Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Email Hacking. Show all posts
white hat hacking
Backdoor Data Breach Email Hacking Email scam Supply Chain Attack User Privacy white hat hacking

Data Breached on Toyota Supplier Portal

Eaton Zveare, a US-based researcher proactively informed Toyota of the breach found in the Global Supplier Preparation Information Management System (GSPIMS) of the corporation.

According to Zveare, the problem stemmed from installing JWT, or JSON Web Token, authentication that could have given anyone with a working email address access to any account.

JWT is a session token that is created when a user logs onto a website and is used to verify the user's access to secure APIs or portions of the website. The automaker's web platform, known as GSPIMS, enables remote login and management of the company's global supply chain for employees and suppliers.

The researcher could predict an email address by scanning the internet for Toyota personnel who might be involved in the incident. Corporate Toyota email addresses are simple to guess because they use the format firstname.lastname@toyota.com.

Then, Zveare created a legitimate JWT using that email address and utilized it to access the GSPIMS. He used the same way to access a system administrator account he found after performing some portal reconnaissance.

The company avoided a potentially disastrous leak thanks to Zveare's effective disclosure practices, yet the reward for disclosing this vital issue was $0.Despite following the rules of disclosure and rescuing the company from a potentially disastrous leak, It acts as a strong deterrent to investing more time and energy in investigating the infrastructure security of Toyota, he adds. Due to this, similar, exploitable application weaknesses can go unnoticed—at least by 'white hat' researchers like Zveare.

An administrator of the GSPIMS system has access to private data such as secret documents, project schedules, vendor rankings, and customer data for 14,000 users. To allow this option, it appears that the code that creates the JWT based on email address was developed; nevertheless, this backdoor into the network was also created.


Read more »
Twitter
Cybersecurity Firms Data Breach Data Stolen Email Hacking Hacking Hudson Rock Password Stolen Twitter

No Evidence: Twitter Denies Hacking Claims and The Stolen Data Being Sold Online


Twitter has denied the claim of getting hacked and the stolen data being sold online. 

According to a LinkedIn post last week by Alon Gal, co-founder of the Israeli cybersecurity monitoring company Hudson Rock, stolen data has been discovered, that contained email addresses of more than 200 million twitter users. 

The breach would probably result in "hacking, targeted phishing, and doxxing," according to Gal, who labeled it as a "significant leak" and said that the information had been uploaded on an internet hacker forum. 

He claimed that despite alerting the firm, Twitter, he had not received a response. 

"I urge security researchers to conduct a thorough examination of the leaked data and rule out Twitter's conclusion of the data being an enrichment of some sort which did not originate from their own servers," says Alon Gal. 

Although, Twitter has denied all claims of the emails, allegedly linked to the users’ accounts, being obtained through a hack. 

In regards to the issue Twitter responded by stating “in response to recent media reports of Twitter users’ data being sold online, we conducted a thorough investigation and there is no evidence that data recently being sold was obtained by exploiting a vulnerability of Twitter systems.” 

According to Twitter, the stolen records in question was instead probably a collection of data “already publicly available online.” While it still warns online users to be wary of suspicious emails. 

Gal, meanwhile, disapproved of Twitter's answer in a fresh post on LinkedIn. In contrast to instances of data enrichments, he noted, “The authenticity of the leak is evident in the lack of false positives between Twitter usernames and emails found in the database, opposite to cases of data enrichments.” 

The disclosure came to light following the multiple reports that Twitter data of millions of users – 5.4 million in November 2022, 400 million in December 2022, and 200 million last week – have been exposed online for sale on cybercrime forums. 

The Breach Could Not Be Correlated to Previous or New Incidents 

Twitter, in its latest post says that the latest dataset breach of 200 million users “could not be correlated with the previously reported incident, nor with any new incident or any data originating from an exploitation of Twitter systems.” 

It added that, “None of the datasets analyzed contained passwords or information that could lead to passwords being compromised.” 

Moreover, in December 2022, another set of reports claimed that 400 million email addresses and phone numbers were stolen from Twitter – which the company denied as well.  

