Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label User Privacy. Show all posts
User Privacy
Data Breach Domain Provider FBI LabHost PHaas User Privacy

FBI Shares Details of 42,000 LabHost Phishing Domains

 

The LabHost cybercrime platform, one of the biggest worldwide phishing-as-a-service (PhaaS) platforms, was shut down in April 2024, but the FBI has disclosed 42,000 phishing domains associated with it. In order to raise awareness and offer signs of compromise, the published domains—which were registered between November 2021 and April 2024, when they were seized—are being shared. 

Operations and removal of LabHost 

LabHost is a significant PhaaS platform that sells access to a large number of phishing kits aimed at US and Canadian banks for $179 to $300 per month. It featured numerous customisation options, innovative 2FA bypass mechanisms, automatic SMS-based interactions with victims, and a real-time campaign management panel. Despite its launch in 2021, LabHost became a major player in the PhaaS market in late 2023/early 2024, surpassing established competitors in popularity and attack volume. 

It is estimated that LabHost stole over 1,000,000 user credentials and over 500,000 credit card details. In April 2024, a global law enforcement campaign supported by investigations in 19 nations resulted in the shutdown of the platform, which had 10,000 customers at the time. 

During the simultaneous searches of 70 residences, 37 people suspected of having links to LabHost were arrested. Although the LabHost operation is no longer active, and the shared 42,000 domains are unlikely to be used in malicious operations, the information remains valuable to cybersecurity firms and defenders. First, the domain list can be used to generate a blocklist, reducing the likelihood of attackers recycling or re-registering any of them in future attacks. 

The list can also be used by security teams to search logs from November 2021 to April 2024 in order to detect earlier connections to these domains and find previously unknown breaches. Finally, the list can assist cybersecurity experts in analysing domain patterns in PhaaS systems, improving attribution and intelligence correlation, and providing realistic data for phishing detection model training. The list is shared with the warning that it has not been vetted and may contain errors. 

"FBI has not validated every domain name, and the list may contain typographical or similar errors from LabHost user input," notes the FBI ."The information is historical in nature, and the domains may not currently be malicious. The FBI also noted that investigation of this list may show additional domains tied to the same infrastructure, therefore the list may not be exhaustive."
Read more »
User Privacy
Australian Bank Data Breach Data Leak Financial Security User Privacy

Cybercriminals Stole Thousands of Australians' Banking Details

 

Security experts believe that more than 30,000 Australians' banking details have been compromised online. According to Dvuln, an Australian computer security firm, the exposed data, discovered during the last four years, refers to "multiple major banks". However, rather than being stolen from banks, the credentials were swiped from customers' devices by hackers employing "infostealer malware infections". 

Dvuln warned that the data only reflects a "fraction" of the situation. Details from ten thousand users of one bank were discovered on "infostealer logs" where perpetrators can share and sell the information. Another bank had 5000 details found, while another had 4000. 

Customers from Australia's major banks, such as Commonwealth Bank, NAB, ANZ, and Westpac, had their information compromised. Dvuln advises that multi-factor authentication, which is increasingly required to access banking apps or websites, is "not a complete defence.” 

"The infections targeted individual user devices and harvested their credentials, rather than compromising banking infrastructure directly," the report said. 

Financial institutions, government, cybersecurity professionals, and the public must take coordinated action to mitigate the gap between endpoint compromise and financial misuse. 

Malicious software, or infostealer malware, is "one of the most pervasive yet underreported threats facing Australia's financial sector," the report further reads. The CEO of the Australian Banking Association, Anna Bligh, stated that the issue is not a breach of bank security systems, but rather the access of data from personal devices like laptops and phones.

"Keeping customers secure online is the top priority for Australia's banks," Blight stated. "They continue to invest in security defences to help keep customers safe, including using advanced intelligence systems to monitor both open and dark web sources for compromised customer credentials.” 

CommBank also recommended users to develop and change unique, strong passwords on a regular basis, install and maintain reliable anti-virus software, monitor their accounts and enable transaction notifications, and contact them if they see any suspicious behaviour.
Read more »
User Privacy
Carolina Anaesthesiology Data Breach Data Leak medical records User Privacy

Carolina Anaesthesiology Firm's Massive Data Breach Impacts Nearly 21,000 Patients

 

Jeremiah Fowler, a security researcher, uncovered a non-password-protected database thought to be owned by Carolina Anaesthesiology PA, a healthcare organisation based in North Carolina. This dataset included several states, had 21,344 records, and was about 7GB in size.

The data included sensitive information such as patient names, physical addresses, phone numbers, and email addresses, as well as insurance coverage details, anaesthesia summaries, diagnoses, family medical histories, and doctor's notes. 

