Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Hacked. Show all posts
Hacker attack
Cyber Attacks Cybersecurity Breach Data Breaches Data Leaked data security Defaced Website Hacked Hacker attack

Russian-Linked Surveillance Tech Firm Protei Hacked, Website Defaced and Data Published

 

A telecommunications technology provider with ties to Russian surveillance infrastructure has reportedly suffered a major cybersecurity breach. The company, Protei, which builds systems used by telecom providers to monitor online activity and restrict access to websites and platforms, had its website defaced and internal data stolen, according to information reviewed by TechCrunch. The firm originally operated from Russia but is now based in Jordan and supplies technology to clients across multiple regions, including the Middle East, Europe, Africa, Mexico, Kazakhstan and Pakistan. 

Protei develops a range of systems used by telecom operators, including conferencing platforms and connectivity services. However, the company is most widely associated with deep packet inspection (DPI) tools and network filtering technologies — software commonly used in countries where governments impose strict controls on online information flow and communication. These systems allow network providers to inspect traffic patterns, identify specific services or websites and enforce blocks or restrictions. 

It remains uncertain exactly when the intrusion occurred, but archived pages from the Wayback Machine indicate the public defacement took place on November 8. The altered site contained a short message referencing the firm’s involvement in DPI technology and surveillance infrastructure. Although the webpage was restored quickly, the attackers reportedly extracted approximately 182 gigabytes of data from Protei’s systems, including email archives dating back several years. 

A copy of the exposed files was later supplied to Distributed Denial of Secrets (DDoSecrets), an organization known for cataloging leaked data from governments, law enforcement agencies and companies operating in surveillance or censorship markets. DDoSecrets confirmed receiving the dataset and made it available to researchers and journalists. 

Prior to publication, TechCrunch reached out to Protei leadership for clarification. Mohammad Jalal, who oversees the company’s Jordan branch, did not initially respond. After publication, he issued an email claiming the company is not connected to Russia and stating that Protei had no confirmed knowledge of unauthorized data extraction from its servers. 

The message left by the hacker suggested an ideological motive rather than a financial one. The wording referenced SORM — Russia’s lawful interception framework that enables intelligence agencies to access telecommunications data. Protei’s network filtering and DPI tools are believed to complement SORM deployments in regions where governments restrict digital freedoms. 

Reports from research organizations have previously linked Protei technology to censorship infrastructure. In 2023, Citizen Lab documented exchanges suggesting that Iranian telecommunications companies sought Protei’s systems to log network activity and block access to selected websites. Documents reviewed by the group indicated the company’s ability to deploy population-level filtering and targeted restrictions. 

The breach adds to growing scrutiny surrounding technology vendors supplying surveillance capabilities internationally, especially in environments where privacy protections and freedom of expression remain vulnerable.
Read more »
phishing
2FA bypass Account security Accounts Argentina Cyber Security Cybersecurity Digital Payment financial services fraud prevention Hacked online money transfer Payoneer phishing

Accounts on Payoneer in Argentina Compromised in 2FA Bypass Incidents

 

A significant number of Payoneer users in Argentina have reported unauthorized access to their 2FA-protected accounts, resulting in the theft of funds while they were asleep. Payoneer, a financial services platform facilitating online money transfer and digital payments, is particularly popular in Argentina for its ability to enable earnings in foreign currencies without adhering to local banking regulations.

Starting last weekend, users with 2FA-protected accounts experienced sudden loss of access or discovered empty wallets upon login, with losses ranging from $5,000 to $60,000. Prior to the incidents, victims received SMS messages requesting approval for a password reset on Payoneer, which they did not authorize. Some users claim they did not click on the provided URLs, and a few only noticed the SMS after the funds were stolen.

The stolen funds were reportedly sent to unfamiliar email addresses using the 163.com domain. Investigations reveal that many affected users were customers of mobile service providers Movistar and Tuenti, with the majority using Movistar. Suspicions arose regarding a recent Movistar data leak, but the leaked data did not include user email addresses necessary for Payoneer password resets.

