Search This Blog

Showing posts with label User Safety. Show all posts

Cloud Email Services Strengthen Encryption to Ward Off Hackers

 

The use of end-to-end encryption for email and other cloud services is expanding. This comes as no surprise given that email is one of the top two cyberattack vectors. 

Mail servers made up 28% of all affected hardware, according to Verizon's annual 2022 Data Breach Investigations Report, and 35% of ransomware activities involved email. In its 2022 report, the EU Agency for Cybersecurity noted that ransomware is responsible for 10 terabytes of data theft each month, with 60% of businesses likely having paid a ransom. An updated Gartner study from 2021 found that 40% of ransomware attacks begin with email.

To address these issues, Google, Microsoft, and Proton, whose Proton Mail service was a pioneer in secure email, expanded their end-to-end encryption offerings. 

Google revealed a beta of client-side encryption services for Gmail on the web in a blog post last month. Up until January 20, 2023, customers of Google Workspace Enterprise Plus, Education Plus, and Education Standard may apply for the beta.

The tech giant stated that client-side encryption "helps strengthen the confidentiality of your data while helping to address a broad range of data sovereignty and compliance needs," noting that it encrypts all data at rest and in transit in Google Workspace between its facilities. 

Moreover, it claims that Google Drive, Google Docs, Sheets, Slides, Google Meet, and Google Calendar already support client-side encryption. Users simply need to click the lock icon and choose the option for additional encryption, according to Google, in order to add client-side encryption to any message. Writing and including attachments work as expected.

Microsoft, which last updated its message encryption in 2019, declared in April of last year that updates to Windows 11 would include security patches to address phishing and malware threats. 

If so, Microsoft will probably also include end-to-end encryption since Office 365 Message Encryption currently uses Transport Layer Security encryption. Despite the fact that this service, according to the provider, enables users to encrypt and rights-protect messages intended for internal and external recipients using Office 365, non-Office 365 email applications, and web-based email services like Gmail.com and Outlook.com, it does not shield users from phishing or malware attacks as well as E2EE. 

Google's announcement came after that of Proton, a platform for encrypted cloud storage that was introduced in 2013 by CEO Andy Yen in Geneva, Switzerland. With a focus on mobile devices, the company increased its encryption offerings last fall. These new additions included secure cloud storage and a secure calendar feature, both of which have apps for iOS and Android devices. 

Users can safely upload, save, and share files to and from their phone using Proton Drive, a free encrypted cloud service that was made available in late September and made its iOS and Android debuts in December. 

The three main functions of Proton Drive are as follows:

  • Any uploaded file on the user's device is encrypted before it is stored on Proton servers. 
  • Metadata such as file and folder names, file extensions, file sizes, and thumbnails are encrypted. 
  • File expiration and viewing passwords are included, allowing for secure sharing with non-Proton users.

Proton said that since the beta launch of Proton Drive last September, with over 500,000 users participating, it has seen an average of one million files uploaded per day, roughly half of which are photos.

Additionally, it offers two paid levels of service for its encrypted drive, Drive Plus with 200GB storage for $4.99/month or $47.88/year and Proton Unlimited with 500GB for $11.99/month or $119.88/year, all of which are available to individual users.

Twitter Data Breach: Hacker Posted List of Hacked Data of 400M Users

 

One of the biggest Twitter data breaches has resulted in the selling of 400 million Twitter users' personal information on the dark web. The news was released just one day after the Irish Data Protection Commission (DPC) said that it was looking into a prior Twitter data leak that affected more than 5.4 million users, according to CyberExpress. 

In late November, the previous breach was discovered. The hacker released a sample of the data on one of the hacker sites as evidence that the data is real. Email, username, follower count, creation date, and, in some situations, the users' phone numbers are all included in the sample data.

What's shocking is that the hacker's sample data includes information from some pretty well-known user accounts. The user data in the sample data includes the following:

  • Alexandria Ocasio-Cortez
  • SpaceX
  • CBS Media
  • Donald Trump Jr.
  • Doja Cat
  • Charlie Puth
  • Sundar Pichai
  • Salman Khan
  • NASA's JWST account
  • NBA
  • Ministry of Information and Broadcasting, India
  • Shawn Mendes
  • Social Media of WHO

The sample data includes the data of many more well-known users. The majority of them will point to the social media staff, but if the data leak is real, it will be disastrous. While other threat actors have not verified the data yet, Alon Gal in his LinkedIn post states that "The data is increasingly more likely to be valid and was probably obtained from an API vulnerability enabling the threat actor to query any email / phone and retrieve a Twitter profile, this is extremely similar to the Facebook 533m database that I originally reported about in 2021 and resulted in a $275,000,000 fine to Meta."