According to the researcher, there were files labelled 'Billing and Compliance Reports', which indicates the sort of data contained. While there is no proof that the database fell into criminal hands, the vulnerability of the unsecured database might expose numerous people to social engineering attacks such as phishing, identity theft, or fraud. 

The dataset included a "detailed analysis and key metrics related to medical billing and healthcare services provided," according to the researcher. However, the healthcare company that was contacted stated that it did not own or manage the database, but that the owner had been notified and that public access was restricted.

It remains unclear whether the information was accessed by a threat actor or a third party; only an internal audit would reveal this, and as far as we know, the content has not appeared on any dark web sites for sale by hackers. The researcher's investigation revealed that the contents of this folder were most likely associated with Atrium Health, a Carolina Anaesthesiology PA partner. 

“Our cyber security team immediately launched an internal investigation upon receiving an email tip in mid-February 2025 about a possible data breach. Our investigation found that Carolina Anesthesiology, P.A., who regularly provides anesthesia services at select facilities, misconfigured the technology service used for billing data, exposing some of their patient data,” Atrium Health responded to the intrusion. 

“We immediately shut down all data feeds to Carolina Anesthesiology and, as a courtesy, notified the regular governing entities. We continue to learn more from the Carolina Anesthesiology team about their plan to notify their patients of this breach. All data feeds remain off until this issue has been satisfactorily addressed.”
Read more »
User Privacy
Biosecurity Cyber Security DNA Sequencing Health Security User Privacy

Scientists Warn of Cybersecurity Threats in Next-Gen DNA Sequencing

 

Next-generation DNA sequencing (NGS) is under increasing criticism for its cyber risks. While NGS has transformed disciplines ranging from cancer diagnosis to infectious disease tracking, a recent study warns that the platforms that enable these advancements could also be used as a gateway by hackers and bad actors.

The study, published in IEEE Access and headed by Dr. Nasreen Anjum of the University of Portsmouth's School of Computing, is the first to systematically map cyber-biosecurity vulnerabilities throughout the NGS workflow. 

NGS technology, which enables rapid and cost-effective DNA and RNA sequencing, supports not only cancer research and medicine development, but also agricultural innovation and forensic science. Its ability to process millions to billions of DNA fragments at once has significantly reduced the cost and enhanced the speed of genome analysis, making it a standard in labs around the world. 

However, the study focuses on a less-discussed aspect of this technological advancement: the increasing number of vulnerabilities at each stage of the NGS pipeline. From sample preparation to sequencing and data processing, each stage requires specialised instruments, complicated software, and networked systems. 

According to Dr. Anjum, these interrelated processes generate several points where security might be compromised. As large genetic databases are being stored and shared online, cybercriminals are more likely to access and misuse this sensitive information. The report cautions that such breaches might lead to not only privacy violations or identity tracing, but potentially more serious possibilities like data manipulation or the fabrication of synthetic DNA-encoded malware. 

Experts from Anglia Ruskin University, the University of Gloucestershire, Najran University, and Shaheed Benazir Bhutto Women's University contributed to the research. The researchers discovered multiple emerging threats including AI-powered genomic data manipulation and improved re-identification techniques that could jeopardise individual privacy. These concerns, they suggest, transcend beyond the person and endanger scientific integrity and possibly national security. 

Despite these risks, Dr Anjum observes that cyber-biosecurity remains a neglected field, with fragmented safeguards and little collaboration between computer science, bioinformatics, biotechnology, and security. To address these challenges, the research suggests a number of feasible options, including secure sequencing procedures, secured data storage, and AI-powered anomaly detection systems. The authors recommend governments, regulatory agencies, and academic institutions to prioritise research, education, and policy development in order to close biosecurity gaps.
Read more »
Viral Tend
Barbie Doll Trend Cyber Security Generative AI Threat Intelligence User Privacy Viral Tend

Security Analysts Express Concerns Over AI-Generated Doll Trend

 

If you've been scrolling through social media recently, you've probably seen a lot of... dolls. There are dolls all over X and on Facebook feeds. Instagram? Dolls. TikTok?

You guessed it: dolls, as well as doll-making techniques. There are even dolls on LinkedIn, undoubtedly the most serious and least entertaining member of the club. You can refer to it as the Barbie AI treatment or the Barbie box trend. If Barbie isn't your thing, you can try AI action figures, action figure starter packs, or the ChatGPT action figure fad. However, regardless of the hashtag, dolls appear to be everywhere. 

