Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Hacked. Show all posts
phishing
2FA bypass Account security Accounts Argentina Cyber Security Cybersecurity Digital Payment financial services fraud prevention Hacked online money transfer Payoneer phishing

Accounts on Payoneer in Argentina Compromised in 2FA Bypass Incidents

 

A significant number of Payoneer users in Argentina have reported unauthorized access to their 2FA-protected accounts, resulting in the theft of funds while they were asleep. Payoneer, a financial services platform facilitating online money transfer and digital payments, is particularly popular in Argentina for its ability to enable earnings in foreign currencies without adhering to local banking regulations.

Starting last weekend, users with 2FA-protected accounts experienced sudden loss of access or discovered empty wallets upon login, with losses ranging from $5,000 to $60,000. Prior to the incidents, victims received SMS messages requesting approval for a password reset on Payoneer, which they did not authorize. Some users claim they did not click on the provided URLs, and a few only noticed the SMS after the funds were stolen.

The stolen funds were reportedly sent to unfamiliar email addresses using the 163.com domain. Investigations reveal that many affected users were customers of mobile service providers Movistar and Tuenti, with the majority using Movistar. Suspicions arose regarding a recent Movistar data leak, but the leaked data did not include user email addresses necessary for Payoneer password resets.

One theory suggests a breach in the SMS provider delivering OTP codes, granting threat actors access to codes sent by Payoneer. However, an official statement from Movistar denies responsibility for messages sent through its network and mentions blocking the numbers used in the smishing campaign.

Payoneer, while acknowledging the issue, has not provided specific details about the attack, attributing it to phishing and cooperating with authorities. Tech reporter Juan Brodersen received a statement from Payoneer blaming users, alleging they clicked on phishing links in SMS texts and entered login details on fraudulent pages. Affected users refute this, accusing Payoneer of deflecting responsibility and not addressing potential platform errors or vulnerabilities.

Despite Payoneer's SMS-based 2FA and password recovery process, which relies solely on SMS codes, users argue that the platform should not have had access to later OTP codes required for transactions if the attack was purely phishing-based.

The exact mechanism of the attack remains unclear, with various hypotheses under consideration. Payoneer users in Argentina are advised to withdraw funds or disable SMS-based 2FA and reset passwords until the situation is clarified.

In an update on January 20, a Payoneer spokesperson acknowledged instances of fraud where customers were lured into clicking on phishing links, leading to compromised account credentials or mobile phones. The company asserted swift action to contain fraud attempts and emphasized collaboration with regulators, mobile carriers, and law enforcement agencies. While restitution details vary, Payoneer is actively working to protect customers' funds and recover possible losses.
Read more »
User Security
Compromised Data Cyber Data Cyber Safety Data Breach data security Hacked Hackers Private Data User User Data User Safety User Security

Massive Data Breach at HCA Healthcare: 11 Million Patients' Information Compromised by Hackers

 

Hospital and clinic operator HCA Healthcare has announced that it experienced a significant cyberattack, posing a risk to the data of at least 11 million patients. 

The breach affects patients in 20 states, including California, Florida, Georgia, and Texas. HCA Healthcare, headquartered in Nashville, disclosed that the compromised data includes potentially sensitive information such as patients' names, partial addresses, contact details, and upcoming appointment dates.

This breach, discovered by the company on July 5, is considered one of the largest healthcare breaches in history. HCA Healthcare revealed that the hackers accessed various types of information, including patient names, cities, states, zip codes, emails, telephone numbers, dates of birth, genders, service dates, locations, and next appointment dates.

"This appears to be a theft from an external storage location exclusively used to automate the formatting of email messages," the company said in its Monday announcement.

"The company disabled user access to the storage location as an immediate containment measure and plans to contact any impacted patients to provide additional information and support, in accordance with its legal and regulatory obligations, and will offer credit monitoring and identity protection services, where appropriate," it said.

