Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Hacker attack. Show all posts
Hackers
CVE CVE exploits CVE vulnerability Cyber Security data security Data Theft Hacker attack Hackers

Hackers Exploit ThinkPHP and ownCloud Vulnerabilities from 2022 and 2023

 

Hackers are increasingly exploiting outdated security flaws in poorly maintained systems, with vulnerabilities from 2022 and 2023 seeing a surge in attacks. According to threat intelligence platform GreyNoise, malicious actors are actively targeting CVE-2022-47945 and CVE-2023-49103, affecting the ThinkPHP Framework and the open-source ownCloud file-sharing solution. 

Both vulnerabilities are critical, allowing attackers to execute arbitrary commands or steal sensitive data, such as admin credentials and license keys. CVE-2022-47945 is a local file inclusion (LFI) flaw in ThinkPHP versions before 6.0.14. If the language pack feature is enabled, unauthenticated attackers can remotely execute operating system commands. 

Akamai reported that Chinese threat groups have exploited this flaw since late 2023, and GreyNoise recently detected 572 unique IPs actively attacking vulnerable systems. Despite having a low Exploit Prediction Scoring System (EPSS) rating of just 7% and not being listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog, CVE-2022-47945 remains under heavy assault. 

The second vulnerability, CVE-2023-49103, impacts ownCloud’s file-sharing software. It stems from a third-party library that leaks PHP environment details through a public URL. After its disclosure in November 2023, hackers began exploiting the flaw to steal sensitive data. A year later, it was named one of the FBI, CISA, and NSA’s top 15 most exploited vulnerabilities. 

Even though a patch was released over two years ago, many ownCloud systems remain unpatched and exposed. GreyNoise recently observed malicious activity from 484 unique IPs targeting this vulnerability. To defend against these active threats, users are strongly advised to upgrade to ThinkPHP 6.0.14 or later and ownCloud GraphAPI 0.3.1 or newer. 

Taking vulnerable systems offline or placing them behind a firewall can significantly reduce the attack surface and prevent exploitation. As hackers continue to leverage older, unpatched vulnerabilities, staying vigilant with timely updates and robust security practices remains crucial in protecting critical systems and sensitive data.
Read more »
North Korea Hackers
Crypto Attack Cryptocurrency exchange Cyber Attacks DMM Hacker attack North Korea North Korea Hackers

North Korean Hackers Suspected in $70M Phemex Crypto Exchange Exploit

 

A significant cyberattack on the Singapore-based cryptocurrency exchange Phemex has resulted in the loss of over $70 million in digital assets. Blockchain security experts believe the incident may be linked to North Korean hackers. The breach was detected on Thursday, prompting Phemex to suspend withdrawals after receiving alerts from security firms about unusual activity. 

Initially, approximately $30 million was reported stolen, but the attack persisted, leading to further asset depletion. The company’s CEO, Federico Variola, confirmed that the exchange’s cold wallets remained intact and unaffected. According to cybersecurity analysts, the tactics used in this attack resemble previous high-profile exploits targeting crypto exchanges.

The perpetrators swiftly transferred various tokens across multiple blockchain networks, beginning with high-value assets such as Bitcoin (BTC), Ethereum (ETH), and Solana (SOL), along with stablecoins like USDC and USDT. Since stablecoins can be frozen, the attackers quickly converted them into Ethereum before moving on to smaller, less liquid tokens. 

Researchers tracking the breach noted that hundreds of different cryptocurrencies were stolen, with attackers draining even minor altcoins. The process was reportedly carried out manually rather than through automated scripts, with assets transferred to fresh addresses before being laundered through additional layers of transactions. Experts believe the scale and coordination suggest the involvement of an experienced hacking group.  

A pseudonymous investigator known as SomaXBT.eth pointed to a North Korean-affiliated group as the likely culprit, noting similarities between this incident and previous attacks attributed to state-backed hackers. Another security analyst compared the breach to the attack on Japan’s DMM platform, which resulted in the theft of $308 million and was linked to the North Korean hacking group TraderTraitor. Data from blockchain explorers shows that the attackers utilized at least 275 transactions across Ethereum-based chains, using multiple addresses to siphon funds from networks such as Arbitrum, Base, Polygon, Optimism, and zkSync. 

