Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Breach. Show all posts
Unauthorized
Breach Casio Cyber Attacks Cyberattack Cybersecurity Data Disruption losses restructuring services Unauthorized

Casio Hit by Cyberattack Causing Service Disruption Amid Financial Challenges

 

Japanese tech giant Casio recently experienced a cyberattack on October 5, when an unauthorized individual accessed its internal networks, leading to disruptions in some of its services.

The breach was confirmed by Casio Computer, the parent company behind the iconic Casio brand, recognized for its watches, calculators, musical instruments, cameras, and other electronic products.

"Casio Computer Co., Ltd. has confirmed that on October 5, its network was accessed by an unauthorized third party," the company revealed in a statement today. Following an internal review, the company discovered the unauthorized access led to system disruptions, which have caused some services to be temporarily unavailable. Casio mentioned it cannot provide further details at this stage, as investigations are still ongoing. The company is working closely with external specialists to assess whether personal data or confidential information was compromised during the attack.

Although the breach has disrupted services, Casio has yet to specify which services have been impacted.

The company reported the cyber incident to the relevant data protection authorities and quickly implemented measures to prevent further unauthorized access. BleepingComputer reached out to Casio for more information, but a response has not yet been provided.

So far, no ransomware group has claimed responsibility for the attack on Casio.

This attack comes nearly a year after a previous data breach involving Casio's ClassPad education platform, which exposed customer data from 149 countries, including names, email addresses, and other personal information.

The recent cyberattack adds to the company's challenges, as Casio recently informed shareholders of an expected $50 million financial loss due to significant personnel restructuring.
Read more »
US semiconductor manufacturer
Breach Data Microchip Technology attack Play ransomware ransomware cyberattack US semiconductor manufacturer

Play Ransomware Claims Attack on US Semiconductor Manufacturer Microchip Technology

 

The Play ransomware group has claimed responsibility for last week's cyberattack on the American semiconductor company Microchip Technology. On Tuesday, the group added Microchip Technology to its data leak site, as noted by multiple cybersecurity researchers. Play is notorious for its use of custom tools and double-extortion tactics, which involve both encrypting victims' files and threatening to release stolen data.

Microchip Technology reported last week that intruders had disrupted "certain servers and some business operations." Upon discovering the breach, the company took immediate steps to isolate the affected systems, shut down some services, and initiate an investigation.

Microchip Technology has not commented on the Play gang's involvement in the attack. The company produces products such as microcontrollers, embedded security devices, and radio frequency devices, which it supplies to sectors including automotive, industrial, aerospace, and defense. In 2024, its sales reached $7.6 billion.

The Play group typically gives its victims 72 hours to pay a ransom before making stolen data public. However, Kevin O’Connor, a researcher at U.S.-based cybersecurity firm Adlumin, noted that in this case, the timeline was extended, with Play claiming responsibility a week after Microchip Technology reported the incident to the SEC (Securities and Exchange Commission). O'Connor added that while it's not uncommon for ransomware groups to delay data release, it often indicates ongoing negotiations.

Adlumin's research suggests that the Play ransomware operation has significantly expanded over the past year, likely due to its shift to an affiliate model, complicating the attribution of attacks. O'Connor also mentioned that it's still unclear whether the core group or its affiliates were behind the attack on Microchip Technology.

Play ransomware was first identified in June 2022. The Cybersecurity and Infrastructure Security Agency (CISA) has reported that the group typically encrypts systems after data exfiltration, impacting various businesses and critical infrastructure organizations across North America, South America, Europe, and Australia. According to Trend Micro's research published in July, the majority of Play's attacks this year have been concentrated in the United States.
Read more »
US Cybersecurity
Breach CISA critical infrastructure risk Cyber Security Data Analytics Information Security supply chain attacks US Cybersecurity

CISA Investigates Sisense Breach: Critical Infrastructure at Risk

 

In the fast-paced landscape of cybersecurity, recent events have once again brought to light the vulnerabilities that critical infrastructure organizations face. The breach of data analytics company Sisense, under investigation by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), serves as a stark reminder of the importance of robust security measures in protecting sensitive data and systems. 

Sisense, a prominent American business intelligence software company, found itself at the center of a security incident impacting not only its own operations but also critical infrastructure sector organizations across the United States. 

With offices in New York City, London, and Tel Aviv, and a clientele including major players like Nasdaq, ZoomInfo, Verizon, and Air Canada, the breach sent shockwaves through the cybersecurity community. CISA's involvement underscores the severity of the situation, with the agency actively collaborating with private industry partners to assess the extent of the breach and its implications for critical infrastructure. 

As investigations unfold, the focus is on understanding the nature of the compromise and mitigating potential risks to affected organizations. In response to the breach, CISA has issued recommendations for all Sisense customers to reset any credentials and secrets that may have been exposed or used to access the company's platform and services.

This proactive measure aims to prevent further unauthorized access and protect sensitive information from exploitation. Sisense's Chief Information Security Officer, Sangram Dash, echoed CISA's advice in a message to customers, emphasizing the importance of promptly rotating credentials used within the Sisense application. This precautionary step aligns with best practices in cybersecurity, where rapid response and mitigation are essential to minimizing the impact of security incidents. 