And, while they share some similarities (boxes and packaging resembling Mattel's Barbie, personality-driven accessories, a plastic-looking smile), they're all as unique as the people who post them, with the exception of one key common feature: they're not real. 

In the emerging trend, users are using generative AI tools like ChatGPT to envision themselves as dolls or action figures, complete with accessories. It has proven quite popular, and not just among influencers.

Politicians, celebrities, and major brands have all joined in. Journalists covering the trend have created images of themselves with cameras and microphones (albeit this journalist won't put you through that). Users have created renditions of almost every well-known figure, including billionaire Elon Musk and actress and singer Ariana Grande. 

The Verge, a tech media outlet, claims that it started on LinkedIn, a professional social networking site that was well-liked by marketers seeking interaction. Because of this, a lot of the dolls you see try to advertise a company or business. (Think, "social media marketer doll," or even "SEO manager doll." ) 

Privacy concerns

From a social perspective, the popularity of the doll-generating trend isn't surprising at all, according to Matthew Guzdial, an assistant professor of computing science at the University of Alberta.

"This is the kind of internet trend we've had since we've had social media. Maybe it used to be things like a forwarded email or a quiz where you'd share the results," Guzdial noted. 

But as with any AI trend, there are some concerns over its data use. Generative AI in general poses substantial data privacy challenges. As the Stanford University Institute for Human-Centered Artificial Intelligence (Stanford HAI) points out, data privacy concerns and the internet are nothing new, but AI is so "data-hungry" that it magnifies the risk. 

Safety tips 

As we have seen, one of the major risks of participating in viral AI trends is the potential for your conversation history to be compromised by unauthorised or malicious parties. To stay safe, researchers recommend taking the following steps: 

Protect your account: This includes enabling 2FA, creating secure and unique passwords for each service, and avoiding logging in to shared computers.

Minimise the real data you give to the AI model: Fornés suggests using nicknames or other data instead. You should also consider utilising a different ID solely for interactions with AI models.

Use the tool cautiously and properly: When feasible, use the AI model in incognito mode and without activating the history or conversational memory functions.
Read more »
User Privacy
Bangchak Data Breach Data Leak PDPC User Privacy

PDPC Probes Bangchak Data Breach Impacting 6.5 Million Records

 

A major data breach involving Bangchak Corporation Public Company Limited is being swiftly investigated by Thailand's Personal Data Protection Committee (PDPC). The company stated that unauthorised access to its customer feedback system had affected roughly 6.5 million records. 

A statement posted on the PDPC Thailand Facebook page on April 11 claims that Bangchak discovered the breach on April 9 and acted right away to secure the compromised systems and prevent unauthorised access. The portal from which the hacked data originated was used to gather customer input. 

The PDPC has directed Bangchak to conduct an extensive internal investigation and submit a comprehensive report outlining the nature of the exposed data, the impact on consumers, the root cause of the breach, and a risk assessment. The agency is also investigating whether there was a violation of Thailand's Personal Data Protection Act (PDPA), which might result in legal action if noncompliance is discovered.

In response to the breach, Bangchak delivered SMS alerts to affected customers. The company declared that no sensitive personal or financial information was compromised. However, it advised users not to click on strange links or share their OTP (One-Time Password) tokens with others, which is a typical practice in phishing and fraud schemes. The PDPC stressed the necessity of following data protection rules and taking proactive measures to avoid similar incidents in the future. 

Prevention tips

Set security guidelines: Security protocols must include the cybersecurity policies and processes necessary to safeguard sensitive company data. One of the most effective strategies to prevent data theft is to establish processes that ensure unauthorised persons do not have access to data. Only authorised personnel should be able to view sensitive information. Businesses should have a thorough grasp of the data that could be compromised in order to minimise the risk of a cybersecurity attack.

Implement password protection: One of the most effective things a small business can do to protect itself from a data breach is to use strong passwords for all sites visited on a daily basis. Strong passwords should be unique for each account and include a mix of letters, numbers, and symbols. Furthermore, passwords should never be shared with coworkers or written down where others can see them.

Update security software: Employing firewalls, anti-virus software, and anti-spyware applications can help businesses make sure that hackers can't just access confidential information. To maintain these security programs free of vulnerabilities, they also need to be updated on a regular basis. To find out about impending security patches and other updates, visit the websites of any software suppliers.
Read more »
User Privacy
Apollo Hospitals Data Breach Data Leak Medical Data User Privacy

Researchers Unearth a Massive Data Leak Within Apollo Hospitals

 

For security analysts Akshay and Viral, a casual check of a healthcare system's security quickly turned into a huge finding. The duo discovered a major data leak at Apollo Hospitals, one of India's leading hospital networks. 