Additionally, transactions were tracked across Avalanche, Binance Smart Chain, Polkadot, Solana, and Tron. A primary wallet connected to the breach handled at least $44 million in stolen funds, while notable amounts included $16 million in SOL, $12 million in XRP, and $5 million in BTC. Despite the losses, Phemex still holds roughly $1.8 billion in assets, the majority of which are in its native PT token, followed by significant holdings in Bitcoin and USDT. 

The exchange has announced that it is developing a compensation plan for affected users. As of the latest reports, activity from the attacker’s addresses appears to have ceased, with the final recorded transactions occurring around 10:00 AM ET.
Read more »
MirrorFace
Cyber Defence Cyber Security DDoS Hacker attack Hacker group Japan Japan Cyber Security MirrorFace

Japan’s New Active Cyber Defence Strategy to Counter Growing Threats

 

Japan is taking decisive steps to enhance its cybersecurity through a new strategy of “active cyber defence.” This approach enables authorized hackers working for the police or Self-Defence Forces (SDF) to infiltrate servers and neutralize cyber-attack sources before they cause significant damage. The ruling Liberal Democratic Party (LDP), led by Prime Minister Shigeru Ishiba, plans to introduce relevant legislation during the current parliamentary session. The urgency for stronger cybersecurity measures has escalated due to recent attacks. 

The National Police Agency (NPA) revealed that the Chinese state-linked hacking group MirrorFace was responsible for over 200 cyberattacks targeting Japan’s foreign ministries and semiconductor industry between 2019 and 2024. Additionally, cyber incursions since late December 2024 disrupted financial services, delayed flights, and exposed vulnerabilities in Japan’s critical infrastructure. Japan’s revised 2022 National Security Strategy identifies cyberattacks as a growing threat, likening cross-border hacks of civilian infrastructure to intimidation tactics that stop short of war. 

This has prompted Japan to expand its SDF cyber unit from 620 members in March 2024 to about 2,400 today, with plans to reach 4,000 personnel by 2028. However, this remains small compared to China’s estimated 30,000-member cyber-attack force. The proposed active defence strategy aims to bolster cooperation between public and private sectors, focusing on safeguarding critical infrastructure, such as energy, transportation, finance, and telecommunications. Japan also plans to establish a National Cyber Security Office in 2025 to coordinate cybersecurity policy, identify vulnerabilities, and advise private sector organizations. 

To prevent misuse, strict safeguards will accompany the strategy. Hackers will need prior approval to break into servers unless immediate action is required during active attacks. Penalties will address excessive monitoring or personal data leaks, ensuring transparency and public trust. Trend Micro’s recent findings underscore the importance of these measures. The security firm attributed recent cyberattacks to distributed denial-of-service (DDoS) campaigns launched by botnets. These attacks overwhelmed network servers with data, causing widespread disruptions to services like Japan Airlines and major banks. 

While Japan’s proactive approach is a significant step forward, experts like Professor Kazuto Suzuki caution that it may not deter all attackers. He notes that cyber deterrence is challenging due to the unpredictability of attackers’ methods. However, this strategy is expected to instill some fear of retaliation among hackers and strengthen Japan’s cybersecurity posture. As cyber threats evolve, Japan’s active defence initiative represents a critical effort to protect its infrastructure, economy, and national security from escalating digital risks.
Read more »
Personal Information
aviation BreachForums Data Breach Data Hackers data security Data Theft Hacker attack Personal Information

ICAO Investigates Potential Data Breach Amid Cybersecurity Concerns

 

The International Civil Aviation Organization (ICAO), a United Nations agency tasked with creating global aviation standards, has disclosed an investigation into a potential cybersecurity incident. Established in 1944, ICAO works with 193 member states to develop and implement aviation-related technical guidelines. The agency announced its inquiry on Monday, following reports of unauthorized access linked to a well-known cybercriminal group targeting international organizations.  

