Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

User Security
533 million Data Breach Facebook User Privacy User Security

Data Breach at Facebook Leaks Information of 533 Million Users

 

A major privacy violation by hackers allegedly took the data of almost 533 million users of Facebook from 106 countries to be posted online for free. More than 533 million private details that were posted online include records of over 32 million users in the US, 11 million users in the UK, and 6 million users in India. This breach is perhaps the largest in the social media giant’s history of breaches. Details such as phone numbers, Facebook IDs, full names, sites, birthdates, bios, and even e-mail addresses of several people are included in the breach. 

A spokesman for Facebook stated that the data had been scrapped on the social website due to a security vulnerability that had already been patched in 2019. The vulnerability was identified in 2019, enabling millions of Facebook servers to remove telephone numbers. In August 2019, the social media outlet was kicked off by the vulnerability. 

On Saturday 3rd of April, Alon Gal, who is the CTO of Hudson Rock, the CIC, detected the leaks and confirmed the same via Twitter. Gal is the very same researcher who had blown the whistle of an initially accessible Telegram bot in January, which seems to be the same, leaking database. While the individual behind the bot sold the leaked figures to the people willing to pay for it, this time the disparity is that all these figures are now freely accessible on a low-level hacking forum. After the vulnerability that Facebook fixed in 2019, the database was reported to have been leaked, this is because not many people frequently alter their telephone numbers so that the data can be very accurate. In the past, this information was sold by a person who sold a telegraph bot to sell a telephone number or a Facebook ID for $20,000, or in bulk for $5,000. It is now widely available to anyone with certain technical know-how. 

“A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks [or] hacking attempts,” added Gal. 

This is not the first time Facebook is spotted with a data leak. Data from 419,000,000 Facebook and 49,000 Instagram users were displayed in online databases in 2019. In that meme year, data of 267 million users had been exposed to an additional violation. In the meantime, there was the infamous Cambridge Analytica scandal that, for its data collection practices, was perhaps the first time the Zuckerberg company had come under the radar. 
Read more »
User Security
Data Breach Shares Dive Ubiquiti User Data User Privacy User Security

Ubiquiti Shares Fall After Reportedly Downplaying 'Catastrophic' Data Breach


New York City-based IoT device maker Ubiquiti recently disclosed a data breach that was downplayed. After news of the catastrophic data breach, the shares of the company dropped drastically this week. 

In January, Ubiquiti informed customers that unauthorized access to certain IT systems hosted by an unidentified third-party cloud provider had been discovered. The company said at the time that it had found no evidence of user data being compromised, but it could not rule it out so it advised the customers to change their passwords. 

When Ubiquiti disclosed the security breach, it only had a small impact on its stock and the value of its shares has increased tremendously since, from roughly $250 per share on January 12 to $350 per share on March 30. Ubiquiti shares are now down to $290 at the time of publishing, following the news that the breach may have been bigger than the company led customers and investors to believe. 

On Tuesday, March 30, cybersecurity blogger Brian Krebs reported that he discovered from someone involved in the response to the breach that Ubiquiti "massively downplayed" an incident that was actually "catastrophic" in order to reduce the effect on the company's stock market value. 

According to Krebs' source, the intruder obtained access to Ubiquiti's AWS servers and then tried to extort 50 bitcoin (worth approximately $3 million) from the company to keep quiet about the hack. As per the source, "the intruder acquired obtained privileged credentials from the Ubiquiti employee’s LastPass account and “gained root administrator access to all Ubiquiti AWS accounts, including all S3 data buckets, all application logs, all databases, all user database credentials, and secrets required to forge single sign-on (SSO) cookies”. The hacker allegedly had access to Ubiquiti cloud-based devices through remote authentication. 

Ubiquiti released a statement on Wednesday in response to Krebs' report, stating that it could not comment further due to an ongoing law enforcement investigation. “In response to this incident, we leveraged external incident response experts to conduct a thorough investigation to ensure the attacker was locked out of our systems,” the company stated. “These experts identified no evidence that customer information was accessed or even targeted. The attacker, who unsuccessfully attempted to extort the company by threatening to release stolen source code and specific IT credentials, never claimed to have accessed any customer information. This, along with other evidence, is why we believe that customer data was not the target of, or otherwise accessed in connection with, the incident.” 