Additionally, customers are urged to report any suspicious activity related to potentially exposed credentials or unauthorized access to Sisense services to CISA. This collaborative approach between organizations and government agencies is crucial in addressing cybersecurity threats effectively and safeguarding critical infrastructure from harm. The incident involving Sisense is not an isolated event. 

Similar supply chain attacks have targeted critical infrastructure organizations in the past, highlighting the need for heightened vigilance and resilience in the face of evolving cyber threats. One such attack, involving the 3CX breach a year ago, had far-reaching consequences, impacting power suppliers responsible for generating and distributing energy across the grid in the United States and Europe. 

As organizations grapple with the aftermath of the Sisense breach, lessons learned from this incident can inform future cybersecurity strategies. Proactive measures such as continuous monitoring, regular security assessments, and robust incident response plans are essential for mitigating risks and protecting critical infrastructure assets. 

The Sisense breach serves as a wake-up call for the cybersecurity community, emphasizing the interconnected nature of cyber threats and the imperative of collaboration in defending against them. By working together and adopting a proactive stance, organizations can bolster their defenses and safeguard critical infrastructure from cyber adversaries.
Read more »
online transactions
Adobe Breach Cyber Security E Commerce Magento online transactions

E-commerce Breach: Hackers Target Magento, Steal Payment Data

 




In a concerning development for e-commerce security, hackers have been discovered exploiting a critical flaw in the popular Magento platform, leaving numerous online stores vulnerable to data breaches. The vulnerability, identified as CVE-2024-20720 with a severity score of 9.1, was acknowledged and addressed by Adobe in security updates released on February 13, 2024.

The exploit involves injecting a persistent backdoor into e-commerce websites, allowing threat actors to execute arbitrary commands and potentially steal sensitive payment data. Security experts from Sansec revealed that attackers are utilising a cleverly crafted layout template stored in the database to automatically insert malicious code into the system.

By combining the Magento layout parser with the beberlei/assert package, hackers can execute system commands, particularly targeting the checkout cart section of affected websites. This malicious code, facilitated by the 'sed' command, enables the installation of a payment skimmer, designed to capture and transmit financial information to compromised Magento stores under the attackers' control.

This incident underlines the urgency for e-commerce businesses to promptly apply security patches provided by Magento to mitigate the risk of exploitation. Failure to do so could leave them susceptible to financial losses and reputational damage.

The exploitation of vulnerabilities within the Magento platform has become an ongoing concern within the realm of e-commerce security. Since its acquisition by Adobe in 2018 for a significant $1.68 billion, Magento has grown to power more than 150,000 online stores worldwide. However, this widespread adoption has inadvertently made it an enticing target for cybercriminals seeking to exploit weaknesses in its infrastructure. One notable example of such exploitation is the MageCart attacks, which have highlighted the persistent threat posed by outdated and unsupported versions of Magento.

Given the prevalence of these vulnerabilities, it is pivotal for online merchants to prioritise cybersecurity measures to safeguard their customers' sensitive data and uphold trust within the e-commerce ecosystem. This necessitates a proactive approach that includes regular software updates, the implementation of robust security protocols, and continuous monitoring for any suspicious activities.

Industry stakeholders are urged to collaborate closely to enhance cybersecurity resilience and protect the integrity of online transactions. By staying informed and proactive, businesses can effectively combat cyber threats and uphold the security of their e-commerce operations.



Read more »
Ransomware
Birmingham Breach Computer Hacking cyber attack Cyber Attacks Ransomware

Birmingham City Computers Breached by Hackers, Mayor Confirms

 



Birmingham Mayor Randall Woodfin’s office has officially acknowledged that the city’s computer systems fell victim to a cyberattack almost a month ago. The incident came to light in a memo sent to city employees, obtained by AL.com, confirming that hackers gained unauthorised access to the city’s networks.

Timeline of Events

The disruption was first noticed on March 6, prompting an immediate investigation into the unexpected activity that disrupted various computer systems. City officials are actively working to restore full functionality to the affected systems, although the investigation into the breach is ongoing. Rick Journey, the mayor’s communications director, emphasised the city’s commitment to ensuring the security of its network.

Impact on Operations

The cyberattack has caused significant disruptions, with employees resorting to pen and paper for tasks like timekeeping due to the network outage. Despite these challenges, critical public safety and public works services have remained unaffected. However, law enforcement agencies have faced limitations, including difficulties in accessing databases to check vehicle theft reports and outstanding warrants.

What Does It Mean for Employees?

Addressing concerns about payroll and employee compensation, city officials reassured employees that payroll processing will continue as scheduled. Payroll coordinators are available to address any individual questions or concerns regarding payment accuracy. Despite the disruption, city authorities are committed to ensuring that employees receive their salaries on time.

Response and Investigation

Following the breach, the city has enlisted the support of third-party specialists to investigate the extent of the disruption and its impact on operations. While specific details about the cyberattack remain limited due to the ongoing investigation, officials have stressed that the 911 emergency system remains fully functional.

A Potential Ransomware Attack 

Multiple government sources have indicated that the cyberattack is likely a ransomware attack, wherein hackers demand payment in exchange for restoring access to the city’s data. Despite the severity of the incident, city officials have reiterated that emergency services have not been compromised.

This incident dials on the mounting challenges municipalities face in safeguarding against cybersecurity breaches. As authorities delve deeper into the matter, concerted efforts are underway to bolster cybersecurity measures, emphasising the critical need to strengthen defences against potential future threats. 