If the estimated number of affected patients reaches 11 million, this breach would rank among the top five healthcare hacks reported to the Department of Health and Human Services Office of Civil Rights. The most severe breach in this sector occurred in 2015 when medical insurer Anthem was compromised, affecting 79 million individuals. In that case, Chinese spies were indicted, but there is no evidence that the stolen data was ever sold.

According to the Associated Press, the suspected hacker behind the HCA breach initially posted a sample of the stolen data online on July 5, attempting to sell it and potentially extort HCA. The hacker claimed to possess 27.7 million records and subsequently released a file on Monday containing nearly 1 million records from HCA's San Antonio division.

To ensure the legitimacy of any invoices or billing requests, HCA is advising patients to contact the chain at (844) 608-1803 before making any payments. The company has reported the incident to law enforcement and engaged third-party forensic and threat intelligence advisors. 

HCA maintains that the breach, which exposed approximately 27 million rows of data related to around 11 million patients, did not include highly sensitive information such as patients' treatment or diagnosis details, payment information, passwords, driver's license numbers, or Social Security numbers.

Although DataBreaches.net initially reported on the hack and shared a code sample purportedly offered by the hacker, HCA's spokesperson clarified that the code was an email template developed by the company, and the client ID mentioned referred to a doctor's office or facility, not a patient.

HCA Healthcare assured that it has not discovered any evidence of malicious activity on its networks or systems related to this incident. As an immediate containment measure, the company has disabled user access to the storage location. 

HCA intends to reach out to affected patients to provide additional information and support, complying with legal and regulatory obligations. It will also offer credit monitoring and identity protection services where necessary. HCA Healthcare operates more than 180 hospitals and 2,000 care locations, including walk-in clinics, across 20 states and the U.K., according to its website.
Read more »
virus
Advanced Encryption Standard Android Phone CERT-In Cyber Attacks CyberCrime Cybersecurity Daam Government Hacked SMS URL virus

Android Phone Hacked by 'Daam' Virus, Government Warns

 


It has been announced by the central government that 'Daam' malware is infecting Android devices, and the government has issued an advisory regarding the same. CERT-IN, the national cyber security agency of the Indian government, released an advisory informing the public about the possibility of hackers hacking your calls, contacts, history, and camera due to this virus.

The virus' ability to bypass anti-virus programs and deploy ransomware on targeted devices makes it very dangerous, according to the Indian Computer Emergency Response Team or CERT-In, which provided the information. 

As quoted by the PTI news agency, the Android botnet is distributed primarily through third-party websites or apps downloaded from untrusted or unknown sources, according to the Federal Bureau of Investigation. 

The malware is coded to operate on the victim's device using an encryption algorithm known as AES (advanced encryption standard). The advisory reports that the other files are then removed from local storage, leaving only the files that have the extension of ".enc" and a readme file, "readme_now.txt", that contain the ransom note. 

To prevent attacks by such viruses and malware, the central agency has suggested several do's and don'ts. 

The CERT-IN recommends that you avoid browsing "untrusted websites" or clicking "untrusted links" when they do not seem trustworthy. It is advisable to exercise caution when clicking on links contained within unsolicited emails and SMS messages, the organization stated. Specifically, the report recommends updating your anti-virus and anti-spyware software regularly and keeping it up to date.

Once the malware has been installed, it tries to bypass the device's security system. In the case it succeeds in stealing sensitive data, as well as permissions to read history and bookmarks, kill background processing, and read call logs, it will attempt to steal sensitive information of the user. 

"Daam" is also capable of hacking phone calls, contacts, images, and videos on the camera, changing passwords on the device, taking screenshots, stealing text messages, downloading and uploading files, etc. 

In the Sender Information field of a genuine SMS message received from a bank, the Sender ID (abbreviation of the bank) is typically mentioned instead of the phone number, according to the report. 