At least two law firms are investigating whether Ubiquiti violated federal securities laws and are urging the company’s investors to contact them.
Read more »
Xbox
Bitcoin cryptocurrency Stock market Technology Xbox

More Businesses are Accepting Bitcoin

 

Bitcoin is turning into an undeniably well-known payment alternative among numerous organizations. Fast-food chains, large tech organizations, and major beverage organizations are accepting cryptocurrency.  

Bitcoin(₿) is a cryptocurrency created in 2008 by an obscure individual or group of people utilizing the name Satoshi Nakamoto. The currency began use in 2009 when its execution was released as open-source software. Bitcoin utilizes peer-to-peer technology to work with no central authority or banks; overseeing transactions and the issuing of bitcoins is completed on the whole by the network. Bitcoin is open-source; its design is public, no one owns or controls Bitcoin and everybody can take part. 

Its costs on the trading stock exchanges plunged around Thanksgiving a year ago – only to turn back the clock and set an unsurpassed high of $ 19,857 on November 30: a 177% increment since the beginning of the despicable year up 14% of the S&P 500, as Insider recently reported. Then, a month ago, the cryptocurrency hit an all-time high, with costs moving to $ 60,000. A quirk of the increment implied that two pizzas purchased by crypto legend Laszlo Hanyecz would have really been valued at $ 613 million. 

Restaurant Brands International is one of the world's biggest fast-food holding organizations. It is the parent organization of Burger King, Tim Hortons, and Popeyes. A year ago, Burger King Venezuela declared that it would begin accepting bitcoin and other cryptocurrencies. It has worked with Cryptobuyer, a platform that generates the conversion of cryptocurrencies into normal currency, Yahoo Finance reported. Yum Brands, which operates KFC, Pizza Hut, Taco Bell, and The Habit Burger Grill, likewise accept cryptocurrencies. Yum Brands has additionally collaborated with CryptoBuyer to commence the launch of encrypted payment methods, according to Nasdaq. 

After briefly suspending acceptance of cryptocurrency as a legitimate payment method because of its volatility, Xbox accepts bitcoin payments for Xbox store credits. Coca-Cola Amatil is one of the world's biggest bottlers and distributors of non-alcoholic and ready-to-drink beverages in the Asia-Pacific area. A year ago, the organization declared in a press release that it was partnering with an online asset platform, Centrapay, to permit bitcoin as an official payment method.
Read more »
User Data
Cyber Crime Cyber Hacking Dark Web Facebook User Data

533 Million Facebook Users' Phone Numbers And Personal Data Leaked Online

 

On Saturday, a user turned to a low-level hacking forum to leak the personal information of hundreds of millions of Facebook users, free of cost. The sensitive credentials that have been exploited included personal data of over 533 million Facebook users from 106 countries – around 32 million users from the US, 11 million from the UK, and around 6 million from India. Leaked data includes users’ full names, their date of birth, address location, phone numbers, Facebook IDs, bios, and in certain instances email addresses also. 

Alon Gal, a CTO of cybercrime intelligence firm Hudson Rock, analyzed the breach on Saturday and informed about this event on Twitter. Alon Gal is also known for his last research finding that was appeared as the same leaked database previously became accessible via a Telegram bot in January. 

While back then, the situation was different. The hacker who was behind the Telegram bot leaked database was selling the hacked credentials to those clients who were ready to pay for the information, but this time the difference is that that all this leaked data of more than 533 million people is available for everyone for free in a low-level hacking forum. 

“A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks [or] hacking attempts,” Alon Gal stated. 

The incident is not foreign to Facebook, which is indeed a popular platform in the arena of cyberattacks. Before this cyberattack, the platform had already experienced data breaches multiple times, notably so. 

The vulnerability that had been spotted in 2019 exposed sensitive information of millions of Facebook users including their phone numbers to be scraped from Facebook's servers in contravention of its terms of service. Back then, Facebook officially stated that the vulnerability was patched in August 2019. Additionally, Facebook vowed to eliminate mass data-scraping after Cambridge Analytica scraped over 80 million users’ data in violation of Facebook's terms of service to target voters with political ads in the 2016 election.
Read more »
IoT
China Cyber Security Cybersecurity Breach IoT

Hackers Tap Into Home Security Cameras, Record Sex Tapes To Sell Online

Chinese hackers are infiltrating into residents' house security cameras, shooting them having sex and selling the footage online. However shocking this crime may sound, it's pretty common nowadays, according to South China Morning Post. It reports, "the videos are priced based on how exciting they are and are sold via social media, according to an undercover investigative report aired by the television station on Monday. Video clips involving nudity or sexual acts are priced at 50 yuan (US$8) each, while those “normal ones shot in hotel rooms” are 20 yuan (US$3), said an unidentified seller of these videos in the report."  

