Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Hacking. Show all posts
Slack
Data Breach Data Hacking data security Disney Disney data leak Disney Slack breach Hacking Group Personal Information Sensitive data Slack

Disney Data Breach Exposes Sensitive Corporate and Personal Information

 

In July, Disney experienced a significant data breach that exposed far more than initially reported, compromising a wide array of sensitive information. While early reports focused on stolen Slack messages, it has since been revealed that the breach extended deep into the company’s critical corporate files. According to sources, hackers gained access to sensitive information, including financial projections, strategic plans, sales data, and streaming forecasts. 

The breach did not stop at corporate data. Hackers also accessed personal information of Disney Cruise Line members, including passport numbers, visa statuses, contact details, and birthplaces. In addition, data related to theme park pass sales was compromised, potentially impacting thousands of visitors. This breach has raised serious concerns about the security of personal data at Disney, one of the world’s most recognized entertainment companies. 

Initially, Disney reported that over a terabyte of data was leaked, but the full extent of the breach is still under investigation. In an August address to investors, the company acknowledged the severity of the attack, prompting questions about the cybersecurity measures in place not only at Disney but also at other major corporations. The incident has highlighted the growing need for robust and effective cybersecurity strategies to protect against increasingly sophisticated cyber threats. The hacking group Nullbulge has claimed responsibility for the attack. 

In a blog post, the group boasted of gaining access to internal data on upcoming projects as well as employee details stored in Disney’s Slack system. This claim has raised further alarms about the potential exposure of sensitive company plans and employee information. When asked to comment on the specifics of the breach, Disney declined to provide details. A spokesperson stated, “We decline to comment on unverified information that has purportedly been obtained as a result of illegal activity.” 

This response underscores the complexity and evolving challenges that companies face in safeguarding sensitive information from cyber threats. As cyber threats become more sophisticated, this breach serves as a stark reminder of the vulnerabilities even within prominent organizations. It emphasizes the urgent need for businesses to strengthen their cybersecurity measures to protect both corporate and personal data from being compromised in an increasingly digital world.
Read more »
Ransomware Threat
Cyber Security Data Hacking data security Healthcare system Network Security Ransomware attack Ransomware Threat

Understanding Qilin Ransomware: Threats, Origins, and Impacts on Healthcare

 

Qilin, also known as Agenda, is a ransomware-as-a-service operation that collaborates with affiliates to encrypt and exfiltrate data from hacked organizations, demanding a ransom in return. 

Despite its name deriving from a mythical Chinese creature that combines features of a dragon and a horned beast, the Qilin ransomware group is linked to Russia. Qilin has been active since October 2022, when it first posted about a victim on its darknet leak site. Since then, its activities have increased, affecting notable organizations such as the street newspaper The Big Issue, automotive parts giant Yanfeng, and the Australian court service. 

Recently, Qilin made headlines following a ransomware attack against Synnovis, a firm involved in blood testing and transfusions. This attack led to an emergency "critical incident" being declared at several London hospitals, with Qilin threatening to release stolen data unless a ransom is paid. Reports suggest that Qilin is demanding a substantial ransom of $50 million from Synnovis for the decryption tools and a promise not to publish the data. 

However, in media interviews, the group claimed that the attack was not financially motivated but a protest against the British government's involvement in an unspecified war. This claim is dubious given Qilin's history of targeting various businesses and healthcare organizations without prior political motivations. The high ransom demand likely reflects the significant disruption caused to the hospitals and their patients, rather than any genuine political agenda. 

Healthcare organizations and hospitals are frequent targets of ransomware attacks due to their complex IT systems and limited budgets. The consequences of such attacks are severe, as they can disrupt critical medical services. Ransomware groups view these entities as "soft targets," hoping to extract payments due to the urgent need to restore services. To protect against Qilin and similar ransomware threats, organizations should implement several key measures.