Meanwhile, In his post, the hacker writes, "Twitter or Elon Musk if you are reading this you are already risking a GDPR fine over 5.4m breach imagine the fine of 400m users breach source. Your best option to avoid paying $276 million USD in GDPR breach fines like Facebook did (due to 533m users being scraped) is to buy this data exclusively."

The hacker states he is open to the 'Deal' going through a middle man and further stated, "After that I will delete this thread and will not sell this data again. And data will not be sold to anyone else which will prevent a lot of celebrities and politicians from Phishing, Crypto scams, Sim swapping, Doxxing and other things that will make your users Lose trust in you as a company and thus stunt the current growth and hype that you are having also just imagine famous content creators and influencers getting hacked on twitter that will for sure Make them ghost the platform and ruin your dream of twitter video sharing platform for content creators, also since you Made the mistake of changing twitter policy that got an immense backlash."

LastPass: Hackers Stole Customers’ Password Vaults, Breach Worse Than Initially Thought

 

This past August witnessed a breach at LastPass, one of the most well-known password manager services available. The harm caused by the unidentified hackers is significantly worse than was initially believed, according to the company. Passwords should be changed immediately by users. LastPass stated that "only" the company's source code and confidential information were compromised in the initial report on the data breach event that was detected in August. 

Passwords and user information remained clean and secure. The hostile actors were able to access some users' data as well, according to a subsequent security notification on the same issue. The hat in black According to LastPass, hackers were able to access the cloud storage and decrypt the dual storage container keys. 

By copying a backup that contained "basic customer account data and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service," they were able to further undermine the platform's security.

The encrypted storage container, which holds customer vault data in a proprietary binary format, also allowed the cybercriminals to replicate a backup of that data. The container contains both encrypted and unencrypted information, including sensitive areas like online usernames and passwords, secure notes, and data entered into forms.

According to LastPass, hackers were able to access the cloud storage and decrypt the dual storage container keys. By copying a backup that contained "basic customer account data and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service," they were able to further undermine the platform's security.

The encrypted storage container, which holds customer vault data in a proprietary binary format, also allowed the cybercriminals to replicate a backup of that data. The container contains both encrypted and unencrypted information, including sensitive areas like online usernames and passwords, secure notes, and data entered into forms.

Since they were created using a 256-bit AES-based encryption algorithm and "can only be decrypted with a unique encryption key derived from each user's master password using our Zero Knowledge architecture," the encrypted fields "remain secure," according to LastPass, even when in the hands of cybercriminals. Zero Knowledge signifies that LastPass is unaware of the master password required to unlock the data, and that the decryption process itself is always carried out locally, never online.

LastPass partially stores credit card information in a different cloud environment. Furthermore, there are currently no signs that such data has been accessed. All things considered, LastPass is attempting to convey the idea that users' encrypted data should still be protected in spite of the extensive breach of the company's technology.

However, that doesn't mean there aren't any risks or dangers associated with the breach. Despite the fact that the firm routinely tests "the newest password cracking tools against our algorithms to maintain pace with and improve upon our cryptographic controls," LastPass claims that a determined hostile actor might attempt to brute-force the encrypted passwords.

Additional dangers could be associated with phishing or brute-force attacks against online accounts linked to users' LastPass vaults. LastPass stated that they would never contact a user by phone, email, or text and ask them to click on a link to confirm their personal information. They also won't inquire for a vault's master password. Users of the online password manager are urged to update both their master password and every password kept in the vault as a last line of defense.

Fake Festive Scams Set to Surge as AFP Alerts of Fake Delivery Texts

 

The Australian Federal Police is gearing up for an uptick in the number of Australians falling victim to fake delivery scams as criminal syndicates take advantage of the Christmas shopping season. Scammers use legitimate-looking text messages to deceive people into providing personal information, which is then sold on the dark web for a profit or used to defraud victims out of thousands of dollars. 

