Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cybersecurity Breach. Show all posts

Fortinet Cybersecurity Breach Exposes Sensitive Customer Data

 

Fortinet experienced a significant cybersecurity breach involving a third-party cloud drive, where 440 GB of data was leaked by a hacker named “Fortibitch” after the company refused to pay the ransom. The breach affected about 0.3% of Fortinet’s customers, roughly 1,500 corporate users, and included sensitive information such as financial documents, HR data, customer details, and more. Experts highlight that the breach underscores the critical need for implementing rigorous cybersecurity measures like multi-factor authentication (MFA) and robust identity access management (IAM) systems. 

Multi-factor authentication is particularly emphasized as a vital layer of defense against unauthorized access, significantly reducing the risk of data exposure when combined with strong identity access management. Organizations need to ensure that they enforce MFA and other identity management protocols consistently, especially for accessing essential systems like SharePoint and cloud storage services. Jim Routh, Chief Trust Officer at Saviynt, pointed out the growing concern over cloud security, given its increased adoption in software development and data storage. He stressed that without proper safeguards, such as MFA and secure access controls, sensitive data is at risk of exposure. 

Cybersecurity analyst Koushik Pal from CloudSEK echoed this sentiment, advocating for stricter IAM policies and urging organizations to regularly monitor repositories for potential misconfigurations, exposed credentials, or sensitive data leaks. This kind of vigilance is necessary for all teams to adhere to security best practices and minimize vulnerabilities. Relying on third-party vendors for data storage, as Fortinet did, is not inherently dangerous but introduces additional risks if strict security protocols are not enforced. The breach serves as a reminder that even established cybersecurity companies can fall victim to attacks, highlighting the need for ongoing vigilance. 

According to Routh, it’s crucial for system administrators to manage accounts meticulously, ensuring that identity access management protocols are properly configured and that privileged access is monitored effectively. The breach exemplifies how cybercriminals exploit security weaknesses to gain unauthorized access to sensitive data. As cloud technologies continue to be integrated into businesses, the responsibility to protect data becomes increasingly important. Cybersecurity experts emphasize that organizations must invest in proper training, regularly update security measures, and remain vigilant to adapt to evolving cyber threats. 

Ensuring that MFA, identity management systems, and monitoring practices are in place can go a long way in protecting against similar breaches in the future. This Fortinet incident serves as a wake-up call, showing that no organization is entirely immune to cyber threats, regardless of its expertise in cybersecurity.

Avis Data Breach Exposes Over 400,000 Customers’ Personal Information

 

Over 400,000 customers of Avis, a prominent car rental company known for its presence at U.S. airports, have had their personal data compromised in a recent cybersecurity breach. The company revealed the incident to the public on Monday, stating that the breach occurred between August 3 and August 6. Avis, which is part of the Avis Budget Group, sent notifications to affected customers last week, advising them on how to protect themselves from potential identity theft or fraud. 

The Avis Budget Group, which owns both Avis and Budget, operates over 10,000 rental locations across 180 countries, generating $12 billion in revenue in 2023, according to its most recent financial report. However, the recent data breach has cast a shadow over its operations, highlighting vulnerabilities in its data security measures. In a data breach notice filed with the Iowa Attorney General’s office, Avis disclosed that the compromised information includes customer names, dates of birth, mailing addresses, email addresses, phone numbers, credit card details, and driver’s license numbers. 

A separate filing with the Maine Attorney General revealed that the data breach has impacted a total of 299,006 individuals so far. Texas has the highest number of affected residents, with 34,592 impacted, according to a report filed with the Texas Attorney General. The fact that sensitive personal information was stored in a manner that allowed it to be accessed by cybercriminals has raised serious questions about the company’s data protection practices. Avis first became aware of the data breach on August 5 and took immediate steps to stop the unauthorized access to its systems.

The company stated that it had launched a comprehensive investigation into the incident and enlisted third-party security consultants to help identify the breach’s origins and scope. Avis has not yet disclosed specific details about the nature of the attack, the vulnerabilities exploited, or the identity of the perpetrators, leaving many questions unanswered. This breach underscores the growing challenges faced by companies in protecting customer data in an increasingly digital world. While Avis acted quickly to contain the breach, the company’s reputation could suffer due to the extent of the data compromised and the sensitive nature of the information accessed. 

The breach also serves as a reminder of the importance of robust cybersecurity measures, especially for businesses that handle large volumes of personal and financial data. The incident has also prompted scrutiny from regulators and data privacy advocates. Many are questioning how sensitive customer information was stored and protected and why it was vulnerable to such an attack. Companies like Avis must ensure they are equipped with advanced security systems, encryption protocols, and regular audits to prevent such breaches from occurring in the future. As the investigation continues, Avis customers are advised to monitor their financial accounts closely, watch for signs of identity theft, and take appropriate measures.