These include making secure offsite backups, using up-to-date security solutions, and applying the latest security patches to guard against vulnerabilities. Network segmentation can restrict an attacker's ability to move laterally within an organization. Using strong, unique passwords and enabling multi-factor authentication can protect sensitive data and accounts. Encrypting sensitive data and disabling unnecessary functionalities can further reduce the attack surface. 

Educating staff about cyber risks and attack methods is also crucial in maintaining organizational security. By taking these precautions, organizations can reduce the risk of falling victim to ransomware groups like Qilin, ensuring they are better prepared to defend against such malicious activities.
Read more »
Social Security Number
AT&T Data Breach Data Hacking Mobile Numbers ShinyHunters Social Security Number

AT&T Denies Involvement in Massive Data Leak Impacting 71 Million People

 


AT&T has categorically denied any involvement in a significant data breach affecting approximately 71 million individuals. The leaked data, disseminated by a hacker on a cybercrime forum, allegedly originates from a 2021 breach of the company's systems. Despite assertions made by the hacker, known as ShinyHunters, and subsequent releases by another threat actor named MajorNelson, AT&T maintains its position, asserting that the leaked information did not originate from its infrastructure.

While the authenticity of the entire dataset remains unconfirmed, the verification of some entries suggests potential accuracy. This includes personal data that is not readily accessible for scraping, such as names, addresses, mobile phone numbers, encrypted dates of birth, encrypted social security numbers, and other internal details.

Despite refuting claims of a breach within its systems, AT&T has not provided definitive evidence to support its stance. Speculation persists regarding the involvement of third-party service providers or vendors, with AT&T yet to respond to inquiries seeking clarification on this matter.

While the leaked data purportedly includes sensitive personal information, such as social security numbers and dates of birth, decryption efforts by threat actors have rendered this data accessible. However, the precise origin of the leaked information remains elusive, fueling speculation and concern among affected individuals and cybersecurity experts alike.

For individuals who were AT&T customers before and during 2021, caution is advised, as the leaked data could potentially be exploited in various forms of targeted attacks, including SMS and email phishing, as well as SIM swapping schemes. Users are urged to exercise heightened caution and verify the authenticity of any communications purportedly from AT&T, refraining from disclosing sensitive information without direct confirmation from the company.

As investigations into the origins of the leaked data continue, the implications for affected individuals underscore the importance of robust cybersecurity measures and heightened awareness of potential threats. The incident serves as a telling marker of the ever-present risks associated with the digital realm and the imperative for proactive measures to safeguard personal information.

While AT&T denies any involvement in the data leak, concerns regarding the security and privacy of affected individuals persist. The unprecedented nature of cyber threats necessitates ongoing vigilance and collaborative efforts to combat risks and ensure the protection of personal data in an increasingly interconnected world.


Read more »
Information Security
Cybersecurity Data Breach Data Hacking HPE Information Security

HPE Cybersecurity Challenge: Data Breach Sparks Investigation

 

Hewlett Packard Enterprise (HPE), a leading technology company, is currently grappling with a potential security breach as reports emerge of sensitive data being offered for sale on a prominent hacking forum. This latest incident underscores the persistent challenges faced by major corporations in safeguarding their digital assets and protecting user information. 

The breach, which is currently under investigation by HPE's cybersecurity teams, comes amid a wave of increased cyber threats targeting organizations across various industries. The data purportedly for sale on the hacking forum includes information that, if exploited, could pose serious risks to the company and its clients. 

HPE, known for its extensive range of enterprise solutions and IT services, is taking the reported breach seriously. The company has initiated a comprehensive internal investigation to assess the scope of the incident, identify potential vulnerabilities, and implement necessary measures to mitigate the impact. 

The data on the hacking forum is said to contain a variety of sensitive information, including user credentials, proprietary software details, and potentially confidential client data. The potential exposure of such data raises concerns not only about the privacy of individuals associated with HPE but also about the potential misuse of corporate information. 

This incident highlights the evolving tactics employed by cybercriminals, who are becoming increasingly sophisticated in their approach. As organizations fortify their cybersecurity defences, threat actors adapt, finding new avenues to exploit vulnerabilities and gain unauthorized access to sensitive data. 

