Search This Blog

Showing posts with label data security. Show all posts

Former Amazon Employee Found Guilty in 2019 Capital One Data Breach

 

Paige Thompson, a 36-year-old former Amazon employee has been found guilty for her role in the theft of private data of no fewer than 100 million people in the 2019 Capital One breach. A Seattle jury convicted her of wire fraud and five counts of unauthorized access to a protected computer. 

Thompson, who operated under the online name "erratic" and worked for the tech giant till 2016, is scheduled for sentencing on September 15, 2022. Cumulatively, the offenses are punishable by up to 25 years in prison. 

"Ms. Thompson used her hacking skills to steal the personal information of more than 100 million people, and hijacked computer servers to mine cryptocurrency," stated U.S. Attorney Nick Brown. "Far from being an ethical hacker trying to help companies with their computer security, she exploited mistakes to steal valuable data and sought to enrich herself." 

The data breach, which came to light in July 2019, involved Thompson infiltrating into Amazon's cloud computing systems and stealing the private data of nearly 100 million individuals in the U.S. and six million in Canada. That included names, dates of birth, Social Security numbers, email addresses and phone numbers, and other critical financial data, such as credit scores, limits and balances. 

According to the Department of Justice, Thompson employed a custom tool she designed herself to search for misconfigured Amazon Web Services (AWS) accounts. Subsequently, she exfiltrated sensitive data belonging to over 30 entities, counting Capital One, and deployed cryptocurrency mining software onto the bank's servers, and sent the earnings straight to her digital wallet. 

Additionally, the hacker left an online trail for authorities to follow as she boasted about her illegal activities to others via text and online forums, the Justice Department noted. The stolen data was also shared on a publicly accessible GitHub page. 

"She wanted data, she wanted money, and she wanted to brag," Assistant U.S. Attorney Andrew Friedman told the jury in the closing arguments, according to a press statement from the Justice Department. 

In August 2020, the banking giant was fined $80 million by the Office of the Comptroller of the Currency (OCC) for failing to implement proper risk management measures before shifting its IT operations to public cloud-based service. In December 2021, CapitalOne agreed to pay $190 million to settle a class-action lawsuit over the hack.

Elasticsearch Database Mess Up Exposed Login, Leaked Personal Data of 30K Students

 

The cybersecurity investigation team at SafetyDetectives, led by Anurag Sen, discovered a misconfigured Elasticsearch server that exposed Transact Campus app data. According to their findings, the server was internet-connected and did not require a password to access data. As a result, over 1 million records were compromised, disclosing personally identifiable information for roughly 30,000 to 40,000 students. 

Transact Campus is a payment software supplier based in Phoenix, Arizona. The firm provides technology solutions for combining several payment functions into a single mobile platform. Its software solutions are primarily used to expedite payment procedures for universities and students and to facilitate student purchases at higher education establishments. 

According to the report by SafetyDetectives, the 5GB database released by the server contains information about students who had Transact Campus accounts. The majority of those affected are US citizens. The following details of students among the information were exposed: 

It should be noted that the login information, including the username and password, was saved in plain text format. The credit card information, on the other hand, includes the banking identity number, which consists of the first six and final four digits of the credit card number, bank information, and the card's expiration date. Furthermore, the bought meal plans and meal plan balances of the students were included in the hacked data. 

Transact Campus’ Response

SafetyDetectives notified Transact Campus about the exposed database in December 2021, and the corporation responded in January 2022, more than a month later. However, the incident's specifics were only revealed last week. 

During this time, researchers attempted to contact them multiple times and also alerted US-CERT, after which it was secured. Transact Campus stated that the disclosed server was not under their control and that the data was fictitious. The corrupted Elasticsearch database appeared to belong to Transact Campus, a US-based software solution company. 

Transact Campus stated, “Apparently this was set up by a third party for a demo and was never taken down. We did confirm that the dataset was filled with a fake data set and not using any production data.” 

However, according to SafetyDetectives, the server in issue was constantly being updated even when it was found. They examined the data using freely available technologies and discovered that it belonged to genuine persons. 

Researchers were unable to determine whether or not unauthorised third parties or malicious actors gained access to the database before it was secured. If it was accessible, hackers might target students in a variety of attacks, such as frauds, phishing, spam marketing, or even account takeover, because login credentials were saved on the server in an unencrypted form.

ACY Accidentally Exposes User Data On Web

Anurag Sen, a famous cybersecurity expert said that ACY Securities, an Australia-based trading company accidentally posted huge amounts of personal and financial data of unsuspected users and businesses on the web for public access. The incident happened because of misconfigured database that ACY Securities owns. Sadly, the data leak had over 60GB worth of data that was left in the open without any protection. 