These videos are always in high demand in the online market. This can be frightening as the sophisticated gadgets that we use for our security can be turned against us, and the internet can put us in such a vulnerable condition. The attackers hacked into candid cameras to spy on hundreds of thousands of victims and record their sex tape, besides this, they were also able to find out about the hidden cameras that hackers used to plant in the hotel rooms.  These sex tapes that are on sale are being called "home videos", hackers have also set up multilevel marketing scheme where the clients are encouraged to sell these videos furthermore. 

The customers were shared the login credentials of the hacked security cameras so that they can tune in themselves. According to one hacker's audio conversation with his VIP clients, he had dozens of people walking around and installing these cameras wherever they went.  Even if these cameras are caught by the hotels, the hackers will only lose around 100 yuan, the losses can be compensated by uploading a couple of videos online. 

"Such videos are primitive,” the hacker said. “Many people like such kind of stuff nowadays, watching people’s privacy, what they’re doing at the moment… You know what, I have sold this video several hundred times," said the hacker, according to South China Morning Post. In a similar incident, hackers hacked into the Amazon ring cameras where the customers were unaware of the breach.
Read more »
Technology
Coinopsy.com Crypto Currency Dead Coins Technology

Goodbye Cryptocurrencies: Number of 'Dead' Coins Increased by 35% Over Last Year

 

Coinopsy.com, an online firm that tracks dead cryptocurrencies has published a data report regarding the number of dead cryptocurrencies or crypto coins. Interestingly, there is a huge surge in the number of dead cryptocurrencies or crypto coins that had minimal to zero profits for everyone. 

According to the data report from Coinopsy.com, the number increased by 35% over last year to 1,949. Around February last year, the total number of dead coins exceeded 1,440. The term dead coins are associated with a cipher that no longer exists for multiple reasons. For example, they are used as a scam, their internet site remains down, there’s a problem with a node or wallet, it’s illiquid or it’s just abandoned, or it’s been stopped by a developer. 

However, if there’s a lack of information on the reasons why a coin died, it falls into the default deserted category. The growth within the quantity of such dead coins had gained momentum again in 2017 when a lot of entrepreneurs or firms went for preliminary coin choices (ICO) and had raised $4.9 billion through the year, as per the reports of Crunchbase. ICOs are meant to develop new blockchain-based cryptos or related apps or companies.

According to CoinMarketCap, ICOs had increased the number of existing coins from 29 to more than 850 projects in 2017. In December last year, the whole cryptos had reached close to 8,000. As of March 3, 2021, there were 9,108 ciphers led by Bitcoin and Ethereum were in circulation. However, many of these coins are no longer present because they never have been scammed, joked, or evolved.

Joke projects and coins have no real or concrete idea, but they are still looking for an investment. For example, according to CoinMarketCap, the Useless Ethereum Token (UET) was one such joke coin that held an ICO and raised over $300,000. The total market capitalization of over 9,000 cryptocurrencies is $1.96 trillion, of which Bitcoin commands a 60 percent share ($1.1 trillion) and Ethereum has an 11% share ($243 billion).
Read more »
User Privacy
Cyber Security Data Exposure European Telco Sensitive data Tala User Privacy

Tala Research Shows that European Telecommunication Websites Expose Sensitive Customer Data

 

In 7 EU countries, Tala assessed the websites of the leading MSPs for the European top mobile providers, data exposure is a major unacknowledged concern. Analysis of Europe's leading mobile providers' websites by Tala Security shows that critical information has been at risk of over-sharing and attack — with few appropriate security measures in place to discourage it. Tala Security's recent study reveals that data exposure is a real concern for Europe's leading mobile companies and by extension for more than 253 million customers who register up and share personal information. The main issue is the insecure website supply chains. 

For many valid reasons, European Telecommunication companies collect sensitive information as part of the digital sign-up procedure, including passport numbers, payment slips, and bank account details. The analysis by Tala shows that European Telco sites do not have enough protection against third-parties risk but also uncover them to other serious risks by using numerous third-party JavaScript integrations. Without command, all websites that have JavaScript code from each owner's website including the supply chain vendor can alter, grab, or release information via JavaScript facilitated client-side attacks. The average JavaScript integration among Telecommunications companies was 162 in the group; this is a very high risk of over-sharing and data visibility. If website owners do not protect sensitive data when entered on their websites, they actually do not leave it suspended; the only reason why it is not stolen is that criminals did not use it. 

