Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Databreach. Show all posts
Vulnerabilities and Exploits
CyberCrime Cyberfrauds Cybersecurity Cyberthreats Darkweb Databreach Hackers Vulnerabilities and Exploits

FortiGate Vulnerability Exposes 15,000 Devices to Risks

 



Fortinet Firewall Data Breach: 15,000 Devices Compromised by Belsen Group

On January 14, 2025, it was reported that the configuration data of over 15,000 Fortinet FortiGate firewalls was leaked on the dark web. The hacker group, identified as Belsen, shared this data for free on its newly created TOR website. The leaked information includes full firewall configurations, plaintext VPN credentials organized by IP address and country, serial numbers, management certificates, and other sensitive data. This breach poses a significant security risk to affected organizations, as it enables attackers to compromise internal networks with ease.

Exploitation of Critical Vulnerabilities

According to cybersecurity analysts, the Belsen Group exploited a zero-day vulnerability, identified as CVE-2022-40684, to obtain the leaked data. This vulnerability, published in 2022, allowed attackers to bypass administrative authentication through specially crafted HTTP/HTTPS requests. By leveraging this flaw, the attackers exfiltrated configuration files containing sensitive details such as passwords, firewall rules, and advanced settings. These files, though obtained in 2022, remained undisclosed until January 2025, significantly increasing the risk exposure for affected organizations.

In response to this ongoing threat, Fortinet released patches for CVE-2022-40684 and announced a new critical authentication bypass vulnerability, CVE-2024-55591, on the same day the leak was disclosed. This new vulnerability is being actively exploited in campaigns targeting FortiGate firewalls, particularly those with public-facing administrative interfaces. Devices running outdated FortiOS versions are especially at risk.

Impact and Recommendations

The leaked configuration files provide a comprehensive map of victim networks, including firewall rules and administrator credentials. Threat actors can exploit this information to:

  • Bypass perimeter defenses and gain unauthorized access to internal networks.
  • Deploy ransomware, perform lateral movement, and exfiltrate sensitive data.
  • Identify additional vulnerabilities within the network architecture to maximize attack impact.

Organizations affected by this breach must take immediate action to mitigate risks. This includes:

  • Updating credentials for all compromised devices.
  • Applying the latest security patches, including fixes for CVE-2022-40684 and CVE-2024-55591.
  • Conducting thorough security audits to identify and address additional vulnerabilities.

Cybersecurity expert Kevin Beaumont has announced plans to release an IP list from the leak to help FortiGate administrators determine if their devices were affected. Meanwhile, security firms like CloudSEK and Arctic Wolf have emphasized the importance of prioritizing updates and vigilance against future exploitation campaigns.

Fortinet devices' history of vulnerabilities has made them frequent targets for cybercriminals and nation-state actors. Addressing these security gaps is crucial to preventing further breaches and protecting sensitive organizational data.

Read more »
Databreach
Crypto Wallet Cryptocurrency Breach Cyber Fraud Cyberattacks Cybersecurity Databreach

$494 Million Stolen in Cryptocurrency Wallet Breaches This Year

 


As a result of the churning threat landscape, new threats are always emerging while others disappear or fade into irrelevance. Wallet drainers trick their victims into signing malicious transactions in order to steal their assets. As the name implies, Wallet Drainer is a malicious malware that is used on phishing websites in order to steal crypto assets through the enticement of users to sign malicious transactions. It was estimated that such attacks would result in an average loss of about $494 million in 2024. 

As part of its web3 anti-scam platform, Scam Sniffer, which has been monitoring wallet drainer activity for some time, these insights are derived. Previously, the platform has flagged attacks that have affected up to 100,000 people at the same time, and these tools are phishing tools that are intended to swindle cryptocurrency from users' wallets through fake or compromised websites, thereby stealing money from the wallets of users. 

As a result of the thefts, 30 large-scale thefts involving more than $1 million were reported, with the largest single heist being worth $55.4 million. As a result of this, the number of victims increased by a whopping 6.7% compared to 2023, suggesting that victims held higher amounts on average. According to web3's anti-scam platform, Scam Sniffer, which has been tracking wallet drainer activity for some time now has reported attack waves that have affected up to 100,000 individuals at the same time. The large-scale theft incidents in 2024 were characterized by distinct phases of fraud, phishing, and other sophisticated methods for stealing digital assets. 

The purpose of wallet drainers is to trick users into connecting their wallets to suspicious websites or applications in order to steal digital assets. The first halff of the year (January-June) saw frequent, but smaller-scale incidents, resulting in individual losses that ranged from $1-8 million. In August and September, major losses accounted for 52% of the year's total large-scale losses, with $55.48 million and $32.51 million losses respectively during August and September. 

There was a significant reduction in both frequency and scale of losses during the final quarter, with individual losses typically ranging between $2-6 million, which indicated a significant improvement in market awareness of security threats. It was announced in the second quarter of this year that a drainer service known as Pink Drainer had halted operations, previously known for impersonating journalists in phishing attacks, used to compromise Discord and Twitter accounts in the name of cryptocurrency theft, has been seen to be a drainer service. This caused a decrease in phishing activity, but the scammers gradually picked up the pace in the third quarter, with the Inferno service taking the lead in August and September by causing $110 million in losses. 