It means that anyone with basic knowledge about obtaining unsafe databases from platforms like Shodan can gain full access to ACY's data. The data had logs from February 2020 to this date, getting updated regularly. The exposed data includes- full name, postal code, address, date of birth, email address, gender details, contact number, password, and banking, and financial information. The attack hit businesses in various countries including China, India, Spain, Russia, Brazil, Australia, Romania, Malaysia, the United States, the United Kingdom, Indonesia, and United Arab Emirates. 

The expose is very severe because, at the beginning of this year, Anonymous and affiliated hacker groups totaled 90% (estimated) of Russian cloud databases, leaked to the public. The exposed data in these leaks was without a password or authentication. 

In the ACY Securities incident, if we consider the extent and nature of leaked data, the case could've turned out to have the worst implication. For instance, threat actors could have downloaded tha data and performed phishing scams, identity thefts, marketing campaign scams, and microloans identity scams.

"misconfigured or unsecured databases, as we know it, have become a major privacy threat to companies and unsuspected users. In 2020, researchers identified over 10,000 unsecured databases that exposed more than ten billion (10,463,315,645) records to public access without any security authentication. In 2021, the number increased to 399,200 exposed databases," read a post on HackRead.

Experts Warn Against Ransomware Hitting Government Organizations

Cyble Research Labs noticed an increase in ransomware incidents in the second quarter of 2022, few of these led a deep impact on the victims, like attack against the Costa Rican government which led to the countrywide crisis. 

Experts warn of ransomware operations targeting government organizations, finding 48 government organizations across 21 countries that suffered 13 ransomware attacks this year. Researchers at Cyble say that hacking groups have modified their strategies, going from enterprises to small states threatening to destabilize government operations. 

Small states become easy targets because of the low levels of critical infrastructure security due to low finances to protect them. 

The notorious ransomware group Conti began targeting the Costa Rican government in April 2022. "A similar attack was seen in May 2021, when the gang targeted Ireland’s publicly funded health care system and demanded a ransom of USD20 million. 

The timing could be a pure coincidence; however, Conti was seemingly trying the same tactics with Costa Rica, but this time on a larger scale, shortly after a change in government in the country," reads a Cyble post. 

After the Costa Rica incident, the Conti ransomware gang also attacked Peru. Other incidents of ransomware attacks were reported in Latin America, which includes Brazil and Peru governmental organizations. 

"Cyble Research Labs conducted research over vulnerable instances of the Peruvian government’s cyberinfrastructure and identified 21 instances from 11 ministerial websites with the most exploited CVEs from 2021," says Cyble. Experts also report sales on underground cybercrime platforms of data extraction from the server of government organizations. 

It includes the Federal Court of Malaysia, the Ministry of Energy and Natural Resources, the Department of Management Services under the Malaysian Ministry of Personnel and Organizational Development, the Civil Service Commission of the Republic of Philippines, and the National Bank of Angola. Experts have highlighted the need for smaller states to strengthen their threat-finding capabilities and to implement quick response mechanisms to cyberattacks. 

Cyble says the importance to spend in capacity building to promote skilled manpower, promote awareness among users, and lessen the technology gap to mitigate their risk impact.

North Orange County Community College District Suffered Ransomware Attack

 

According to an official filing by the District, on Monday, January 10, 2022, the North Orange County Community College District (NOCCCD or the District) noticed malicious activity on both of the District’s college servers including Cypress College and Fullerton College. 

In response to the attack, the District launched an investigation with the assistance of outside computer forensic specialists to learn more about the attack and determine if any employee or student data was breached. The notifications in which the attack has been reported on their component campus sites revealed that this was a ransomware incident. 

On March 25, 2022, following the attack, the NOCCCD reportedly notified more than 19,000 people about a data security incident. It has begun sending out data breach notification letters to all employees and students whose information was breached due to the data security incident. The District furthermore said that it will send additional security letters if it notices other parties were impacted by the attack. 

The investigation has confirmed that files containing sensitive credential data of employees and students may have been compromised or removed from the District’s network. A copy of the notice was also posted on Fullerton College for International Students. 

While disclosing what types of data might have been compromised, the notice read, “name, and passport number or other unique identification number issued on a government document (such as Social Security number or driver’s license number); financial account information; and/or medical information.” 

The district said that they are also coordinating with the colleges to review and enhance existing policies related to data protection. Besides, they have successfully implemented multi-factor authentication as well as an advanced threat protection and monitoring tool to better security and safeguard data. Additionally, new and advanced cybersecurity training for employees is being implemented throughout the District.

Personal Data of More than 142 million MGM Hotel Customers Leaked on Telegram

 

On 22 May 2022, cybersecurity researchers from vpnMentor unearthed four archives of files containing 8.7GB of data on Telegram. The data dumped on Telegram contained customer information from before 2017 including names, postal and email addresses, phone numbers, and dates of birth. 