The messages purport to be a delivery status update and encourage the recipient to click on a link to track, redirect, or collect a parcel. They may occasionally request that the recipient confirm a postal address. Scammers frequently use a technique known as "spoofing," which involves using software technology to disguise a phone number and make it appear to be from a legitimate source to impersonate businesses and popular delivery services, including Australia Post, DHL and Amazon.

When the recipient clicks on the link, they are taken to a bogus company website where they are asked to enter their personal information in order to complete the delivery. The scams are engineered to steal personal and financial information from victims and install malware on their devices, enabling criminals to access their usernames and passwords.

According to the Australian Competition and Consumer Commission, Australians will lose more than $2 billion to scams in 2021. This figure is expected to exceed $4 billion by the end of the year.

Phishing is the most common type of scam, with over 57,000 reports of suspicious calls and messages to the commission in the first ten months of this year. Criminals sought to exploit people who were stressed and less attentive in the run-up to the holiday season, according to AFP cybercrime operations commander Chris Goldsmid.

He stated that criminals used the information gained from the scams to extract money from the recipients' bank accounts, apply for loans in their name, or sell their information online to other criminals for profit.

“Scam activity, in particular, is profit-driven,” he said. “Whatever the criminals can do to monetize the information they steal from the public, they’ll do that.”

According to Goldsmid, online cybercrime services that provide "phishing kits" and other spoofing software to would-be scammers have flourished in recent years. The website, which was shut down by UK authorities as part of the "biggest ever fraud operation" in British history, offered software services to scammers for as little as $36.

Before clicking on a link, Goldsmid advised consumers to check the legitimacy of the message and look for red flags such as grammatical errors, requests for personal information, and suspicious URLs. Most delivery companies, including Australia Post and Amazon, do not call or email customers to request personal information, payment, or software installation. Unbranded web addresses and an unusual sense of urgency in messages, according to an Australia Post spokesperson, are also signs of fraudulent texts.

“We’re seeing a greater public awareness of scams and cybersecurity, however, we encourage customers to be aware of how to spot a scam,” she said.

Amazon stated that it had spent more than $900 million globally to hire an additional 12,000 workers to combat cybercrime and online fraud and that it had "zero tolerance for fraud."

 “Amazon impersonation scams put our customers at risk, and while these happen outside our stores, we will continue to invest in protecting them,” the statement read.

A DHL representative advised customers to always use the official DHL website and to avoid disclosing personal information. Those who believe they have been a victim of cybercrime should contact their bank and file a report with the Australian Cyber Security Centre online. If the scam involves Australia Post branding, please report it to scams@auspost.com.au.

This TikTok Thirst Trap Dupes Users Into Downloading Malware

 

In a new malware attack, digital thieves are exploiting horny TikTok viewers' desire for nude images. The attack, revealed by Checkmarx researchers, entices users by offering to remove a filter used by TikTokers participating in the "Invisible Challenge." 

Users who participate in the challenge upload nude or mostly nude images of themselves to TikTok and then use an invisibility filter to remove their bodies from the video, leaving only a ghostly blurry image in their wake. Preying on viewers' curiosity, the attackers offer "unfilter" software that claims to be able to remove the filter. In reality, that "unfilter" download contains malware skilled of stealing passwords, credit card information, and other private details.

The Checkmarx report cites attackers who posted their own TikTok videos promoting software that they claim can discard the invisible filter. These videos contained links to a Discord server where users could download the files. That server, dubbed "Space Unfilter," contains nude images uploaded by the attackers as proof that the unfilter tools work.

Users who download the software expecting to see boobs inadvertently install "WASP Stealer" malware hidden in a Python package. That malware is said to be capable of stealing a wide range of personal information, from credit card numbers and cryptocurrency wallets to Discord account information. Checkmarx estimates that over 30,000 people joined the Discord server before it was shut down.

“The high number of users tempted to join this Discord server and potentially install this malware is concerning,” Checkmarx Software Engineer Guy Nachshon said in a blog post. “These attacks demonstrate again that cyber attackers have started to focus their attention on the open-source package ecosystem; We believe this trend will only accelerate in 2023.”