Ransomware Attack on Patelco Credit Union Disrupts Services for Nearly Half a Million Members

 

A ransomware attack on Bay-area Patelco Credit Union has disrupted banking services for nearly half a million members, and the outage could persist for weeks.

The credit union announced the attack on June 29 via Twitter. The affected services include online banking, the mobile app, direct deposits, transfers, debit and credit card transactions, Zelle, balance inquiries, online bill payments, and monthly statements, among others.

Patelco Credit Union, based in Dublin, California, serves the San Francisco Bay Area and Northern California. In addition to consumer banking, it offers mortgage origination, home equity lines of credit, and mortgage refinancing.

Patelco CEO Erin Mendez issued a statement on Wednesday confirming that cybersecurity specialists have validated the "core systems" and assured members that their money is "safe and secure." However, she mentioned that full system functionality is not expected to be restored over the weekend.

"I know this continues to cause our members frustration and many of you have questions," she said, promising that any fees incurred due to the shutdown will be waived. "We hear your concerns and are working around the clock to address them. Our team is committed to doing everything we can to support our members through this difficult situation."

The Mercury News reported that hackers infiltrated the bank’s internal databases via a phishing email, encrypting its contents and locking the bank out of its systems.

Operating as a nonprofit cooperative, Patelco holds $9 billion in assets. Despite providing daily updates since the attack, there is no clear timeline for when systems will be fully restored, and further outages are possible.

Services that remain operational include check and cash deposits, ATM withdrawals, ACH transfers, ACH for bill payments, and in-branch loan payments.

Patelco Credit Union Working Diligently to Recover from Security Incident

 

A ransomware attack on Patelco Credit Union in the Bay Area has disrupted banking services for nearly half a million members, with the outage potentially lasting for weeks.

The credit union announced the attack on June 29 through Twitter. Affected services include online banking, the mobile app, direct deposits, transfers, debit and credit card transactions, Zelle, balance inquiries, online bill payments, and monthly statements.

Besides consumer banking, Patelco Credit Union also provides mortgage origination, home equity lines of credit, and mortgage refinancing. Headquartered in Dublin, California, the credit union serves the San Francisco Bay Area and Northern California.

On Wednesday, Patelco CEO Erin Mendez issued a statement confirming that their cybersecurity team has validated the "core systems" and assured members that their funds are "safe and secure." However, she noted that the systems would not be operational by the weekend.

“I understand this situation continues to frustrate our members and that many have questions,” Mendez said. She added that any fees resulting from the outage would be waived. “We are aware of your concerns and are working tirelessly to resolve them. Our team is fully dedicated to supporting our members during this challenging time.”

According to The Mercury News, hackers accessed the bank’s internal databases via a phishing email, encrypting the contents and locking the bank out of its systems.

Patelco, a nonprofit cooperative with $9 billion in assets, has been providing daily updates since the attack but has not provided a specific timeline for when services will be fully restored. They have also cautioned that further outages may occur.

Currently, members can still perform check and cash deposits, ATM withdrawals, ACH transfers, ACH bill payments, and in-branch loan payments.

Panera Bread and Omni Hotels Hit by Ransomware Outages: What You Need to Know

 

In a tumultuous turn of events, Panera Bread and Omni Hotels were thrust into the chaos of ransomware attacks, unleashing a cascade of disruptions across their operations and customer services. 

Panera Bread, celebrated for its culinary delights and pioneering loyalty programs, found itself in the throes of a massive outage that paralyzed its internal IT infrastructure, communication channels, and customer-facing platforms. The ransomware strike, striking on March 22, 2024, encrypted critical data and applications, plunging employees and patrons into disarray amidst the ensuing turmoil. 

Among the litany of grievances, Panera Sip Club members were left disheartened by their inability to savour the benefits of their subscription, notably the tantalizing offer of unlimited drinks at a monthly fee of $14.99. The frustration reverberating among members underscored the profound repercussions of cyber incidents on customer experience and brand loyalty. 

As of January 23, 2024, Panera Bread and its franchise network boasted an extensive presence with 2,160 cafes sprawled across 48 U.S. states and Ontario, Canada. However, the ransomware onslaught cast a shadow over the company's expansive footprint, laying bare vulnerabilities in cybersecurity defenses and underscoring the imperative for robust incident response protocols. 

In tandem, Omni Hotels grappled with a parallel crisis as ransomware-induced IT outages wreaked havoc on reservation systems and guest services. The bygone week witnessed a flurry of disruptions, from protracted check-in delays averaging two hours to resorting to manual interventions to grant access to guest rooms. 

The financial fallout of these cyber calamities remains nebulous, yet the toll on customer trust and brand reputation is palpable. The opacity shrouding the attacks has only exacerbated apprehensions among employees and patrons alike, accentuating the exigency for fortified cybersecurity measures and transparent communication strategies.