Read more »
Virus Attack
Antivirus Discord Email Hacking Hackers Malicious Apps malware Phishing Attacks Virus Attack

Threats of Discord Virus: Ways to Eliminate it

Discord has gained popularity as a tool for creating communities of interest since the launch of its chat and VoIP services, notably among gamers. Discord can be exploited, though, similar to any other platform that contains user-generated material. 

It was discovered in 2021 that hackers carried out a number of malware attacks targeting Discord. Cybercriminals use various techniques to spread more than 20 different varieties that have been found. Due to Discord's broad customizability possibilities, common users are vulnerable to attacks inside and outside the chat server. Recent security analysis on Discord has uncovered a number of cyberattack scenarios connected to its chat service, which can be quite risky for users.

How does the Discord virus infiltrate the system?

The common phrase used to describe malware programs exchanged using the official Discord app is 'Discord Virus.' To get Discord users to run malicious software, cybercriminals use a variety of tactics, the pirated version of Discord Nitro is also frequently offered by attackers. 

The Discord software has a premium edition called Discord Nitro that is packed with more sophisticated capabilities. It is important to understand that the Discord Nitro app cannot be cracked because the premium features are delivered over the servers and not embedded into the app.

The system does display a few typical signs that point to the existence of Trojan infection:
  • The CPU is abruptly utilized more than normal
  • The system regularly glitches
  • Malicious pop-ups are constantly flooding browser
  • The user is not asked to initiate the opening of a window
  • Redirection to suspicious or unreliable websites
How to Update and Fix Discord

1. Operate discord as an administrator

Running the application with administrative rights may be a simple way to fix the Discord Update Failure problem. You can download and run the most recent Discord update due to this enabling the updater to change your device.

2. Give the update.Exe file a new name

A bug with the application's update.exe file was discovered by Discord's troubleshooters. For the best chance of successfully updating Discord to the most recent version, try renaming this file.

Copy "C: Users Username AppData" without the quotations and put it into the Windows + R keyboard shortcut. The username should be changed to the username for your local account.

3. Avoid using windows defender

The Discord Update occasionally crashes due to conflicts with Windows 10's default antivirus protections. Disabling Windows Defender will allow you to try updating Discord.

4. Disable your antivirus temporarily

Antivirus programs have a reputation for causing problems on computers by obstructing your internet service or preventing services and apps from operating as intended.

Discord can give rise to predatory behaviors like cyberbullying. Additionally, extreme organizations utilize Discord to recruit new members and keep in touch with them. You should take precautions against malicious users on Discord and never give out your personal information to anyone.

While utilizing the service, Discord provides a list of precautions to take in order to avoid spam and hacking. One recommendation is to create secure passwords that are less likely to be hacked. Additionally, individuals can defend themselves by scanning for suspected phishing attempts. 


Read more »
Iranian
Cyber Attacks Cybersecurity Email Fraud Email Hacking email threat Energy sector Iran Iranian

Iran’s Atomic Energy Organization Confirms E-mail Hack

 

The Atomic Energy Organization of Iran (AEOI) has confirmed that an anonymous “foreign country” has hacked an e-mail server belonging to one of its subsidiaries and allegedly published the information online, as per reports. 

The Iranian threat actor, named ‘Black Reward’ in a statement posted on his Twitter handle says that it has released the hacked information relating to Iranian nuclear activities. The hackers describe their action as an act of support for the Iranian protesters. 

The said protests continue in Iran after the death of Mahsa Amini (22-year-old) in September, who apparently died in police custody for not following the strict Islamic dress protocol of the country. The violent protest and street violence resulted in several deaths of protesters, along with that of security force staff. Furthermore, hundreds of demonstrators have allegedly been detained. 

A statement published by the Black Reward on Saturday showing support for the protests, read “In the name of Mahsa Amini and for women, life, and freedom.”  

The hacking group threatened the Iranian state to leak the hacked documents of Tehran’s nuclear program if they would not release all the prisoners and people detained in the protests, within 24 hours. Additionally, the group demands the release of political prisoners, claiming to have leaked 50 gigabytes of internal emails, contracts and construction plans relating to the country’s Russian-sponsored nuclear power plant in Bushehr, publishing files on its Telegram channel. 

