Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyberhacking. Show all posts
Leido
Cyber Vulnerabilities Cyberattacks CyberCrime Cyberhacking CyberThreat Data Breach Data Exposes IT Documents Leido

Hacking Group Exposes Pentagon IT Provider's Documents

 


A person familiar with the matter informed us that hackers stole internal documents from Leidos Holdings Inc., one of the largest IT service providers in the US government, in an attempted breach of security. There has been a recent discovery at Leidos and they believe they were the victim of a previously disclosed breach of a Diligent Corp. system they used, which was in use at the time, said the person who requested not to be named because it is an internal matter. According to the person who spoke with me, Leidos is currently investigating this issue. 

As one of the most highly regarded companies in the world, Leidos' clients include the Defense Department, Homeland Security Department, and NASA, as well as other national and international government agencies. Based on a filing in Massachusetts dated June 2023, it was reported that Leidos used the Diligent system to store information that was gathered during internal investigations. It has been reported that Leidos has refused to comment on the information that has been stolen. 

A request for comments was not immediately responded to by the Pentagon, the Department of Homeland Security, and NASA. As Bloomberg News discovered, some files purportedly from Leidos had been posted on a cybercrime forum, but the details of those files had been redacted, so Bloomberg could not verify the authenticity of the files. Even though Steele Compliance Solutions is owned by Steele, which acquired the company in 2021, a diligent spokesperson said it appears that the leak and its source are related to a hack in 2022. 

At that time, there were less than 15 customers, including Leidos, who were using the product, according to the company. Detailed in a data breach notice filed in Massachusetts on November 11, 2022, Diligent declared the breach to Leidos after discovering the data leak. The attack was carried out by an unauthorized party who exploited a weakness in Diligent's platform to download documents, which may have occurred as early as September 30th of last year. 

The third intruder exploited a second vulnerability around or around October 1, 2022, allowing him to gain access to data submitted through Leidos' enterprise case management system (ECMS), hosted by Diligent, as well as personal information submitted via the system. Earlier reports indicated that the leak of data was linked to Steele Compliance Solutions, one of Diligent's subsidiary companies acquired in 2021, and that was where the scandal originated. 

When mergers and acquisitions occur, there is chaos and sensitive information may be transferred between the two companies, giving hackers a prime opportunity to exploit the situation. An FBI report published in 2021 forecasted that cybercriminals will target organizations during "time-sensitive financial events" such as mergers and acquisitions to extract sensitive information. On February 9, 2023, Leidos received notification of a second data leak, which prompted an investigation into a possible security breach. 

During the investigation, it was discovered that the impacted documents contained personal information, and to allow victims to be able to protect themselves against identity theft, the defence contractor offered two years of identity theft protection. Leidos confirmed that this data leak was caused by an incident that occurred in 2023 that impacted a third-party vendor for which all necessary notification was made in the past. 

According to the Pentagon defence contractor, “our network or any sensitive customer data was not affected by the incident.” At the time of the incident, the product in question was being used by fewer than 15 customers, including defence contractor Leidos, as reported by the company. In a data breach notice filed in Massachusetts on November 11, 2022, Diligent Corporation disclosed the breach to Leidos after discovering unauthorized access to its data. The breach involved an unauthorized party exploiting a vulnerability in Diligent's platform to download documents. 

It is believed that this exploitation may have occurred as early as September 30, 2022. A subsequent intrusion was identified around October 1, 2022, where a third-party attacker exploited a second vulnerability. This allowed the intruder to access data submitted through Leidos' Enterprise Case Management System (ECMS), which was hosted by Diligent, and personal information submitted via the system. Previous reports had indicated that the data leak was associated with Steele Compliance Solutions, a subsidiary of Diligent acquired in 2021 and that this subsidiary was the origin of the breach. 

Mergers and acquisitions often involve transferring sensitive information between companies, creating opportunities for cybercriminals to exploit these transitions. An FBI report published in 2021 anticipated that cybercriminals would target organizations during "time-sensitive financial events," such as mergers and acquisitions, to extract sensitive information. On February 9, 2023, Leidos was notified of a second data leak, which triggered an investigation into a potential security breach. 