The Invisible Challenge, which depends on a filter that acts as a type of green screen by matching a user's skin tone to their background, has been around for a while but has recently gained traction. The #invisiblefilter tag had over 27 million views at the time of writing. With all of the attention, the challenge becomes a breeding ground for attackers looking to catch pervy users with their pants down.

“By offering a potential tool that could ‘unfilter’ the effect, threat actors prey on people’s curiosity, fear, and even their malicious side to download it,” Cybersmart CEO and co-founder Jamie Akhtar​​ said in an interview with Forbes. “Of course, by then, they’ll learn the attackers’ claims are false and malware is installed.”

Recent Updates in Microsoft Teams Includes Decreased Latency

At its Ignite 2022 conference, Microsoft released a number of new Teams chat and meeting capabilities. The major news is that Microsoft intends to revamp Microsoft Teams to enhance the current channel experience.

When dealing with the Teams desktop client in some crucial situations, Microsoft has considerably decreased latency for Windows and Mac users.

The software is now more than 30% faster when navigating between chat and channel threads, according to Jeff Chen, a Microsoft Principal Group Program Manager for Microsoft Teams.

Chen claimed that the updated Teams framework, which now renders the HTML tree more quickly, runs JavaScript more effectively, and serializes arrays with greater efficiency, is the cause of these significant speed increases.

Microsoft also made improvements to messaging latency and page load speeds in June, including 63% faster message-composing box loads and an 11% improvement in scrolling across chat and channel lists.

In February, the business announced that Teams dramatically reduces the amount of power needed for meetings, utilizing up to 50% less power for energy-intensive scenarios in video meetings with more than 10 participants.

New Updates on Teams

Assign seats in Together mode

During virtual meetings, the Together mode enhances the sense that everyone is present in the same space. Meeting planners and presenters can now assign seats to attendees in Together mode thanks to the most recent innovation.

Shared content will open in a separate window

Users will soon have the option to pop out shared meeting content in a separate window, making it easier to see both shared content and meeting participants.

Live captioning in Teams Premium

With live translated captions for Microsoft Teams, meeting attendees may read captions in their native tongue thanks to AI-powered, real-time translations from 40 spoken languages.

Comprehensive call history

Having access to call recordings and transcriptions from call details along with this comprehensive call history provides the background to be productive and effective.

Adobe PDF expertise (collaboration with Microsoft)

To view and edit PDF files in Microsoft Teams, tenant admins can set Adobe Acrobat as the default application in the Teams admin center.

Since June 2020, Redmond has been striving to reduce the number of resources used by Teams, implementing changes gradually. Since the beginning of the COVID-19 epidemic and the shift to remote working, Microsoft Teams has had a significant influx of new members, surpassing 270 million monthly active users in January 2021.








Data of SBI & 17 Other Bank Customers at Risk

 

A new version of the Drinik malware has been discovered, putting the data of 18 bank customers at risk. According to Cyble analysts (via Bleeping Computers), the malware has evolved into an Android trojan capable of stealing sensitive personal information and banking credentials. 

Drinik is a banking malware that has been plaguing the industry since 2016. It used to be an SMS stealer, but it now has banking trojan features – capable of screen recording, keylogging, abusing Accessibility services, and performing overlay attacks in its new form. According to the report, the most recent version of Drinik malware is in the form of an APK called iAssist.

The India Tax Department's official tax management tool is iAssist. When installed on a device, the APK file will request permission to read, receive, and send SMS messages, as well as read the user's call log. It also requests read and write access to external storage.

Drinik, like other banking trojans, makes use of Accessibility Service. After launching, the malware requests permissions from the victim, followed by a request to enable Accessibility Service. It then disables Google Play Protect and begins performing auto-gestures and key presses.

Instead of displaying fake phishing pages, it then loads the genuine Indian income tax website. The malware will display an authentication screen for biometric verification before showing the victim the login page. When the victim enters a PIN, the malware records the screen using MediaProjection and captures keystrokes to steal the biometric PIN. The stolen information is then sent to the C&C server.

Concerningly, in the most recent version of Drinik, the TA only targets victims with legitimate income tax site accounts. When the victim successfully logs into the account, a fake dialogue box appears on the screen with the following message: "Our database indicates that you are eligible for an instant tax refund of ₹57,100 – from your previous tax miscalculations till date. Click Apply to apply for instant refund and receive your refund in your registered bank account in minutes."