A cautionary note was provided to users warning them to be aware of shortcut URLs (Uniform Resource Locators) such as the websites 'bitly' and 'tinyurl', which are both URLs pointing to web addresses such as "http://bit.ly/" "nbit.ly" and "tinyurl.com" "/". 

To see the full domain of the website the user is visiting, it is recommended that they hover over the shortened URL displayed. As suggested in the consultation, they may also be able to use a URL checker that allows them to enter both a shortened URL and the complete URL when completing the check. 

This is being viewed as a serious warning by the government to Android phone users throughout the world to remain vigilant and to take all necessary precautions to protect their mobile devices.

The Central Government strives to educate citizens about "Daam" malware, as well as its potential impacts, so citizens can take proactive measures to protect their Android devices and stay safe from cyber threats in the ever-evolving environment we live in today.
Read more »
The Philadelphia Inquirer
Cyber Attacks FBI Hacked Kroll News Corporation publication hacked The Inquirer The Philadelphia Inquirer

Possible Cyberattack on ‘The Philadelphia Inquirer’ Disrupts Printing Operations


The daily newspaper The Philadelphia Inquirer is attempting to patch up the systems that were damaged by what was reportedly a cyberattack that struck its network over the weekend.

The attacks hampered the newspapers’ print operation, and the newspaper was forced to shut down its newsroom until at least Tuesday so that its employees could cover an expensive and highly competitive mayoral race.

"The incident was the greatest publication disruption to Pennsylvania's largest news organization since the blizzard of Jan. 7-8, 1996, and it came just days before Tuesday's mayoral primary election," the Inquirer's Jonathan Lai said.

Lisa Hughes, spokesperson for The Philadelphia Inquirer stated "We appreciate everyone's patience and understanding as we work to fully restore systems and complete this investigation as soon as possible[…]We will keep our employees and readers informed as we learn more."

Reportedly, on Thursday, the newspaper discovered “anomalous activities” on select computer systems. The systems were taken down immediately.

Following the attacks, the regular Sunday newspapers could not be published. Instead, a Sunday "early edition," which went to press on Friday evening, was delivered to print subscribers. The newspaper stated on Sunday that it was "sometimes slower than normal" to upload and update content on its website, Inquirer.com.

Inquirer to Notify Potentially Affected Subscribers 

The Inquirer has also contacted the FBI regarding the cyber intrusion and hired Kroll to help with the investigation and response.

While Hughes was unable to provide information about what was included in the attacks or they gained access to customers' or employees' sensitive information, she confirms that the newspaper would inform those who might have had their data impacted in the incident.

Nearly 200 years after it was first published in 1829, The Philadelphia Inquirer today reaches a rising readership of over 13 million people each month through its newspaper, e-paper, and other platforms.

Moreover, it was also revealed by News Corporation, a mass media and publishing giant and owner of the New York Post, The Wall Street Journal, Dow Jones, MarketWatch, Fox News, Barron's, The Sun, and the News UK, that in February 2023 that Chinese-linked attackers had access to its network between February 2020 and January 2022.

Apparently, the attackers had access to an email and document storage system used by a number of News Corp businesses. As a result, they gained access to emails and business documents containing sensitive data, including employees' personal information.  

Read more »
unauthorised access
Cyber Attacks cybercrime gang Data Stolen Dragos Dragos cybersecurity Dragos hacked Hacked SharePoint cloud platform unauthorised access

Dragos Hacked: Cybersecurity Firm Reveals “Cybersecurity Event”, Extortion Attempt


Industrial cybersecurity company Dragos  recently revealed a “cybersecurity event,” where a notorious cybercrime gang attempted to breach Dragos' defenses and access the internal network to encrypt devices.

The firm disclosed the incident on its blog on May 10, alleging that it took place on May 8 where hackers acquired access to SharePoint and the Dragos contract management system by compromising a new sales employee's personal email address before the employee's start date. The hacker then impersonated the employee to complete the first steps of Dragos' employee-onboarding procedure using the stolen personal information from the hack.