The timing of this breach is particularly noteworthy, given the global increase in remote work and reliance on digital infrastructure. With a growing attack surface, companies must remain vigilant in implementing robust cybersecurity measures to counteract the heightened risk of cyber threats. 

HPE is urging its clients and stakeholders to exercise caution and implement additional security measures. This includes advising users to update passwords, enable multi-factor authentication, and monitor their accounts for any suspicious activity. The company is also liaising with law enforcement agencies to track down the perpetrators and hold them accountable. The potential fallout from this breach extends beyond the immediate concerns of HPE and its clients. It raises broader questions about the cybersecurity landscape and the need for a collective effort to address the escalating threats faced by organizations globally. 

As the investigation unfolds, HPE will likely face increased scrutiny from industry regulators and cybersecurity experts. The incident serves as a stark reminder that no organization is immune to cyber threats, and constant vigilance and adaptation are imperative in safeguarding digital assets. 

In the wake of the reported breach at HPE and the emergence of sensitive data on a hacking forum, the incident serves as a poignant reminder of the perpetual challenges organisations face in safeguarding their digital assets. As HPE undertakes a thorough investigation and implements measures to mitigate potential repercussions, the broader cybersecurity landscape calls for renewed vigilance, adaptability, and collaborative efforts. The evolving tactics of cybercriminals underscore the necessity for constant innovation in cybersecurity strategies. 

The aftermath of this breach will likely resonate across industries, prompting a collective reflection on the imperative of proactive measures and the ongoing commitment required to stay ahead of ever-evolving cyber threats in our digitally interconnected world.
Read more »
User Security
Client Accounts Data Breach Data Hacking Morgan Stanley User Data User Privacy User Security

Social Engineering Attacks Resulted in Compromise of Morgan Stanley Client Accounts

 

Morgan Stanley's wealth and asset management division, Morgan Stanley Wealth Management, says that social engineering attacks have compromised some of its customers' accounts. 

Vishing (also known as voice phishing) is a social engineering attack in which scammers impersonate a reputable business (in this case Morgan Stanley) over the phone to persuade their targets to expose or pass over sensitive information such as banking or login credentials. 

According to a notice sent to impacted clients, a threat actor portraying Morgan Stanley acquired access to their accounts "on or around February 11, 2022" after deceiving them into submitting their Morgan Stanley Online account information. The attacker also electronically transferred money to their accounts after successfully compromising their own accounts. 

The alert reads, "As you are aware, on or around February 11, 2022, you were contacted by a bad actor claiming to be with Morgan Stanley. The bad actor was able to obtain information relating to your Morgan Stanley Online account, subsequently accessing this account and initiating unauthorized Zelle payments." 

A Morgan Stanley spokesperson told BleepingComputer that "there was no data breach or information leak from Morgan Stanley." The Morgan Stanley division also stated that all affected customers' accounts had been disabled, adding that its systems "remain secure." 

The company explained, "This compromise was not a result of any action of Morgan Stanley Wealth Management and our systems remain secure. Your Morgan Stanley Wealth Management account has been flagged to our Customer Call Center so that any callers into the Call Center will be prompted with additional verification. Your previous Morgan Stanley Online account was also disabled." 

Morgan Stanley advises customers not to answer calls from numbers they don't recognise as a way to protect themselves from vishing attacks and other sorts of social engineering frauds. 

"Also, be guarded when providing your personal data by phone. Make sure the person asking for the information is from a legitimate organization and is who they claim to be. You can always hang up and call the organization back using a phone number found through a trusted source – such as the company’s official website or perhaps a financial statement," the company further recommended. 

Morgan Stanley announced a data breach in July 2021 when the Clop ransomware group hacked into the Accellion FTA server of Guidehouse, one of Morgan Stanley's third-party providers, and stole personal information belonging to its clients. 

