Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Email Hacking. Show all posts
white hat hacking
Backdoor Data Breach Email Hacking Email scam Supply Chain Attack User Privacy white hat hacking

Data Breached on Toyota Supplier Portal

Eaton Zveare, a US-based researcher proactively informed Toyota of the breach found in the Global Supplier Preparation Information Management System (GSPIMS) of the corporation.

According to Zveare, the problem stemmed from installing JWT, or JSON Web Token, authentication that could have given anyone with a working email address access to any account.

JWT is a session token that is created when a user logs onto a website and is used to verify the user's access to secure APIs or portions of the website. The automaker's web platform, known as GSPIMS, enables remote login and management of the company's global supply chain for employees and suppliers.

The researcher could predict an email address by scanning the internet for Toyota personnel who might be involved in the incident. Corporate Toyota email addresses are simple to guess because they use the format firstname.lastname@toyota.com.

Then, Zveare created a legitimate JWT using that email address and utilized it to access the GSPIMS. He used the same way to access a system administrator account he found after performing some portal reconnaissance.

The company avoided a potentially disastrous leak thanks to Zveare's effective disclosure practices, yet the reward for disclosing this vital issue was $0.Despite following the rules of disclosure and rescuing the company from a potentially disastrous leak, It acts as a strong deterrent to investing more time and energy in investigating the infrastructure security of Toyota, he adds. Due to this, similar, exploitable application weaknesses can go unnoticed—at least by 'white hat' researchers like Zveare.

An administrator of the GSPIMS system has access to private data such as secret documents, project schedules, vendor rankings, and customer data for 14,000 users. To allow this option, it appears that the code that creates the JWT based on email address was developed; nevertheless, this backdoor into the network was also created.


Read more »
Twitter
Cybersecurity Firms Data Breach Data Stolen Email Hacking Hacking Hudson Rock Password Stolen Twitter

No Evidence: Twitter Denies Hacking Claims and The Stolen Data Being Sold Online


Twitter has denied the claim of getting hacked and the stolen data being sold online. 

According to a LinkedIn post last week by Alon Gal, co-founder of the Israeli cybersecurity monitoring company Hudson Rock, stolen data has been discovered, that contained email addresses of more than 200 million twitter users. 

The breach would probably result in "hacking, targeted phishing, and doxxing," according to Gal, who labeled it as a "significant leak" and said that the information had been uploaded on an internet hacker forum. 

He claimed that despite alerting the firm, Twitter, he had not received a response. 

"I urge security researchers to conduct a thorough examination of the leaked data and rule out Twitter's conclusion of the data being an enrichment of some sort which did not originate from their own servers," says Alon Gal. 

Although, Twitter has denied all claims of the emails, allegedly linked to the users’ accounts, being obtained through a hack. 

In regards to the issue Twitter responded by stating “in response to recent media reports of Twitter users’ data being sold online, we conducted a thorough investigation and there is no evidence that data recently being sold was obtained by exploiting a vulnerability of Twitter systems.” 

According to Twitter, the stolen records in question was instead probably a collection of data “already publicly available online.” While it still warns online users to be wary of suspicious emails. 

Gal, meanwhile, disapproved of Twitter's answer in a fresh post on LinkedIn. In contrast to instances of data enrichments, he noted, “The authenticity of the leak is evident in the lack of false positives between Twitter usernames and emails found in the database, opposite to cases of data enrichments.” 

The disclosure came to light following the multiple reports that Twitter data of millions of users – 5.4 million in November 2022, 400 million in December 2022, and 200 million last week – have been exposed online for sale on cybercrime forums. 

The Breach Could Not Be Correlated to Previous or New Incidents 

Twitter, in its latest post says that the latest dataset breach of 200 million users “could not be correlated with the previously reported incident, nor with any new incident or any data originating from an exploitation of Twitter systems.” 

It added that, “None of the datasets analyzed contained passwords or information that could lead to passwords being compromised.” 

Moreover, in December 2022, another set of reports claimed that 400 million email addresses and phone numbers were stolen from Twitter – which the company denied as well.  

Read more »
Virus Attack
Antivirus Discord Email Hacking Hackers Malicious Apps malware Phishing Attacks Virus Attack

Threats of Discord Virus: Ways to Eliminate it

Discord has gained popularity as a tool for creating communities of interest since the launch of its chat and VoIP services, notably among gamers. Discord can be exploited, though, similar to any other platform that contains user-generated material. 