The breach first came to their attention on January 9, when they discovered a zip file on one of Apollo's subsidiary websites. Recognising the sensitivity, they notified Apollo's management within a few hours on January 10.

The file was erased by February 1, but they raised the issue with the Indian Computer Emergency Response Team (CERT-In) and the National Critical Information Infrastructure Protection Centre (NCIIPC), urging further investigation. 

In March, they uncovered another zip file, which was smaller in size but still included sensitive material, raising new concerns about ongoing security threats. It remains unknown whether Apollo or an intruder is adding and deleting files from the server. 

The leaked data include scanned copies of critical personal documents such as work identification cards, PAN cards, Aadhaar cards, passports, and student IDs. This type of data can be used to commit identity theft, fraud, or illegal access to services. 

Additionally, the breach exposed patient medical records, immunisation information, and credentials associated with patient IDs and many internal databases. This means that an attacker could misuse or publicly disclose confidential health information, such as diagnosis, prescriptions, and treatments.

Who is behind the leak?

The experts suspect the attack was carried out by the KillSec ransomware organisation, a well-known cybercriminal outfit that has attacked a variety of sectors, including healthcare.

Using Halcyon, a cybersecurity platform that tracks ransomware gangs and its actions, they learnt that KillSec targeted Apollo Hospitals in October 2024. The compromised data they discovered also dated back to that time period, establishing the connection.

KillSec is notorious for stealing sensitive data and threatening to publish or sell it unless a ransom is paid. Unlike some ransomware gangs who encrypt data to demand payment, KillSec frequently uses double extortion—stealing data before spreading ransomware, giving them leverage even if the victim refuses to pay. 

No action taken 

The researchers highlighted that well over 60 days had passed since their initial attempt to notify Apollo, far exceeding the industry threshold for responsible disclosure. While non-critical security issues are routinely addressed within this timeframe, breaches of this magnitude are usually resolved within hours by firms of comparable size. 

Organisations must report particular types of cyber incidents to CERT-In within six hours of detection. They must submit accurate data, such as the nature of the breach, the systems involved, and any preliminary results.
Read more »
Zero-day Flaw
Data Breach Data Leak Oracle User Privacy Zero-day Flaw

Oracle Finally Acknowledges Cloud Hack

 

Oracle is reportedly trying to downplay the impact of the attack while quietly acknowledging to clients that some of its cloud services have been compromised. 

A hacker dubbed online as 'rose87168' recently offered to sell millions of lines of data reportedly associated with over 140,000 Oracle Cloud tenants, including encrypted credentials. The hacker initially intended to extort a $20 million ransom from Oracle, but eventually offered to sell the data to anyone or swap it for zero-day vulnerabilities.

The malicious actor has been sharing a variety of materials to support their claims, such as a sample of 10,000 customer data records, a link to a file demonstrating access to Oracle cloud systems, user credentials, and a long video that seems to have been recorded during an internal Oracle meeting.

However, Oracle categorically denied an Oracle Cloud hack after the hacker's claims surfaced, stating, "There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data.”

However, multiple independent reports suggest Oracle privately notified concerned customers and confirmed a data incident. On the other hand, specifics remain unclear, and there appears to be some conflicting information. 

Bloomberg has learned from people familiar with the matter that Oracle has started privately informing users of a data leak involving usernames, passkeys and encrypted passwords. The FBI and CrowdStrike are reportedly investigating the incident.

Security firm CyberAngel learned from an unknown source that ‘Gen 1’ cloud servers were attacked — newer ‘Gen 2’ servers were not — that the exposed material is at least 16 months old and does not include full private details. 

“Our source, who we are not naming as requested, is reporting that Oracle has allegedly determined an attacker who was in the shared identity service as early as January 2025,” Cyber Angel said. “This exposure was facilitated via a 2020 Java exploit and the hacker was able to install a webshell along with malware. The malware specifically targeted the Oracle IDM database and was able to exfil data.” 

“Oracle allegedly became aware of a potential breach in late February and investigated this issue internally,” it added. “Within days, Oracle reportedly was able to remove the actor when the first demand for ransom was made in early March.” 

Following the story, cybersecurity expert Kevin Beaumont discovered from Oracle cloud users that the tech firm has simply verbally notified them; no written notifications have been sent. According to Beaumont, "Gen 1" servers might be a reference to Oracle Classic, the moniker for earlier Oracle Cloud services. Oracle is able to deny that Oracle Cloud was compromised thanks to this "wordplay," as Beaumont refers to it.
Read more »
Subscribe to: Posts (Atom)