The final quarter of the year was considered to be one of the quieter quarters of the year. The annual losses were only about 10.3% of the total losses recorded during 2024 as a whole. Acedrainer emerged at that time as a major player as well, claiming 20% of the drainer market, according to ScamSniffer. It was reported that a total of 90,000 victims had been identified in the second and third quarters when the losses combined ttotalled$257 million; an additional 30,000 victims had been observed in the fourth quarter, which resulted in $51 million in losses. 

There were more attacks in 2024 than at the beginning of the year, but in August and September, in particular, the two largest attacks of last year were observed, at $55.48 million and $32.51 million, respectively. According to this report, Q1 was the busiest time of the year for phishing website activity, resulting in a high rate of theft. The market adjustments made in the second half of the year, as well as the exit of major drainers such as Pink and Inferno, contributed to reduced activity levels in the second half of the year." Scam Sniffer notes. 

As far as tactics were concerned, scammers became more creative during 2024. A study by Scam Sniffer found a significant increase in the use of fake CAPTCHAs and Cloudflare pages, as well as IPFS deployments in order to evade detection. Attackers are also heavily reliant on specific signature types in order to evade detection. In 56.7% of thefts, the “Permit” signature is used to authorize token expenditure, whereas in 31.9%, the “setOwner” signature is used to change ownership rights or admin rights in smart contracts. 

It was also noted that Google Adwords and Twitter ads were used by attackers to lure victims to phishing websites. Attackers manipulated compromised accounts, bots, and fake token airdrops to reel people in through these channels. 

Defending Against Cryptocurrency Attacks 

Currently, cryptocurrency scams are on the rise, so users need to take proactive measures to protect their assets from being harmed, as the prevalence of these scams is on the rise. It is emphasized by experts that one should only interact with vetted websites to reduce exposure to fraudulent platforms. 

To prevent falling victim to phishing schemes, it is equally important that one verifies URLs meticulously before engaging in any transaction. Additionally, users are encouraged to carefully review the transaction approval prompts in order to verify that the details presented are accurate. The ability to simulate a transaction before proceeding increases the level of security by allowing individuals to identify potential risks before investing money. This is a key recommendation that should not be overlooked as well. 

In addition to these practices, it is also advisable to use the built-in wallet warnings for malicious activities. It is common for modern wallets to provide users with alerts that can help detect suspicious behaviour, allowing them to take action before it's too late. It is also possible to remove unauthorized or suspicious permissions from wallets by using token revocation tools. In addition, as cryptocurrency adoption grows globally, there will come a rising trend towards the sophistication of scams that will accompany it. 

Users must remain vigilant, and use the best practices and tools available to ensure that they navigate this evolving landscape safely and effectively in the future. In a constantly changing threat environment, it will be imperative to maintain a proactive approach to security in order to safeguard digital assets.
Read more »
Third Party Data
Databreach Personal Data Privacy Safety Security Third Party Data

HealthEquity Data Breach Exposes Personal Information

 

HealthEquity, a leading provider of Health Savings Accounts (HSAs), has confirmed a significant data breach affecting potentially 4.3 million customers. The breach, discovered in March but only confirmed in June, involved unauthorized access to a data repository containing sensitive personal information.

The compromised data may include names, addresses, phone numbers, Social Security numbers, employment details, and partial payment card information. However, HealthEquity emphasizes that the specific data exposed varies for each individual.   

In response to the breach, HealthEquity has taken steps to secure the affected data repository and implemented a global password reset for the third-party vendor involved. The company will be notifying impacted individuals in early August about the incident and providing details on the actions they are taking.   

To help protect customers, HealthEquity is offering two years of free credit monitoring and identity theft protection through Equifax. Impacted individuals will receive a notification letter with instructions on how to enroll in this service.   

While no hacker group has claimed responsibility for the breach and no data has been leaked publicly thus far, experts advise affected individuals to remain vigilant. Monitor bank statements, credit reports, and watch for suspicious emails or text messages.

This ongoing situation highlights the importance of protecting personal information and underscores the need for robust security measures by companies handling sensitive data.
Read more »
UK
Cyber Security Data Theft Databreach NHS Ransomware UK

Cybersecurity Expert Warns NHS Still Vulnerable After Major Ransomware Attack

 

A leading cybersecurity expert has warned that the NHS remains at risk of further cyber-attacks unless it updates its computer systems. This stark warning follows a significant ransomware attack that severely disrupted healthcare services across London. 

Prof Ciaran Martin, the founding CEO of the UK's National Cyber Security Centre (NCSC), told the BBC: "I was horrified, but not completely surprised. Ransomware attacks on healthcare are a major global problem." NHS England announced it was increasing its cybersecurity resilience and had invested $338 million over the past seven years to address the issue. 

However, Prof Martin’s warnings suggest more urgent action is necessary. A recent British Medical Association report highlighted the NHS's ageing IT infrastructure, revealing that doctors waste 13.5 million hours annually due to outdated systems - equivalent to 8,000 full-time medics' time. 