After infiltrating Dragos’ SharePoint cloud platform, the hackers apparently downloaded “general use data” and access 25 intel reports, generally only made available to the customers.

“Dragos' swift response prevented the threat group from achieving its objective — the deployment of ransomware — or to engage in further activity, such as lateral movement, escalating privileges, establishing persistent access, or making changes to any Dragos infrastructure[…]No Dragos systems were breached, including anything related to the Dragos Platform,” the company noted. 

Due to role-based access control (RBAC) regulations, the threat actors were unable to access several Dragos systems during the 16 hours they had access to the employee's account, including its messaging, IT helpdesk, finance, request for proposal (RFP), employee recognition, and marketing systems.

Eleven hours into the attack, after failing to break into the company's internal network, they sent an email of extortion to Dragos executives. Because the message was sent after business hours, it was read five hours later.

Five minutes into reading the extortion message, Dragos disabled the compromised user account, terminated all open sessions, and prevented the hackers' infrastructure from accessing company resources.

The cybercriminal group also attempted to extort the firm by threatening to make the issue public in emails sent to CEOs, senior employees, and family members of Dragos who have public contacts.

One of the IP addresses specified in the IOCs is 144.202.42[.]216, earlier discovered hosting SystemBC malware and Cobalt Strike, both frequently used by ransomware gangs for remote access to compromised systems.

"While the external incident response firm and Dragos analysts feel the event is contained, this is an ongoing investigation. The data that was lost and likely to be made public because we chose not to pay the extortion is regrettable," Dragos said.   

Read more »
Ransomware attack
BlackCat Data Breach Exposed Patient Records Hacked NextGen Healthcare Ransomware attack

NextGen Data Breach, Personal Data of 1.5M Patients Hacked



NextGen Healthcare, the US-based electronic health record company, has recently revealed that their firm has suffered a breach in its systems, where hackers ended up stealing the personal data of more than one million patients, including roughly 4,000 individuals from Maine. 

NextGen Healthcare claimed in a letter to those impacted that hackers stole the names, birthdates, addresses, and Social Security numbers of patients.

"Security, in all its forms, is a top priority for NextGen Healthcare. When we learned of the incident, we took steps to investigate and remediate, including working together with leading outside cybersecurity experts and notifying law enforcement. The individuals known to be impacted by this incident were notified on April 28, 2023, and we have offered them 24 months of free fraud detection and identity theft protection," company spokesperson Tami Andrade stated.

In regards to the information compromised in the data breach, the company confirms that their “investigation has revealed no evidence of any access or impact to any of your health or medical records or any health or medical data.” However, on being asked if the company has any means, such as records, to ascertain what data has been exfiltrated, Andrade declined to respond.

While reporting the issue to the Maine attorney general’s office, the firm noted that it was alerted of the suspicious activities on March 30. They further discovered that hackers had gained access to its networks between March 29 and April 14, 2023. According to the notification, the attackers used client credentials that "appear to have been stolen from other sources or incidents unrelated to NextGen" to log into its NextGen Office system, a cloud-based EHR and practice management solution.

Prior to this incident, in January, NextGen had witnessed a ransomware attack, reportedly conducted by the ALPHV ransomware gang (also known as BlackCat). Fragments of data stolen in the attack, such as employee names, addresses, phone numbers, and passport scans were apparently seen listed on ALPHV’s dark web leak site.  

Read more »
Tesla
Cyber Security cybercriminals Cybersecurity Elon Musk Hacked Technology News Tesla

19-Year-Old Claims to Have Hacked Into More Than 25 Teslas

 

A 19-year-old hacker claims to have remotely opened the doors and windows of over 25 Tesla vehicles in 13 countries, as well as turned= on their radios, flash their headlights, and even start their engines and begin "keyless driving." David Colombo, who claims to be an IT specialist based in Germany, also claims to have been able to disable the vehicles' anti-theft systems and determine whether or not a driver is present. 