When the user clicks the Apply button, he is redirected to a phishing website. The malware now requests personal information such as full name, Aadhar number, PAN number, and other details, as well as financial information such as account number and credit card number.

Drinik trojan malware searches the Accessibility Service for events related to the targeted banking apps, such as their apps, to target banks. Drinik takes advantage of the "CallScreeningService" to disable incoming calls in order to disrupt the login and steal data. According to the report, the malware targets 18 customers, including SBI.

Vinomofo: Online Wine Retailer Faces Major Data Breach, Compromises Customers' Personal Data

 

Online wine-selling company Vinomofo has recently experienced a major data breach. The data breach that affected more than 600,000 of its customers worldwide, could potentially be a threat to customers' personal data, compromising their information including name, gender, date of birth, email address, and phone numbers. 
 
As per the initial investigation of the security incident, the customer’s personal data that was accessed by an “unauthorised third party” was stolen via a testing platform. The testing platform was not linked to Vinomofo’s live website, the company stated.  
 
“Vinomofo experienced a cybersecurity incident where an unauthorised third party unlawfully accessed our database on a testing platform that is not linked to our live Vinomofo website,” the chief executive, Paul Edginton, stated in the emails directed to the customers. 
 
Vinomofo later confirms that the risk to its customers was “low” since other customer information such as passports, financial information, credit card details, and driver’s licenses were not accessed. 
 
“Vinomofo does not hold identity or financial data such as passports, driver’s licences or credit cards/bank details. While no passwords, identity documents or financial information were accessed, the database includes other information about customers and members.” Edington added. 
 
Reportedly, the company detected signs of the breach on September 27, and upon learning of the signs, the company collaborated with a cybersecurity firm as a preventive measure and alerted the government.  
 
However, the notifications were sent out to the customers only after the investigation “established unlawful access of a Vinomofo database did occur”, says the company spokesperson. 
 
On being asked by an anonymous customer about when the breach occurred and exactly which data has been stolen, the company’s spokesperson said no further information would be released.  
 
“In the interests of the privacy of our customers and partners, and to reduce the risk of attempts by scammers to target them, we are not publicly releasing any further details about the incident,” he further added. 
 
Vinomofo has reportedly informed the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commission (OAIC) about the incident.  
 
It added that it is currently collaborating with cyber security experts like IDCARE to look into the issue and reinforce its security system. 
 
Vinomofo has now been contacting customers via emails after the data breach was confirmed, in order to alert them of the increased scam activities. 

The emails provide customers with information explaining how to avoid potential scams and data breach that targets victims via fake emails and text messages. As an additional precautionary measure, the company has also recommended users change their Vinomofo account passwords regardless of whether they have been a part of the breach.

Retail Giant Woolworths Discloses Data Breach Impacting Million MyDeal Customers

 

Woolworths, Australia's largest retailer, revealed on Friday that a recent data breach affected the personal information of 2.2 million MyDeal customers. 

Woolworths purchased 80% of the MyDeal online marketplace in September, but the company claims MyDeal systems are completely separate from its own, and that the incident had no impact on them. A threat actor used a compromised user's credentials to gain access to the MyDeal customer relationship management (CRM) system, according to the company. 

This allowed the attacker to access MyDeal customer data such as name, email address, phone number, delivery address, and, in some cases, date of birth. Woolworths stated that only 1.2 million of the impacted customers' email addresses were compromised.

“MyDeal does not store payment, drivers licence or passport details and no customer account passwords or payment details have been compromised in this breach. The customer data was accessed within the MyDeal CRM system and the Mydeal.com.au website and app have not been impacted,” the company explained.

Customers who have been affected are being notified via email. The authorities have also been notified.

The breach comes just a few weeks after Optus, an Australian telecommunications company, disclosed a cybersecurity incident affecting nearly 10 million people, including 2.1 million who had their identification numbers compromised.

Telstra Struck by Data Breach Exposing 30,000 Employees' Data

 

Telstra, Australia's largest telecommunications company, revealed a data breach via a third-party supplier. The company stated that its systems were not compromised; rather, the security breach affected a third-party supplier who previously provided a now-defunct Telstra employee rewards programme. 