According to the statement shared by the hacking group, the released information includes “management and operational schedules of different parts of Bushehr power plant,” passport and visa details of Iran and Russia based specialists working in the power plant and “atomic development contracts and agreements with domestic and foreign partners.” 

Although the atomic energy organization’s general department of public diplomacy and information denied the relevance of the released data, stating “this move was made with the aim of attracting public attention” 

“It should be noted that the content in users’ emails contains technical messages and common and current daily exchanges […] It is obvious that the purpose of such illegal efforts, which are carried out of desperation, is to attract public attention, create media atmospheres and psychological operations, and lack any other value,” the organization confirmed.
Read more »
Threat actor
Baltimore Cyber Crime Email Hacking Phishing Attack Threat actor

Baltimore City was Duped Out of $376K

 

A new report from the Office of the Inspector General (OIG) reveals that a cyber-criminal posing as a vendor duped Baltimore city out of hundreds of thousands of dollars last year. In October 2021, the OIG initiated an investigation after obtaining information from Baltimore's Bureau of Accounting and Payroll Services (BAPS) about an alleged fraudulent Electronic Funds Transfer (EFT). The Mayor's Office of Children and Family Success (MOCFS) issued the Vendor with EFT payment funds.

BAPS and MOCFS were contacted by email on December 22, 2020 and January 7, 2021, from an email address linked with an employee of the Vendor firm, asking for a change to its EFT remittance details. On December 16, 2020, the email linked with the Vendor Employee sent BAPS a Vendor Payment & Electronic Funds Transfer Form. 

The OIG later determined that the Vendor Employee's email account had been hacked by a malicious actor who had set up rules within the Vendor Employee's email account as a result of a phishing assault. As a result, the malicious actor was able to correspond with City workers without the Vendor's awareness. 

On January 5, 2021, the fraudster contacted MOCFS and BAPS once more, this time requesting that the funds be transferred to a new account at a third financial institution. As verification, the fraudster sent a bank letter and a copy of a voided check with the same details as the third account. BAPS paid $376,213.10 into the third account on January 7, 2021, believing the fraudster's assertions. 

The OIG discovered that BAPS employees do not have access to a list of authorized signatories for vendors and must rely on the information given by representatives from City agencies. Furthermore, instead of independently validating information and requests, BAPS relied on MOCFS to assist the request and accepted an incoming phone call from someone pretending to be the Vendor's Chief Financial Officer. 

In his response to this report, Director of Finance Henry Raymond notified the OIG that new protocols had been implemented requiring Department of Finance (DOF) workers to independently verify bank changes with an executive-level employee. DOF has also devised processes to exclude City agencies from vendor accounting procedures.
Read more »
UK
Cyber Attacks Data hack Email Attacks Email Hacking ICO Phishing emails Privacy Security Spam Emails UK

ICO Struck by 2650% Rise in Email Attacks in 2021

 

The UK's Information Commissioner's Office (ICO) reported a whopping 2650% spike in email attacks in 2021, as per official numbers acquired by the Parliament Street think tank following a Freedom of Information request, 

Email attacks on the UK's privacy and data protection regulator increased from 150,317 in January to 4,135,075 in December, according to the findings. For each month last year, the data refers to the volume of phishing emails discovered, malware detected and prevented, and spam detected and blocked by the ICO. 

The majority of the attacks were caused by spam emails, which increased by 2775 % from January to December. During this time, the number of phishing emails climbed by 20%, while malware increased by 423 percent. 

In December, the statistics revealed a significant increase in email attacks, with 4,125,992 spam messages, 7886 phishing emails, and 1197 malware cases. This increase is likely to be linked to the Omicron variant's rapid spread in the UK at the end of the year, with threat actors able to use issues like testing and immunizations as bait. This is in addition to the Christmas scams that proliferate in the build-up to the holidays. 