“In many cases, data sharing or exposure takes place via trusted, legitimate applications on the allow list —often without the website owner's knowledge,” said Deepika Gajaria, VP of Products at Tala Security. 

Forms used to collect credentials, banking information, passport numbers, etc. are revealed to an average of 19 third parties at considerable risk through form data exposure. No responsive website protection was established on any of the sites. On a scale of 100 with a score of 50 at an average, the website average was only 4.5. 100 percent of the most widespread website attack that frequently led to a significant sensitive leakage in the data is cross-site scripting (XSS). 

“European Telco’s routinely collect sensitive data like passport scans, banking details, address, and employment information. When website owners fail to effectively secure data as it is entered into their websites, they’re effectively leaving it hanging, an accident waiting to happen,” said Gajaria.
Read more »
Pull Request
Crypto Currency cryptomining malware Cyber Attacks GitHub Pull Request

Attackers found abusing GitHub Infrastructure to Mine Cryptocurrency

 

Microsoft-owned GitHub is the new cyberattack victim, with reports of cybercriminals manipulating GitHub's cloud infrastructure to mine cryptocurrency. Code repository hosting service, Github has started an investigation into a series of attacks aimed at abusing its infrastructure to mine cryptocurrency illegally. 

GitHub Actions is a continuous integration (CI) and continuous deployment (CD ) solution that makes it easy to automate all the software workflows and setup periodic tasks. The particular attack adds malicious GitHub Actions code to repositories forked from legitimate ones and further creates a Pull Request for the original repository maintainers to merge the code back, to alter the original code. 

“In a phone call, Dutch security engineer Justin Perdok told The Record that at least one threat actor is targeting GitHub repositories where Actions might be enabled. The attack involves forking a legitimate repository, adding malicious GitHub Actions to the original code, and then filing a Pull Request with the original repository in order to merge the code back into the original.” reported The Record. 

“But the attack doesn’t rely on the original project owner approving the malicious Pull Request. Just filing the Pull Request is enough for the attack, Perdok said.” This is particularly true for GitHub projects that have automated workflows setup to substantiate incoming Pull Requests via Actions. As soon as a Pull Request is created for the original project, GitHub's systems execute the attacker's code which instructs GitHub servers to retrieve and run a crypto miner. 

This isn't the first time an attack leveraging GitHub infrastructure has abused GitHub Actions. An identical attack had previously been identified by another programmer, Yann Esposito, in which an attacker had filed a malicious Pull Request against Esposito's GitHub project. 

Last year, BleepingComputer reported on GitHub being used to host a wormable botnet Gitpaste-12, which reappeared with over 30 exploits the following month. Unlike Gitpaste-12 or the Octopus Scanner malware, which targeted vulnerable projects and computers, this attack appears to be solely abusing on GitHub servers for crypto mining.

In an email, GitHub told The Record that they are “aware of this activity and are actively investigating”. For now, the attack does not appear to damage users’ projects in any way and seems to be solely focused on abusing GitHub infrastructure.
Read more »
Taxpayers
Cyber Crime cybercriminals Phishing Campaign Robinhood Taxpayers

Attackers Targeted Robinhood with a Phishing Campaign

 

Attackers have targeted clients of stock-trading broker Robinhood with a phishing campaign planned to steal their credentials and spread malware utilizing counterfeit tax documents, the organization has cautioned.

Robinhood Markets, Inc. is an American financial services organization settled in Menlo Park, California, known for offering commission-free trades of stocks and exchange-traded funds through a mobile application presented in March 2015. Robinhood is a FINRA-managed broker-dealer, enlisted with the U.S. Securities and Exchange Commission, and is a member of the Securities Investor Protection Corporation. The organization's revenue comes from three fundamental sources: interest earned on customers' cash balances, selling order information to high-frequency traders (a practice for which the SEC opened an investigation into the company in September 2020), and margin lending. As of 2020, Robinhood had 13 million clients. 

Robinhood, has confronted various regulatory and legal difficulties along the way, sent an email to clients Thursday warning of a phishing scam “that may have reached some of our customers.” 