The investigation revealed that the compromised documents contained personal information. In response, Leidos offered two years of identity theft protection to allow affected individuals to protect themselves against identity theft. Leidos confirmed that the data leak was caused by an incident in 2023 that affected a third-party vendor. The company assured that all necessary notifications had been made in the past and emphasized that neither their network nor any sensitive customer data were impacted by the incident.
Read more »
Hacker attack
Bank Data Bank Hacking Credit Card hack Cyber Attacks Cyberhacking data security Hacker attack

Hacker Subscription Service Exposes 600,000 Bank Card Details

 

A disturbing new hacker subscription service has emerged, offering access to 600,000 stolen bank card details for a fee of just £120. This service, identified by cybersecurity researchers from Flare, is named “Breaking Security” and allows its subscribers to exploit stolen bank card information for various illicit activities, including unauthorized transactions and identity theft. 

The service provides subscribers with detailed information about the compromised cards, including card numbers, expiration dates, and CVV codes. This data enables hackers to make online purchases or even clone the cards for physical transactions. The subscription service’s affordability and extensive database make it particularly dangerous, as it lowers the barrier for individuals seeking to engage in cybercrime. Flare’s researchers have highlighted the significant threat posed by Breaking Security, noting that such services are part of a growing trend in the cybercrime industry. These services make it easier for less technically skilled individuals to access sophisticated tools and data, leading to a rise in cybercrimes. 

The availability of such a service underscores the evolving nature of cyber threats and the increasing sophistication of criminal networks. Authorities are currently investigating Breaking Security to identify and apprehend the perpetrators behind the service. Law enforcement agencies are working to mitigate the impact on the affected individuals and prevent further exploitation of the stolen card data. The investigation is focused on tracking down the source of the data breach and the infrastructure supporting the subscription service. This incident highlights the critical importance of robust cybersecurity measures for both individuals and organizations. 

For individuals, it is crucial to regularly monitor bank statements for unauthorized transactions and to use security features such as two-factor authentication wherever possible. Organizations, on the other hand, must invest in comprehensive security solutions to protect sensitive data and detect breaches promptly. The emergence of Breaking Security also points to a broader issue within the cybercrime ecosystem. As long as there is a market for stolen data, cybercriminals will continue to find innovative ways to monetize their activities. 

This calls for a coordinated effort between law enforcement, cybersecurity experts, and financial institutions to dismantle such operations and safeguard against future threats. In conclusion, the discovery of the Breaking Security subscription service represents a significant threat to financial security and privacy. The service’s ability to provide extensive access to stolen bank card details for a relatively low cost is alarming. It underscores the need for enhanced vigilance and proactive measures to combat the growing menace of cybercrime. 

As investigations continue, it is essential for individuals and organizations to remain vigilant and take necessary steps to protect themselves from such sophisticated threats.
Read more »
Symantec
Cyber Attacks Cyberhacking Hacker attack Hacker group Kimsuky Linux Malware Malware Trojan North Korea Hackers Software Symantec

North Korean Hacker Group Kimsuky Deploys New Linux Malware 'Gomir' via Trojanized Software Installers

 

North Korean hacker group Kimsuky has unveiled a new Linux malware named "Gomir," a variant of the GoBear backdoor. This development marks a significant advancement in the group's cyber espionage tactics. Kimsuky, linked to North Korea’s military intelligence, the Reconnaissance General Bureau (RGB), has a history of sophisticated cyber attacks aimed primarily at South Korean entities. 

In early February 2024, researchers at SW2, a threat intelligence company, reported a campaign by Kimsuky involving trojanized versions of various software solutions. These included TrustPKI and NX_PRNMAN from SGA Solutions and Wizvera VeraPort. The primary targets were South Korean entities, and the malicious software delivered the Troll Stealer and Go-based Windows malware known as GoBear. 