Edward Blake, area vice president EMEA of Absolute Software, commented: “Cyber-attacks are targeting organizations across the globe at an alarming rate, once again reminding businesses of the need to re-evaluate and revamp their security protection if it is not up to scratch. Cybersecurity is not just about protecting endpoints via anti-malware or email cybersecurity solutions. While these are important, there are now a variety of access points for cyber-criminals to capitalize on that IT leaders need to be aware of. These include vulnerable unpatched applications and network vulnerabilities, stolen or illegally purchased log-in credentials or even by hacking unprotected smart devices.” 

Barracuda Networks' manager, Steven Peake, expressed similar concerns, saying: “The pandemic continues to be a catalyst for opportunistic cyber-criminals to try and prey on unsuspecting, vulnerable people. Our recent research showed a 521% surge in COVID-19 test-related phishing attacks, so it is hardly surprising to see major organizations, such as the ICO, hit by such a high volume of threats as they represent lucrative targets. Phishing emails, malware, and spam, in particular, account for a large proportion of the threats these organizations face, so they need to implement measures to protect themselves. These cyber-attackers aren’t going anywhere anytime soon.” 

As part of its plans to reform the country's data sector, the UK government announced plans to revamp the ICO's structure last year.
Read more »
Mobile Security
Email Email Hacking FBI Gmail Google Voice Mobile Security

You Might Be A Victim Of Google Voice Scam, Here's How To Protect Your Account

 

According to the FBI, Americans sharing their contact numbers online are attacked by Google Voice authentication scams. FBI explains that scammers are targeting users who have posted their phone numbers as a form of contact while trying to sell their products or services on online market platforms and social media. 

"Recently, we have also been getting reports of people who are getting targeted in other locations, including sites where you post about lost pets," reports FBI. 

Once successful, scammers set up a Google voice account in their victims' name or hack the target's Gmail accounts. Scammers use these hijacked emails later for other malicious campaigns or phishing attacks. 

The scammers contact their targets using text messages or emails that show their interest in items up for selling, the scammer then asks the seller to verify themselves by providing an authentication code from Google. FBI says "what he is really doing is setting up a Google Voice account in your name using your real phone number as verification."

After the Google Voice account is set up, scammers can easily launch other attacks, these attacks can't be retracted back to their origin. An attacker can also use these codes to penetrate and take control of a victim's Gmail account. 

How to protect yourself? 

If you have suffered a Google Voice authentication scam, the FBI suggests visiting Google's support website for assistance on how to get back your Google Voice account and retake your Voice number. 
  • You can also follow these tips suggested by the FBI:  ‌
  • Never share your Google verification code with anyone.  ‌
  • Only deal with buyers or customers in person. Use verified payment platforms for money transfer. ‌Avoid sharing your email Ids to buyers/sellers doing business on phone. 
  • Don't rush yourself into a sale. Your buyer may pressure you to respond, keep patience, don't get manipulated. 
If you suspect you have fallen victim to these online scams, you can report the incident to the FBI's Internet Crime Complaint Center, or call their local FBI office. 

"If your linked number gets claimed, that means you or someone else is using that number with another Voice account. If you still own the linked number, you can add it back to the Voice account where you want to use it," says the Google support website.
Read more »
Threat actors
Cyber Security Email Hacking Open Source Software Security Researchers Threat actors

TA551 Employs the SLIVER Red Team Tool

 

According to cybersecurity firm Proofpoint, the cybercriminal group known as TA551 has demonstrated a significant shift in tactics with the inclusion of the open-source pentest tool Sliver to its arsenal. 

Proofpoint has been tracking TA551 as a criminal threat actor since 2016. Other security firms refer to it as Shathak. TA551 acquires access to stolen mails or hacked email accounts – commonly known as thread hijacking – which it exploits in email campaigns to disseminate malware, according to Proofpoint. Ursnif, IcedID, Qbot, and Emotet were among the malware payloads released by TA551. For ransomware threat actors, this actor serves as an initial access facilitator. 