In a Monday tweet, Colombo claimed to have "complete remote control" of the Teslas, but later explained that he was never able to take over automobiles to "remotely manage steering or acceleration and braking." 

"Yes, I potentially could unlock the doors and start driving the affected Tesla’s," he tweeted. "No I cannot intervene with someone driving (other than starting music at max volume or flashing lights) and I also cannot drive these Tesla’s remotely." Colombo tweeted on Tuesday that his breach was "not a vulnerability in Tesla's system," but rather "it’s the owners faults."

Colombo stated on Twitter that he was able to disable Sentry Mode, an anti-theft feature in which a built-in camera functions as a de facto alarm system. When an alert is triggered, cameras begin filming in the area around the vehicle. The video is then streamed to the vehicle's owner via a mobile app. 

This is not the first time that a Tesla vehicle has been hacked. The Tesla Model X's Autopilot was hacked many times in 2020. In one case, Israeli researchers from Ben Gurion University deceived the car by flashing "phantom" images on a road, wall, or sign, leading it to brake suddenly or steer in the wrong way. A few months later, Wired reported that Lennert Wouters, a researcher at KU Leuven, "stole" a Tesla Model X in 90 seconds. 

Tesla CEO Elon Musk said last fall that he will cooperate with regulators to ensure that electric car drivers' personal data is safe from hackers. With the rapid rise of autonomous driving technology, data security in automobiles is causing more public worry than ever before, he said through remote hook-up at an electric vehicle conference in China. 

By 2025, an estimated 470 million automobiles will be linked to a computerized database, making them prime targets for cybercriminals. According to Tech Monitor, the automobile cybersecurity industry is predicted to be worth $4 billion by that same year.
Read more »
Spy Agency
China Cyber Attacks Hacked Spy Agency

Chinese Airlines Hacked by Foreign Spy Services

 

The Chinese government claimed on November 1, 2021, via official media, that foreign spy services had infiltrated various airlines and stolen passenger travel details. According to reports, such a pronouncement by the Chinese government is unprecedented. 

Authorities from China's Ministry of State Security, the country's civilian intelligence, security, and secret police agency, revealed the hacking effort the week before. The hacking activity was uncovered in January 2020 when one of China's airlines disclosed a security vulnerability to MSS officers. 

Investigators claimed they traced the breaches to a proprietary malware used by the attackers to steal passenger information and data from the very first victim. Following an inquiry, it was discovered that other airlines had been infiltrated in the same way. 

“After an in-depth investigation, it was confirmed that the attacks were carefully planned and secretly carried out by an overseas spy intelligence agency,” the MSS said in a press release distributed via state news channels. 

The MSS did not officially assign responsibility for the operation to any foreign organization or government. Two Chinese security firms, Qihoo 360 and QiAnxin, produced papers in March 2020 alleging the US Central Intelligence Agency of hacking Chinese enterprises, especially airlines, however the claims referred to past actions spanning between September 2008 and June 2019. 

The news statement is noteworthy in and of itself, given the Chinese government usually never discloses attacks carried out by foreign state-sponsored hackers. 

This is in stark contrast to how Western nations and commercial cyber-security providers handle similar crises. When a big security breach occurs, western security firms hurry to investigate and publish public blog articles about the assault, with government authorities issuing a formal statement and attribution weeks or months later. When it concerns the Middle Kingdom, things are quite the reverse. 

Following the major two reports from Qihoo 360 and QiAnxin in March 2020, this reporter contacted numerous Chinese security businesses and unaffiliated security researchers to enquire about how the Chinese state conducts international cyber-espionage assaults and the ensuing investigations and attribution. 