One theory suggests a breach in the SMS provider delivering OTP codes, granting threat actors access to codes sent by Payoneer. However, an official statement from Movistar denies responsibility for messages sent through its network and mentions blocking the numbers used in the smishing campaign.

Payoneer, while acknowledging the issue, has not provided specific details about the attack, attributing it to phishing and cooperating with authorities. Tech reporter Juan Brodersen received a statement from Payoneer blaming users, alleging they clicked on phishing links in SMS texts and entered login details on fraudulent pages. Affected users refute this, accusing Payoneer of deflecting responsibility and not addressing potential platform errors or vulnerabilities.

Despite Payoneer's SMS-based 2FA and password recovery process, which relies solely on SMS codes, users argue that the platform should not have had access to later OTP codes required for transactions if the attack was purely phishing-based.

The exact mechanism of the attack remains unclear, with various hypotheses under consideration. Payoneer users in Argentina are advised to withdraw funds or disable SMS-based 2FA and reset passwords until the situation is clarified.

In an update on January 20, a Payoneer spokesperson acknowledged instances of fraud where customers were lured into clicking on phishing links, leading to compromised account credentials or mobile phones. The company asserted swift action to contain fraud attempts and emphasized collaboration with regulators, mobile carriers, and law enforcement agencies. While restitution details vary, Payoneer is actively working to protect customers' funds and recover possible losses.
Read more »
User Security
Compromised Data Cyber Data Cyber Safety Data Breach data security Hacked Hackers Private Data User User Data User Safety User Security

Massive Data Breach at HCA Healthcare: 11 Million Patients' Information Compromised by Hackers

 

Hospital and clinic operator HCA Healthcare has announced that it experienced a significant cyberattack, posing a risk to the data of at least 11 million patients. 

The breach affects patients in 20 states, including California, Florida, Georgia, and Texas. HCA Healthcare, headquartered in Nashville, disclosed that the compromised data includes potentially sensitive information such as patients' names, partial addresses, contact details, and upcoming appointment dates.

This breach, discovered by the company on July 5, is considered one of the largest healthcare breaches in history. HCA Healthcare revealed that the hackers accessed various types of information, including patient names, cities, states, zip codes, emails, telephone numbers, dates of birth, genders, service dates, locations, and next appointment dates.

"This appears to be a theft from an external storage location exclusively used to automate the formatting of email messages," the company said in its Monday announcement.

"The company disabled user access to the storage location as an immediate containment measure and plans to contact any impacted patients to provide additional information and support, in accordance with its legal and regulatory obligations, and will offer credit monitoring and identity protection services, where appropriate," it said.

If the estimated number of affected patients reaches 11 million, this breach would rank among the top five healthcare hacks reported to the Department of Health and Human Services Office of Civil Rights. The most severe breach in this sector occurred in 2015 when medical insurer Anthem was compromised, affecting 79 million individuals. In that case, Chinese spies were indicted, but there is no evidence that the stolen data was ever sold.

According to the Associated Press, the suspected hacker behind the HCA breach initially posted a sample of the stolen data online on July 5, attempting to sell it and potentially extort HCA. The hacker claimed to possess 27.7 million records and subsequently released a file on Monday containing nearly 1 million records from HCA's San Antonio division.

To ensure the legitimacy of any invoices or billing requests, HCA is advising patients to contact the chain at (844) 608-1803 before making any payments. The company has reported the incident to law enforcement and engaged third-party forensic and threat intelligence advisors. 

HCA maintains that the breach, which exposed approximately 27 million rows of data related to around 11 million patients, did not include highly sensitive information such as patients' treatment or diagnosis details, payment information, passwords, driver's license numbers, or Social Security numbers.

Although DataBreaches.net initially reported on the hack and shared a code sample purportedly offered by the hacker, HCA's spokesperson clarified that the code was an email template developed by the company, and the client ID mentioned referred to a doctor's office or facility, not a patient.

HCA Healthcare assured that it has not discovered any evidence of malicious activity on its networks or systems related to this incident. As an immediate containment measure, the company has disabled user access to the storage location. 