It was discovered in 2021 that hackers carried out a number of malware attacks targeting Discord. Cybercriminals use various techniques to spread more than 20 different varieties that have been found. Due to Discord's broad customizability possibilities, common users are vulnerable to attacks inside and outside the chat server. Recent security analysis on Discord has uncovered a number of cyberattack scenarios connected to its chat service, which can be quite risky for users.

How does the Discord virus infiltrate the system?

The common phrase used to describe malware programs exchanged using the official Discord app is 'Discord Virus.' To get Discord users to run malicious software, cybercriminals use a variety of tactics, the pirated version of Discord Nitro is also frequently offered by attackers. 

The Discord software has a premium edition called Discord Nitro that is packed with more sophisticated capabilities. It is important to understand that the Discord Nitro app cannot be cracked because the premium features are delivered over the servers and not embedded into the app.

The system does display a few typical signs that point to the existence of Trojan infection:
  • The CPU is abruptly utilized more than normal
  • The system regularly glitches
  • Malicious pop-ups are constantly flooding browser
  • The user is not asked to initiate the opening of a window
  • Redirection to suspicious or unreliable websites
How to Update and Fix Discord

1. Operate discord as an administrator

Running the application with administrative rights may be a simple way to fix the Discord Update Failure problem. You can download and run the most recent Discord update due to this enabling the updater to change your device.

2. Give the update.Exe file a new name

A bug with the application's update.exe file was discovered by Discord's troubleshooters. For the best chance of successfully updating Discord to the most recent version, try renaming this file.

Copy "C: Users Username AppData" without the quotations and put it into the Windows + R keyboard shortcut. The username should be changed to the username for your local account.

3. Avoid using windows defender

The Discord Update occasionally crashes due to conflicts with Windows 10's default antivirus protections. Disabling Windows Defender will allow you to try updating Discord.

4. Disable your antivirus temporarily

Antivirus programs have a reputation for causing problems on computers by obstructing your internet service or preventing services and apps from operating as intended.

Discord can give rise to predatory behaviors like cyberbullying. Additionally, extreme organizations utilize Discord to recruit new members and keep in touch with them. You should take precautions against malicious users on Discord and never give out your personal information to anyone.

While utilizing the service, Discord provides a list of precautions to take in order to avoid spam and hacking. One recommendation is to create secure passwords that are less likely to be hacked. Additionally, individuals can defend themselves by scanning for suspected phishing attempts. 


Read more »
Iranian
Cyber Attacks Cybersecurity Email Fraud Email Hacking email threat Energy sector Iran Iranian

Iran’s Atomic Energy Organization Confirms E-mail Hack

 

The Atomic Energy Organization of Iran (AEOI) has confirmed that an anonymous “foreign country” has hacked an e-mail server belonging to one of its subsidiaries and allegedly published the information online, as per reports. 

The Iranian threat actor, named ‘Black Reward’ in a statement posted on his Twitter handle says that it has released the hacked information relating to Iranian nuclear activities. The hackers describe their action as an act of support for the Iranian protesters. 

The said protests continue in Iran after the death of Mahsa Amini (22-year-old) in September, who apparently died in police custody for not following the strict Islamic dress protocol of the country. The violent protest and street violence resulted in several deaths of protesters, along with that of security force staff. Furthermore, hundreds of demonstrators have allegedly been detained. 

A statement published by the Black Reward on Saturday showing support for the protests, read “In the name of Mahsa Amini and for women, life, and freedom.”  

The hacking group threatened the Iranian state to leak the hacked documents of Tehran’s nuclear program if they would not release all the prisoners and people detained in the protests, within 24 hours. Additionally, the group demands the release of political prisoners, claiming to have leaked 50 gigabytes of internal emails, contracts and construction plans relating to the country’s Russian-sponsored nuclear power plant in Bushehr, publishing files on its Telegram channel. 

According to the statement shared by the hacking group, the released information includes “management and operational schedules of different parts of Bushehr power plant,” passport and visa details of Iran and Russia based specialists working in the power plant and “atomic development contracts and agreements with domestic and foreign partners.” 