Several individuals, including officials from two large Chinese cybersecurity organizations, have stated that Chinese security firms routinely identify assaults involving foreign state actors, including the US.
Read more »
Indexed Finance
$16 million Cyber Attacks DeFi Hacked Hacker Indexed Finance

The Hacker who Stole $16 Million of Indexed Finance, Gets Identified

 

Indexed Finance, decentralized finance (DeFi) technology that enables token holders to monitor market indices, has identified the attacker who stole their $16 million. 

On Thursday, October 14th, the DeFi protocol stated that it had been the victim of a flash loan attack in which the attacker stole $16 million. The attacker reportedly created new tokens valued for millions after overloading the system with fresh assets and causing price fluctuations. 

The Indexed team stated in a post-attack statement that the breach "was a pretty devastating one" and damaged the DEFI5 and CC10 indexes. The address utilized to take the cash, according to the investigation report, was 0xba5ed1488be60ba2facc6b66c6d6f0befba22ebe. 

Indexed Finance urged the attacker to retain 10% of the cash and refund the remainder within hours after the attack. However, once this deadline passed and an ultimatum to refund 100 percent of the stolen monies passed, the team stated that it had established connections that identified the hacker.

The team went on to explain that, while the attack was initially overlooked, investigations revealed that the attacker funded their wallet with accounts at crypto exchanges FTX and Kraken. Both exchanges required users to perform know your customer checks, which Indexed Finance was able to examine to identify the person behind the $16 million crime. 

"In the minutes before the deadline elapsed, @ZetaZeroes made changes to his accounts that have made us realize at the last minute that the attacker is significantly younger than we thought," the protocol wrote. 

Until the hacker's identity has been determined, Indexed Finance has placed a "hold" on disclosing any more information whereas an internal discussion on how best to proceed considering the hacker's age takes place. 

Nevertheless, the NDX coin is still under pressure in the marketplace, having dropped by 7% in the last week due to the attack. Currently, the token was trading at roughly $2.65 per US dollar with a -2.11% drop.
Read more »
User Data Leak
45 Lakh Air India Cyber Attacks Hacked User Data User Data Leak

45 Lakh Customer Data Compromised as Air India Servers Gets Hacked

 

A massive cyberattack was perpetrated against the domestic carrier Air India, which compromised passengers' data including passports, contacts, ticket information, and credit card information. 

Air India is India's flag carrier, based in New Delhi. It owns and runs the Airbus and Boeing aircraft fleet serving 102 national and international destinations and is operated by Air India Limited. 

The airline stated that the incident impacted about 4,500,000 data subjects worldwide. The company further added that the violation involved data from somewhere between August 2011 and February 2021. 

“The breach involved personal data registered between 26 August 2011 and 3 February 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data (but no passwords data were affected) as well as credit cards data,” a message from Air India reads. 

While the airline has admitted that the credit card details have been violated, it has made it clear that its data processors have not held the CVV/CVC numbers - which are the key to carrying out transactions. 

"Our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers. This incident affected around 4,500,000 data subjects in the world," said the statement issued by Air India. 

The state-owned flight operator also mentioned that the first communication concerning the data violation had been obtained from its data processor on 25 February 2021. That being said, on March 25 and May 4, the identification of the data subjects concerned was given. 

"While we had received the first notification in this regard from our data processor on 25.02.2021, we would like to clarify that the identity of the affected data subjects was only provided to us by our data processor on 25.03.2021 and 5.04.2021," the statement said. 

Air India has also mentioned that it follows data protection policies and has started investigating data protection incidents. The airline also secures vulnerable servers, engages external computer protection experts, liaises, and notifies Air India frequent flyer program credit card issuers and reset flyer passwords.
Read more »
U.N.
cyber attack Hacked Microsoft U.N.

Sophisticated Hackers Infiltrate Dozens of U.N. Servers


An internal confidential document from the United Nations, leaked to The New Humanitarian and seen by The Associated Press, says many servers were undermined including at the U.N. human rights office, which gathers rather sensitive information all year round.

