Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Slack. Show all posts
Technolgy
Cyber Security Digital Landscape Personal Data Slack SolarWind Supply Chain Attack Technolgy

Increasing Data Security in the Digital Era

Protecting our online profile has become crucial in the current digital era. Keeping up with the most recent technologies and techniques is essential to safeguarding personal data and privacy in light of the constantly changing technological landscape. To assist you in navigating the complicated world of digital security, this article offers a succinct summary of key tools and procedures.

1. Password Managers: Your First Line of Defense

One of the fundamental aspects of online security is having strong, unique passwords for each of your accounts. However, remembering complex passwords for multiple platforms can be a daunting task. This is where password managers step in. They generate and store strong passwords, alleviating the burden of memorization while keeping your accounts secure. CNET's comprehensive guide on the best password managers provides valuable insights into choosing the right one for your needs.

2. The SolarWinds Saga: A Wake-Up Call for Supply Chain Security

The SolarWinds breach of 2020 revealed the audacity and sophistication of supply chain attacks. Wired's in-depth analysis sheds light on the unprecedented scale and intricacy of this cyber intrusion. It serves as a stark reminder that even industry giants are not impervious to such attacks. The incident underscores the critical need for comprehensive security measures, including rigorous vendor assessments and continuous monitoring of software supply chains.

3. Slack: Revolutionizing Communication with Enhanced Security Measures

Communication platforms like Slack have become indispensable in the modern workplace. TechCrunch's coverage of Slack's exit from beta in 2014 highlights the platform's rapid ascent to prominence. As businesses increasingly rely on such tools for collaboration, it's crucial to ensure that they employ robust security features. Encryption, multi-factor authentication, and regular security audits are some of the key measures that platforms like Slack should implement to safeguard sensitive communications.

4. Prioritizing Data Privacy with Cutting-Edge Technologies

In an era where data breaches are almost commonplace, prioritizing data privacy is non-negotiable. IEEE Spectrum's dedicated section on data privacy provides a wealth of resources and insights into the latest technologies and best practices. From 

Unprecedented opportunities and problems come with living in the digital age. In a world where information is becoming more interconnected by the day, people and organizations may protect sensitive data by utilizing the strategies and technologies described in these resources. As you may recall, readiness and alertness are crucial in the field of cybersecurity.
Read more »
User Security
Data Breach Data Leak data security Security Incident Slack uber User Data User Privacy User Security

Uber Investigates Potential Breach Of its Computer System

 

Uber announced on Thursday that it is responding to a cybersecurity incident involving a network breach and that it is in contact with law enforcement authorities. The incident was first reported by the New York Times. When reached for comment, the company referred to its tweeted statement.  

As per two employees who were not authorised to speak publicly, Uber employees were instructed not to use the company's internal messaging service, Slack, and discovered that other internal systems were inaccessible.

Uber employees received a message that read, "I announce I am a hacker and Uber has suffered a data breach" shortly before the Slack system was taken offline on Thursday afternoon. The message went on to list a number of internal databases that the hacker claimed were compromised.

"It appeared that the hacker was later able to gain access to other internal systems, posting an explicit photo on an internal information page for employees," the New York Times stated. 

Uber has not released any additional information about the incident, but it appears that the hacker, believed to be an 18-year-old teenager, social-engineered the employee to obtain their password by impersonating a corporate IT employee and then used it to gain access to the internal network. 

The attacker was able to circumvent the account's two-factor authentication (2FA) protections by bombarding the employee with push notifications and contacting the individual on WhatsApp to abide by the authorization by claiming to be from Uber's IT department. The technique is similar to the recently disclosed Cisco hack, in which cybercriminal actors used prompt bombing to gain 2FA push acceptance. 

"Once on the internal network, the attackers found high privileged credentials laying on a network file share and used them to access everything, including production systems, corp EDR console, [and] Uber slack management interface," Kevin Reed, a chief information security officer at Acronis, told The Hacker News.

It's not the first time

This is not Uber's first security breach. It came under fire for failing to adequately reveal a 2016 data breach that affected 57 million riders and drivers and then paying hackers $100,000 to obfuscate the breach. It was only in late 2017 that the public became aware of it.

Uber's top security executive at the time, Joe Sullivan, was fired for his role in the company's response to the hack. Mr. Sullivan was charged with obstructing justice for failing to notify regulators of the breach, and he is currently on trial. Mr. Sullivan's lawyers have argued that other employees were responsible for regulatory disclosures and that the company had made Mr. Sullivan a scapegoat. 

In December 2021, Sullivan was sentenced to three additional counts of wire fraud in addition to the previously filed felony obstruction and misprision charges.

"Sullivan allegedly orchestrated the disbursement of a six-figure payment to two hackers in exchange for their silence about the hack," the superseding indictment said. It further said he "took deliberate steps to prevent persons whose PII was stolen from discovering that the hack had occurred and took steps to conceal, deflect, and mislead the U.S. Federal Trade Commission (FTC) about the data breach."

The latest breach comes as Sullivan's criminal case goes to trial in the United States District Court in San Francisco.