The use of SLIVER by TA551 illustrates the actor's versatility. TA551 would compromise a victim and potentially broker access to enable the deployment of Cobalt Strike and eventually ransomware as an established initial access broker exploiting initial access via email threat campaigns. SLIVER allows TA551 actors to obtain rapid access to victims and engage with them, giving them more direct capabilities for execution, persistence, and lateral mobility. This could eliminate the need for secondary access. 

Proofpoint has discovered that their banking trojan-based operations have resulted in ransomware attacks. Proofpoint examines with a high level of certainty. In 2020, TA551 IcedID implants were linked to the Maze and Egregor ransomware attacks.

Proofpoint discovered emails that seemed to be answers to prior conversations but included password-protected compressed Word documents on October 20, 2021. Sliver, an open-source, cross-platform adversary simulation, and red team platform are downloaded from the attachments. The activity differed significantly from the strategies, techniques, and processes used in TA551. When a victim opens the zipped attachment, they are routed to a Microsoft Word document with macros. SLIVER is downloaded if macros are enabled. 

Information collection, command and control (C2) functionality, token manipulation, process injection, and other functions are all available for free online with SLIVER. Cybercrime threat actors are increasingly relying on red teaming techniques. Between 2019 and 2020, for example, Proofpoint saw a 161% rise in threat actors using the red teaming tool Cobalt Strike. Lemon Tree and Veil are two further offensive frameworks that appear to be employed as first-stage payloads by cybercriminals. 

Cybercriminals' adoption of Sliver comes only months after US and UK government agencies warned that Russian state-sponsored cyberspy organization APT29 had added the pentest framework to their arsenal. However, the move is unsurprising, as security specialists have long warned of the blurring line between nation-state and cybercriminal activity, with each side adopting strategies from the other to better mask their footprints, or engaging in both sorts of operations.
Read more »
phishing
Chipotle Cyber Fraud Email Hacking Fake Mails Nobelium phishing

Chipotle's Email Marketing Account Compromised to Spread Malware

 

In mid-July, a new phishing attack was detected that used a compromised mailing service account. In the four days between July 13, 2021, and July 16, 2021, the anti-phishing company uncovered 121 phishing emails in this campaign. 

In May 2021, Nobelium (suspected of being behind the SolarWinds attack) tried a similar phishing method. Microsoft reported in May on a Nobelium campaign in which fraudulent emails were delivered to 3,000 accounts across 150 companies in 24 countries. All of the fraudulent emails were sent by Constant Contact mailing service, using the hacked account of the US Agency for International Development (USAID). 

Inky, the anti-phishing firm identified the new campaign, and the amount is likely to be a small fraction of the overall number of emails sent. Inky states in its study that it is examining if the current campaign was initiated by the same threat actor or by copycat criminals using the same approach as Nobelium. 

The method comprises of hacking into a legitimate mail service user's account. The account used in the most recent instance belonged to Chipotle, a fast-food chain, and the mail provider used was Mailgun. Because the emails look authentic from high-reputation sources, this approach has a high success rate. 

Since they come from a high-reputation IP address (Mailgun: 166.78.68.204) and pass SPF and DKIM authentication, the emails clear various automated phish detection systems. 

Two were vishing attacks (phony voicemail alerts with malware attachments), 14 impersonated the USAA Bank, and 105 impersonated Microsoft, out of 121 phishing emails discovered. Inky does not specify what malware was used in the vishing attacks, nor does it mention the firms which were phished. 

A mail.chipotle[.]com link in the 14 USAA bank impersonations was linked to a fake and fraudulent USAA Bank credential harvesting site. The credential harvesting site is a convincing copy of the legitimate bank site, along with a flawless logo of USAA logo. 

The researchers commented, “The black hats can make these pages by simply cloning the real page, changing just one or two details to the underlying HTML, and voila! A credential-harvesting page is born.” 

The majority of phishing emails masquerade to be from Microsoft. This is predictable, given that nearly everyone has a Microsoft account, and almost all store a wealth of information (such as other logins, trade secrets, financial details, and more). 