 According to a U.N. official, the hack seemed very "sophisticated" and the degree of the damage stays vague, particularly regarding personal, secret or compromising information that may have been 'stolen'.

The official, who talked openly about the scene, basically on the condition of appearing anonymous, said frameworks have since been strengthened. “It’s as if someone were walking in the sand, and swept up their tracks with a broom afterward. There’s not even a trace of a clean-up,” says the authority said.

Jake Williams, CEO of the cybersecurity firm Rendition Infosec and a former U.S. government hacker says, “The intrusion definitely looks like espionage,” referring to the incident which occurred just the previous year where the 'sophisticated hackers' had invaded U.N. offices in Geneva and Vienna in an apparent espionage operation, and their identity and the degree of the information they acquired is obscure.

 “The attackers have a goal in mind and are deploying malware to machines that they believe serve some purpose for them and any number of intelligence agencies from around the globe are likely interested in infiltrating the U.N,” Williams added further.

U.N. representative Stephane Dujarric said the attack “resulted in a compromise of core infrastructure components” and was “determined to be serious.” The 'earliest' activity was identified with the intrusion that happened in July and it was detected in August, he said in light of emailed questions.

He said the world body needs more data to figure out who may have been behind the incursion; however included "the methods and tools used in the attack indicate a high level of resource, capability, and determination."

The report says that the hackers exploited a flaw in Microsoft's SharePoint software to penetrate the systems however that the type of malware utilized was unknown, nor had professionals recognized the command and control servers on the web used to exfiltrate data.

Nor was it comprehended what component and mechanism were utilized by the hackers to keep up their presence on the invaded systems. The inner document from the U.N. Office of Information and Technology said 42 servers were "compromised" and another 25 were regarded "suspicious," about all at the sprawling Geneva and Vienna offices.

Three of the "compromised" servers are believed to belong to the Human Rights office, which is situated across town from the primary U.N. office in Geneva, and two were utilized by the U.N. Economic Commission for Europe.

Nonetheless, this hack comes in the midst of rising concerns about computer or cell phone vulnerabilities, both for huge associations like governments and the U.N. just as for individuals and businesses.

Read more »
IT Firm Hacked
Accounts Hacked China Cyber Crime Report Database hacked Hacked IT Firm Hacked

China hacked TCS, 7 other major firms: Report

‘Operation Cloud Hopper’ — a global cyber espionage campaign — first made headlines when Chinese hackers reportedly broke past IBM and Hewlett Packard Enterprise. Now, it seems that they weren’t the only ones attacked.

Hackers working for China’s Ministry of State security broke into networks of eight of the world’s biggest technology service providers in an effort to steal commercial secrets from their clients, according to sources familiar with the attacks.

Technology service providers such as Hewlett Packard Enterprise (HPE), IBM, Fujitsu, Tata Consultancy Services (TCS), NTT Data, Dimension Data, Computer Sciences Corporation (CSC) and DXC Technology, HPE’s spun-off services arm, were the target of Cloud Hopper attributed to the Chinese government by the United States and its Western allies.

It isn’t just TCS that was hacked. The service provider was used as a jumping off point to gain access to their client’s networks.

Meanwhile, China is denying all involvement in the attacks and companies are claiming that no sensitive information was compromised, but the Reuters report shows otherwise.

A U.S. indictment in December outlined an elaborate operation to steal Western intellectual property in order to advance China’s economic interests but stopped short of naming victim companies.

Reuters has identified more than a dozen victims who were clients of the service providers. That list includes Swedish telecoms giant Ericsson, U.S. Navy shipbuilder Huntington Ingalls Industries and travel reservation system Sabre.

HPE said it worked “diligently for our customers to mitigate the attack and protect their information.” DXC said it had “robust security measures in place” to protect itself and clients, neither of which have “experienced a material impact” due to Cloud Hopper.

NTT Data, Dimension Data, Tata Consultancy Services, Fujitsu and IBM declined to comment. IBM has previously said it has no evidence sensitive corporate data was compromised by the attacks.