Morgan Stanley is a significant investment banking and global financial services corporation based in the United States that offers investment banking, securities, wealth management, and investment management services around the world.  
Read more »
Rootkit
Bank Credentials Bank Cyber Security Banking Data Caketap Cyber Security Data Data Hacking Fraud Rootkit

Caketap: A New Unix Rootkit Used to Steal ATM Banking Data

 

Following the activities of LightBasin, a financially motivated group of hackers, threat analysts have discovered a previously undisclosed Unix rootkit that is utilized to capture ATM banking data and execute fraudulent transactions. 

The specific group of adversaries has lately been seen targeting telecom businesses with tailored implants, as well as hacking managed service providers and victimising their clients back in 2020. Researchers present more proof of LightBasin activities in a new paper from Mandiant, focused on bank card fraud and the compromise of critical infrastructure. The new rootkit from LightBasin is a Unix kernel module called "Caketap" that is installed on servers running Oracle Solaris systems. 

Caketap hides network connections, processes, and files when it is loaded; it installs various hooks into system services so that remote commands and configurations can be received. The various commands observed by the analysts are as follows: 

• Add the CAKETAP module back to the loaded modules list 
• Change the signal string for the getdents64 hook 
• Add a network filter (format p) 
• Remove a network filter 
• Set the current thread TTY to not to be filtered by the getdents64 hook 
• Set all TTYs to be filtered by the getdents64 hook \
• Displays the current configuration Caketap's ultimate purpose is to steal financial card and PIN verification data from compromised ATM switch servers and utilise it to enable fraudulent transactions. 

Caketap intercepts data on their way to the Payment Hardware Security Module (HSM), a tamper-resistant hardware device used in the banking industry to generate, manage and validate cryptographic keys for PINs, magnetic stripes, and EMV chips. 

Caketap tampers with card verification messages, blocking those that match fraudulent bank cards instead of generating a genuine response. In a second phase, it saves valid messages that match non-fraudulent PANs (Primary Account Numbers) internally and delivers them to the HSM, ensuring that normal customer transactions are not disrupted and implant operations remain undetected. 

“We believe that CAKETAP was leveraged by UNC2891 (LightBasin) as part of a larger operation to successfully use fraudulent bank cards to perform unauthorized cash withdrawals from ATM terminals at several banks,” explains Mandiant’s report. 

Slapstick, Tinyshell, Steelhound, Steelcorgi, Wingjook, Wingcrack, Binbash, Wiperight, and the Mignogcleaner are further tools related to the actor in prior assaults, all of which Mandiant confirmed are still used in LightBasin attacks. 

LightBasin is a highly skilled threat actor that exploits weak security in mission-critical Unix and Linux systems, which are frequently viewed as intrinsically secure or are mostly ignored due to their obscurity. 

LightBasin and other attackers thrive in this environment, and Mandiant expects them to continue to use the same operating model. In terms of attribution, the analysts noticed some overlaps with the UNC1945 threat cluster, but they don't have enough clear evidence to draw any judgments.
Read more »
War
Data Hacking Data Stealer Hackers IT Data malware Russia Ukraine War

Ukraine’s “IT Army” Struck with Info-stealing Malware

 

Pro-Ukrainian actors should be cautious of downloading DDoS tools to attack Russia, according to security experts, because they could be booby-trapped with data-stealing malware. 

Mykhailo Fedorov, Ukraine's vice prime minister, called for a volunteer "IT army" of hackers to DDoS Russian targets in late February. Cisco Talos, on the other hand, claims that opportunistic cyber-criminals are attempting to take advantage of the subsequent outpouring of support for the Eastern European country. It specifically detected Telegram posts offering DDoS tools that were actually malware-loaded. An organisation calling itself "disBalancer" offers one such tool, named "Liberator,". Although authentic, has been spoofed by others, according to Cisco. 

It explained, “The file offered on the Telegram page ended up being malware, specifically an infostealer designed to compromise unwitting users. The malware, in this case, dumps a variety of credentials and a large amount of cryptocurrency-related information, including wallets and metamask information, which is commonly associated with non-fungible tokens (NFTs).” 