Although the atomic energy organization’s general department of public diplomacy and information denied the relevance of the released data, stating “this move was made with the aim of attracting public attention” 

“It should be noted that the content in users’ emails contains technical messages and common and current daily exchanges […] It is obvious that the purpose of such illegal efforts, which are carried out of desperation, is to attract public attention, create media atmospheres and psychological operations, and lack any other value,” the organization confirmed.
Read more »
Threat actor
Baltimore Cyber Crime Email Hacking Phishing Attack Threat actor

Baltimore City was Duped Out of $376K

 

A new report from the Office of the Inspector General (OIG) reveals that a cyber-criminal posing as a vendor duped Baltimore city out of hundreds of thousands of dollars last year. In October 2021, the OIG initiated an investigation after obtaining information from Baltimore's Bureau of Accounting and Payroll Services (BAPS) about an alleged fraudulent Electronic Funds Transfer (EFT). The Mayor's Office of Children and Family Success (MOCFS) issued the Vendor with EFT payment funds.

BAPS and MOCFS were contacted by email on December 22, 2020 and January 7, 2021, from an email address linked with an employee of the Vendor firm, asking for a change to its EFT remittance details. On December 16, 2020, the email linked with the Vendor Employee sent BAPS a Vendor Payment & Electronic Funds Transfer Form. 

The OIG later determined that the Vendor Employee's email account had been hacked by a malicious actor who had set up rules within the Vendor Employee's email account as a result of a phishing assault. As a result, the malicious actor was able to correspond with City workers without the Vendor's awareness. 

On January 5, 2021, the fraudster contacted MOCFS and BAPS once more, this time requesting that the funds be transferred to a new account at a third financial institution. As verification, the fraudster sent a bank letter and a copy of a voided check with the same details as the third account. BAPS paid $376,213.10 into the third account on January 7, 2021, believing the fraudster's assertions. 

The OIG discovered that BAPS employees do not have access to a list of authorized signatories for vendors and must rely on the information given by representatives from City agencies. Furthermore, instead of independently validating information and requests, BAPS relied on MOCFS to assist the request and accepted an incoming phone call from someone pretending to be the Vendor's Chief Financial Officer. 

In his response to this report, Director of Finance Henry Raymond notified the OIG that new protocols had been implemented requiring Department of Finance (DOF) workers to independently verify bank changes with an executive-level employee. DOF has also devised processes to exclude City agencies from vendor accounting procedures.
Read more »
UK
Cyber Attacks Data hack Email Attacks Email Hacking ICO Phishing emails Privacy Security Spam Emails UK

ICO Struck by 2650% Rise in Email Attacks in 2021

 

The UK's Information Commissioner's Office (ICO) reported a whopping 2650% spike in email attacks in 2021, as per official numbers acquired by the Parliament Street think tank following a Freedom of Information request, 

Email attacks on the UK's privacy and data protection regulator increased from 150,317 in January to 4,135,075 in December, according to the findings. For each month last year, the data refers to the volume of phishing emails discovered, malware detected and prevented, and spam detected and blocked by the ICO. 

The majority of the attacks were caused by spam emails, which increased by 2775 % from January to December. During this time, the number of phishing emails climbed by 20%, while malware increased by 423 percent. 

In December, the statistics revealed a significant increase in email attacks, with 4,125,992 spam messages, 7886 phishing emails, and 1197 malware cases. This increase is likely to be linked to the Omicron variant's rapid spread in the UK at the end of the year, with threat actors able to use issues like testing and immunizations as bait. This is in addition to the Christmas scams that proliferate in the build-up to the holidays. 

Edward Blake, area vice president EMEA of Absolute Software, commented: “Cyber-attacks are targeting organizations across the globe at an alarming rate, once again reminding businesses of the need to re-evaluate and revamp their security protection if it is not up to scratch. Cybersecurity is not just about protecting endpoints via anti-malware or email cybersecurity solutions. While these are important, there are now a variety of access points for cyber-criminals to capitalize on that IT leaders need to be aware of. These include vulnerable unpatched applications and network vulnerabilities, stolen or illegally purchased log-in credentials or even by hacking unprotected smart devices.” 

Barracuda Networks' manager, Steven Peake, expressed similar concerns, saying: “The pandemic continues to be a catalyst for opportunistic cyber-criminals to try and prey on unsuspecting, vulnerable people. Our recent research showed a 521% surge in COVID-19 test-related phishing attacks, so it is hardly surprising to see major organizations, such as the ICO, hit by such a high volume of threats as they represent lucrative targets. Phishing emails, malware, and spam, in particular, account for a large proportion of the threats these organizations face, so they need to implement measures to protect themselves. These cyber-attackers aren’t going anywhere anytime soon.” 