Although there were 142 million records in total, the number of impacted customers is believed to be around 30 million. The data seems to have been stolen from MGM Resorts, an American chain of hotels and an entertainment company whose endpoints were compromised in February 2019. 

The records included government officials, chief executive officers, and others, notable among them, then Twitter Inc. CEO Jack Dorsey and singer Justin Bieber. 

Forward to July 14th, 2020, a hacker going by the online handle of NightLion listed the 142 million MGM hotel guest records stolen from the breach monitoring site DataViper for sale at a price of $2,900 on now seized Rainforums and dark web marketplaces. 

Nearly two years later, the same database comprising 142 million records has been shared on Telegram for the public to download for free. It is worth noting that lately, Telegram groups have become a new home to data leaks. Earlier this month, the private details of 21 million SuperVPN, GeckoVPN, and ChatVPN users were also dumped on several Telegram groups for download.

Repercussions of data leak 

Malicious actors can exploit the data to launch phishing email campaigns and scams. They can trick the victim via email and SMS by using their business or residential addresses to gain trust and even perform identity theft. 

Since the breach is around two years old, people may not be expecting to be targeted, making them more susceptible to attacks. However, through the date of birth details, fraudsters may target unsuspected users. 

"Bad actors could send phishing messages and scams to exposed users via SMS and email, using the victims' full names and home or business addresses to build trust," researchers at vpnMentor noted.

According to the FBI's annual Internet Crime Report, which was published earlier this month, in 2021 51,629 identity-theft complaints were recorded, compared to 43,330 in 2020 — that's a 19 percent increase. These crimes resulted in the loss of more than $278 million to companies and individuals.

PayPal Bug Enables Attackers to Exfiltrate Cash from Users’ Account

 

Malicious actors could exploit a new unpatched security vulnerability in PayPal's money transfer, a security researcher, named h4x0r_dz, claimed. The security flaw enables attackers to trick victims into unintentionally completing transactions directed by the attacker with a single click, also known as Clickjacking. 

Clickjacking, also called UI redressing, refers to a methodology wherein an unsuspecting user is deceived into clicking seemingly harmless webpage elements like buttons with the motive of installing malware, redirecting to malicious websites, or revealing private information. 

This kind of assault leverages an invisible overlay page or HTML element displayed on top of the visible page. Upon clicking on the legitimate page, victims are clicking the element controlled by the attackers that overlay the legitimate content. 

"Thus, the attacker is 'hijacking' clicks meant for [the legitimate] page and routing them to another page, most likely owned by another application, domain, or both," a security researcher explained in a blog post documenting the findings. 

h4x0r_dz reported the bug to the PayPal bug bounty program seven months ago in October 2021, demonstrating that malicious actors can steal users’ money by exploiting Clickjacking. The researcher identified the security flaw on the “www.paypal[.]com/agreements/approve” endpoint, which was designed for the Billing Agreements. 

The endpoint should only receive billingAgreementToken, according to the expert, however, this is not the case. 

"This endpoint is designed for Billing Agreements and it should accept only billingAgreementToken," the researcher stated. "But during my deep testing, I found that we can pass another token type, which leads to stealing money from [a] victim's PayPal account." 

This indicates that an attacker could embed the aforementioned endpoint inside an iframe, causing a victim already logged in to a web browser to switch funds to an attacker-controlled PayPal account merely at the press of a button. Even more alarming is the possibility that the assault may have resulted in disastrous consequences in online portals that link with PayPal for checkouts, enabling the threat actor to steal arbitrary amounts from customers' PayPal accounts.

"There are online services that let you add balance using PayPal to your account," the researcher added. "I can use the same exploit and force the user to add money to my account, or I can exploit this bug and let the victim create/pay Netflix account for me!"

Nearly Half of Security Enterprises Store Passwords in Office Documents

 

A new survey conducted by identity management vendor Hitachi ID discovered that nearly 46% of IT and security enterprises store corporate passwords in office documents like spreadsheets making them vulnerable to a significant cyber threat. Hitachi ID surveyed 100 executives across EMEA and North America to recognize better how secure their password management is. 

It indicates that IT leaders aren’t practicing what they preach because almost all (94%) participants asserted they need password monitoring training, with 63% claiming they do so more than once a year.

“It raises an important question about how effective password management training is when nearly half the organizations are still storing passwords in spreadsheets and other documents, and 8% write them on sticky notes,” stated Nick Brown, CEO at Hitachi ID. Insecure passwords are still a leading cause of cyberattacks, and education alone is clearly not enough. More companies need to follow the lead of the 30% who report that they store passwords in a company-provided password manager.” 