HCA intends to reach out to affected patients to provide additional information and support, complying with legal and regulatory obligations. It will also offer credit monitoring and identity protection services where necessary. HCA Healthcare operates more than 180 hospitals and 2,000 care locations, including walk-in clinics, across 20 states and the U.K., according to its website.
Read more »
virus
Advanced Encryption Standard Android Phone CERT-In Cyber Attacks CyberCrime Cybersecurity Daam Government Hacked SMS URL virus

Android Phone Hacked by 'Daam' Virus, Government Warns

 


It has been announced by the central government that 'Daam' malware is infecting Android devices, and the government has issued an advisory regarding the same. CERT-IN, the national cyber security agency of the Indian government, released an advisory informing the public about the possibility of hackers hacking your calls, contacts, history, and camera due to this virus.

The virus' ability to bypass anti-virus programs and deploy ransomware on targeted devices makes it very dangerous, according to the Indian Computer Emergency Response Team or CERT-In, which provided the information. 

As quoted by the PTI news agency, the Android botnet is distributed primarily through third-party websites or apps downloaded from untrusted or unknown sources, according to the Federal Bureau of Investigation. 

The malware is coded to operate on the victim's device using an encryption algorithm known as AES (advanced encryption standard). The advisory reports that the other files are then removed from local storage, leaving only the files that have the extension of ".enc" and a readme file, "readme_now.txt", that contain the ransom note. 

To prevent attacks by such viruses and malware, the central agency has suggested several do's and don'ts. 

The CERT-IN recommends that you avoid browsing "untrusted websites" or clicking "untrusted links" when they do not seem trustworthy. It is advisable to exercise caution when clicking on links contained within unsolicited emails and SMS messages, the organization stated. Specifically, the report recommends updating your anti-virus and anti-spyware software regularly and keeping it up to date.

Once the malware has been installed, it tries to bypass the device's security system. In the case it succeeds in stealing sensitive data, as well as permissions to read history and bookmarks, kill background processing, and read call logs, it will attempt to steal sensitive information of the user. 

"Daam" is also capable of hacking phone calls, contacts, images, and videos on the camera, changing passwords on the device, taking screenshots, stealing text messages, downloading and uploading files, etc. 

In the Sender Information field of a genuine SMS message received from a bank, the Sender ID (abbreviation of the bank) is typically mentioned instead of the phone number, according to the report. 

A cautionary note was provided to users warning them to be aware of shortcut URLs (Uniform Resource Locators) such as the websites 'bitly' and 'tinyurl', which are both URLs pointing to web addresses such as "http://bit.ly/" "nbit.ly" and "tinyurl.com" "/". 

To see the full domain of the website the user is visiting, it is recommended that they hover over the shortened URL displayed. As suggested in the consultation, they may also be able to use a URL checker that allows them to enter both a shortened URL and the complete URL when completing the check. 

This is being viewed as a serious warning by the government to Android phone users throughout the world to remain vigilant and to take all necessary precautions to protect their mobile devices.

The Central Government strives to educate citizens about "Daam" malware, as well as its potential impacts, so citizens can take proactive measures to protect their Android devices and stay safe from cyber threats in the ever-evolving environment we live in today.
Read more »
The Philadelphia Inquirer
Cyber Attacks FBI Hacked Kroll News Corporation publication hacked The Inquirer The Philadelphia Inquirer

Possible Cyberattack on ‘The Philadelphia Inquirer’ Disrupts Printing Operations


The daily newspaper The Philadelphia Inquirer is attempting to patch up the systems that were damaged by what was reportedly a cyberattack that struck its network over the weekend.

The attacks hampered the newspapers’ print operation, and the newspaper was forced to shut down its newsroom until at least Tuesday so that its employees could cover an expensive and highly competitive mayoral race.

"The incident was the greatest publication disruption to Pennsylvania's largest news organization since the blizzard of Jan. 7-8, 1996, and it came just days before Tuesday's mayoral primary election," the Inquirer's Jonathan Lai said.