Since none of the malicious spoofs is digitally signed, there is no way to distinguish them apart from the real DDoS tool, according to the vendor. Because the perpetrators of this harmful behaviour have been disseminating infostealers since November, Cisco concluded that it is not the work of fresh people, but rather those aiming to profit from the Ukraine conflict. 

However, Cisco warned that if Russia is subjected to a continuous DDoS attack, such techniques could proliferate. 

It concluded, “In this case, we found some cyber-criminals distributing an infostealer, but it could have just as easily been a more sophisticated state-sponsored actor or privateer group doing work on behalf of a nation-state. We remind users to be wary of installing software whose origins are unknown, especially software that is being dropped into random chat rooms on the internet.” 

The discovery comes as the Russian government revealed this week that hackers targeted an externally loaded widget used to collect visitor statistics and caused temporary disruptions on numerous agency websites. 

Pro-Ukrainian hacktivists have also been seen searching for and deleting Russian cloud databases, according to security researchers.
Read more »
Ukraine
Credential Theft Credentials Harvesting Cyber Attacks Data Hacking Email Fraud Microsoft Spam Mails Ukraine

Microsoft Accounts Attacked by Russian-Themed Credential Theft

 

The Ukrainian conflict is being capitalized by malicious emails notifying Microsoft users of "unusual sign-in activity" from Russia. While there are valid concerns that the Russian-Ukrainian conflict would launch a global cyber warfare conflagration, small-time cybercriminals are stepping up their efforts amid the crisis. 

According to Malwarebytes, which discovered a slew of spam emails referencing Russian hacking activities. Phishing emails to Microsoft users have begun to circulate, warning of Moscow-led account hacking and attempting to steal credentials and other personal information. The messages' subject line reads, "Microsoft account unusual sign-in activity." The text in the body is as follows:  

“Unusual sign-in activity
We detected something unusual about a recent sign-in to the Microsoft account
Sign-in details
Country/region: Russia/Moscow
IP address:
Date: Sat, 26 Feb 2022 02:31:23 +0100
Platform: Kali Linux
Browser: Firefox
A user from Russia/Moscow just logged into your account from a new device, If this wasn’t you, please report the user. If this was you, we’ll trust similar activity in the future.
Report the user
Thanks,
The Microsoft account team”

According to Malwarebytes' Tuesday research, the emails then include a button to "report the user" as well as an unsubscribe option. When you click the button, a new message is created with the short subject line "Report the user." Microsoft account protection is referenced in the recipient's email address. Using email to answer could expose users to a variety of threats. 

The researchers explained, “People sending a reply will almost certainly receive a request for login details, and possibly payment information, most likely via a bogus phishing page. It’s also entirely possible the scammers will keep everything exclusively to communication via email. Either way, people are at risk of losing control of their accounts to the phishers. The best thing to do is not reply, and delete the email.” 

As usual, the spam contains red flags in the form of grammatical problems, such as misspellings like "acount." To put it another way, it's not a highly sophisticated attempt, but it's clever. Climbing curiosity (or terror) is a catnip for social engineers, as it is with any significant world event. 

“Given current world events, seeing ‘unusual sign-in activity from Russia’ is going to make most people do a double, and it’s perfect spam bait material for that very reason. [The emails] (deliberately or not) could get people thinking about the current international crisis. Being on your guard will pay dividends over the coming days and weeks, as more of the below is sure to follow,” stated researchers. 

The email is targeted just at Microsoft account holders, but the good news is that Outlook is sending it directly to spam.. However, the firm pointed out that, “depending on personal circumstance and/or what’s happening in the world at any given moment, one person’s ‘big deal’ is another one’s ‘oh no, my stuff.’ That’s all it may take for some folks to lose their login, and this mail is perhaps more salient than most for the time being.”
Read more »
Subscribe to: Posts (Atom)