretending not to know those prompts; take them as warnings to check on your web security and work on strengthening it if needed. The one thing to do with all this is to keep apprised so as to not be taken in on the hook.




Read more »
Vulnerabilities and Exploits
Google Cloud Mandiant Investigation Patching Sensitive data Vulnerabilities and Exploits

Think You’re Safe? Cyberattackers Are Exploiting Flaws in Record Time

 


There has been unprecedented exploitation by attackers of vulnerabilities in the software, Mandiant announced. According to the newly released report of the Mandiant cybersecurity firm, after an analysis of 138 exploits published in 2023, on average, in five days an attacker already exploits a vulnerability. Because of this speed, very soon it has become paramount for organisations to make their system updates quickly. The study, published by Google Cloud bloggers, shows that this trend has greatly reduced the time taken for attackers to exploit both unknown vulnerabilities, known as zero-day, and known ones, called N-day.

Speed in the Exploitation Going Up

As indicated by Mandiant research, the time-to-exploit, which is a statistic indicating the average number of days taken by attackers to exploit a discovered vulnerability, has been reducing rapidly. During 2018, it took nearly 63 days for hackers to exploit vulnerabilities. However, in the case of 2023, hackers took merely five days for exploitation. This shows that the attackers are getting more efficient in exploiting those security vulnerabilities before the application developers could patch them satisfactorily.

Zero-Day and N-Day Vulnerabilities

The report makes a distinction between the zero-day vulnerabilities, being the undisclosed and unpatched flaws that attackers would exploit immediately, and N-day vulnerabilities, which are already known flaws that attackers aim at after patches have already been released. In the year 2023, types of vulnerabilities targeted by the attackers changed, with rates of zero-day exploitation, which rose to a ratio of 30:70 compared with N-day attacks. This trend shows that attackers now prefer zero-day exploits, which may be because they allow immediate access to systems and sensitive data before the vulnerability is known to the world.

Timing and Frequency of Exploitation

This again proves that N-day vulnerabilities are at their most vulnerable state during the first few weeks when the patch is released. Of the observed N-day vulnerabilities, 56% happened within the first month after a patch was released. Besides, 5% were attacked within just one day of the patch release while 29% attacked in the first week after release. This fast pace is something that makes the patches really important to apply to organizations as soon as possible after they are available.

Widening Scope for Attack Targets

For the past ten years, attackers have enormously widened their scope of attacks by targeting a growing list of vendors. According to the report, on this front, the count increased from 25 in the year 2018 to 56 in 2023. The widening of such a nature increases the trouble for teams, who have now encountered a significantly expanded attack surface along with the ever-increasing possibility of attacks at a number of systems and software applications.


Case Studies Exposing Different Exploits

Mandiant has published case studies on how attackers exploit vulnerabilities. For example, CVE-2023-28121 is a vulnerability in the WooCommerce Payments plugin for WordPress, which was published in March 2023. Although it had been previously secure, it became highly exploited after the technical details of how to exploit the flaw were published online. Attacks started a day after the release of a weaponized tool, peaking to 1.3 million attacks in one day. This fast growth shows how easy certain vulnerabilities can be in high demand by attackers when tools to exploit are generally available.


The case of the CVE-2023-27997 vulnerability that occurred with respect to the Secure Sockets Layer in Fortinet's FortiOS was another type that had a different timeline when it came to the attack. Even though media alert was very much all over when the vulnerability was first brought to the limelight, it took them about two or three months before executing the attack. This may probably be because of the difficulty with which the exploit needs to be carried out since there will be the use of intricate techniques to achieve it. On the other hand, the exploit for the WooCommerce plugin was quite easier where it only required the presence of an HTTP header.

Complexity of Patching Systems

While patching in due time is very essential, this is not that easy especially when updating such patches across massive systems. The CEO at Quarkslab says that Fred Raynal stated that patching two or three devices is feasible; however, patching thousands of them requires much coordination and lots of resources. Secondly, the complexity of patching in devices like a mobile phone is immense due to multiple layers which are required for updates to finally reach a user.

Some critical systems, like energy platforms or healthcare devices, have patching issues more difficult than others. System reliability and uninterrupted operation in such systems may be placed above the security updates. According to Raynal, companies in some instances even ban patching because of the risks of operational disruptions, leaving some of the devices with known vulnerabilities unpatched.

The Urgency of Timely Patching

Says Mandiant, it is such an attack timeline that organisations face the threat of attackers exploiting vulnerabilities faster than ever before. This is the report's finding while stating that it requires more than timely patching to stay ahead of attackers to secure the increasingly complex and multi-layered systems that make up more and more of the world's digital infrastructure.


Read more »
Subscribe to: Posts (Atom)