Further investigation by Symantec, a Broadcom company, revealed that the same campaign also deployed a Linux variant of the GoBear backdoor, dubbed "Gomir." This new malware shares many similarities with its Windows counterpart, featuring direct command and control (C2) communication, persistence mechanisms, and support for executing a wide range of commands. Upon installation, Gomir checks the group ID value to determine if it runs with root privileges on the Linux machine. 

It then copies itself to /var/log/syslogd for persistence, creates a systemd service named ‘syslogd,’ and issues commands to start the service. Following these steps, the original executable is deleted, and the initial process is terminated. To ensure it runs on system reboot, the backdoor attempts to configure a crontab command by creating a helper file ('cron.txt') in the current working directory. If successful, the helper file is removed. Gomir supports 17 operations triggered by commands received from the C2 via HTTP POST requests. 

These operations include pausing communication with the C2 server, executing arbitrary shell commands, reporting the current working directory, probing network endpoints, and more. Notably, these commands are almost identical to those supported by the GoBear Windows backdoor, highlighting the malware's versatility and Kimsuky's ability to adapt its tools across different operating systems. Symantec researchers have pointed out that supply-chain attacks, such as trojanized software installers and fake installers, are a preferred attack method for North Korean espionage actors. 

The choice of software for trojanization seems to be carefully selected to maximize infection rates among South Korean targets. By compromising widely used software solutions, Kimsuky increases its chances of infiltrating targeted systems and exfiltrating valuable data. The implications of Kimsuky's activities are significant. By enhancing their malware capabilities and expanding their target range to include Linux systems, Kimsuky poses a heightened threat to organizations, particularly those in South Korea. 

The use of advanced malware like Gomir demonstrates the group's continuous evolution and sophistication in cyber espionage. Symantec's report on this campaign includes a set of indicators of compromise (IOCs) for multiple malicious tools observed, including Gomir, Troll Stealer, and the GoBear dropper. These IOCs are crucial for cybersecurity professionals to detect and mitigate the impact of these threats. 

As the digital landscape continues to evolve, the need for robust cybersecurity measures becomes ever more critical. Organizations, especially those in high-target regions like South Korea, must remain vigilant and proactive in their defense strategies. This includes regularly updating software, conducting thorough security assessments, and implementing comprehensive threat detection and response mechanisms. 

The emergence of Gomir and similar threats underscores the importance of international cooperation in combating cybercrime. By sharing intelligence and collaborating on cybersecurity initiatives, nations can better protect their critical infrastructure and sensitive data from sophisticated threat actors like Kimsuky.
Read more »
Vulnerabilities and Exploits
Cyber Breach Cyberhacking Gaming Community Security Breach Vulnerabilities and Exploits

Playdapp's $31M Token Heist and Silent Reward Controversy

 

In a surprising and concerning turn of events, the gaming world faced a significant security breach as Playdapp, a prominent gaming platform, fell victim to a cyber intrusion. The breach resulted in a hacker successfully minting tokens with an estimated worth of $31 million. Adding an intriguing twist to the incident, the gaming platform has chosen an unconventional approach by offering a reward for silence, sparking debates over transparency and cybersecurity practices. 
 
Playdapp, known for its interactive and immersive gaming experiences, recently faced a severe security breach. A cyber intruder managed to exploit vulnerabilities within the platform, orchestrating a complex attack that allowed them to mint tokens valued at an astonishing $31 million. The scale and sophistication of the breach have raised concerns not only within the gaming community but also across the broader cybersecurity landscape. 
 
The hacker responsible for the Playdapp breach successfully capitalized on the compromised security, minting tokens that hold substantial monetary value. This financial windfall poses not only an immediate threat to the platform but also highlights the potential long-term repercussions for both Playdapp and its user base. Adding an unusual twist to the narrative, Playdapp has opted to issue a reward for silence regarding the breach. 