The data breach affected a third-party platform called Work Life NAB, which is no longer available, and was provided to several other organisations by Pegasus Group Australia (a subsidiary of MyRewards International Ltd.). Pegasus Group Australia, a subsidiary of MyRewards International Ltd, ran it. 

The third-party platform did not store any customer account information, according to Narelle Devine, the company's chief information security officer for the Asia Pacific region. Other companies appear to have been affected by the security breach. Data from 2017 was leaked online, and it included names (first and last) and email addresses used to sign up for the employee rewards programme.

“Information obtained as a result of a data breach at a third-party supplier was posted on the internet. The supplier previously provided a now-obsolete Telstra employee rewards program.” reads the statement published by the company. “Critically, there was no breach of any Telstra systems, and no customer account information was stored on the third-party platform.”

According to Reuters, people who obtained access to internal Telstra staff email, 30,000 current and former employees have been affected. The company is still investigating the incident and assisting the third party in determining how and to what extent the security breach occurred.

Optus, Australia's second-largest company, recently confirmed that a security breach impacted nearly 2.1 million of its current and former customers.

Telecom Giant Optus Suffers Data Breach, Leaking Info of Million Customers


Millions of customers suffer a data leak

Optus, an Australian telecom giant earlier this week confirmed that around 2.1 million of its present and past customers suffered data leaks that included their personal details,  at least one type of identification number, as a consequence of a data breach that happened late in September. 

Others believe that the Optus data breach incident has exposed the personal information of around 10 million people. Cybercrime in Australia has always been a pressing issue, it costs the country a minimum of $10 Million per year, and the figures can only go up. 

Due to exposing to hyper-personal information like DoB, driving license, passport, residential address, etc. Threat actors will misuse your information for applying for credit on your behalf without you knowing about it. 

What do criminals do with stolen data?

If cybercriminals find some agency willing to give credit, they'll immediately spend it, resulting in load default, it will put a black mark against your name, and you won't even know about it until you need the credit for yourself the next time. 

Optus said that it has contacted Deloitte for assistance, and will do an external forensic inquiry of the breach to know how the incident happened and how Optus can take preventive measures to stop it from happening again. 

Singtel, a telecommunication conglomerate in Singapore is the parent company of Optus, it also shares a few stakes in Bharti Airtel, the second largest telecommunication carrier in India. Singtel on its website said:

"Approximately 1.2 million customers have had at least one number from a current and valid form of identification, and personal information, compromised."

What kind of information was leaked?

Singtel also said that the leak has impacted expired IDs and personal info of around 900,000 additional customers, stressing that leaked data doesn't include valid or current document ID numbers for around 7.7 million customers. Customers are advised to stay vigilant about possible smishing and phishing attacks. 

In the Optus incident involving the customers that are most affected, state law enforcement agencies and Australian police are working together on "Operation Guardian" to help with securing the identity of the impacted customers. 

The next step for Optus

Optus has informed the affected customers that their personal information has been compromised in the breach, also including Medicare IDs. Optus on 28 September disclosed- out of 9.8 million customer records leaked, the leak involved around 14,900 working Medicare IDs and 22,000 expired Medicare card numbers.

The data leak incident surfaced on September 22, involving a threat actor getting unauthorized access to customer details. The criminals used the alias "optusdata," and they leaked a small sample of the stolen data of 10,200 users, demanding Optus to pay a ransom of $1 million to stop more leaks. 

It raises a question for you: why can't I control my own identity? The answer, is you can, by limiting how and where you share your information. 

However, the Optus data leak has made us all doubt if we can trust any organization?  












Shangri-La Reports Major Data Breach at Eight Hotels, Guests Data Leaked

 

A database breach at Shangri-La Group has potentially exposed the personal information of guests who stayed at its hotels in Singapore, Hong Kong, Chiang Mai, Taipei, and Tokyo. 

Mr. Brian Yu, the group's senior vice-president for operations and process transformation, stated in an e-mail to affected guests on Friday: "A sophisticated threat actor managed to bypass Shangri-IT La's security monitoring systems undetected and illegally accessed the guest databases." The breach occurred between May and July 2022, according to its investigation. 