Amidst the evolving threat landscape, organizations must fortify their cybersecurity defenses and hone proactive strategies to avert the pernicious impact of cyber threats. From regular data backups and comprehensive employee training to the formulation of robust incident response blueprints, preemptive measures are pivotal in blunting the impact of cyber onslaughts and fortifying resilience against future incursions. 

The ransomware assaults on Panera Bread and Omni Hotels serve as poignant reminders of the pervasive menace posed by cyber adversaries. By assimilating the lessons gleaned from these incidents and orchestrating proactive cybersecurity initiatives, businesses can bolster their resilience and safeguard the interests of stakeholders, employees, and patrons alike.

Hackers Steal Nearly $10 Million from Axie Infinity Co-founder’s Personal Accounts

 

A significant amount of cryptocurrency, valued at nearly $10 million, has been reported stolen from personal accounts belonging to Jeff "Jihoz" Zirlin, one of the co-founders associated with the video game Axie Infinity and its affiliated Ronin Network.

According to reports, Zirlin's wallets were compromised, resulting in the theft of 3,248 ethereum coins, equivalent to approximately $9.7 million. Zirlin took to social media to confirm the incident, stating that two of his accounts had been breached. 

However, he emphasized that the attack solely targeted his personal accounts and did not affect the validation or operations of the Ronin chain or Axie Infinity,as reiterated by Aleksander Larsen, another co-founder of the Ronin Network.

The method through which the intruders gained access to Zirlin's wallets remains unclear. The Ronin Network serves as the underlying infrastructure for Axie Infinity, a game renowned for its play-to-earn model based on ethereum, particularly popular in Southeast Asia. 

Notably, the system had previously fallen victim to a $600 million cryptocurrency heist in March 2022, an attack attributed by U.S. prosecutors to the Lazarus Group, a cybercrime operation allegedly backed by North Korea.

Analysts tracking the recent theft traced the stolen funds to activity on Tornado Cash, a cryptocurrency mixer designed to obfuscate the origin of funds. It's worth noting that Lazarus had previously utilized this mixer to launder proceeds from the 2022 hack. The U.S. government, in response, had separately imposed sanctions on Tornado Cash.

Blockchain investigator PeckShield described the incident as a "wallet compromise," indicating a breach in security measures. Despite the breach, Zirlin assured stakeholders of the stringent security protocols in place for all activities related to the Ronin chain.

Security Breach at AnyDesk: Production Servers Hacked, Password Reset

 

AnyDesk, a widely used remote desktop application, is currently grappling with a significant security breach that has raised alarm among its user base. The company recently disclosed that malicious actors successfully infiltrated its production servers, gaining unauthorized access to sensitive information and triggering a large-scale password reset for its users. 

AnyDesk functions as a remote desktop solution, allowing users to access and control their computers from anywhere in the world. Renowned for its user-friendly interface, high performance, and cross-platform compatibility, AnyDesk has become a popular choice for both personal and professional remote connectivity. 

However, the recent security incident sheds light on the inherent vulnerabilities in remote desktop software, particularly in ensuring robust security measures. Despite encryption and authentication protocols in place, hackers often exploit weaknesses in these systems to gain unauthorized access. The breach of AnyDesk's production servers indicates a potential lapse in the platform's security infrastructure. 

The extensive user base of AnyDesk, consisting of millions relying on the platform for remote work and other activities, makes it an attractive target for cybercriminals. The breach not only allowed unauthorized access to user accounts but also led to a mass password reset, creating additional challenges for users and emphasizing the significant impact of such security compromises. 

In response to the breach, AnyDesk promptly acknowledged the incident and urged users to reset their passwords immediately. The company is actively investigating the extent of the compromise and is committed to enhancing its security measures to prevent future breaches. AnyDesk reassures its users that measures are being taken to safeguard the integrity of the platform. 

The forced password reset has left AnyDesk users facing potential disruptions to their remote work and personal activities. As a precautionary measure, users are advised to regularly update their passwords, enable two-factor authentication where available, and remain vigilant for any suspicious activities on their accounts. 

The AnyDesk security breach underscores the ongoing challenges faced by remote desktop software providers in maintaining the security of user data. In an era where remote connectivity has become the norm, ensuring the safety of personal and professional information must be a top priority. Users are encouraged to adopt best cybersecurity practices, stay informed about security updates, and take proactive measures to enhance their overall online security.

Security Breach: Hacker Poses as Meta Recruiter, Targets Aerospace Company

 

The Lazarus Group, an entity linked to North Korea, has been identified in a cyber espionage operation aimed at an aerospace firm based in Spain. The scheme involved impersonating a Meta recruiter on LinkedIn to approach employees of the targeted company. 