Read more »
XZ Utils Library
Breach CISA advisory Data Breach LZMA Malicious actor Microsoft XZ Utils Library

Critical Security Alert Released After Malicious Code Found in XZ Utils

 

On Friday, Red Hat issued a high-priority security alert regarding a discovery related to two versions of a widely-used data compression library called XZ Utils (formerly known as LZMA Utils). It was found that these specific versions of the library contained malicious code intentionally inserted by unauthorized parties. 

This code was designed with the malicious intent of allowing remote access to systems without authorization. This unauthorized access can lead to serious security threats to individuals and organizations utilizing these compromised versions of the library, potentially leading to data breaches or other malicious activities. 

The discovery and reporting of the issue have been attributed to Microsoft security researcher Andres Freund. It was revealed that the malicious code, which was heavily obfuscated, was introduced through a sequence of four commits made to the Tukaani Project on GitHub. These commits were attributed to a user named Jia Tan (JiaT75). 

What XZ Utils Used For? 

XZ is a compression tool and library widely utilized on Unix-like systems such as Linux. It is renowned for its ability to significantly reduce file sizes while maintaining fast decompression speeds. This compression is achieved through the implementation of the LZMA (Lempel-Ziv-Markov chain algorithm) compression algorithm, which is well-regarded for its efficient compression ratios. 

Let’s Understand the Severity of the Attack 

The breach has garnered a critical CVSS score of 10.0, indicating the most severe level of threat. This vulnerability has been found to impact XZ Utils versions 5.6.0 and 5.6.1, which were released on February 24 and March 9, respectively. 

The Common Vulnerability Scoring System (CVSS) is a widely used tool in the cybersecurity sector, offering a standardized approach to evaluate the gravity of security vulnerabilities found in computer systems. Its main objective is to aid cybersecurity experts in prioritizing the resolution of these vulnerabilities based on their urgency. 

"Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code," an IBM subsidiary reported. 

Additionally, Red Hat clarified that while no versions of Red Hat Enterprise Linux (RHEL) are affected by this security flaw, evidence indicates successful injections within xz 5.6.x versions designed for Debian unstable (Sid). It is also noted that other Linux distributions may potentially be impacted by this vulnerability. 

In response to the security breach, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has taken action by issuing its own alert.  "CISA and the open source community are responding to reports of malicious code being embedded in XZ Utils versions 5.6.0 and 5.6.1. This activity was assigned CVE-2024-3094. XZ Utils is data compression software and may be present in Linux distributions. The malicious code may allow unauthorized access to affected systems".  

CISA is advising users to downgrade their XZ Utils installations to a version unaffected by the compromise. Specifically, they recommend reverting to an uncompromised version such as XZ Utils 5.4.6 Stable.
Read more »
Vulnerabilities and Exploits
Breach data security IT Companies Threat Detection Vulnerabilities and Exploits

End-User Risks: Enterprises on Edge Amid Growing Concerns of the Next Major Breach

 

The shift to remote work has been transformative for enterprises, bringing newfound flexibility but also a myriad of security challenges. Among the rising concerns, a prominent fear looms large - the potential for end-users to inadvertently become the cause of the next major breach. 

As organizations grapple with this unsettling prospect, the need for a robust security strategy that addresses both technological and human factors becomes increasingly imperative. Enterprises have long recognized that human error can be a significant factor in cybersecurity incidents. However, the remote work surge has amplified these concerns, with many organizations now expressing heightened apprehension about the potential for end-users to inadvertently compromise security. 

A recent report highlights that this fear is not unfounded, as enterprises increasingly worry that employees may become the weak link in their cybersecurity defenses. The complexity of the remote work landscape adds a layer of difficulty to security efforts. Employees accessing sensitive company data from various locations and devices create a broader attack surface, making it challenging for IT teams to maintain the same level of control and visibility they had within the confines of the corporate network. 

This expanded attack surface has become a breeding ground for cyber threats, and organizations are acutely aware that a single unintentional action by an end-user could lead to a major breach. Phishing attacks, in particular, have become a prevalent concern. Cybercriminals have adeptly adapted their tactics to exploit the uncertainties surrounding the pandemic, capitalizing on the increased reliance on digital communication channels. End-users, potentially fatigued by the constant influx of emails and messages, may unwittingly click on malicious links or download infected attachments, providing adversaries with a foothold into the organization's systems. 

While end-users can be the first line of defense, their actions, if not adequately guided and secured, can also pose a significant risk. Enterprises are grappling with the need to strike a delicate balance between enabling a seamless remote work experience and implementing stringent security measures that mitigate potential threats arising from end-user behavior. Education and awareness emerge as critical components of the solution. Organizations must invest in comprehensive training programs that equip employees with the knowledge and skills to identify and thwart potential security threats. 

Regularly updated security awareness training can empower end-users to recognize phishing attempts, practice secure online behavior, and promptly report any suspicious activity. Moreover, enterprises need to implement advanced cybersecurity technologies that provide an additional layer of protection. AI-driven threat detection, endpoint protection, and multi-factor authentication are crucial elements of a modern cybersecurity strategy. These technologies not only bolster the organization's defenses but also alleviate some of the burdens placed on end-users to be the sole gatekeepers of security. 