As part of its plans to reform the country's data sector, the UK government announced plans to revamp the ICO's structure last year.
Read more »
Mobile Security
Email Email Hacking FBI Gmail Google Voice Mobile Security

You Might Be A Victim Of Google Voice Scam, Here's How To Protect Your Account

 

According to the FBI, Americans sharing their contact numbers online are attacked by Google Voice authentication scams. FBI explains that scammers are targeting users who have posted their phone numbers as a form of contact while trying to sell their products or services on online market platforms and social media. 

"Recently, we have also been getting reports of people who are getting targeted in other locations, including sites where you post about lost pets," reports FBI. 

Once successful, scammers set up a Google voice account in their victims' name or hack the target's Gmail accounts. Scammers use these hijacked emails later for other malicious campaigns or phishing attacks. 

The scammers contact their targets using text messages or emails that show their interest in items up for selling, the scammer then asks the seller to verify themselves by providing an authentication code from Google. FBI says "what he is really doing is setting up a Google Voice account in your name using your real phone number as verification."

After the Google Voice account is set up, scammers can easily launch other attacks, these attacks can't be retracted back to their origin. An attacker can also use these codes to penetrate and take control of a victim's Gmail account. 

How to protect yourself? 

If you have suffered a Google Voice authentication scam, the FBI suggests visiting Google's support website for assistance on how to get back your Google Voice account and retake your Voice number. 
  • You can also follow these tips suggested by the FBI:  ‌
  • Never share your Google verification code with anyone.  ‌
  • Only deal with buyers or customers in person. Use verified payment platforms for money transfer. ‌Avoid sharing your email Ids to buyers/sellers doing business on phone. 
  • Don't rush yourself into a sale. Your buyer may pressure you to respond, keep patience, don't get manipulated. 
If you suspect you have fallen victim to these online scams, you can report the incident to the FBI's Internet Crime Complaint Center, or call their local FBI office. 

"If your linked number gets claimed, that means you or someone else is using that number with another Voice account. If you still own the linked number, you can add it back to the Voice account where you want to use it," says the Google support website.
Read more »
Threat actors
Cyber Security Email Hacking Open Source Software Security Researchers Threat actors

TA551 Employs the SLIVER Red Team Tool

 

According to cybersecurity firm Proofpoint, the cybercriminal group known as TA551 has demonstrated a significant shift in tactics with the inclusion of the open-source pentest tool Sliver to its arsenal. 

Proofpoint has been tracking TA551 as a criminal threat actor since 2016. Other security firms refer to it as Shathak. TA551 acquires access to stolen mails or hacked email accounts – commonly known as thread hijacking – which it exploits in email campaigns to disseminate malware, according to Proofpoint. Ursnif, IcedID, Qbot, and Emotet were among the malware payloads released by TA551. For ransomware threat actors, this actor serves as an initial access facilitator. 

The use of SLIVER by TA551 illustrates the actor's versatility. TA551 would compromise a victim and potentially broker access to enable the deployment of Cobalt Strike and eventually ransomware as an established initial access broker exploiting initial access via email threat campaigns. SLIVER allows TA551 actors to obtain rapid access to victims and engage with them, giving them more direct capabilities for execution, persistence, and lateral mobility. This could eliminate the need for secondary access. 

Proofpoint has discovered that their banking trojan-based operations have resulted in ransomware attacks. Proofpoint examines with a high level of certainty. In 2020, TA551 IcedID implants were linked to the Maze and Egregor ransomware attacks.

Proofpoint discovered emails that seemed to be answers to prior conversations but included password-protected compressed Word documents on October 20, 2021. Sliver, an open-source, cross-platform adversary simulation, and red team platform are downloaded from the attachments. The activity differed significantly from the strategies, techniques, and processes used in TA551. When a victim opens the zipped attachment, they are routed to a Microsoft Word document with macros. SLIVER is downloaded if macros are enabled. 

Information collection, command and control (C2) functionality, token manipulation, process injection, and other functions are all available for free online with SLIVER. Cybercrime threat actors are increasingly relying on red teaming techniques. Between 2019 and 2020, for example, Proofpoint saw a 161% rise in threat actors using the red teaming tool Cobalt Strike. Lemon Tree and Veil are two further offensive frameworks that appear to be employed as first-stage payloads by cybercriminals. 

Cybercriminals' adoption of Sliver comes only months after US and UK government agencies warned that Russian state-sponsored cyberspy organization APT29 had added the pentest framework to their arsenal. However, the move is unsurprising, as security specialists have long warned of the blurring line between nation-state and cybercriminal activity, with each side adopting strategies from the other to better mask their footprints, or engaging in both sorts of operations.
Read more »
Subscribe to: Posts (Atom)