These individuals were then tricked into opening a malicious file that masqueraded as a coding challenge or quiz. This attack is part of a broader spear-phishing campaign known as Operation Dream Job. Its goal is to entice employees from potential strategic targets with enticing job opportunities, thereby initiating the infection process.

In a recent technical report shared with The Hacker News, ESET security researcher Peter Kálnai shed light on the attack. In a previous incident this March, the Slovak cybersecurity company had outlined an attack focused on Linux users, where fake HSBC job offers were used to deploy a backdoor named SimplexTea.

The latest intrusion, designed for Windows systems, aims to install an implant referred to as LightlessCan. Kálnai emphasized the significance of this new payload, highlighting its sophistication and representing a substantial advancement compared to its predecessor, BLINDINGCAN. BLINDINGCAN, also known as AIRDRY or ZetaNile, is a multifaceted malware capable of extracting sensitive data from compromised hosts.

The attack unfolded as follows: the target received a message on LinkedIn from a counterfeit recruiter claiming to represent Meta Platforms. This recruiter sent two coding challenges as part of the supposed hiring process, ultimately convincing the victim to execute the test files (named Quiz1.iso and Quiz2.iso) hosted on a third-party cloud storage platform.

ESET pointed out that these ISO files contained malicious binaries (Quiz1.exe and Quiz2.exe), which were downloaded and executed on a device provided by the company. This resulted in the system compromising itself and the corporate network being breached.

This attack sets the stage for an HTTP(S) downloader known as NickelLoader. This allows the attackers to deploy any desired program into the victim's computer memory, including the LightlessCan remote access trojan and a variant of BLINDINGCAN referred to as miniBlindingCan (aka AIRDRY.V2).

LightlessCan boasts support for up to 68 distinct commands, with 43 of them currently functional in its present version. Meanwhile, miniBlindingCan primarily focuses on transmitting system information and downloading files from a remote server.

One noteworthy feature of this campaign is the use of execution guardrails to prevent the payloads from being decrypted and run on any machine other than the intended victim's.

Kálnai highlighted that "LightlessCan emulates the functionalities of a wide range of native Windows commands, enabling discreet execution within the RAT itself instead of noisy console executions." This strategic shift bolsters stealthiness, making it more challenging to detect and analyze the attacker's activities.

In recent months, the Lazarus Group and other threat clusters originating from North Korea have been notably active. They have conducted attacks spanning various sectors, including manufacturing and real estate in India, telecoms companies in Pakistan and Bulgaria, and government, research, and defense contractors in Europe, Japan, and the U.S., as per Kaspersky.

How can Small Businesses Protect Themselves From Cyber Threats?


In today’s world where businesses of kinds and shapes are developing into a digitalized body, it has also increased chances of cybercrime in their cyber spaces significantly. Newbie business personnel who are looking forward to set a business in bakeries, renovations, and other fascinating passions now struggle, seeing the complexities in cybersecurity. Due to the fact that cybercriminals are continuously keeping an eye on vulnerabilities, it is crucial for organizations to take proactive measures to safeguard their digital assets and keep their operations running smoothly.

Modern Reality of Cyber Threats 

While pondering over cyberattacks is definitely not the first thing that comes over an entrepreneur’s mind, in today’s world where digital footprints is a known issue in any operation, cyber security needs to be taken into consideration. Data breaches and ransomware assaults are only two examples of the destructive actions that go under the umbrella of "cyber risk," which are frequently carried out by rogue agents, organized crime groups, or even nation-states. The virtual nature of cyberattacks does not lend itself to the straightforward answer of shifting to a "safer neighborhood," unlike conventional physical protection. Attackers benefit from ongoing access and endless opportunities as a result of firms being online all the time.

Adding to this, incorporation of AI technologies into a business has given threat actors a chance to improvise and add more complexities to their attacks. Ransomware-as-a-Service (RaaS) has further aided in expending the gig economy in the cybercrime-space, allowing small-time offenders to use automation and scale up their destructive activities. As a result, the fusion of technology with malicious intent has made the business of cyberattacks a booming one worldwide.

Critical Strategies for Cyber Protection 

There are many measures that could be followed to protect oneself from getting their systems struck by any cybercrime entity. We are listing some them below:

Keep Software Up-to-Date: Software maintenance is an essential practice. Cybercriminals may be able to exploit weaknesses in software that is even decades old. By installing software updates from reputable manufacturers like Microsoft, the danger of cyberattacks can be greatly reduced.

Implement Essential Controls: Leaders from small-size businesses are advised to emphasize on foundation measures in order to protect against known threats, like phishing attacks, malware or hacking. Some of the best safety measures include multifactor authentication, email and web filtering, data security and backups, privileged access management, and endpoint detection and response.