The worrying thing is that many enterprises know their secrets and password management isn’t up to par. Question marks were also raised about the risks posed by departing employees. Only 5% say they were extremely confident that wasn’t possible. If they have to urgently terminate an employee, only 7% of enterprises were confident they can transfer passwords and credentials, terminate access, and maintain business continuity. 

That lack of confidence has real-world implications. Some 29% of respondents say they’ve experienced an incident in the past year where they lost access to product systems after an employee left the organization. Last year, it emerged that a former employee at a credit union destroyed 21GB of corporate data, including 20,000 files and almost 3500 directories in retaliation for being fired. 

According to Ian Reay, VP, Product Management at Hitachi ID, it is estimated that each employee might have as many as 70-100 passwords and “decentralized secrets” that could be exploited by attackers to gain access to and move through an organization. 

“In the midst of the Great Resignation, every organization should be extremely confident that passwords will stay in the company regardless of which employees come and go,” Reay concluded.

Payment Gateway Firm Razorpay Loses ₹7.3 Crore in Cyber Fraud Incident

 

The South East cybercrime police are investigating a fraudulent case where a hacker stole ₹7.3 crores over three months by exploiting the authorization process of Razorpay Software Private Limited, a payment gateway company to authenticate 831 failed transactions. 

The fraud came to light when officials of the payment gateway company Razorpay Software Private Limited conducted an audit of the transactions, and they couldn’t accommodate the receipt of Rs. 7,38,36,192 against 831 transactions. 

Razorpay Software Private Limited was founded by Shashank Kumar and Harshil Mathur in 2015. The company offers online payment services that allow businesses in India to collect payments via credit card, debit card, net banking, and wallets. 

On May 16, Abhishek Abhinav Anand, head of Legal Disputes and Law Enforcement at Razorpay Software Private Limited, lodged a complaint with the South East cybercrime police. The police are currently attempting to track down the hacker on the basis of online transactions.
 
An internal probe has revealed that some person or persons have tampered with and manipulated the authorization and authentication process. As a result, false ‘approvals’ were sent to Razorpay against the 831 failed transactions, resulting in a loss amounting to ₹7,38,36,192. The company provided details of the 831 failed transactions, including date, time, IP address, and other relevant information to the police. 

"Razorpay's payment gateway is at par with the industry standards on data security. During a routine payment process, an unauthorized actor(s) with malicious intent used the browser to tamper with authorization data on a few merchant sites that used an older version of Razorpay's integration, due to gaps in their payment verification process. The company has conducted an audit of the platform to ensure no other systems, no merchant data, and funds, and neither their end-consumers were affected by this incident,” Razorpay’s spokesperson stated. 

According to the ministry of electronics and information technology (Meity), between 2018 and 2021, there was an over a five-fold jump in the number of cybercrime and fraud incidents recorded by the government. 

Basically, the number of incidents surged from 208,456 in 2018 to 1,402,809 in 2021, as per the Data available with the Indian Computer Emergency Response Team (Cert-In). Indian Computer Emergency Response Team is the government agency for computer security.

Facestealer Trojan Identified in More than 200 Apps on Google Play

 

Cybersecurity researchers at TrendMicro have identified more than 200 applications on Google Play distributing spyware called Facestealer used to steal user credentials and other sensitive data, including private keys. The worrying thing is that the number and popularity of these types of applications are increasing day by day, with some even being installed over a hundred thousand times. 

Some malicious applications that users should uninstall immediately include: Daily Fitness OL, Enjoy Photo Editor, Panorama Camera, Photo Gaming Puzzle, Swarm Photo, Business Meta Manager, and Cryptomining Farm Your Own Coin. 

Facestealer, first identified by Doctor Web in July 2021, steals Facebook information from users via malicious apps on Google Play, then uses it to infiltrate Facebook accounts, serving purposes such as scams, fake posts, and advertising bots. Similar to the Joker malware, Facestealer changes its code frequently and has multiple variations. 

"Similar to Joker, another piece of mobile malware, Facestealer changes its code frequently, thus spawning many variants," Cifer Fang, Ford Quin, and Zhengyu Dong researchers at Trend Micro stated in a new report. "Since its discovery, the spyware has continuously beleaguered Google Play." 

Since being denounced until now, the malicious apps have continuously appeared on Google Play under different guises. For example, Daily Fitness OL is ostensibly a fitness app, but its main goal is to steal Facebook data. Once the application is launched, it will send a request to download the encryption configuration. When the user logs into Facebook, the application opens a WebView browser to load the URL from the downloaded profile. 

Subsequently, a piece of JavaScript code is embedded in the web page to get the login data. After the user is successfully logged into the account, the application collects the cookie, then encrypts all the personally identifiable information (PII) and sends it to the remote server. 