In the sample presented by Inky, the email is sent by ‘Microsoft 365 Message Center'. The subject reads, “You have (7) clustered/undelivered emails 16 July 2021,” This should not mislead an informed user who wonders why Microsoft is sending emails through a fast-food chain, but it may deceive automated detection systems that depend largely on the sender reputations. 

The email's body is a classic fraud trap. Seven emails from the target have been held up due to storage difficulties, but they are now ready for collection (the curiosity trigger). Ignoring the notification may result in the account being disabled (the fear trigger). Then there's a button that says "Release messages to the inbox." The user is sent to a credential harvesting fake Microsoft login page when they click this button. 

The difference between the sender's name (in this case, Microsoft, USAA, and VM Caller ID) and the actual email sender (in this case, postmaster[@]chipotle[.]com) is the key to identifying this sort of phishing email. The former is unlikely to send emails using the latter. However, on the other hand, secure email gateways frequently rely on verifying simply whether the sending domain is authentic and that the email is coming from an approved range of IP addresses.
Read more »
US
Cyber Security Email Account Compromise Email Hacking EU Microsoft US

EU Banking Regulator Suffers Cyberattack in a Microsoft Email Breach

A significant EU financial regulator, the EU Banking Authority said that it suffered a cyberattack where its Microsoft email systems were hacked. The US company is putting the blame on a Chinese threat actor. Recently, Microsoft said that a Chinese state-sponsored hacking group was exploiting earlier unknown security vulnerabilities in Microsoft's exchange email services to hijack government and user data. The list of victims counts to as many as tens of thousands. Microsoft earlier this week said that "Hafnium attacks were in no way connected to the separate SolarWinds-related attacks." 

Threat actor "Hafnium" is highly skilled and sophisticated, says Microsoft. Hafnium has earlier attacked companies based in the US that include cybersecurity firms, law firms, defense contractors, think tanks, defense agencies, NGOs, and universities. The EBA (EU Banking Authority) said in a statement that the inquiries have not revealed any data theft as of now. Presently, the EBA e-mail infrastructure is safe and the investigation concludes that there has been no data breach, says the statement. 

There's no evidence to suggest that the breach affected anything more than email servers.  The company says that the investigation is still in process and security measures have been set up to restore the functionality of e-mails. EBA in a statement issued on Sunday said that it had shut down its systems as a preventive measure, observing that hackers may have got access to personal data in the emails. The company has issued updates to fix the security issues. It is very much likely that the hackers may want to take the advantage of the unpatched systems, says Tom Burt, Microsoft executive. 

In this regard, Security Week reported, "Beijing typically rejects US hacking charges out of hand and last year berated Washington following allegations that Chinese hackers were attempting to steal coronavirus research. In January, the US said Russia was probably behind the massive SolarWinds hack that hit large swathes of the government and private sectors, and which experts say may constitute an ongoing threat."  
Read more »
Email Hacking
Anonymous Hackers Cyber Attacks Data Breach Email Hacking

Norwegian Parliament Hit by a Cyber-Attack on Its Internal Email System


Stortinget, the Norwegian Parliament succumbed to a cyber-attack that targeted its internal email system. The news came in on Tuesday when the Norwegian parliament's director, Marianne Andreassen, affirmed that the threat actors had targeted the parliament. 

The hackers penetrated email accounts for elected representatives and employees, from where they stole various amounts of data. Andreassen said that the incident is currently being monitored, and, so couldn't give any insight into who was responsible for the attack, or the number of hacked accounts.

People whose accounts were exposed in the attack have been informed about the same and a report has been filed with the Norwegian police and the nation's intelligence agency has just begun investigating the incident, as per a statement the agency posted on its Twitter account after the incident. 

The local press, who initially broke the story additionally, announced that the parliament's IT staffs has closed down its email service to keep the hackers from siphoning more information. 

Besides this, a representative for Norway's main opposition party, the Labour Party, told public broadcaster NRK that the attack had additionally affected a few Labour Party members and staff. 

After the incident was found, the Norwegian National Security Authority (NSA) was brought in to counter the attack and get to the bottom of what had occurred "We have been involved for a few days," said NSA spokesman Trond Oevstedal. 