Collaborate with Insurers and IT Experts: Despite effective cybersecurity precautions, hacks can still happen, thus planning and cooperation are crucial. Working together with IT professionals and cyber insurers can result in specialized incident plans and quick recovery plans in the event of a successful attack. Cyber insurance offers access to specialized teams, coaching for crisis response, and financial support.  

API Security Losses Total Billions, US Companies Hit Hard


According to the analysis of breach data, US companies are the ones affected the most by the APIs. Companies have lost a combined amount of $12 billion to $23 billion in 2022 from compromises linked to Web application programming interfaces (APIs). 

APIs are used in Internet of Things (IoT) applications and on websites. An API is a mechanism that facilitates two software systems to interact. It controls the types of requests that take place between programs, how these requests are made, and the kinds of data formats used. For example, the Google Maps application on a mobile device does not contain names of all the streets, cities, towns, and other landmarks on your device. Instead, it connects to another application within the Google server that contains all of that information and this connection is made possible using an API. 

The data over the last decade suggests that API security has leveled up as a significant cybersecurity problem. Following the information, the Open Web Security Application Project (OWASP) has listed the top 10 APl security issues in 2019. 

It has explained various API weaknesses including broken authorization for objects, weak user authentication, and excessive data exposure as sensitive issues for software makers and companies that rely on cloud services. Thus, API security has become increasingly important. 

APIs work as the backend framework for mobile and web applications. Crucial and sensitive data is transferred between users, APIs, and applications and systems. Therefore, it is important to protect the sensitive data they transfer. 

According to the report 'Quantifying the Cost of API Insecurity' published this week by application-security firm Imperva and risk-strategy firm Marsh McLennan – cybersecurity issues would grow as APIs continue to become a common pattern for cloud and mobile devices.

"The growing security risks associated with APIs correlate with the proliferation of APIs. The volume of APIs used by businesses is growing rapidly — nearly half of all businesses have between 50 and 500 deployed, either internally or publicly, while some have over a thousand active APIs," says Lebin Cheng, vice president of API security for Imperva. 

Further, in Asia, more than 100 combined API security incidents occurred, and in the US more than 600 API security events. To prevent this, companies have to gain visibility into how they are using APIs and create a complete inventory of the API traffic in their network.

Hackers Drained $120m From Badger Defi and $30m From MonoX

 

Two decentralized finance platforms BadgerDAO and MonoX had witnessed security breaches in two separate attacks in which hundreds of millions of dollars worth of cryptocurrency has been drained by the threat actors. 

The threat security research unit of BadgerDAO Company discovered the attack on 2nd December wherein a malicious group has stolen $120 million, while MonoX lost $31 million to unknown attackers on November 30th. 

As per the blockchain security and data analytics Peckshield organizations, which are working with BadgerDAO to investigate the further heist, the various tokens that have been stolen in the attack are worth more than $120 million, the researchers told in their findings. 

As soon as the Badger got to know about the unauthorized transfers, it had stopped all smart contracts, essentially freezing its platform, and warned its clients to decline all transactions to the hackers’ addresses. 

The company has reported that it has “retained data forensics experts Chainalysis to explore the full scale of the incident & authorities in both the US & Canada have been informed & Badger is cooperating fully with external investigations as well as proceeding with its own.” 

On the other hand, MonoX has acknowledged the breach and explained in a blog post that the breach occurred after a group of hackers exploited a vulnerability in smart contract software; Smart contracts are digital contracts stored on a blockchain that is automatically executed when all terms and conditions are met. 

It is being estimated that the group of hackers has managed to steal more than $ 30 million in funding, mostly MATIC and WETH. A “swap method was exploited and the price of the MONO token has risen to a new high”, the company reported. 

“The exploit was caused by a smart contract bug that allows the sold and bought token to be the same. In the case of the attack, it was our native MONO token. When a swap was taking place and tokenIn was the same as tokenOut, the transaction was permitted by the contract”, the company added.

Furthermore, as listed below, Igor Igamberdiev, an IT security researcher was able to break down the stolen tokens. He uploaded the list on his Twitter handle. 

1. – 5.7M MATIC ($10.5M) 
2. – 3.9k WETH ($18.2M) 
3. – 36.1 WBTC ($2M) 
4. – 1.2k LINK ($31k) 
5. – 3.1k GHST ($9.1k) 
6. – 5.1M DUCK ($257k) 
7. – 4.1k MIM ($4.1k) 
8. – 274 IMX ($2k)

Expert Releases PoC Exploit for MacOS Gatekeeper Bypass

 

Cybersecurity expert Rasmus Sten, an F-Secure software engineer, published a PoC exploit code for MacOS Gatekeeper bypass that Apple fixed earlier in 2021. The PoC (Proof of Concept) exploit attacks CVE-2021-1810 vulnerability, which leads to escaping three protection that Apple has built against harmful file downloads, particularly Gatekeeper, notarization and file quarantine. The vulnerability was discovered in the Archive Utility component of MacOs Big Sur and Catalina and can be compromised using specifically made ZIP file. 