In addition, TrendMicro researchers unearthed 40 fake cryptocurrency miner apps that are variants of similar apps that they discovered in August 2021. The apps trick users into subscribing to paid services or clicking on advertisements. 

To mitigate the risks, users should carefully read reviews from people who have downloaded them before. However, this is also not the optimal solution because many applications will hire highly appreciated services, for example, Photo Gaming Puzzle is rated 4.5 stars, and Enjoy Photo Editor is rated 4.1 stars. Enjoy Photo Editor surpassed 100,000 downloads before Google kicked it out of PlayStore.

Nearly 15 Million People Impacted by ElasticSearch Misconfiguration

 

Cybersecurity researchers at Website Planet have unearthed two misconfigured ElasticSearch servers owned by an anonymous organization using open-source data analytics software developed by SnowPlow Analytics, a London-based software vendor. 

The software allows entities to gather and examine information about their websites’ users apparently without their knowledge. It is worth noting that a web analytics tool can collect versatile data metrics. The collected information is then used for designing an extensive, detailed profile for site visitors.

According to researchers, both servers were unencrypted and required no password authorization. The unsecured servers exposed 359,019,902 records, nearly 579.4 GB of data. The exposed servers contained detailed logs of website user traffic — information that belongs to users of various websites collecting data with the open-source technology, including the following. 

• Referrer page 
• Timestamp IP 
• Geolocation data 
• Web page visited 
• User-agent data of website visitors 

The servers contained user information collected over two months in 2021. The first server contained data from September 2021 with 242,728,328 records or 389.7 GB of data gathered between September 2nd, 2021, and October 1st, 2021. 

The second server contained December 2021 data featuring 116,291,574 records or 189.7 GB of data collected between December 1st, 2021, and December 27th, 2021. Nearly 4 to 100 records of users appear on the two servers, and given that there are multiple logs for each user, this exposure might affect at least 15 million people, the researchers added. 

It is worth noting that the compromised data could have been accessed by anyone with eyes, and included geolocation and IP addresses. Additionally, the servers were live and actively updating new information at the time when they were discovered. However, neither ElasticSearch nor SnowPlow Analytics is responsible for this exposure because the company that owns the misconfigured servers is at fault. 

The data leak might have a far-reaching impact because users worldwide are affected by this exposure. However, it is unclear whether the servers were accessed by a third party with malicious intent or not. Fortunately, both exposed servers were secured after Website Planet sent alerts to concerned authorities.

To secure the data, users can employ Virtual Private Network (VPN) which hides the online activity and IP address, making the user anonymous to on-site tracking and cookies. People can also use the Tor browser to access the internet anonymously and maintain their data privacy.

Anonymous Leaks 82 GB Police Data as Protest Against Australian Detention Centre

Earlier this week, the Anonymous collective released 82 GB worth of emails that belonged to the Nauru Police Force. As per Anonymous, the data leak was a protest against the bad treatment of asylum seekers and refugees by Island authorities and the Australian government. 

Nauru is a small island country in Micronesia, Australia, infamous for an offshore refugee detention camp, for which Australia provides assistance. The total number of leaked emails is around 285,635 and open for direct and torrent downloads via the official website of "Enlace Hacktivista," a forum that tries to document hacker history. 

"Nauru agreed to assess people's claims for international protection and host the facilities required to detain them, while Australia committed to bearing the entirety of the cost. Nauru has a population of 10,000 people, with around 107 asylum seekers as of July 2021. 
 
The majority of asylum-seekers and refugees on Nauru are from Iran, while many are stateless, and others come from Afghanistan, Iraq, Myanmar, Pakistan, and Sri Lanka," says Enlace Hacktivista website. Experts couldn't find out the trove of emails, but Anonymous says that leaked data consists of details related to violence that the Nauru Police Force and the government of Australia tried to hide. 

Anonymous' statement asked authorities to start an inquiry into all accusations of abuse in the refugee detention camp and to compensate lifetime reparations to victims of abuse. It has also asked to end the policy of compulsory immigration detention and permanent shutting of immigration detention facilities, which includes the island of Nauru. DDoSecrets has confirmed the leak and said that the massive data leak is also available on DDoSecrets. 

Besides this @YourAnonNews, a media representative tweeted "anonymous hackers release 1/4 million Nauru Island Immigration Detention Center Police emails documenting abuses suffered by asylum seekers and refugees under successive Scott Morrison (Prime Minister of Australia since 24 August 2018) portfolios." As of now, there is no official statement from Nauru Police Force and the Australian government related to the leak.

Anonymous Hacks Russian Energy Companies, Leaking 1Million+ Emails

 

Anonymous claims to have hacked into Russian energy businesses in order to expose emails and continue its cyberwar on Ukraine. On Twitter, the hacker collective claimed to have exposed over 1 million emails from ALET, a Russian customs broker for gasoline and energy firms. 