Collaboration between IT teams and end-users is paramount. Establishing open communication channels encourages employees to report security incidents promptly, enabling swift response and mitigation. Additionally, organizations should foster a culture of cybersecurity responsibility, emphasizing that every employee plays a crucial role in maintaining a secure digital environment. As the remote work landscape continues to evolve, enterprises must adapt their cybersecurity strategies to address the shifting threat landscape. 

The concerns about end-users being the potential cause of the next major breach underscore the need for a holistic approach that combines technological advancements with ongoing education and collaboration. By fortifying the human element of cybersecurity, organizations can navigate the complexities of remote work with confidence, knowing that their employees are not unwittingly paving the way for the next significant security incident.
Read more »
Hackers
Breach Crypto cryptocurrency Cyber Attacks Data Breach Hackers

Another Crypto Exchange Hacked, Following CoinEx Hack by Three Days

 

In the midst of a challenging year for crypto exchanges, Remitano, a centralized exchange, fell prey to a hack on September 14, 2023, losing nearly $2.7 million in digital currencies.

The breach unfolded at around 12:45 PM on Thursday when an unidentified address with no transaction history began receiving funds from one of the exchange's hot wallets. Cyvers, a blockchain analytics firm, swiftly identified these suspicious transactions and promptly alerted the crypto community.

The attacker managed to siphon off a total of $2.7 million in digital assets, comprising $1.4 million in Tether USDT, $208,000 in USD Coin (USDC), and $2,000 in Ankr tokens. Notably, Tether promptly intervened by freezing the alleged hacker's address, safeguarding approximately $1.4 million worth of USDT before any further transactions or conversion of the stolen funds could occur.

U.S. authorities are attributing this incident to the Lazarus Group, a cybercrime organization based in Korea believed to be operating in tandem with the North Korean government. This group has been linked to several hacks in 2023.

Remitano, a peer-to-peer centralized crypto exchange and payment processor, specializes in serving emerging markets, including Pakistan, Ghana, Venezuela, Vietnam, South Africa, and Nigeria. As of now, the exchange has not issued any official statement regarding the alleged hack.

The Lazarus Group has been responsible for some of the most significant hacks in 2023, amassing nearly $200 million in ill-gotten gains, constituting around 20% of all crypto hacks this year.

On September 4, 2023, the group targeted the prominent crypto casino, Stake, making off with over $41 million in digital assets. Despite the breach, Stake resumed operations shortly thereafter, assuring users that their funds were secure.

Then, on September 12, 2023, CoinEx fell victim to a massive hack believed to be orchestrated by the Lazarus Group. Cyvers warned the crypto firm to halt all withdrawals and deposits upon detecting multiple suspicious transactions, but the response came too late. The group absconded with over $27 million in crypto assets, with subsequent reports indicating the actual amount exceeded $55 million.

Following the Stake incident, the Federal Bureau of Investigation (FBI) disclosed several addresses associated with the group and advised crypto exchanges to refrain from transactions involving these addresses.

Since its inception in 2009, the Lazarus Group is said to have stolen over $2.3 billion in crypto assets. The group gained notoriety for its 2014 hack of Sony Pictures Entertainment, which resulted in over $35 million in IT repair costs.
Read more »
Vulnerability
Australia Breach Customer Cyber Attacks Data Energy Experts Investigation Ransomware Report Security Software threat UK Vulnerability

Cyberattack Strikes Australian Energy Software Company Energy One

 

Energy One, an Australian company specializing in software solutions and services for the energy industry, has fallen victim to a cyber assault.

In an announcement made on Monday, the company revealed that the breach was identified on August 18 and had repercussions for certain internal systems both in Australia and the United Kingdom.

“As part of its work to ensure customer security, Energy One has disabled some links between its corporate and customer-facing systems,” Energy One said.

Energy One is actively engaged in an inquiry to ascertain the extent of the impact on customer-related systems and personal data. The organization is also committed to tracing the initial point of intrusion employed by the attacker.

Though detailed specifics about the attack are presently undisclosed, the company's official statement strongly suggests the possibility of a deliberate ransomware attack.

To facilitate the investigation, cybersecurity specialists have been enlisted, and competent authorities in both Australia and the UK have been informed about the incident.

According to a recent report by Searchlight Cyber, a British threat intelligence firm, malevolent actors have been peddling opportunities for initial access into energy sector enterprises globally, with prices ranging from $20 to $2,500.

Perpetrators of cybercrime can exploit various avenues, including Remote Desktop Protocol (RDP) access, compromised login credentials, and vulnerabilities in devices like Fortinet products.
Read more »
Password
AI Breach Cyber Security Data Data Safety data security Password

AI can Crack Your Password in Seconds, Here’s how to Protect Yourself

 

Along with the benefits of emerging generative AI services come new hazards. PassGAN, a sophisticated solution to password cracking, has just emerged. Using the most recent AI, it was able to hack 51% of passwords in under a minute and crack 71% of passwords in less than a day. 

Microsoft raised attention to the security problems that would accompany the rapid growth of AI last month when it announced its new Security Copilot suite, which will assist security researchers in protecting against malicious use of current technologies.

Home Security Heroes recently released a study demonstrating how frighteningly powerful the latest generative AI is at cracking passwords. The company ran a list of over 15,000,000 credentials from the Rockyou dataset through the new password cracker PassGAN (password generative adversarial network), and the results were shocking.