For the compromise to be successful, the attacker has to fool the user into downloading and installing the archive to deploy malicious codes in the system. The vulnerability exploit would allow an attacker to execute unsigned binaries on MacOS systems, including Gatekeeper that enforces code signatures and user wouldn't be aware of the malicious code execution. According to Sten, the vulnerability is linked to a pattern where Archive Utility controls file paths. Especially, if the paths are larger than 886 characters, the com.apple.quarantine feature couldn't be enabled, which will allow Gatekeeper bypass for the malicious files. 

During the investigation of long path file names samples, Sten found that few MacOS parts showed unexpected pattern after the final path length touched a certain point. In the end, experts found that it may be possible to make an archive with a hierarchical structure, in this case, the path length would be long enough for Safari to call Archive Utility to unload it and wouldn't use com.apple.quarantine attribute, but small enough for Finder to browse and MacOS to deploy the malicious codes in the system. 

To lure the victim easily, attacker could hide archive folder structure using a symbolic link in root which is almost indifferent from a single application bundle in an archive root. "Sten, who also released a video demo of the exploit, has published PoC code that creates the archive with the path length necessary to bypass CVE-2021-1810, along with a symbolic link to make the ZIP file look normal.The vulnerability was addressed with the release of macOS Big Sur 11.3 and Security Update 2021-002 for Catalina," reports Security Week.

US Agencies Hit By Cyberattack, Confirms CISA Investigation

 

Around five federal civilian agencies were breached recently, in a hit to the US government, revealed an investigation by a top Cybersecurity and Infrastructure Security Agency, which followed emergency protocol to minimize damage from the attack. Suspected hackers from China exploited vulnerabilities in Pulse Secure VPN, a popular remote connectivity tool, to hack into government organizations, defense systems, financial agencies across Europe and the US, said a report released earlier this month. 

For the past few weeks, CISA has been constantly working to find out to find the total damage of the attack and help organizations protect their systems, telling organizations to run an "integrity tool" to look for potential breaches. Matt Hartman, Deputy Executive Assistant Director of Cybersecurity said "CISA is aware of at least five federal civilian agencies who have run the Pulse Connect Secure Integrity Tool and identified indications of potential unauthorized access." CISA is coordinating with various agencies to verify if a breach occurred and to provide assistance as a response to the issue. The news came out first when Reuters reported about the affected agencies. Earlier this week, CNN had reported that CISA found 24 Federal Civilian Agencies using Pulse Secure VPN, but were not sure whether they were compromised. 

CNN reports, "The discovery of potential breaches comes a little over a week after CISA issued a rare "emergency directive" ordering all federal civilian agencies to determine how many instances of the product they have, run the "integrity tool," install updates and submit a report to CISA. Emergency directives are used when there is a high potential for compromise of agency systems. Since March 31, CISA has been assisting multiple entities whose vulnerable Pulse Connect Secure products have been exploited by a cyber threat actor, according to a CISA spokesperson." 

The US government is still determining the extent of the attack. The Pulse Secure VPN intrusions don't show any signs of sophisticated attack or supply chain attack, as was the case with the recent SolarWinds attack. The hack was also different from the Microsoft Exchange Server Campaign indiscriminate targetting, where hackers breached thousands of servers.

Hackers Tap Into Home Security Cameras, Record Sex Tapes To Sell Online

Chinese hackers are infiltrating into residents' house security cameras, shooting them having sex and selling the footage online. However shocking this crime may sound, it's pretty common nowadays, according to South China Morning Post. It reports, "the videos are priced based on how exciting they are and are sold via social media, according to an undercover investigative report aired by the television station on Monday. Video clips involving nudity or sexual acts are priced at 50 yuan (US$8) each, while those “normal ones shot in hotel rooms” are 20 yuan (US$3), said an unidentified seller of these videos in the report."  

These videos are always in high demand in the online market. This can be frightening as the sophisticated gadgets that we use for our security can be turned against us, and the internet can put us in such a vulnerable condition. The attackers hacked into candid cameras to spy on hundreds of thousands of victims and record their sex tape, besides this, they were also able to find out about the hidden cameras that hackers used to plant in the hotel rooms.  These sex tapes that are on sale are being called "home videos", hackers have also set up multilevel marketing scheme where the clients are encouraged to sell these videos furthermore. 

The customers were shared the login credentials of the hacked security cameras so that they can tune in themselves. According to one hacker's audio conversation with his VIP clients, he had dozens of people walking around and installing these cameras wherever they went.  Even if these cameras are caught by the hotels, the hackers will only lose around 100 yuan, the losses can be compensated by uploading a couple of videos online. 