The tweet stated, "NEW: #Anonymous hacked nearly 1.1 million emails (1.1 TB of data) from ALET, a Russian customs broker for companies in the fuel and energy industries, handling exports and customs declarations for coal, crude oil, liquefied gases and petroleum products."

DDoSecrets, an organisation co-founded by Emma Best and dedicated to comprehensive data transparency in the public interest, disclosed the breach. 

What is ALET? 

ALET is a customs broker based in Russia. It manages exports and customs declarations for petroleum products, coal, liquefied gases, and crude oil for enterprises in the fuel and energy industry. It has worked with 400 businesses and filed 119,000 customs declarations since 2011 with oil products accounting for the majority of its revenues. Gazprom, Gazprom Neft, and Bashneft have all recommended it.

Anonymous has threatened to fight a cyberwar against Putin since the start of the Russia-Ukraine conflict. So far, it has lived up to that promise. Not only has the organisation disclosed Russian information, but it has also infiltrated Russian organisations in order to inform citizens about what is happening outside the nation. 

Anonymous is best known for hacking Russian streaming sites and TV networks in order to show Russian residents what was going on in Ukraine. Last week, the group hacked Enerpred, Russia's largest hydraulic equipment manufacturer dealing in the energy, coal, gas, oil, and construction industries, and stole 645,000 emails (up to 432GB of data).

The company's headquarters are in Irkutsk, Eastern Siberia's capital, and offices in major Russian cities including Moscow and St. Petersburg. DDoSecrets' (Distributed Denial of Secrets) website has the leaked data.

Google's Safety Section Will Show What Android Apps Do With the User Data

Earlier this week, Google rolled out a new Data Safety section for Android apps on Play Store to mention the type of data that is collected and given to third parties. It is the users' right to know why their data is collected and if the developer shares user data with a third party. 

Besides this, users should know how application developers are protecting user data when an app is downloaded. The transparency measure, built in accordance with Apple's Privacy Nutrition Labels, was first announced by Google last year in May 2021. 

The Data safety section will show up against all app listings on the digital storefront, presenting a unified view of what kind of data is getting collected, why it's being collected, and how it'll be used, also mentioning what data is shared with the third parties. Moreover, the labels may also show an app's security practices, for instance, data encryption in transit and if the user can ask for the data to be deleted. 

Additionally, it will validate these practices against security standards like Mobile Application Security Verification Standard (MASVS). The feature will probably be rolled out for all users, app developers can expect a deadline of 20 July 2022 to finalize the work and update the users if there is any change in the apps' functionality or data handling practices. 

Data safety may face similar concerns that Apple did, as the system is built entirely on an honor system, which needs app developers, to be honest, and clear about what they'll do with the data, avoiding listing it as inaccurate labels. 

Since then, Apple said that the company will audit labels for authenticity, and make sure that these labels are dependable and don't give the users fake assurance about security. 

"Google, last year, had said that it intends to institute a mechanism in place that requires developers to furnish accurate information and that it will mandate them to fix misrepresentations should it identify instances of policy violations," reports The Hacker News.

Latest Phishing Campaign Deploys Malware and Steals Critical Information

A phishing campaign on a massive scale is targeting Windows PC and wants to deploy malware that can hack usernames, passwords, contents of the crypto wallets, and credit card credentials. Malware named RedLine Stealer is provided as a malware-as-a-service scheme, giving amateur level cybercriminals the option to steal various kinds of critical personal information, for amounts as much as $150. The malware first surfaced in 2020, but RedLine recently added a few additional features and is widely spread in large-scale spam campaigns in April. 

The phishing email campaign includes a malicious attachment which, if active, starts the process of deploying malware. Hackers target users (mostly) from Europe and North America. The malware uses CVE-2021-26411 exploits discovered in Internet Explorer to send the payload. The vulnerability was revealed last year and patched, to limit the malware's impact on users who are yet to install the security updates. Once executed, RedLine Stealer does starting recon against the target system, looking for information that includes usernames, the type of browser that the user has, and if an antivirus is running in the system. 

After that, it finds information to steal and then extracts passwords, credit card data, and cookies stored in browsers, crypto wallets, VPN login credentials, chat logs, and information from files. Redline can be bought from the dark web, hackers are offered services on different hierarchical levels, this shows how easy it has become to buy malware. Even noob hackers can rent the software for $100 or get a lifetime subscription for $800. 

The malware is very simple, but very effective, as it can steal vast amounts of data, and inexperienced hackers can take advantage of this. ZDNet reports "it's possible to protect against Redline by applying security patches, particularly for Internet Explorer, as that will prevent the exploit kit from taking advantage of the CVE-2021-26411 vulnerability." The users should keep their operating systems updated, anti-virus and apps updated, to prevent known vulnerabilities from getting exploited for distributing malware.

