Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cybersecurity Researchers. Show all posts
Employee Data
Australia Australian Businesses Cybersecurity Researchers Data Breach Data Leak data security Database Leaked Database Security Employee Data

Sydney Tools Data Leak Exposes Millions of Customer and Employee Records

 

A major data leak from Sydney Tools, an Australian retailer specializing in power tools, hand tools, and industrial equipment, has potentially exposed the personal information of millions of customers and employees. The breach, discovered by cybersecurity researchers at Cybernews, involved an unprotected Clickhouse database that remained publicly accessible online, allowing unauthorized individuals to view sensitive data.  

According to the report, the database contained more than 5,000 records related to Sydney Tools employees, including both current and former staff. These records included full names, branch locations, salary details, and sales targets. Given that Sydney Tools reportedly employs around 1,000 people, a large portion of the exposed records likely belong to individuals who no longer work for the company. While no banking details were included in the leak, the exposure of employee information still poses a significant security risk. 

Cybercriminals could use these details to craft convincing phishing scams or for identity theft. Beyond employee data, the breach also exposed an even larger volume of customer information. The database reportedly contained over 34 million online purchase records, revealing customer names, email addresses, phone numbers, home addresses, and details of purchased items. The exposure of this information is particularly concerning, as it not only compromises privacy but also increases the risk of targeted scams. 

Customers who purchased expensive tools and equipment may be especially vulnerable to fraud or burglary attempts. Cybernews researchers have expressed serious concerns over the extent of the breach, highlighting that the database includes a mix of personally identifiable information (PII) and financial details. This kind of information is highly valuable to cybercriminals, who can exploit it for various fraudulent activities. The researchers attempted to notify Sydney Tools about the security lapse, urging them to secure the exposed database. 

However, as of their last update, the data reportedly remained accessible, raising further concerns about the company’s response to the issue. This incident underscores the ongoing risks posed by unprotected databases, which continue to be one of the leading causes of data breaches. Companies handling large volumes of customer and employee information must prioritize data security by implementing robust protection measures, such as encryption, multi-factor authentication, and regular security audits. Failing to do so not only puts individuals at risk but also exposes businesses to legal and reputational damage. 

With cybersecurity threats on the rise, organizations must remain vigilant in safeguarding sensitive information. Until Sydney Tools secures the database and provides assurances about how it will handle data protection in the future, customers and employees should remain cautious and monitor their accounts for any suspicious activity.
Read more »
Monero Miner
Credential stealing Cyber Attacks Cybersecurity Researchers data security Data Theft Hacker attack Hackers Malware Attack Monero Monero Miner

Hackers Infect Security Researchers with Malware to Steal WordPress Credentials

 

For the past year, a cyberattack campaign has been targeting security professionals, including red teamers, penetration testers, and researchers, infecting their systems with malware. The malicious software has been used to steal WordPress credentials and sensitive data while also installing cryptominers on compromised devices. Over 390,000 WordPress accounts have been affected, and multiple systems have been found mining Monero, a cryptocurrency favored for its anonymity.  

Researchers from Datadog Security Labs uncovered the attack in the NPM package repository and on GitHub. Checkmarx, another cybersecurity organization, also recently raised concerns about the same threat. The malicious package masqueraded as an XML-RPC implementation, first appearing in October 2023. Initially functional and legitimate, the package was updated 16 times before being identified as harmful in November 2024. The attackers adopted a calculated approach to gain trust within the developer community. Early versions of the package performed as advertised, but later updates introduced malicious functionality. 

Once installed, the malware activated every 12 hours, collecting sensitive information such as SSH keys and command-line histories. The stolen data was then exfiltrated through file-sharing platforms like Dropbox or File.io. This campaign’s impact extended further as unsuspecting security professionals integrated the compromised package into their own tools and projects. This turned the operation into a large-scale supply chain attack, increasing its reach and potential damage. The investigation revealed 68 systems actively mining Monero, likely using XMRig, a cryptomining tool commonly employed by cybercriminals. 

Monero’s untraceable nature makes it particularly appealing to threat actors. Despite extensive analysis, the identity of those behind the campaign remains unknown. The researchers assigned the group the identifier MUT-1224, an acronym for “Mysterious Unattributed Threat.” The incident highlights the persistent vulnerabilities in open-source software platforms, such as NPM and GitHub, which continue to be exploited for cyberattacks. Developers are urged to exercise caution when incorporating third-party software into their projects, thoroughly vetting code repositories and reviewing package histories to minimize risks. This malware campaign also underscores the growing sophistication of cybercriminals, who are increasingly leveraging supply chain vulnerabilities to expand their reach. 