51% of all popular passwords were broken in under a minute, 65% in under an hour, 71% in under a day, and 81% in under a month. PassGAN is able to "autonomously learn the distribution of real passwords from actual password leaks," which is why AI is making such a difference in password cracking. Rather than having to do manual password analysis on leaked password databases, PassGAN is able to "autonomously learn the distribution of real passwords from actual password leaks."

How to Prevent AI Password Cracking

Sticking to at least 12 characters or more of capital and lowercase letters plus numbers (or symbols) distinguishes between easily or rapidly cracked passwords and difficult-to-crack passwords. For the time being, all passwords with 18 characters that include both letters and numbers are protected against AI cracking.

Seeing how powerful AI can be for password cracking is a good reminder to not only use strong passwords but also to check:
  • Utilising 2FA/MFA. (non-SMS-based whenever possible)
  • Avoid reusing passwords across accounts.
  • When feasible, use password generators.
  • Passwords should be changed on a frequent basis, especially for important accounts.
  • Avoid using public WiFi, especially for banking and other similar accounts.
On the Home Security Heroes website, there is a program that allows you to test your own passwords against AI. However, it's best not to enter any of your genuine passwords if you want to check out the AI password analyser - instead, enter a random one.
Read more »
User Safety
Breach Data Breach Data Safety data security Twitter User Data User Privacy User Safety

Twitter Data Breach: Hacker Posted List of Hacked Data of 400M Users

 

One of the biggest Twitter data breaches has resulted in the selling of 400 million Twitter users' personal information on the dark web. The news was released just one day after the Irish Data Protection Commission (DPC) said that it was looking into a prior Twitter data leak that affected more than 5.4 million users, according to CyberExpress. 

In late November, the previous breach was discovered. The hacker released a sample of the data on one of the hacker sites as evidence that the data is real. Email, username, follower count, creation date, and, in some situations, the users' phone numbers are all included in the sample data.

What's shocking is that the hacker's sample data includes information from some pretty well-known user accounts. The user data in the sample data includes the following:

  • Alexandria Ocasio-Cortez
  • SpaceX
  • CBS Media
  • Donald Trump Jr.
  • Doja Cat
  • Charlie Puth
  • Sundar Pichai
  • Salman Khan
  • NASA's JWST account
  • NBA
  • Ministry of Information and Broadcasting, India
  • Shawn Mendes
  • Social Media of WHO

The sample data includes the data of many more well-known users. The majority of them will point to the social media staff, but if the data leak is real, it will be disastrous. While other threat actors have not verified the data yet, Alon Gal in his LinkedIn post states that "The data is increasingly more likely to be valid and was probably obtained from an API vulnerability enabling the threat actor to query any email / phone and retrieve a Twitter profile, this is extremely similar to the Facebook 533m database that I originally reported about in 2021 and resulted in a $275,000,000 fine to Meta."

Meanwhile, In his post, the hacker writes, "Twitter or Elon Musk if you are reading this you are already risking a GDPR fine over 5.4m breach imagine the fine of 400m users breach source. Your best option to avoid paying $276 million USD in GDPR breach fines like Facebook did (due to 533m users being scraped) is to buy this data exclusively."

The hacker states he is open to the 'Deal' going through a middle man and further stated, "After that I will delete this thread and will not sell this data again. And data will not be sold to anyone else which will prevent a lot of celebrities and politicians from Phishing, Crypto scams, Sim swapping, Doxxing and other things that will make your users Lose trust in you as a company and thus stunt the current growth and hype that you are having also just imagine famous content creators and influencers getting hacked on twitter that will for sure Make them ghost the platform and ruin your dream of twitter video sharing platform for content creators, also since you Made the mistake of changing twitter policy that got an immense backlash."
Read more »
Threat Groups
Breach Cyber Attacks Deep Instinct MuddyWater Syncro Threat Groups

MuddyWater: Iran-Backed Threat Group’s Latest Campaign Abuses Syncro Admin Tool


Iran-sponsored cyber threat group, MuddyWater has now altered its tactics, it is now utilizing a remote administration tool, Syncro, that is being used in order to gain control of the target devices. 

What is Syncro? 

Syncro is a highly integrated and easy-to-use remote access platform that allows Remote monitoring and management (RMM) and automation of tasks, streamlining users’ operations to get established, run, and grow their managed service provider (MSP) operations.  

Syncro’s unified and customizable solutions allow users to conduct business operations, that could be streamlined with its integrated invoicing, billing, contract management, automated remediation, and much more so that one can focus on generating revenue. Additionally, their tool offers users a 21-day trial.  

Prior to its most recent campaign, which researchers from Deep Instinct estimate started sometime in September, MuddyWater had employed a separate legitimate remote administration tool, named RemoteUtilities.  

According to the latest report by Deep Instinct, which mentions details of the MuddyWater attacks that recently took place on an Egyptian data hosting company, as well as the Israeli insurance and hospitality industries.  

"MuddyWater is not the only actor abusing Syncro […] It has also been observed recently in BatLoader and Luna Moth campaigns," the Deep Instinct team stated in the report. 

Moreover, MuddyWater has now joined BatLoader and Luna Moth threat groups, which have also been using Syncro in order to take control of devices. 

Security teams are cautioned by Deep Instinct which provided MuddyWater's indicators of compromise, to keep an eye out for unusual remote desktop apps inside their organisations. 