Lisa Hughes, spokesperson for The Philadelphia Inquirer stated "We appreciate everyone's patience and understanding as we work to fully restore systems and complete this investigation as soon as possible[…]We will keep our employees and readers informed as we learn more."

Reportedly, on Thursday, the newspaper discovered “anomalous activities” on select computer systems. The systems were taken down immediately.

Following the attacks, the regular Sunday newspapers could not be published. Instead, a Sunday "early edition," which went to press on Friday evening, was delivered to print subscribers. The newspaper stated on Sunday that it was "sometimes slower than normal" to upload and update content on its website, Inquirer.com.

Inquirer to Notify Potentially Affected Subscribers 

The Inquirer has also contacted the FBI regarding the cyber intrusion and hired Kroll to help with the investigation and response.

While Hughes was unable to provide information about what was included in the attacks or they gained access to customers' or employees' sensitive information, she confirms that the newspaper would inform those who might have had their data impacted in the incident.

Nearly 200 years after it was first published in 1829, The Philadelphia Inquirer today reaches a rising readership of over 13 million people each month through its newspaper, e-paper, and other platforms.

Moreover, it was also revealed by News Corporation, a mass media and publishing giant and owner of the New York Post, The Wall Street Journal, Dow Jones, MarketWatch, Fox News, Barron's, The Sun, and the News UK, that in February 2023 that Chinese-linked attackers had access to its network between February 2020 and January 2022.

Apparently, the attackers had access to an email and document storage system used by a number of News Corp businesses. As a result, they gained access to emails and business documents containing sensitive data, including employees' personal information.  

Read more »
unauthorised access
Cyber Attacks cybercrime gang Data Stolen Dragos Dragos cybersecurity Dragos hacked Hacked SharePoint cloud platform unauthorised access

Dragos Hacked: Cybersecurity Firm Reveals “Cybersecurity Event”, Extortion Attempt


Industrial cybersecurity company Dragos  recently revealed a “cybersecurity event,” where a notorious cybercrime gang attempted to breach Dragos' defenses and access the internal network to encrypt devices.

The firm disclosed the incident on its blog on May 10, alleging that it took place on May 8 where hackers acquired access to SharePoint and the Dragos contract management system by compromising a new sales employee's personal email address before the employee's start date. The hacker then impersonated the employee to complete the first steps of Dragos' employee-onboarding procedure using the stolen personal information from the hack.

After infiltrating Dragos’ SharePoint cloud platform, the hackers apparently downloaded “general use data” and access 25 intel reports, generally only made available to the customers.

“Dragos' swift response prevented the threat group from achieving its objective — the deployment of ransomware — or to engage in further activity, such as lateral movement, escalating privileges, establishing persistent access, or making changes to any Dragos infrastructure[…]No Dragos systems were breached, including anything related to the Dragos Platform,” the company noted. 

Due to role-based access control (RBAC) regulations, the threat actors were unable to access several Dragos systems during the 16 hours they had access to the employee's account, including its messaging, IT helpdesk, finance, request for proposal (RFP), employee recognition, and marketing systems.

Eleven hours into the attack, after failing to break into the company's internal network, they sent an email of extortion to Dragos executives. Because the message was sent after business hours, it was read five hours later.

Five minutes into reading the extortion message, Dragos disabled the compromised user account, terminated all open sessions, and prevented the hackers' infrastructure from accessing company resources.

The cybercriminal group also attempted to extort the firm by threatening to make the issue public in emails sent to CEOs, senior employees, and family members of Dragos who have public contacts.

One of the IP addresses specified in the IOCs is 144.202.42[.]216, earlier discovered hosting SystemBC malware and Cobalt Strike, both frequently used by ransomware gangs for remote access to compromised systems.

"While the external incident response firm and Dragos analysts feel the event is contained, this is an ongoing investigation. The data that was lost and likely to be made public because we chose not to pay the extortion is regrettable," Dragos said.   