42M+ People's Financial Data Compromised in UK

 

According to a press release from international law firm RPC, a growing number of ransomware attacks has resulted in the disclosure of financial data pertaining to about 42.2 million persons in the United Kingdom. 

“The surprisingly high number of people whose financial data was impacted in the last year shows how cyber-attacks have become endemic,” said RPC partner Richard Breavington. “Hackers are continually refining their methods, employing ever more complex techniques to extort money in whatever way they can. Some businesses, fearing the potential reputational costs, not to mention other consequences, decide that they will take the last-ditch approach of paying the ransom demands. As a result, these attacks have become very lucrative for cybercriminals.” 

Cyberattacks are spreading at an alarming rate, notably in the United Kingdom. In the years 2019-2020, 2.2 million people's data was stolen, compared to 42.2 million in the years 2021-2022, a startling increase of over 1,700% in just three years. One of the possible explanations for this increase in risking residents' sensitive information was pointed to as an increase in data in general. The cybercriminal network will then sell the information in a marketplace and perhaps hold financial institutions for ransom if the data has been corrupted by malware or ransomware. 

Breavington explains in the release that “criminal gangs are doing this because their blackmail threats over encryption alone are becoming less effective as businesses get better at backing up their systems. But hackers have honed their tactics and added this additional form of blackmail.” 

As a result of many firms finding it easier to just pay the ransom to attackers, several hacking groups have increased the number of attacks they carry out in a short period of time. As we saw earlier this month, ransomware and cyber threat groups will occasionally get access to a company's system and examine its inner workings for a period of time before launching an attack. 

“Before carrying out an attack, hackers are increasingly carrying out reconnaissance to scope out protections that are in place, as well as data held by the company,” Breavington said. “Businesses should not be making their jobs easier by signposting this information.” 

Many people are losing faith in firms' ability to keep their financial information secure as the number of hacks rises. As a result, many firms must recognise that it is their job to strengthen security layers, maintain a 24/7 approach to cybersecurity and online threats, and regularly self-audit their processes to ensure that they are doing everything necessary to reclaim that lost confidence.

Dark Data: A Crucial Concern for Security Experts

 

BigID recently released a research paper that examines the current problems that businesses face in safeguarding their most critical information. A number of important findings emerged from the research:
  • Dark data is extremely concerning to 84 per cent of businesses. This is data that businesses aren't aware of, but which accounts for more than half of all data in existence and can be extremely sensitive or vital. 
  • Unstructured data is the most difficult to manage and safeguard for eight out of ten businesses. Unstructured data generally comprises a variety of sensitive information and is challenging to scan and identify due to its inherent complexity. 
  • More than 90% of businesses have trouble implementing security standards involving sensitive or important data. Data policy reach and enforcement are crucial for proper data asset management, remediation, and security. 
Data is an organization's most valuable asset, relying on it every day to make critical strategic and operational choices. Unfortunately, most of this data is highly sensitive or critical, and it can be exposed accidentally or maliciously in some instances. 

Dimitri Sirota, CEO of BigID stated, “Data is the fuel that drives a company forward. However, a lot of this data is personal and as it accumulates, so does cyber risk. You owe it to your customers, partners, and employees to keep this data safe, let alone to keep your business running. This report reinforces the fact that most continue to struggle to confidently protect their most valuable data.” 

Sensitive or essential data is being spread throughout the environment at unprecedented rates, thanks to the rapid rise of public, private, hybrid, and multi-cloud models. As the scope of this type of data grows, so does the risk to the organisation. 

The research looks into the most significant security issues, the core causes of these problems, and practical ways to improve data security so that teams can protect their most valuable data assets.

DHS Investigators: Stopped Cyberattack on Undersea Internet Cable in Hawaii

 

An apparent cyberattack on an unknown telecommunication company's servers related to an underwater cable responsible for internet, cable service, and cell connections in Hawaii and the region was "disrupted" by federal agents in Honolulu last week, the agency told in a statement on Tuesday. 

Hawaii-based agents with Homeland Security Investigations, an arm of the Department of Homeland Security, received a tip from their mainland HSI counterparts that led to the disruption of a major intrusion involving a private company's servers associated with an underwater cable. "An international hacker group" was involved in the attack, according to the probe, and HSI agents and international law enforcement partners in multiple countries were able to make an arrest.

The statement did not specify the sort of cyberattack, the hacking group responsible, other law enforcement agencies involved, or the location of any arrests. According to the statement, no damage or interruption happened, and there is no immediate threat. Investigators discovered that the attackers had gained credentials that permitted access to an unnamed company's systems, according to John Tobon, HSI's special agent in charge in Hawaii, who informed a local news station. 