"We are assisting parliament with analysis and technical assistance." Andreassen said that the parliament had discovered "anomalies a little more than a week ago." 

"A number of risk-reducing immediate measures were implemented to stop the attack," said Andreassen. "These measures had an immediate effect." 

In a statement issued earlier read: "Burglary has been registered in the email accounts of a small number of parliamentary representatives and employees. Our analyses show that different amounts of data have been downloaded." 

The Storting through this statement said that the attackers had snatched a vague measure of data. So far no there is no info released with respect to what sort of cyber-attack was executed against the Norwegian parliament or who was responsible for it. 

However, as Andreassen said to the reporters they take the matter quite seriously and have given our complete attention to investigating the situation to get a complete image of the incident and the possible degree of harm caused by it.

Read more »
Email Hacking
Aeronautical Aeronautical Development Agency Business Email Compromise Email Email Account Compromise Email Hacking

Aeronautical agency’s email account hacked

The official email account of the Aeronautical Development Agency (ADA) was recently hacked and data manipulated, allegedly by a private aerospace engineering company.

The hackers breached into the TAN login and even changed a mobile number linked the certain account and unauthorised online corrections were made to manipulate tax returns of a private aerospace engineering company in Bengaluru.

Rangarajan S (58), a senior executive with the ADA, filed a complaint with the cybercrime police of the Criminal Investigation Department (CID) seeking legal action against unknown hackers on June 4. Based on the complaint, the police registered a case under various sections of the Information Technology Act and are probing.

In his complaint, Rangarajan said the hackers not only accessed details of financial transactions, but also made changes in the TDS for 2017-18. In addition to this, the hackers also allegedly changed the password, email ID and mobile IDs, and updated the PAN details of the company they belonged to. The police said the fraud might have occurred between March and May this year and come to light recently during the verification of official accounts.

“On March 31, an amount of Re 1 has been remitted to ADA’s TAN number. Also, some unknown person has filed 27EQ return of 4th quarter FY 2018-19 offline on May 7 (possibly at TIN-FC centre). ADA’s TDS Reconciliation and Correction Enabling Systems user ID and login password have been accessed unauthorisedly on May 14.”

Confirming the account’s hacking, senior ADA officials said that though there has been a breach in the account, there is no security concern. “This is not a serious issue as the account was in the open domain. No data pertaining to the agency has been compromised,” an officer said.

The cybercrime police are trying to ascertain the motive behind the hacking.
Read more »
United States
Bank fraud Email Hacking United States

3 million dollar was stolen from Investment company through email hacking scam




According to authorities, Two con artists from New Jersey and their team hacked into several corporate accounts stealing almost $3 million which was meant for a Manhattan real state transaction on Thursday.

The fraud took place after two foreigners gained access to the corporate email account of the investment company, they were keeping eye on potential investment deals through the emails. The name of the investment firm has not been revealed.

Before a deal of $2.8 million dollar was done, the foreigners emailed the investment company fraudulent account details that appeared to be coming from intended recipient. According to the prosecutors, the two foreigners who planned and stole the money from investment company are known by the name  Estarlin Reynoso and  Lucy Beswick

According to the court papers, Beswick, 27 instructed  Reynoso, 29, step by step on how to open a business account and how to wire the stolen funds through the whatsapp messaging service.

Manhattan DA Cyrus Vance said “New Yorkers whose jobs include wiring money should pay attention to this case, Business email compromises cause billions in worldwide losses each year, but there are steps that companies large and small can take to avoid becoming a victim.”

Vance has suggested businesses to be careful of the authenticity of the emails. They should be verified through verbal communication if transfer of funds are involved.He also suggested to use anti-phishing tools to authenticate emails.

According to the Prosecutor, Reynoso transferred funds to three different banks in China before the fraud was detected. Both the accused were charged with Larceny,identity theft and criminal possession of stolen funds.
The investment company was able to recover most of the funds. Beswick was freed without bail while Reynoso was released on bail for $10000.

Read more »
Personal Data
Email Hacking Personal Data

Personal data of almost a billion people are hacked








Personal data of nearly one billion people have been hacked by a caliginous company that is untraceable since the incident has happened. 