Around the same time, Asia's top security summit, the Shangri-La Dialogue, returned to Singapore after a two-year hiatus due to the pandemic. From June 10 to 12, the event was held at the eponymous Shangri-La hotel on Orange Grove Road near Orchard Road. In the e-mail sent to the affected guests, Mr. Yu confirmed that certain data files had been stolen from the breached databases.

"Although we were not able to confirm the content of the exfiltrated data files, it is likely that they contained guest data," he added.

Upon being asked whether the Shangri-La Dialogue was specifically targeted, a hotel spokesman said, “There is no evidence to suggest any specific hotel or event was singled out. As a matter of policy, we do not disclose information about our guests.” 

"Data related to the Shangri-La Dialogue was stored on a separate secure server and was not affected in this incident," stated a spokesman for the event's organiser, the International Institute for Strategic Studies (IISS).

The Singapore Cyber Security Agency mentioned that it is aware of the incident and urged organisations to monitor and check their IT networks for signs of suspicious activity regularly. The  properties affected are listed below:

• Shangri-La Apartments, Singapore
• Shangri-La Singapore
• Island Shangri-La, Hong Kong
• Kerry Hotel, Hong Kong
• Kowloon Shangri-La, Hong Kong
• Shangri-La Chiang Mai
• Shangri-La Far Eastern, Taipei
• Shangri-La Tokyo

Following the discovery of unauthorised network activity, the hotel group said it hired cyber forensic experts to investigate the discrepancies. The databases of the hotels affected by this incident contained a combination of the following data sets: guest names, e-mail addresses, phone numbers, postal addresses, Shangri-La Circle membership numbers, reservation dates, and company names, according to the statement.

The hotel chain assured guests that there is currently no evidence that their personal information has been released or misused by third parties. As a precaution, in destinations where local regulations allow, it is providing affected guests with a one-year complimentary identity monitoring service provided by Experian, a third-party cyber security service provider.

"We deeply regret this has occurred and wish to assure you that all necessary steps have been taken to investigate and contain this incident. This notice provides information about what happened and how we can assist you," wrote Mr. Yu in the e-mail.

He ensured guests that data such as passport numbers, ID numbers, dates of birth, and credit card numbers with expiry dates are encrypted. "Protecting our guests' information is very important to us and we wish to assure you that all necessary steps have been taken to further strengthen the security of our networks, systems, and databases. Once again, we deeply regret any inconvenience or concerns this incident may cause."

Evil Colon Attacks: A Quick Guide

 

The high-tech era has made the emergence of new cyber attacks more common than social media trends. One such case of a rapidly evolving threat is the Evil-Colon attack, which shares similarities with Poison-NULL-byte attacks. Despite the fact that poison-NULL-Byte attacks are now non-functioning, it has been suggested that they could have led to new versions of hacking and malware on your systems in case of inappropriate handling. 

In one of his articles, Leon Juranic, a security researcher at Mend, detailed his encounter with the Evil-colon attack. He mentioned that during auditing a source code he discovered a case where an Evil-Colon could be used to evade the path sanitization process. By using novel strategies, the threat actors were able to exploit the vulnerabilities in applications running on Windows operating systems. The analysis concluded that as Evil-Colon is a specific issue in windows-based services, it is more likely to affect any Windows servers. 

When applications or servers use path-based operations, such as using user input when forming the file path, the information stored in that file can be modified by external code flows, which can cause severe security issues like arbitrary data injection, etc. Leon illustrated the working of Evil-Colon with the example of the Java application WriterFile.jsp source code. 

He stated that the working of Evil-Colon includes creating a file in the directory whereas, with sanitization, the new files will append .txt. After passing a colon character at the end of the user’s input, the file gets created as an Altered Data Stream with an arbitrary file extension. 

Later the file is again created in the directory, but as a colon character was added at the end of the filename and it stripped off the rest of the filename string into Alternate Data Stream, the file is recreated with the .jsp extension. 

He furthermore described how the possibility of altering the files that are created earlier in the applicating workflow can lead to serious security threats. When malicious actors can edit the existing files later in code, it will also allow them to modify the .jsp file content into anything they want. On further searching of the modified file in-depth, you will find a string named EVIL-CONTENT. 

Leon concluded his example by warning that, in real-world scenarios, JSP webshell scripts can allow threat actors to remotely execute codes on vulnerable servers or applications. 