 The cyber-attack on 3 June, described by Prof Martin as one of the most serious in British history, targeted Synnovis, a pathology testing organisation. This severely affected services at Guy's, St Thomas', King's College, and Evelina London Children's Hospitals. 

NHS England declared it a regional incident, resulting in 4,913 outpatient appointments and 1,391 operations being postponed, alongside major data security concerns. The Russian-based hacking group Qilin, believed to be part of a Kremlin-protected cyber army, demanded a $40 million ransom. When the NHS refused to pay, the group published stolen data on the dark web. 

This incident reflects a growing trend of Russian cyber criminals targeting global healthcare systems. Now a professor at the University of Oxford, Prof Martin highlighted three critical issues facing NHS cybersecurity: outdated IT systems, the need to identify vulnerable points, and the importance of basic security practices.

He further said, "In parts of the NHS estate, it's quite clear that some of the IT is out of date." He stressed the importance of identifying "single points of failure" in the system and implementing better backups. 

Additionally, he emphasized that improving basic security measures could significantly hinder attackers, noting: "Those little things make the point of entry quite a lot harder for the thugs to get in." Emphasizing the severity of the recent attack, he said, "It was obvious that this was going to be one of the most serious cyber incidents in British history because of the disruption to healthcare."
Read more »
Real Estate Scam
Breach Cyber Attacks CyberCrime Databreach Real Estate Scam

Suffolk Cyberattacks: Breach Hamper Suffolk County Real Estate Industry

The local real estate industry has been severely hampered by a breach, that caused the Suffolk County government servers to shut down for more than 20 days.

Since September 8, the cyberattack has prevented access to county websites, servers, and databases, making it impossible to check property titles or submit records. Consequently, obstructing most of the transactions from going through.

According to Sheri Winter Parker, a Corcoran broker, confusion over the situation and when it might end means “my phone is ringing with nonstop texts and emails.”

According to The Suffolk Times, hacking group BlackCat claims credit for the Suffolk cyberattacks and demands a ransom payment in order to restore access to government servers. The BlackCat threat actors state that they have access to around four terabytes of data including individual residents, while much of the data is from the clerk.county.suf domain.

Although County officials have resorted to restoring some records in person, online databases remain inaccessible. Furthermore, County email addresses are offline too, resulting in a massive disruption for brokers, lawyers, and title companies, along with buyers and sellers.

According to Michael Gulotta, founding partner of Gulotta & Gulotta, a Ronkokoma-based law firm, “Real estate transactions are on hold[...]About 45 percent of our business is real estate. This has impacted our staff, clients, and affiliates in a major way.”

Computer experts, on the other hand, are raising concerns that Palo Alto, the cybersecurity company providing the front-line firewall of Suffolk’s defense against cyberattacks, is serving as the main forensic auditor to investigate what happened when the county’s system was hacked.

Palo Alto and RedLand (another cybersecurity company) are both responsible to safeguard Suffolk’s computer system since 2019. Besides, both companies were awarded new contracts in order to manage the county’s response to the attacks, analyse the breach and help resolve the issue.

Suffolk is yet to announce how exactly the threat actors breached its systems. However, the company has not blamed RedLand or Palo Alto for the attacks.

Since the county is still repairing damages from the attack, the police department, the Department of Health Services, and the Traffic and Parking Violations Agency have all taken a hit. 

Read more »
Spain
Cyber Attacks Data Stolen Databreach Iberdrola Spain

1.3 million Iberdrola Customers Hit In Cyberattack

 

A few days ago, the Iberdrola group was hit by a cyberattack that successfully exposed the sensitive credentials of 1.3 million customers, the company confirmed. 

The company further added that the computer breach was stopped within a few hours and the matter was resolved the same day. However, unfortunately, the attack has affected 1.3 million users. The hackers, reportedly, could only access name, surname, and ID. They failed to get access to bank, tax, or electricity consumption data. The next day, once the breach was closed, the company detected massive attacks that did not achieve its objective. 

Following the attack, a statement was released by the company for its customers in which Iberdrola assured that all the necessary steps have been taken to mitigate the impact of the attack and no financial data such as bank details, account numbers, or credit cards details have been violated. Additionally, for future safety, the company has recommended its customers be more cautious of any emails or communications impersonating to be from Iberdrola. 

"If you have received the statement issued by the company, you must be vigilant and regularly monitor what information circulates on the Internet to detect if your private data is being used without your consent," the representatives added. 

The group was chaired by Ignacio Galán who brought forth the same attacks that took place in the Cercanías service in Madrid, in the Congress of Deputies, or in other European institutions. However, he said that the attackers have not had access to critical data. Further, Iberdrola revealed that “we were warned by the United States government about the possibility of a cyber-attack after the invasion of Ukraine.”

Iberdrola is a giant Spanish multinational electric utility company that has more than 34,000 employees serving around 31.67 million customers. The company has the largest shareholders in the global market. According to the 2013 report, the largest shareholder of the company was Qatar Investment Holding, Norges Bank, Kutxabank, and CaixaBank.

Read more »
Subscribe to: Posts (Atom)