In its statement, ICAO confirmed it is examining allegations of a security breach and has already implemented precautionary measures to address the issue. While the organization did not provide specific details, it assured the public that a comprehensive investigation is underway. Additional updates will be shared once the preliminary analysis is complete. The investigation coincides with claims by a hacker using the alias “natohub,” who posted on BreachForums, a well-known hacking forum, alleging they had accessed and leaked ICAO’s data. 

According to the claims, the leak comprises 42,000 documents containing sensitive personal information, including names, dates of birth, addresses, phone numbers, email addresses, and employment records. Another source suggested the leaked archive is approximately 2GB and contains data linked to 57,240 unique email accounts. ICAO has not verified the authenticity of these claims but has emphasized the seriousness with which it is handling the situation. 

This development follows a pattern of cyberattacks on United Nations agencies in recent years. In April 2024, the United Nations Development Programme (UNDP) launched an investigation into a ransomware attack reportedly orchestrated by the 8Base group. Similarly, in January 2021, the United Nations Environment Programme (UNEP) experienced a breach that exposed over 100,000 records containing personally identifiable information. Earlier, in July 2019, UN networks in Vienna and Geneva suffered a significant breach through a SharePoint exploit. 

That attack compromised sensitive data, including staff records, health insurance details, and commercial contracts. A senior UN official later described the incident as a “major meltdown.” These recurring incidents highlight the increasing vulnerability of global organizations to cyber threats. Despite their critical roles in international operations, such institutions remain frequent targets for cybercriminals. 

This underscores the urgent need for robust cybersecurity measures to protect sensitive data from exploitation. As ICAO continues its investigation, it serves as a reminder of the evolving threats facing international organizations in a rapidly digitizing world. Enhanced vigilance and collaboration are essential to safeguarding global systems against future cyberattacks.
Read more »
Monero Miner
Credential stealing Cyber Attacks Cybersecurity Researchers data security Data Theft Hacker attack Hackers Malware Attack Monero Monero Miner

Hackers Infect Security Researchers with Malware to Steal WordPress Credentials

 

For the past year, a cyberattack campaign has been targeting security professionals, including red teamers, penetration testers, and researchers, infecting their systems with malware. The malicious software has been used to steal WordPress credentials and sensitive data while also installing cryptominers on compromised devices. Over 390,000 WordPress accounts have been affected, and multiple systems have been found mining Monero, a cryptocurrency favored for its anonymity.  

Researchers from Datadog Security Labs uncovered the attack in the NPM package repository and on GitHub. Checkmarx, another cybersecurity organization, also recently raised concerns about the same threat. The malicious package masqueraded as an XML-RPC implementation, first appearing in October 2023. Initially functional and legitimate, the package was updated 16 times before being identified as harmful in November 2024. The attackers adopted a calculated approach to gain trust within the developer community. Early versions of the package performed as advertised, but later updates introduced malicious functionality. 

Once installed, the malware activated every 12 hours, collecting sensitive information such as SSH keys and command-line histories. The stolen data was then exfiltrated through file-sharing platforms like Dropbox or File.io. This campaign’s impact extended further as unsuspecting security professionals integrated the compromised package into their own tools and projects. This turned the operation into a large-scale supply chain attack, increasing its reach and potential damage. The investigation revealed 68 systems actively mining Monero, likely using XMRig, a cryptomining tool commonly employed by cybercriminals. 

Monero’s untraceable nature makes it particularly appealing to threat actors. Despite extensive analysis, the identity of those behind the campaign remains unknown. The researchers assigned the group the identifier MUT-1224, an acronym for “Mysterious Unattributed Threat.” The incident highlights the persistent vulnerabilities in open-source software platforms, such as NPM and GitHub, which continue to be exploited for cyberattacks. Developers are urged to exercise caution when incorporating third-party software into their projects, thoroughly vetting code repositories and reviewing package histories to minimize risks. This malware campaign also underscores the growing sophistication of cybercriminals, who are increasingly leveraging supply chain vulnerabilities to expand their reach. 