Sabre said it had disclosed a cybersecurity incident in 2015 and an investigation concluded no traveler data was accessed. A Huntington Ingalls spokeswoman said the company is “confident that there was no breach of any HII data,” via HPE or DXC.
Read more »
Ransomware
Bitcoin Hacked Ransomware

Moscow’s First Cable Car System Hacked a Day after Launch




Moscow's Mayor Sergei Sobyanin in an extravagant ceremony propelled Moscow's first cable car service promising free rides for the first month. In any case, tragically, just 2 days after the service was made accessible, hackers apparently hacked into the cable car system and tainted them with ransomware.

As per the local news outlets, who previously reported the incident and Moscow's Mayor, the main computer for the cable car system was tainted with ransomware and was requesting a payoff installment in bitcoins to unscramble the documents required for the operation of the cable car.

"According to the agency interlocutor, a message was received from an unknown person on the head computer of the Moscow Cable Cars operating company requesting to transfer bitcoins to him in exchange for decrypting all the electronic files of the computer that is responsible for the cable car operation. The amount of the ransom, said in the letter, depends "on the speed of response to the letter." As a result, there was a failure in the cable car."

The attack or rather the infection happened on Wednesday, November 28, at around 14:00, local time.

The attack was severe to the point that it had its effect on even the servers of the Moscow Ropeway (MKD), which apparently halted the majority of its task when it was informed about it.

The office's servers were exposed to a security review on November 29, and the infection was fortunately removed. Cable Car transports continued on the 30th, as per a message posted on the MKD's official website.

As of yet there are no points of interest thought about the kind of ransom ware that tainted the MKD's servers, or even the amount of the Bitcoin ransom demanded.

Read more »
Wi-Fi Router
Botnets Hacked Wi-Fi Router

Your Internet Connection is most likely “hacked”; Experts say so


In case you're utilizing a Wi-Fi connection in your home, you would be very astonished to realize that your web connection is most likely 'hacked', but t real question is by whom, and what for...?

Saravanan K, a Bengaluru-based specialist working on security answers for organizations probably knows best as per him, a great many people who aren't well aware of the dangers lurking deep in the technical world don't change the default equipment and the default settings, which in itself is a serious issue.

Its biggest example being the surveillance cameras where people will in general leave the usernames and passwords at the manufacturer setting, and after that any other person who cognizes the IP address can sign into them over the Web. The equivalent is frequently valid with Wi-Fi routers, as there are numerous individuals who do not comprehend them by any means.

In a study, by the Chinese cyber security analysts Netlab 360 demonstrated that India has indeed the most home routers tainted by BCMPUPnP_Hunter. This malware has made a botnet with more than 100, 00 routers and uses it to send incalculable spam messages. China and the USA both have a high number of tainted devices, yet the number in India is evidently just about a multiple times higher.

 “They're basically using your home as a base of operations to attack other people. So they don't want to take down your computer nor do anything else that will get them noticed, they want you to stay online an active," explains Saravanan.

"This is actually a big problem for the home users.” Adding further he says, “What's happening is that your Internet bandwidth is being consumed, so your streaming might seem slow, or your data limit might be hit sooner than expected, costing you real money, and apart from that, the other downside is that attacks like credential stuffing are being powered by your network, and that's going to hurt other consumers like yourself."

The darker the colour, the more number of infected devices.

But there's only much that an average user can do to remain safe and the only possible path through which they can secure themselves as pointed out via a research from IBM is by purchasing new hardware.

Anyway it's as yet imperative to realize that these sorts of botnets are developing and spreading fast, and will influence the other gadgets as well, where the effect can be significantly more dangerous. The progressions caused make the attacks by these botnets a lot harder to distinguish by users, and subsequently prompting the expansion in these issues after some time.

Read more »
Subscribe to: Posts (Atom)