Read more »
User Security
Breach Data Data Breach Information User Data User Privacy User Security

LastPass Experiences its Second Major Data Breach in 4 Months

 

LastPass's data breach in August permitted a hacker to infiltrate the company again and steal customer data. LastPass announced on Wednesday that it was investigating the breach, which involved a third-party cloud storage service linked to company systems. 
“We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information,” the company wrote in a blog post(Opens in a new window). 

It is unknown what data was stolen. LastPass, on the other hand, has stated that customers' passwords should be safe because the company does not store(Opens in a new window) information on the "Master Password" that customers use to access the encrypted password vaults on the platform.

“We are working diligently to understand the scope of the incident and identify what specific information has been accessed. In the meantime, we can confirm that LastPass products and services remain fully functional,” the company said.  

Nonetheless, the incident demonstrates that the August breach at LastPass was more serious than previously thought. At the time, the company confirmed that the August breach only affected internal software development systems and did not include any customer password information. Despite this, the hacker was able to steal portions of the company's source code as well as some proprietary LastPass technical information, which likely paved the way for the subsequent intrusion.

LastPass also announced in September that it had completed its investigation into the breach with the assistance of cybersecurity firm Mandiant. According to the findings, the hacker only had access to the internal systems for four days. 

There was also no evidence of tampering. However, it appears that LastPass did not uncover all of the possible ways the hacker could use the access to breach the company again. LastPass did not identify the third-party cloud storage service used by the hacker to breach the company a second time. LastPass, on the other hand, has been sharing the cloud storage service with its affiliate GoTo. Private equity firms currently own both companies.

In response to the new breach, LastPass has implemented additional security measures and increased monitoring of its IT infrastructure. It has also contacted Mandiant and law enforcement to inquire about the hack.
Read more »
Real Estate Scam
Breach Cyber Attacks CyberCrime Databreach Real Estate Scam

Suffolk Cyberattacks: Breach Hamper Suffolk County Real Estate Industry

The local real estate industry has been severely hampered by a breach, that caused the Suffolk County government servers to shut down for more than 20 days.

Since September 8, the cyberattack has prevented access to county websites, servers, and databases, making it impossible to check property titles or submit records. Consequently, obstructing most of the transactions from going through.

According to Sheri Winter Parker, a Corcoran broker, confusion over the situation and when it might end means “my phone is ringing with nonstop texts and emails.”

According to The Suffolk Times, hacking group BlackCat claims credit for the Suffolk cyberattacks and demands a ransom payment in order to restore access to government servers. The BlackCat threat actors state that they have access to around four terabytes of data including individual residents, while much of the data is from the clerk.county.suf domain.

Although County officials have resorted to restoring some records in person, online databases remain inaccessible. Furthermore, County email addresses are offline too, resulting in a massive disruption for brokers, lawyers, and title companies, along with buyers and sellers.

According to Michael Gulotta, founding partner of Gulotta & Gulotta, a Ronkokoma-based law firm, “Real estate transactions are on hold[...]About 45 percent of our business is real estate. This has impacted our staff, clients, and affiliates in a major way.”

Computer experts, on the other hand, are raising concerns that Palo Alto, the cybersecurity company providing the front-line firewall of Suffolk’s defense against cyberattacks, is serving as the main forensic auditor to investigate what happened when the county’s system was hacked.

Palo Alto and RedLand (another cybersecurity company) are both responsible to safeguard Suffolk’s computer system since 2019. Besides, both companies were awarded new contracts in order to manage the county’s response to the attacks, analyse the breach and help resolve the issue.

Suffolk is yet to announce how exactly the threat actors breached its systems. However, the company has not blamed RedLand or Palo Alto for the attacks.

Since the county is still repairing damages from the attack, the police department, the Department of Health Services, and the Traffic and Parking Violations Agency have all taken a hit. 

Read more »
User Security
Breach Data Data Beach Leak User Data User Privacy User Security

MyDeal Data Breach: 2.2 Million Customers' Details Exposed

 

Woolworths claims that the personal information of 2.2 million customers of a website it owns has been compromised. 

Woolworths-owned MyDeal announced today that "a compromised user credential was used to gain unauthorised access to its Customer Relationship Management (CRM) system, resulting in the exposure of some customer data." 

Woolworths said in a statement that it is in the process of contacting the estimated 2.2 million people affected by email. The data accessed includes customer names, email addresses, phone numbers, delivery addresses, and, in some cases, the customer's date of birth for anyone who has had to prove their age when purchasing alcohol. According to the company, only 1.2 million customers' email addresses were exposed.

"MyDeal does not store payment, driver's licence or passport details and no customer account passwords or payment details have been compromised in this breach," Woolworths said.

It stated that the Mydeal.com.au website and app were not affected. There has also been "no compromise of any other Woolworths Group platforms or the Woolworths Group customer or Everyday Rewards records".

MyDeal CEO Sean Senvirtne said, "We apologise for the considerable concern that this will cause our affected customers. We have acted quickly to identify and mitigate unauthorised access and have increased the monitoring of networks. We will continue to work with relevant authorities as we investigate the incident and we will keep our customers fully informed of any further updates impacting them.