Read more »
Ransomware attack
BlackCat Data Breach Exposed Patient Records Hacked NextGen Healthcare Ransomware attack

NextGen Data Breach, Personal Data of 1.5M Patients Hacked



NextGen Healthcare, the US-based electronic health record company, has recently revealed that their firm has suffered a breach in its systems, where hackers ended up stealing the personal data of more than one million patients, including roughly 4,000 individuals from Maine. 

NextGen Healthcare claimed in a letter to those impacted that hackers stole the names, birthdates, addresses, and Social Security numbers of patients.

"Security, in all its forms, is a top priority for NextGen Healthcare. When we learned of the incident, we took steps to investigate and remediate, including working together with leading outside cybersecurity experts and notifying law enforcement. The individuals known to be impacted by this incident were notified on April 28, 2023, and we have offered them 24 months of free fraud detection and identity theft protection," company spokesperson Tami Andrade stated.

In regards to the information compromised in the data breach, the company confirms that their “investigation has revealed no evidence of any access or impact to any of your health or medical records or any health or medical data.” However, on being asked if the company has any means, such as records, to ascertain what data has been exfiltrated, Andrade declined to respond.

While reporting the issue to the Maine attorney general’s office, the firm noted that it was alerted of the suspicious activities on March 30. They further discovered that hackers had gained access to its networks between March 29 and April 14, 2023. According to the notification, the attackers used client credentials that "appear to have been stolen from other sources or incidents unrelated to NextGen" to log into its NextGen Office system, a cloud-based EHR and practice management solution.

Prior to this incident, in January, NextGen had witnessed a ransomware attack, reportedly conducted by the ALPHV ransomware gang (also known as BlackCat). Fragments of data stolen in the attack, such as employee names, addresses, phone numbers, and passport scans were apparently seen listed on ALPHV’s dark web leak site.  

Read more »
Tesla
Cyber Security cybercriminals Cybersecurity Elon Musk Hacked Technology News Tesla

19-Year-Old Claims to Have Hacked Into More Than 25 Teslas

 

A 19-year-old hacker claims to have remotely opened the doors and windows of over 25 Tesla vehicles in 13 countries, as well as turned= on their radios, flash their headlights, and even start their engines and begin "keyless driving." David Colombo, who claims to be an IT specialist based in Germany, also claims to have been able to disable the vehicles' anti-theft systems and determine whether or not a driver is present. 

In a Monday tweet, Colombo claimed to have "complete remote control" of the Teslas, but later explained that he was never able to take over automobiles to "remotely manage steering or acceleration and braking." 

"Yes, I potentially could unlock the doors and start driving the affected Tesla’s," he tweeted. "No I cannot intervene with someone driving (other than starting music at max volume or flashing lights) and I also cannot drive these Tesla’s remotely." Colombo tweeted on Tuesday that his breach was "not a vulnerability in Tesla's system," but rather "it’s the owners faults."

Colombo stated on Twitter that he was able to disable Sentry Mode, an anti-theft feature in which a built-in camera functions as a de facto alarm system. When an alert is triggered, cameras begin filming in the area around the vehicle. The video is then streamed to the vehicle's owner via a mobile app. 

This is not the first time that a Tesla vehicle has been hacked. The Tesla Model X's Autopilot was hacked many times in 2020. In one case, Israeli researchers from Ben Gurion University deceived the car by flashing "phantom" images on a road, wall, or sign, leading it to brake suddenly or steer in the wrong way. A few months later, Wired reported that Lennert Wouters, a researcher at KU Leuven, "stole" a Tesla Model X in 90 seconds. 

Tesla CEO Elon Musk said last fall that he will cooperate with regulators to ensure that electric car drivers' personal data is safe from hackers. With the rapid rise of autonomous driving technology, data security in automobiles is causing more public worry than ever before, he said through remote hook-up at an electric vehicle conference in China. 

By 2025, an estimated 470 million automobiles will be linked to a computerized database, making them prime targets for cybercriminals. According to Tech Monitor, the automobile cybersecurity industry is predicted to be worth $4 billion by that same year.
Read more »
Subscribe to: Comments (Atom)