By infiltrating widely used platforms and tools, attackers can affect a vast number of users and systems. To mitigate these threats, organizations must prioritize robust security practices, including regular monitoring of open-source dependencies, deploying tools for detecting malicious code, and educating teams on the risks associated with third-party software. This proactive approach is essential for safeguarding sensitive data and maintaining system integrity in an era of increasingly complex cyber threats.
Read more »
Shopping Scam
2FA Cyber Security Dark Web dark web breaches Fake Website Hacker attack Malware Attack Online Shopping phishing Shopping Scam

The Dark Web’s Role in Phishing and 2FA Security Breaches

 


Black Friday and Cyber Monday may have passed, but the dangers of online scams and cyberattacks persist year-round. Cybercriminals continue to exploit digital shoppers, leveraging sophisticated tools such as phishing kits, fake websites, and cookie grabbers that bypass two-factor authentication (2FA). These tools, widely available on dark web marketplaces, turn online shopping into a risky endeavour, particularly during the peak holiday season.

Cybercriminal Tools: A Growing Threat

Dark web marketplaces operate like legitimate businesses, offering everything from free phishing kits to subscription-based malware services. According to NordStellar threat intelligence:

  • Phishing kits: Often free or low-cost, enable hackers to replicate authentic websites.
  • Fake website templates: Start at $50, tricking users into sharing personal information.
  • Malware subscriptions: Priced at $150 per month, provide hackers with advanced tools.
  • Cookie grabber pages: Sell for $400 or more, enabling access to user accounts by bypassing login credentials and 2FA.

These illicit tools are increasingly accessible, with some even offered at discounted rates during the holiday season. The result is an alarming rise in phishing scams targeting fake shopping sites, with 84% of victims interacting with these scams and nearly half losing money.

The Role of Stolen Cookies in Cybercrime

Session cookies, particularly authentication cookies, are a prized asset for hackers. NordStellar reports over 54 billion stolen cookies available on the dark web, including:

  • 154 million authentication cookies, 23.5 million of which remain active.
  • 37 million login cookies, with 6.6 million still usable.
  • 30 million session cookies capable of bypassing 2FA.

These cookies allow attackers to impersonate legitimate users, gaining unauthorized access to accounts without requiring passwords or verification codes. This capability makes cookie-grabber pages one of the most valuable tools in the hacker’s arsenal.

Protecting Yourself from Cyber Threats

Google has introduced measures like passkeys to combat these threats, offering a more secure alternative to traditional 2FA methods. A Google spokesperson emphasized that passkeys reduce phishing risks and strengthen security against social engineering attacks. Consumers can take additional steps to safeguard their online accounts:

  • Scrutinize links and websites to avoid phishing scams.
  • Switch to advanced authentication methods such as passkeys where available.
  • Stay informed about emerging cyber threats and adopt proactive security practices.

By remaining vigilant and embracing stronger authentication technologies, shoppers can minimize the risks posed by cybercriminals and their evolving arsenal of dark web tools.

Read more »
Streaming Platform
Amazon Data Breach Data Leak Data protection data security Fines Hacker attack Personal Data Streaming Platform

Amazon Fined for Twitch Data Breach Impacting Turkish Nationals

 

Türkiye has imposed a $58,000 fine on Amazon for a data breach that occurred on its subsidiary, Twitch, in 2021. The breach exposed sensitive personal information of thousands of Turkish citizens, drawing scrutiny from the country’s Personal Data Protection Board (KVKK). The incident began when an anonymous hacker leaked Twitch’s entire source code, along with personally identifiable information (PII) of users, in a massive 125 GB torrent posted on the 4chan imageboard. The KVKK investigation revealed that 35,274 Turkish nationals were directly affected by the leak. 

As a result, KVKK levied fines totaling 2 million lira, including 1.75 million lira for Amazon’s failure to implement adequate preemptive security measures and 250,000 lira for not reporting the breach in a timely manner. According to the regulatory body, Twitch’s risk and threat assessments were insufficient, leaving users’ data vulnerable to exploitation. The board concluded that the company only addressed the vulnerabilities after the breach had already occurred. Twitch, acquired by Amazon in 2014 for $970 million, attempted to minimize concerns by assuring users that critical login credentials and payment information had not been exposed. The company stated that passwords were securely hashed with bcrypt, a strong encryption method, and claimed that systems storing sensitive financial data were not accessed. 