Pieter van der Merwe, the chief security officer at Woolworths Group, stated that the company's "cyber security and privacy teams are fully engaged and working closely with MyDeal to support the response." Woolworths stated that customers who were not contacted had their information not accessed.
Read more »
Spyware
attacks Breach Crypto cryptocurrency lazarus Lazarus Group malware Spyware

Hackers Used Fake LinkedIn Job Offer to Steal $625M

 

Earlier this year, Ronin Network (RON), the blockchain network behind the popular crypto games Axie Infinity and Axie DAO, experienced the greatest crypto attack against a decentralised financial network ever reported. 

The United States issued advice in May 2022, stating that highly competent hackers from North Korea were attempting to get work by posing as IT freelancers. The Axie Infinity attack was socially engineered, with the North Korean government-backed hacker organisation Lazarus into Sky Mavis' network by giving one of the company's workers a PDF file carrying malware. Lazarus' participation in such a high-profile breach should come as no surprise. 

In January 2022, analysts from several crypto security organizations concluded that North Korean hackers had stolen $1.3 billion from cryptocurrency exchanges throughout the world, with the famed Lazarus group as their top suspect. 

Axie Infinity Hack 

The employee, an ex-senior engineer at the firm, fell for the trap and opened the PDF, believing it was a high-paying job offer from another company. However, this firm did not exist in reality.

During the recruitment process, the ex-employee disclosed sensitive personal information that attackers utilised to steal from the organisation. Sky Mavis' staff are regularly threatened by sophisticated spear-phishing attempts on multiple social networks, according to the company. In this case, one person, who does not even work at Sky Mavis, was duped. 

How was Ronin hacked? 

According to The Block, at the time of the attack, Axie Infinity had nine validators from its proof-of-authority, an Ethereum-based sidechain Ronin. 

“The attacker managed to leverage that access to penetrate Sky Mavis IT infrastructure and gain access to the validator nodes,” Sky Mavis stated.

To get access to the company's networks, the attacker needed to seize five out of nine validators. The spyware-laced PDF allowed the attacker to gain control of four validators and get entry to the community-run Axie DAO (Decentralized Autonomous Organization), from which they gained control of the fifth validator. After breaching the network, the attackers took $25 million in USDC stablecoin and 173,600 ether (about $597 million) from Axie Infinity's treasury, totaling $625 million in crypto. 

Nonetheless, the Ronin sidechain upped the number of validators to 11 to improve security, and Sky Mavis is reimbursing Axie Players who lost crypto as a result of the hack. In April 2022, the company raised $150 million in funding. 

The US administration alleges that the assault was carried out by the renowned North Korean hacking organisation Lazarus. This organisation specialises in such attacks. This is hardly Lazarus' first foray into the blockchain sector. However, Lazarus using social engineering to infiltrate a company's networks is unusual. In reality, the Slovak internet security company ESET notified LinkedIn users in June 2020 about Lazarus' involvement in a complex LinkedIn recruiting fraud targeting military and aerospace industries.
Read more »
North Korean Hackers
Breach Crypto Crime Data Breach Lazarus Group North Korea North Korean Hackers

Lazarus Group Responsible For $100M Crypto-Heist


Cyber security researchers have found Lazarus Group responsible for stealing $100m worth of crypto via Harmony's Horizon Bridge, a California-based company. Lazarus group is a popular North Korean state-sponsored hacking group that was also behind $620 million worth of crypto theft from the Ronin exchange in March. 

Following the incident, the Harmony cybersecurity team was warned of the attack last week by blockchain forensics company Elliptic that the institution has been attacked by a cross-chain bridge. 

“There are strong indications that North Korea’s Lazarus Group may be responsible for this theft, based on the nature of the hack and the subsequent laundering of the stolen funds,” Elliptic wrote. 

Additionally, Reuters reported that Chainalysis, a blockchain firm is also investigating with Harmony; it claims that the attack style is similar to previous attacks attributed to North Korea-linked actors.

“On Thursday, June 23, 2022, the Harmony Protocol team was notified of a malicious attack on our proprietary Horizon Ethereum Bridge. At 5:30 AM PST, multiple transactions occurred that compromised the bridge with 11 transactions that extracted tokens stored in the bridge,” the company said in its blog. 

As the name suggests, Blockchain bridges allow users to transfer their crypto assets from one blockchain to another. The malicious actors stole $100 million in crypto assets, including Ethereum (ETH), Binance Coin, Tether, USD Coin, EOS, and Dai. 

Elliptic said that the hack was carried out by compromising the cryptographic keys of a multi-signature wallet, a technique that is popularly used by the suspected groups. 

“Lazarus Group tends to focus on APAC-based targets, perhaps for language reasons referring to the Asia-Pacific region. Although Harmony is based in the US, many of the core team has links to the APAC region,” Elliptic added. 

Further, the report suggests that after two days of attack Harmony offered to pay a $1 million bounty to the group for the return of Horizon bridge funds. Also, researchers reported that they have found the offenders behind the $100 million hack.
Read more »
Notice
Breach Cyber Data Cyber Security Data Privacy Hacking Notice

All Organisations Must Report Cybersecurity Beaches Within 6 Hours: CERT-In

 

CERT-In, India's computer, and emergency response team released new guidelines on Thursday that mandate that service providers, intermediaries, data centres, and government institutions disclose cybersecurity incidents, including data breaches, within six hours.

The government said in a release, "Any service provider, intermediary, data center, body corporate and Government organization shall mandatorily report cyber incidents [...] to CERT-In within six hours of noticing such incidents or being brought to notice about such incidents."