"Such videos are primitive,” the hacker said. “Many people like such kind of stuff nowadays, watching people’s privacy, what they’re doing at the moment… You know what, I have sold this video several hundred times," said the hacker, according to South China Morning Post. In a similar incident, hackers hacked into the Amazon ring cameras where the customers were unaware of the breach.

US Cybersecurity Company FireEye Hacked by 'Nation-Backed' Threat Actors


On Tuesday, one of the leading cybersecurity firms, FireEye said that it has been attacked by "highly sophisticated" state-sponsored hackers who stole the company's valuable hacking tools used for testing customers' security and computer networks. The attack was heavily customized to breach FireEye's systems. 
 
The breach substantiated the biting reality that the most advanced security vendors out there, primarily to protect others from intrusions can also be targeted and consequently hacked. Notably, the attacker mainly sought data of some government customers, using an unprecedented combination of tactics, according to the firm. CEO Kevin Mandia in his blogpost characterized the attack as a 'highly targeted cyberattack', a kind never witnessed before. So far, no customer data seem to be accessed by the attackers. 
 
There are a number of speculations about who might have performed the attack, however, the firm gave no clarity about the origins of the attackers and is investigating the matter along with the FBI. In a similar context, Mandia indicated in his blog post that the nation responsible for the attack is someone with world-class offensive capabilities as the unfamiliarity of the attack speaks volumes about the top-notch capabilities tailor-made to attack FireEye.  
 
On the basis of his 25 years of experience in cybersecurity, Mr. Mandia further said in his Saturday's blog that this attack was “different from the tens of thousands of incidents we have responded to throughout the years,” and “used a novel combination of techniques not witnessed by us or our partners in the past.” 
 
“These tools mimic the behavior of many cyber threat actors and enable FireEye to provide essential diagnostic security services to our customers,” the company said in the filing. “Consistent with our goal to protect the community, we are proactively releasing methods and means to detect the use of our stolen Red Team tools.” 
 
While giving insights, a CISA spokesperson told, "As details are made available we are working to share and implement countermeasures across the federal networks and with our private sector partners," 
 
Meanwhile, FireEye has been said to have a "ringside seat" for some of the most advanced intrusions carried out globally by Mike Chapple, a former NSA official who's currently working at the University of Notre Dame as a cybersecurity expert.

Every Organization Should Ask These 8 Questions Before Choosing Their Cybersecurity Provider


Being cybersecurity ready offers many advantages, but your organization can always target hackers unless you do not know critical details. According to a Junior Research report in 2019, the expense of cybersecurity breaches in 2024 will reach to $5 Trillion every year from $3 Trillion currently. The data is helpful, especially for large organizations that depend on third-party cybersecurity services for their day to day operations. Data by Opus and Ponemon Institute shows that 60% of organization attacks happen due to the third-party actors. Data breaches can destroy the brand image of any organization and also result in a financial crisis. To limit data breaches, the organization should have a reliable third-party vendor that it can trust.

Here's why any organization should research while preferring a new provider and why third-party threats are pressing. Fewer vendors mean fewer threats. Currently, companies depend on many vendors to perform their day to day operations. For instance, in 2019, Apple alone had 200 supplier companies. In most of the cases, these threats come from third-party vendors. For instance, hackers attacked Agama, a cryptocurrency app which had vulnerabilities in its third party javascript library.

According to Juniper, "the new research, The Future of Cybercrime & Security: Threat Analysis, Impact Assessment & Mitigation Strategies 2019-2024 noted that while the cost per breach will steadily rise in the future, the levels of data disclosed will make headlines but not impact breach costs directly, as most fines and lost business are not directly related to breach sizes. 

How to choose a reliable vendor? 
  1. Are your vendor's offerings compatible with your organization's needs? 
  2. Your cybersecurity provider should have an excellent cyber score. 
  3. Did your vendor experience any data breach or attack in the past? 
  4. If the provider has an immediate incident response project. 
  5. Whether your cybersecurity provider offers 'right to inquire.' 
  6. If the vendor has an intelligence program for potential threats. 
  7. Whether the vendor has industry certification or not. 
  8. If the third party provider has a chief information security officer or a security contact. 
Answers to these questions will help your organization select third-party cybersecurity provider wisely.

The database of Russian car owners is sold for bitcoins


According to the description of the database, it contains 129 million leads obtained from the traffic police register. This is information about vehicles registered in Russia: the place of registration, make and model of the car, date of initial and last registration.

An employee of the car-sharing company whose vehicle data is contained in the registry confirmed the authenticity of the data.
Moreover, cybersecurity experts have already verified the authenticity of the documents. They also noted that this database was most likely stolen from the traffic police or insurance companies.