Attackers targeted clients in two ways, as per the email. One assault vector utilized phishing emails with links to counterfeit Robinhood sites provoking visitors to enter their login credentials, including authentication codes the organization uses to help guarantee the security of individuals' accounts. Other emails saw assailants exploiting the tax season, requesting potential victims to download counterfeit tax files, for example, Form 1099—that included malware, as per the email. 

“There tends to be an increase in these types of emails around tax season, so we ask that you be extra careful about how you access your Robinhood account,” as per the email. Robinhood recommended individuals check the strength of safety features of the application on their gadgets, manually eliminating any gadgets they don't perceive from accessing and resetting passwords on the off chance that they believe they might be in danger. The organization likewise urged clients to reach out to its support team directly from the Robinhood application or its site. 

One of the main grievances among Robinhood clients was that they couldn't reach the company for support, causing regulators like the Securities and Exchange Commission (SEC) to become de facto customer support for the platform’s clients.
Read more »
United States
Cyber Crime Cyber Crime Report Russian Hackers United States

Russian hackers suspected of stealing thousands of US State Department emails

In 2020, Russian hackers stole thousands of emails from U.S. State Department employees. As Politico reported, this is the second major hack of the department's email server in the last ten years, carried out "with the support of the Kremlin."

According to Politico sources, this time, hackers accessed the emails of the U.S. State Department's Bureau of European and Eurasian Affairs, as well as the Bureau of East Asian and Pacific Affairs. A Politico source said it was unclear whether classified information was among the stolen emails. It also remains unclear whether the hack was part of a larger SolarWinds attack that gave hackers access to dozens of U.S. federal agencies.

The U.S. State Department declined to comment to the publication on the likely attack. "For security reasons, we cannot discuss the nature or extent of any alleged cybersecurity incidents at this time," said a State Department spokesman. Politico also sent a request to the Russian embassy in the United States. At the time of publication, the Russian side had not responded.

Recall, U.S. media reported on the large-scale hacking attack on the U.S. government on December 14, 2020. The hack was later confirmed by U.S. intelligence agencies. According to their information, dozens of agencies were hacked, it was organized by Russian hackers. U.S. President Joe Biden announced his intention to impose sanctions against Russia for cyber attacks. On March 8, 2021, the media reported on White House plans to conduct covert cyberattacks on Russian networks in response to the SolarWinds hack.

Russian presidential press secretary Dmitry Peskov stressed Moscow's noninvolvement in the cyberattacks. Russian Foreign Ministry spokeswoman Maria Zakharova also said that U.S. accusations that Russia was involved in a massive hacking attack on U.S. federal agencies were unproven.

Read more »
Zimperium zLabs
Android Data Theft FakeSysUpdate malware User Privacy Zimperium zLabs

Protect Your Android Phones from Android 'System Update' Malware

 

Security researchers at Zimperium zLabs have discovered a new ‘sophisticated’ Android malware posing as a software update application. This malware becomes more lethal when it sits stealthily masqueraded as a system update.

Once the malware is downloaded on a device, the victim’s device is registered with the Firebase Command and Control (C2), upon which a hacker can send commands via Firebase messaging service to manage data theft. The process of data exfiltration starts once a condition is fulfilled, including the addition of a new mobile contact, app installation, or a receipt of an SMS text.

“When the victim is using Wi-Fi, all the stolen data from all the folders are sent to the C2, whereas when the victim is using a mobile data connection, only a specific set of data is sent to C2,” security researcher at Zimperium zLabs stated.

According to a report by researchers at Zimperium, this malware has the capability of stealing your data once it is installed into your Android phone. Once in control, cybercriminals can record audio and phone calls, take photos, access WhatsApp texts, steal instant messenger texts, peer into GPS location data, examine the default browser’s bookmarks, search for files with specific extensions, inspect the clipboard data, the content of the notifications, steal SMS texts and call logs, list the downloaded applications and even extract device information. 

Security researchers have termed the malware as ‘FakeSysUpdate’ which is quite capable of concealing its source. Unfortunately, researchers have not detected the source of this malware but advised the Android users to remain vigilant regarding the content on their device. Frequently check for official updates, uninstall all the apps that you feel are necessary, and also avoid installing apps from a third-party source.

In an interview with TechCrunch, Shridhar Mittal, CEO of Zimperium zLabs stated that “it’s easily the most sophisticated attack we’ve seen…I think a lot of time and effort was spent on creating this app. We believe that there are other apps out there like this, and we are trying our very best to find them as soon as possible.”
Read more »
Subscribe to: Comments (Atom)