Compromise of critical systems, targeting scanning, unauthorised access to computers and social media accounts, website defacements, malware deployments, identity theft, DDoS attacks, data breaches and leaks, rogue mobile apps, and attacks against servers and network appliances such as routers and IoT devices are among the types of incidents covered.

The government stated  it was taking these steps to ensure that the required indicators of compromise (IoC) associated with security events are easily accessible to "carry out the analysis, investigation, and coordination as per the process of the law”

Concerned organisations are also required to synchronise ICT system clocks to the National Informatics Centre (NIC) or National Physical Laboratory (NPL) Network Time Protocol (NTP) Server, maintain ICT system logs for a rolling period of 180 days, and necessitate VPN service providers to maintain data such as names, addresses, phone numbers, emails, and IP addresses of subscribers for a minimum of five years, according to the guidelines.

The guidelines also require virtual asset service, exchange, and custodian wallet providers to preserve records on Know Your Customer (KYC) and financial transactions for a period of five years, starting in 60 days.

India's Ministry of Electronics and Information Technology (MeitY) said in a statement, "These directions shall enhance overall cyber security posture and ensure safe and trusted Internet in the country."

Read more »
Security threats
Axis Breach Cyber Attacks Datatheft Security threats

Swedish Camera Giant Axis Still Recovering From Cyberattack

 

Recently Camera maker Axis has reported to the public that the company is still struggling with a cyberattack that severely disrupted its IT systems on February 20th. 

The Swedish camera giant has released a statement on its official website and said that the organization was notified from its cybersecurity and intrusion detection system on Sunday before it shut down all its public-facing facilities globally in the wake of the cyberattack. 

Following the incident, the organization has reported that in their ongoing investigation they did not witness any information regarding an attack on their customer and partner data. 

"Our ongoing investigation of the attack has come a long way but is not entirely finalized. So far, we have no indication that any customer and partner data whatsoever has been affected. As far as the investigation currently shows, we were able to stop the attack before it was completed, limiting the potential damage," Axis said on Thursday. 

Furthermore, the company added that the external services of the company have been successfully recovered from the attack, and they are working towards restoring the remaining services.

“Most prioritized external services have now been restored. Restoring the remaining services is our highest priority, together with doing it in a way that does not jeopardize security. The time of disconnected services and limited possibilities to communicate with Axis has been an unfortunate but necessary consequence. Our gradual entry into a post-attack normal is based on changes that help us avoid similar future situations,” the company added. 

The company declared the outages on Twitter handle however it did not entertain requests for further comments. On its status site Friday afternoon, the company said its Case Insight tool in the US and the Camera Station License System were dealing with partial outages.
Read more »
Scam
Breach Cyber Crime data security EA FIFA hack phishing Scam

Hacker Hacked Multiple High-profile FIFA 22 Accounts by Phishing EA Support Agents

 

Electronic Arts (EA) has cited "human error" within its customer experience team for a recent wave of high-profile FIFA Ultimate Team account takeovers, with some individuals falling victim to a socially engineered phishing attack. 

EA initiated an inquiry after several top traders in FIFA's Ultimate Team game complained that their accounts had been taken over and emptied of points and thousands of dollars in-game currency last week. Phishers were able to hack less than 50 top trader accounts by "exploiting human error" among EA's customer care employees, according to a post on the company's website on Tuesday. 

The company stated, “Utilizing threats and other ‘social engineering’ methods, individuals acting maliciously were able to exploit human error within our customer experience team and bypass two-factor authentication to gain access to player accounts.” 

Ultimate Team is an online soccer game in which players create virtual squads of real-life competitive players and compete against other online teams. Top traders acquire a substantial amount of in-game currency and points by exchanging individuals and forming diverse teams. 

EA eventually identified was a situation described online by traders who posted screenshots of unusual account behaviour, such as attackers calling EA's customer service via the live chat feature and demanding that an account's email address be altered. While many of these requests were ignored, at least one customer service representative eventually gave in to pressure and altered an account holder's email address. This necessitated the staffer circumventing security processes that require extra verification from account owners, according to a Twitter user and Ultimate Team trader called FUT Donkey, who stated his account had been hacked. 

Response & Impact: 

In response to the incident, EA will require "EA advisors and individuals who assist with the service of EA accounts" to get individual re-training, as well as additional team training primarily focused on security, practices, and phishing techniques, according to the company. 

EA will also add stages to the account ownership verification procedure in FIFA Ultimate Team, including "mandatory managerial permission for all email change requests," according to the company. 

According to the company's article, it will also upgrade its customer experience software to clearly evaluate and identify suspicious behavior and at-risk accounts to further restrict the potential for human mistakes in the account update process. 

The incident should serve as a warning to other gaming platforms: Hackers that attack these sites will continue to show off their skills, just as top traders compete for accolades and currency within the game, according to another security specialist in an email to Threatpost. 

Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify stated, “Gamers and streamers are a massive global trend across social media platforms, capturing the attention of millions who want to know their secret techniques on how they get to the next level.” 

“Hacking is now also becoming a glorified streamed event with the world’s top hackers streaming their hacking skills online, showing off new techniques and methods on how to bypass security and get the initial foothold.” 

Unfortunately for gaming platforms, he noted in his email that this new trend will "certainly grow and manifest in the year ahead."
Read more »
Subscribe to: Posts (Atom)