"Most often leaks occur in the traffic police and insurance companies", said Ashot Hovhannisyan, founder and technical director of DeviceLock, said that the database of motorists is regularly sold on the Darknet.

According to him, now this database is unique, as it contains information about the initial registration of cars since the 1990s.
For an additional fee, sellers offer to provide personal data of car owners, including last name, first name and patronymic, address, date of birth, passport number, and contact information. They also sell the TIN of legal entities where the car is registered.

The full version of the database with all data costs 0.3 bitcoin (approximately $2.8 thousand). 1.5 bitcoins (about $14 thousand) will cost the transfer to exclusive use.

Mikhail Firsov, Technical Director of Information Security Systems, believes that companies that buy such databases can use them to conduct illegal financial transactions, execute transactions, and fake legal documents.

Earlier, E Hacking News reported about the sale of data of 9 million customers of the Express transportation service CDEK in the Darknet. This is the largest leak of personal data in Russian delivery services.

Indian Army detected a Malware








Ahead of Independence Day celebrations, the Indian Army has detected a cybersecurity breach which affected a senior officer posted in Jammu and Kashmir under the Northern Command.

"The cybersecurity breach was detected by the Indian Army personnel during a routine check when malware was found in the computer of a senior officer," army sources told ANI.

However, the investigation has been started and it is being investigated how the malware found its to his computer.

Senior Army officers get a computer from the Army to carry out all the official work, and the system is connected with the Army intranet facility.

The Army keeps alerting its personnel about cyber alerts and data theft by WhatsApp and other social media platforms. They are warned of using any Chinese apps.

Recently, Pakistani intelligence agencies have Army personnel by sending them malicious links, which once clicked, downloads malware on their computers or mobile devices and steal all the information from them.

To avert this kind of malware and any kind of threat the Army has been issuing regular warnings against such issues, and ask its personnel to immediately inform the higher authority if they even have a slight doubt about their data.

The Army has been issuing regular warnings about and has asked personnel to be alert while dealing with these issues.

The Udhampur-based battalion is responsible for handling almost the entire territory of Jammu and Kashmir and Ladakh bordering both Pakistan and China.

Russian Intelligence Attempts to Crack Tor Anonymous Web Browser



On being breached by cybercriminals, a Russian intelligence contractor has been found to be attempting to crack an anonymous web browser, 'Tor', which is employed by the people who wish to bypass government surveillance and acquire access to the dark web. However, it is unclear how effective the attempt to crack the web browser was because the modus operandi relied largely on the luck factor to match Tor users to their activity.

According to the findings of the BBC, the intelligence contractor which is widely known in Russia is also working on various secret projects.

SyTech, a contractor for Russia's Federal Security Service FSB, fell prey to a massive data breach wherein hackers gained illicit access to around 7.5 terabytes of data and included details regarding its projects.

The internet homepage of the company was replaced by a smug smiley face by the hackers from a group namely 0v1ru$ who acquired illegal access to the company on 13th July.

In order to crack Tor, SyTech resorted to Nautilus-S which required them to become an active member of the browser's network.

Whenever a user gets connected to Tor, the usage of the web browser is visible to the internet service providers who later can provide this data to the FSB or any other state authority, on being asked.

Commenting on the viability of SyTech's attempt to crack Tor, a spokesperson for the Tor project said, "Although malicious exit nodes would see a fraction of the traffic exiting the network, by design, this would not be enough to deanonymize Tor users,"

"Large-scale effective traffic correlation would take a much larger view of the network, and we don't see that happening here," he added.


Russian hackers claim to have breached 3 US antivirus makers

A group of elite Russian hackers claims to have infiltrated their networks and stolen the source code for their software.

Researchers with Advanced Intelligence (AdvIntel) have been tracking the activity of the group on underground forums for some time. The hackers, who operate under the handle Fxmsp, have an established reputation for infiltrating well-protected networks. Their targets typically include highly-sensitive corporate and government information.

Two months ago AdvIntel saw Fxmsp reappear on hacking forums after a half-year hiatus. It's probably no coincidence that the group reported that its campaign against security software firms had kicked off six months earlier.

Fxmsp laid low until it had achieved its goal. When its stealth operation concluded, the hackers allegedly made off with more than 30 terabytes of data from their latest victims. They posted screenshots showing folders, files, and source code.

The asking price for this trove of data: a cool $300,000. They also claimed to still have access to the networks and would throw that in at no extra charge to the lucky buyer.

If what they're offering is the real deal, then this is pretty much a worst-case scenario for the three firms that were compromised. Access to the source code allows hackers the opportunity to locate showstopping vulnerabilities and exploit them, rendering the software useless... or worse. They could even turn what was once legitimate protection from malware into an incredibly effective spying tool.