To protect your files and data from the Evil-Colon attacks, it is important to remove colon characters from any possible path operations. The elimination of colon characters can be done by using filters, string check operations, etc.

Hacker Steals Database of Verizon Employees

 

A hacker stole a database including hundreds of Verizon workers' complete names, email addresses, corporate ID numbers, and phone numbers. By calling phone numbers in the database, Motherboard was able to confirm that at least part of the data is genuine. Four persons confirmed their complete identities and email addresses, as well as their employment at Verizon. It's uncertain whether all of the info is correct or up to date.

Another person validated the information and stated that she used to work for the company. A dozen more numbers received voicemails that included the names in the database, implying that they are also correct. Last week, the hacker contacted Motherboard to provide the information. 

The data was obtained, according to the unidentified hacker, by convincing a Verizon employee to grant them remote access to their company computer. At that time, the hacker claimed to have gotten access to a Verizon internal tool that displays employee data and to have developed a script to query and scrape the database. 

“These employees are idiots and will allow you to connect to their PC under the guise that you are from internal support,” they told Motherboard in an online chat. The hacker stated they reached out to Verizon and shared the email that he sent to the company. 

“Please feel free to respond with an offer not to leak you’re [sic] entire employee database,” the hacker wrote in the email, according to a screenshot of it. The hacker stated they would like Verizon to pay them $250,000 as a reward. A Verizon spokesperson confirmed the hacker has been in contact with the company. 

“A fraudster recently contacted us threatening to release readily available employee directory information in exchange for payment from Verizon. We do not believe the fraudster has any sensitive information and we do not plan to engage with the individual further,” the spokesperson told Motherboard in an email. 

“As always, we take the security of Verizon data very seriously and we have strong measures in place to protect our people and systems.” 

While the stolen information does not include Social Security numbers, passwords, or credit card details, it is nonetheless potentially harmful. It might be beneficial for hackers who wish to target corporate employees—or mimic one while speaking with another—in order to get access to internal tools. An attack of this type would offer hackers the opportunity to impersonate Verizon personnel and, if successful, complete access to networks that would allow them to look up individuals' information and transfer their phone numbers, a practice known as SIM swapping. 

For years, hackers have gained access to victims' phone numbers, allowing them to change the target's email password, for example. As a result, the hackers get access to the victim's bank or cryptocurrency account. Hundreds, if not thousands, of people have been victimised by this type of breach in recent years. Several persons have been arrested and indicted in the United States for allegedly participating in these types of cyberattacks.

21M Users' Personal Data Exposed on Telegram

 

A database containing the personal information and login passwords of 21 million individuals was exposed on a Telegram channel on May 7th, 2022, as per Hackread.com. The data of VPN customers was also exposed in the breach, including prominent VPNs like SuperVPN, GeckoVPN, and ChatVPN. 

The database was previously accessible for sale on the Dark Web last year, but it is now available for free on Telegram. The hacked documents contained 10GB of data and exposed 21 million unique records, according to VPNMentor analysts. The following details were included: 
  • Full names
  • Usernames
  • Country names
  • Billing details
  • Email addresses
  • Randomly generated password strings
  • Premium status and validity period
Further investigation revealed that the leaked passwords were all impossible to crack because they were all random, hashed, or salted without collision. Gmail accounts made up the majority of the email addresses (99.5 percent). 

However, vpnMentor researchers believe that the released data is merely a portion of the whole dump. For the time being, it's unknown whether the information was gained from a data breach or a malfunctioning server. In any case, the harm has been done, and users are now vulnerable to scams and prying eyes. The main reason people use VPNs is to maintain their anonymity and privacy. Because VPN customers' data is regarded more valuable, disclosing it has far-reaching effects. 

People whose information was exposed in this incident may be subjected to blackmail, phishing scams, or identity theft. Because of the exposure of personally identifiable information such as country names, billing information, usernames, and so on, they may launch targeted frauds. Threat actors can easily hijack their accounts and exploit their premium status after cracking their credentials. 

If the data falls into the hands of a despotic government that prohibits VPN use, VPN users may be arrested and detained. Users should change their VPN account password and use a mix of upper-lower case letters, symbols, numbers, and other characters for maximum account security.