This decision has sparked controversy and ignited discussions about the ethical considerations surrounding such incentives. Critics argue that this approach may compromise transparency and hinder the dissemination of crucial information that could benefit the broader cybersecurity community. As Playdapp grapples with the aftermath of the breach, the incident sheds light on the vulnerabilities prevalent in online gaming platforms. 

The industry, already a lucrative target for cybercriminals due to the value associated with in-game assets, now faces heightened scrutiny regarding the robustness of its security measures. The breach serves as a stark reminder for gaming platforms and other online services to reevaluate and fortify their cybersecurity protocols. 

With a surge in cyber threats targeting the gaming community, the need for robust defense mechanisms and proactive security measures has never been more apparent. Playdapp's decision to offer a reward for silence introduces an ethical quandary. While the platform may argue that such incentives are intended to protect users and prevent panic, critics contend that transparency is paramount in building trust. Striking a balance between safeguarding sensitive information and providing users with the transparency they deserve becomes a pivotal challenge in the aftermath of such breaches.
Read more »
Password Hacking
CyberCrime. Cyberhacking Hack-able Passwords Password Hacking

100,000 Most Hack-able Passwords and Tips to Steer Clear of Them!




Keeping a password is an essential requirement and it stands a high stand in keeping a person’s private life, Private.

The need emerges from the necessity of keeping your stuff (any sort) locked away from people who don’t need to see it and from people who got no business of seeing it.

Hence, looking and raking for that almost perfect password is super necessary. Especially with all these hackers and cyber-cons always round the corner.

One thing to always keep in mind is that if a password is even mildly easy for a user to keep in mind, it is super easy for a hacker to hack.

Per the UK’s Cyber Security Center Breach analysis, the password, “123456 was found to be used 23 million times during breaches.

That password was followed by a “12345678 in the list, which was found to be used around 7 million times in the breaches.

The most horrendously obvious password used are, “123456” and “password”.

Other passwords on the list were, “ashley”, “michael”, “qwerty” and “1111111”.

The following is the link to the top 100,000 most hack-able passwords.

https://www.ncsc.gov.uk/static-assets/documents/PwnedPasswordTop100k.txt


A Few Tips!

1.    A strong password should have at least six characters which include a combination of upper cases, lower cases, symbols and number.

2.  If your passwords happen to match with the ones in the list change them as soon as possible.

3.  The very first step to take could be thinking of difficult to guess passwords by combining memorable plus random words.

4.  The more creative the password the safer the account it protects.


5.  Complexity is a must.

6.  Enforce strong password policy on every account possible.

7.   Check the password regularly and use 2FA (Factor Authentication) for major sites, accounts especially emails etc.

8.  All the passwords should be unique for all the different sites and accounts.

9.  All the default passwords must be changed because the IT department always has a list.

Other ways of protecting include using a password manager for less important websites and accounts.
Read more »
TajMahal
Breach of Security and Privacy Computer Hacking Cyberhacking Security researcher Spyware TajMahal

Hidden for 5 years, complex ‘TajMahal’ spyware discovered

It's not every day that security researchers discover a new state-sponsored hacking group.

Spyware is inherently intriguing primarily because of the complexity that allows it to carry out its malicious plans, and breaking them down is something that security researchers have to do on a regular basis. However, a unique form of spyware with a phenomenal 80 different components and all kinds of tricks has been discovered by a group of analysts after it. Also, this spyware had been under wraps for more than five years.

A technically sophisticated cyberespionage framework that has been active since at least 2013 has been outed by security researchers.

In a recent talk at the Kaspersky Security Analyst Summit in Singapore, researcher Alexey Shumin shed light on the firm’s groundbreaking discovery of an adaptable Swiss Army spyware framework called TajMahal.

Security researchers still aren't sure who's behind the versatile TajMahal spyware—or how they went undetected for so long. ‘TajMahal’ modules and bundles functionality which have never been before seen in an advanced persistent threat, such as the ability to steal information from printer queues and to grab previously seen files from a USB device the next time it reconnects. And that unique spyware toolkit, Kaspersky says, bears none of the fingerprints of any known nation-state hacker group.