“It could have been something to just create havoc, in other words, just shut down communications, or it could have been used to target individuals in ransomware-type schemes,” he stated.

According to the National Oceanic and Atmospheric Administration, hundreds of "submarine" internet cables carry up to 95 percent of intercontinental internet data. According to an Atlantic Council report, the cables are owned and operated by a mix of corporate and state-owned enterprises, and they are experiencing increasing threats to their security and resilience. 

Justin Sherman, the report's author, highlights worries about authoritarian governments' intent to restrict internet access by influencing physical infrastructure like submarine lines. The lines are also appealing targets for government or criminal parties attempting to collect sensitive data through covert surveillance. Another issue, according to Sherman, is that more cable operators are employing remote management tools for cable networks. 

He wrote, “Many of these systems have poor security, which exposes cables to new levels of cybersecurity risk. Hackers could break into these internet-connected systems from anywhere in the world and physically manipulate cable signals, causing them to drop off entirely — undermining the flow of internet data to specific parts of the world.” 

Sherman added, “One can even imagine a threat actor (state or non-state) hacking into a cable management system and trying to hold the infrastructure hostage.”

Cash App Company Block Suffers Data Breach, Customer Data Impacted

Cash App company Block accepts being hit by a data breach where a former employee saved reports from Cash app containing US customer information. In a Security and Exchange Commission (SEC) filing on 4th April, Block (earlier names as Square)- told that the reports were downloaded by an insider on December 10. The employee could regularly access these files as part of his past job duties, however, in this case, these files were accessed without authorization after the competition of his job. 

"Following its discovery of the incident four months after the fact, the company has launched an internal investigation and says it is notifying the applicable regulatory authorities and law enforcement. TechCrunch sent Block additional questions regarding the scope of the incident, but the company declined to answer," reports Tech Crunch. Block didn't respond to the issue, as to why a former employee still had access to the company data, and for how long did he have access to these files after his employment ended. 

The information in these files includes the full names of the users and their brokerage account numbers. Besides this, the compromised data for a few customers include portfolio value, intraday stock trading activity, and brokerage portfolio holdings. Block, a company based in San Francisco didn't disclose how many Cash App customers were affected by the incident, however, around 8.2 Million current and former customers were impacted by the incident. According to the company, no other personal information like passwords, usernames, payment card info or addressees, or social security numbers were leaked in the report. 

The filing mentions that other Cash App services and features and customers outside the US weren't affected by the incident. "At Cash App we value customer trust and are committed to the security of customers’ information. Upon discovery, we took steps to remediate this issue and launched an investigation with the help of a leading forensics firm. We know how these reports were accessed, and we have notified law enforcement. In addition, we continue to review and strengthen administrative and technical safeguards to protect information," says Danika Owsley, spokesperson for Cash App.

Mattress Company Hit by a Magecart Attack, Suffers Data Breach

Emma Sleep Company confirmed that it was hit by a Magecart attack which allowed hackers to steal customer's credit card and debit card data from the company website. The customers were told about the attack via emails last week. The company mentioned "subject to a cyberattack leading to the theft of personal data" but didn't specify in the message the date of breach incident. The attack was sophisticated, targeting checkout process of the company website and stealing personal information, including credit card data, whether the customer made a purchase doesn't matter. 

It is believed to be a Magecart attack, as suggested by the Adobe Magento e-commerce platform. "Currently there is "no evidence" personal or payment data has been abused in the wild, the company said to customers in the email. Nevertheless, it advised them to contact their banks or credit card provider and "follow their advice," and check for unusual or suspicious activity," reports The Register. The Magecart attack has affected customers across 12 countries, associated with a malicious code that was attached to checkout pages that skimmed card data from a user's browser. 

The attack was targeted, and the hacker made copy-cat URLs according to the needs. According to the mattress company, it is positive that the digital platforms were upto date with the latest security fixes. In a famous Magecart attack that happened in 2018 where it exposed 40 million British Airways customers' data (it was fined €20m for the act), it used shady skimming techniques to extract credit cards and debit cards credentials. The hackers get access to the site either via third-party apps or directly, and deploy malicious JavaScript which is responsible for stealing the information. 

The company admits that the security measures had been implemented in an effective way, in accordance with the Javascript code implementation and dynamically loaded from the hacker's server and via highly advanced escape techniques to evade detection, and also plan out countermeasures to avoid analysis. Hence, the technology that kept track of scripts in the web pages couldn't identify it. 

"In February this year, Adobe issued two out-of-bounds patches in a single week when critical security bugs affecting its Magento/Adobe Commerce product emerged, with the vendor warning the vulns were being actively exploited," reports the Register.