Reed concluded, "The compromise is certainly bigger compared to the breach in 2016. Whatever data Uber keeps, the hackers most probably already have access."
Read more »
Slack
Airline API Cyber Attacks Iranian Slack

Slack API Exploited by Iranian Threat Actor to Attack Asian Airline

 

According to IBM Security X-Force, the Iran-linked advanced persistent threat (APT) attacker MuddyWater has been discovered establishing a backdoor that exploits Slack on the network of an Asian airline. 

The hacking gang, also known as MERCURY, Seedworm, Static Kitten, and ITG17, predominantly targets throughout the Middle East and other regions of Asia. 

MuddyWater successfully infiltrated the networks of an undisclosed Asian airline in October 2019, according to IBM X-Force, with the detected activities continuing into 2021. 

According to IBM's security researchers, the adversary used a PowerShell backdoor named Aclip, which uses a Slack communication API for command and control (C&C) operations such as communication and data transmission. 

Provided that numerous different Iranian hacking groups got access to the very same victim's infrastructure in far too many cases, IBM X-Force suspects that the other adversaries were also associated in this operation, particularly considering that Iranian state-sponsored malicious actors have already been targeting the airline industry – primarily for monitoring purposes – for at least a half-decade. 

A Windows Registry Run key has been exploited in the observed event to permanently perform a batch script, which then runs a script file (the Aclip backdoor) using PowerShell. The malware could collect screenshots, acquire system information, and exfiltrate files after receiving commands via attacker-created Slack channels. 

The attacker guarantees that malicious traffic mixes in along with regular network traffic while using Slack for communication. Other virus groups have also leveraged the collaborative application for similar objectives. 

Following notification of the malicious activities, Slack initiated an investigation and removed the reported Slack workspaces. 

“We confirmed that Slack was not compromised in any way as part of this incident, and no Slack customer data was exposed or at risk. We are committed to preventing the misuse of our platform and we take action against anyone who violates our terms of service,” Slack said.

IBM's researchers are certain that the malicious actor is behind the activities based on custom tools used throughout the attack, TTP overlaps, used infrastructure, and MuddyWater's previous targeting of the transportation sector.
Read more »
Slack
BaseCamp BazarLoader Cyber Attacks Malicious Campaign Slack

BazarLoader Malware: Abuses Slack and BaseCamp Clouds

 

The primary feature of the BazarLoader downloader, which is written in C++, is to download and execute additional modules. BazarLoader was first discovered in the wild last April, and researchers have discovered at least six variants since then “signaling active and ongoing development”.

According to researchers, the BazarLoader malware is leveraging worker trust in collaboration tools like Slack and BaseCamp, in email messages with links to malware payloads. The attackers have also added a voice-call feature to the attack chain in a secondary campaign targeted at consumers. 

“With a focus on targets in large enterprises, BazarLoader could potentially be used to mount a subsequent ransomware attack,” states Sophos advisory released on Thursday. Adversaries are targeting employees of large companies with emails that purport to provide valuable details related to contracts, customer care, invoices, or payroll, they added. 

Since the links in the emails are hosted on Slack or BaseCamp cloud storage, they can appear genuine if the target works for a company that uses one of those platforms. When a victim clicks on the link, BazarLoader downloads and executes on their device. 

Usually, the links point to a digitally signed executable with an Adobe PDF graphic as its symbol and the files have names like presentation-document.exe, preview-document-[number].exe, or annualreport.exe, according to the researchers. These executable files, when run, inject a DLL payload into a legitimate process, such as the Windows command shell, cmd.exe. 

“The malware, only running in memory, cannot be detected by an endpoint protection tool’s scans of the filesystem, as it never gets written to the filesystem.” Sophos discovered that the spam messages in the second campaign are devoid of anything suspicious: there are no personal details of any sort in the email body, no connection, and no file attachment.

“All the message claims is that a free trial for an online service the recipient claims to be using is about to expire in the next day or two, and it includes a phone number the recipient must call to opt-out of a costly, paid renewal,” researchers explained. 

If a potential victim picks up the call, a friendly person on the other end of the line sends them a website address where they can unsubscribe from the service. These websites bury an unsubscribe button in a page of frequently asked questions and clicking that button delivers a malicious Office document (either a Word doc or an Excel spreadsheet) that, when opened, infects the computer with the same BazarLoader malware. 

The messages claimed to come from a company named Medical Reminder Service and included a phone number as well as a street address for a real office building in Los Angeles. However, starting in mid-April, the messages began to use a ruse involving a fraudulent paying online lending library named BookPoint. 

Researchers have been suspecting that BazarLoader could be related or authored by the TrickBot operators. TrickBot is another first-stage loader malware often used in ransomware campaigns. 

BazarLoader seems to be in its initial developmental stage and isn't as advanced as more mature families like TrickBot, researchers added. “While early versions of the malware were not obfuscated,” they explained, “more recent samples appear to encrypt strings that could expose the malware's intended use.”
Read more »
Subscribe to: Posts (Atom)