The 80 distinct modules include not just the standard ones like keylogging and screen-grabbing but also completely new tools.

TajMahal include two main packages: ‘Tokyo’ and ‘Yokohama’. Tokyo contains the main backdoor functionality, and periodically connects with the command and control servers.

TajMahal is a wonder to behold.

"Such a large set of modules tells us that this APT is extremely complex," Shulmin wrote in an email interview ahead of his talk, using the industry jargon—short for advanced persistent threat—to refer to a sophisticated hackers who maintain long-term and stealthy access to victim networks. "TajMahal is an extremely rare, technically advanced and sophisticated framework, which includes a number of interesting features we have not previously seen in any other APT activity. Coupled with the fact that this APT has a completely new code base—there are no code similarities with other known APTs and malware—we consider TajMahal to be special and intriguing."
Read more »
Remote Desktop Protocol
Canada CIRA CyberCrime Cyberhacking Free car parking. malware Ransomware Remote Desktop Protocol

Canadian Internet Registration Authority’s Car Parking System Struck By Ransomware!








Reportedly, CIRA’s car parking system was infected via a ransomware and was hacked into to let people park for free.


Canadian Internet Registration Authority is a gigantic internet domain which has 2.8 million, under its wings with a .ca domain.

The yet anonymous cyber-cons compromised CIRA’s car parking system, aiding people to park without getting their parking passes scanned.

Allegedly, some other company manages the car parking under CIRA.

Initially the cause which was thought to be a power failure or mechanical system crash, turned out to be a ransomware attack.



The database which was used by the car parking system for management was specifically compromised.

That very database also holds tens and tens of employee credit cards which if in wrong hands could wreak serious havoc.

After further analysis it was discovered that the ransomware in question could possibly be “Darma”.

This ransomware goes about infecting computers by way of RDP connections restricting to system that run on RDP (Remote Desktop Protocol) online.

These cyber-cons target the RDP protocol which runs on 3389. After performing a brute force attack they tried to harvest administrative credentials.


Later on an attempt at performing malicious activities on the system as made.

The silver lining happens to be that the stored card details would reclaim all the damage done by the free parking.

According to CIRA’s security survey, 37% of businesses don’t employ anti-malware protections.

CIRA also cited that they have no way whatsoever of knowing what sort of security measures are employed by the car parking in question.

Read more »
San Francisco.
Beto O'Rourke Cult of the Dead Cow Cyberhacking El Paso San Francisco.

Beto O’Rourke Was A Former Hacking Group Member In His Teen Days!




Beto O’Rourke, who’s better known for his candidature for the Democratic Presidential seat, has been revealed to be a part of an eminent hacking group in his teen days.


Recently in an interview for an upcoming book, O’Rourke confirmed that during his days in El Paso, he was a member of a hacking cult of the name, “Cult of the Dead Cow”.

His major tasks while in the group comprised of stealing long-distance phone service, participating stealthily in electronic discussions and related offenses.

While in the group he also took to writing online essays by the pen name of “Psychedelic Warlord”.

The essays ranged from fiction from the perspective of a killer to mocking a neo-Nazi.

According to the article, the ex-congressman was one of the most renowned former hackers of the American Politics.

The book goes by the name of “Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World.”

The book also encompasses the first-time mentions of the members of the aforementioned cult after they finally agreed to be named.

There is neither evidence nor insinuations as to Beto being a part of illegal hacking activities that deal with writing code or so.

The group in 1980s started getting known for hijacking others’ machines. It was all kind of controversial.

O’Rourke being a presidential candidate gets kind of in a shady side of the court with a past like this.

He was born to a high-up family in El Paso, but he also had played in a punk band before he started his small technology business and stepped into local politics.

O’Rourke’s national presence was enhanced when he defeated Texas Republican Sen. Ted Cruz during a Senate campaign.

On the brighter side, Beto’s involvement shows a profound sense of technological comprehension and a powerful will to change what’s not required.

Read more »
Subscribe to: Posts (Atom)