By infiltrating widely used platforms and tools, attackers can affect a vast number of users and systems. To mitigate these threats, organizations must prioritize robust security practices, including regular monitoring of open-source dependencies, deploying tools for detecting malicious code, and educating teams on the risks associated with third-party software. This proactive approach is essential for safeguarding sensitive data and maintaining system integrity in an era of increasingly complex cyber threats.
Read more »
FBI
Cyber Encryption Cyber Security Cyberattacks CyberCrime Cyberlaw Cybersecurity Researchers CyberThreat FBI

Hill Briefing on Encryption Canceled Suddenly by FBI

 


Based on emails reviewed by POLITICO, the FBI abruptly cancelled two large Hill briefings scheduled for this week about encryption, without telling staffers who were invited. A two-day virtual briefing on “warrant-proof encryption” was scheduled for congressional staff last week. The FBI had invited congressional staff to the briefings last week. During the briefings, a variety of topics would have been discussed, such as how encryption could pose challenges to the FBI in its investigations of "violent crimes against children and transnational organized crime." 

According to Politico, the FBI's second series on "priority topics" for Capitol Hill staffers was scheduled to focus on how encryption has made it difficult for the FBI to investigate "violent crimes against children and transnational organized crime," as part of its priority topics series. There has been no update on the reason for the cancellation of the two briefings, which were planned for Tuesday and Thursday, since last month when the first meeting focused on the fentanyl crisis. The FBI said that they are hopeful of rescheduling the briefings to a future date. 

They are the second in a series of FBI "priority topics" briefings that will be held on the Hill for all Hill staff, as indicated by a copy of the invitation that was reviewed by POLITICO. As part of the first briefing in the series held in February, the FBI's Office of Congressional Affairs announced that the encryption event would be indefinitely delayed. The briefing was focused on fentanyl. Despite the FBI's efforts, technology companies, such as Apple, should provide a backdoor so law enforcement officers can access encrypted data legally if they have a search warrant. 

There are, however, concerns from tech companies that adding a backdoor to social media sites could lead to hackers and other cybercriminals accessing private data more easily. A report from the FBI asserts that the encryption software employed by applications such as Signal makes it much harder for criminals, including terrorists and child sex traffickers, to monitor the conversations on those apps. It has been confirmed that the FBI will hold briefings on its efforts to improve warrant-proof encryption on June 18th and June 20th. However, some circumstances are out of the FBI’s control. However, the FBI has decided to postpone the briefings. 

According to the email, the bureau will reschedule the event, however. Continuing to explain the importance of the FBI's involvement in informing Congress on a wide range of issues, the email continues, that the firm sincerely apologizes for any inconvenience this event may cause for those who are planning to attend. The postponement of the event is likely to be attributed to political pressure, according to one Republican Hill staffer who spoke candidly on condition of anonymity. The issue is politically awkward for Biden's administration, which has made it more likely for the postponement to occur. According to the aide, the briefing was cancelled out of the blue. “It is important for this administration not to let people talk about these issues in an election season which might revolve around precisely those issues.” 

The issue of encryption is a controversial one, particularly among progressives, as it is a very contentious topic. The FBI has been warning for several years now that enhanced privacy protections being implemented by popular app platforms, such as Signal, are putting them at risk of losing sight of communications from terrorists, criminal organizations, and child abuse traffickers through enhanced privacy protections. There has been a long tradition for the bureau to urge companies to develop so-called back doors so that they can lawfully access encrypted communications if a search warrant is obtained, but this trend has picked up in recent years with the proliferation of online child sexual abuse material. 

As a result, some tech companies, security researchers, and privacy advocates have argued that it is impossible to do so without introducing new vulnerabilities which can be exploited by state hackers or cybercriminals, so these companies, security researchers, and privacy advocates have resisted. As a result of a rise in commercial data brokers, smart cameras and more connected devices that hoover up private information, they claim that law enforcement agencies are now able to have access to more personal information than ever before due to the increase in connected devices. 

A wide range of technology companies, including Apple, provide encrypting platforms for communication among themselves. According to an FBI spokesperson, the DOJ will be contacted for further comment on this article. A DOJ representative told the Associated Press that political issues were not the cause behind the cancellation of the event. A spokesperson for the Department of Interior, in response to the request for a congressional staff briefing, commented that it is a ridiculous leap based on the scheduling of the briefing, given the Department's and Bureau's strong and consistent position on this issue, they added.
Read more »
Subscribe to: Posts (Atom)