The database contains email addresses of around 982 million people. According to researchers, this could be the ‘biggest and most comprehensive email database' breaches ever.

The pieces of information that have been compromised includes names, gender, date of birth, employer, details of social media accounts and home addresses. 

The database was created by Verifications.io, and it did not have any kind of security measure. 

The firm was a marketing company, that offered a service of email validation to another marketing firm. The service includes authentication of email addresses. 

The company took down its website after the leak was uncovered and they have refused requests for a comment on the situation.

The motive behind the hack is not clear as the backers are maintaining their anonymity because of dubious tactics used by them to offer their service. 


Moreover, they have refused to comment on the situation.

Read more »
email security
Cyber Security Email Hacking email security

Lee County Tax Collector’s email hacked

On Thursday, an email went out from the office of Lee County Tax Collector Larry Hart, sent by hackers having gained access to his email.





It has been reported that Hart was using a device out of his office and the device was compromised.

Lee County taxpayers are now worried that their information might have been compromised in the hack. However, Noelle Branning, Deputy Chief Tax Collector, said that because Larry Hart rarely emails taxpayers directly, they aren’t likely to have received the email.

"We don't think our taxpayers need to have any concern," Branning said. "Additionally, it doesn't appear that any taxpayer information has been compromised in any way."

While the office maintains that it does not seem that any information has been compromised, Branning cautions anyone opening an email from Hart to be careful.

"If it's an email coming from Mr. Hart containing an attachment or a link, no one should open the attachment, nor should they try to click on the link," said Branning.

Hart’s account has been disabled as a security measure and is undergoing a forensic exam. A cybersecurity professional is helping them get to the bottom of the hack. Meanwhile, an organisation-wide advisory has been sent to make them aware of the risk.

Other counties have also been warned of the possibility of a hack.
Read more »
Privacy
Accounts Leaked Celebrity Hacked Email Hacking Privacy

Email Account's of Jeffrey Tambor hacked by "Guccifer"

The AOL mail account of Jeffery Tambor and his wife Kasia was hacked by a "celebrity hacker" called Guccifer. The hacker is also the reason behind many recent leaks on Dorothy Bush Koch ,  Colin Powell ,  Lisa Murkowski ,Jim Nantz , Patricia Legere , Bill Clinton and Sidney Blumenthal.



He leaked lots of data from the hacked accounts including private pictures and correspondences. He used Jeffrey Tambor's email account to distribute material previously stolen from the mail accounts of other victims, including former Bill Clinton aide Sidney Blumenthal and Joseph Verner Reed, a top United Nations under-secretary-general.And like his previous hacks he leaked private pictures of Mr.Jeffery Tambor.


 He also used the AOL account of  Kasia Tambor’s to send mails to reporters containing a memos of that Blumenthal sent to Hillary Clinton  about the political situation in Libya.

Based on past attacks the IP address of the hacker is said to be from Russia but it is most probably a proxy, a hacker who is smart enough to pull of such hacks will not be leaving traces.



Read more »
OpSyria
Anonymous Hackers Anonymous leaks confidential documents Breaking News Database Leaked Email Hacking hacker news OpSyria

Anonymous leaks 1GB of internal Govt emails from the Syrian Ministry of Foreign Affairs



The hacktivist hacker group Anonymous have leaked 1GB of documents that contains internal government emails from Syrian Ministry of Foreign Affairs. Hackers has leaked the data as part of the ongoing operation called "#OpSyria".

The leaked documents contains all sort of information including scanned passports from Syrian ministers (PDF) and details about arms transportation from Ukraine,  and even a report which shows that 200 tons of Syrian bank notes have been shipped from Russia.

"Most of the material is in Arabic and we invite all arabic speakers to look through the mails for interesting documents." Hackers invite arabic speakers to translate the documents.

The files can be accessed via the email viewer set up on par-anoia.nethttp://par-anoia.net/releases.html or by downloading the compressed MBOX archive and importing it into an email client.
Read more »
Subscribe to: Posts (Atom)