However, the leaked information still contained sensitive PII, leading to significant privacy concerns, particularly for Turkish users who were impacted. The motivation behind the hack was reportedly ideological rather than financial. According to reports from the time, the hacker expressed dissatisfaction with the Twitch community and aimed to disrupt the platform by leaking the data. The individual claimed their intent was to “foster more disruption and competition in the online video streaming space.” While this rationale highlighted frustrations with Twitch’s dominance in the industry, the data breach had far-reaching consequences, including legal action, reputational damage, and increased regulatory scrutiny. Türkiye’s actions against Amazon and Twitch underline the growing importance of adhering to local data protection laws in an increasingly interconnected world. 

The fines imposed by KVKK serve as a reminder that global corporations must ensure compliance with regional regulations to avoid significant penalties and reputational harm. Türkiye’s regulations align with broader trends, as data privacy and security become critical components of global business practices. This incident also underscores the evolving nature of cybersecurity challenges. Hackers continue to exploit vulnerabilities in popular platforms, putting pressure on companies to proactively identify and address risks before they lead to breaches. As regulatory bodies like KVKK become more assertive in holding companies accountable, the need for robust data protection frameworks has never been more urgent. The Twitch breach also serves as a case study for the importance of transparency and swift response in the aftermath of cyberattacks. 

While Twitch’s reassurances regarding encrypted data helped mitigate some concerns, the lack of prompt reporting to Turkish authorities drew criticism. Companies handling large amounts of user data must prioritize both preventive measures and clear communication strategies to regain user trust after incidents. Looking forward, the Twitch data breach highlights the necessity for all companies—especially those managing sensitive user data—to invest in proactive cybersecurity strategies. As hackers grow increasingly sophisticated, businesses must adopt a forward-thinking approach to safeguard their platforms, comply with local laws, and ensure users’ privacy remains uncompromised.
Read more »
Ransomwares
Cyber Attacks Defense Hacker attack Inc ransomware IT Systems IT systems breach Military Data NATO Ransomwares

Hungarian Defence Agency Hacked: Foreign Hackers Breach IT Systems

 

Foreign hackers recently infiltrated the IT systems of Hungary’s Defence Procurement Agency, a government body responsible for managing the country’s military acquisitions. According to Gergely Gulyas, the chief of staff to Hungarian Prime Minister Viktor Orban, no sensitive military data related to Hungary’s national security or its military structure was compromised during the breach. Speaking at a press briefing, Gulyas confirmed that while some plans and procurement data may have been accessed, nothing that could significantly harm Hungary’s security was made public. The attackers, described as a “hostile foreign, non-state hacker group,” have not been officially identified by name. 

However, Hungarian news outlet Magyar Hang reported that a group known as INC Ransomware claimed responsibility for the breach. According to the outlet, the group accessed, encrypted, and reportedly published some files online, along with screenshots to demonstrate their access. The Hungarian government has refrained from confirming these details, citing an ongoing investigation to assess the breach’s scope and potential impact fully. Hungary, a NATO member state sharing a border with Ukraine, has been increasing its military investments since 2017 under a modernization and rearmament initiative. 

This program has seen the purchase of tanks, helicopters, air defense systems, and the establishment of a domestic military manufacturing industry. Among the notable projects is the production of Lynx infantry fighting vehicles by Germany’s Rheinmetall in Zalaegerszeg, a region in western Hungary. The ongoing conflict in Ukraine, which began with Russia’s 2022 invasion, has further driven Hungary to increase its defense spending. The government recently announced plans to allocate at least 2% of its GDP to military expenditures in 2024. Gulyas assured reporters that Hungary’s most critical military data remains secure. 

The Defence Procurement Agency itself does not handle sensitive information related to military operations or structural details, limiting the potential impact of the breach. The investigation aims to clarify whether the compromised files include any material that could pose broader risks to the nation’s defense strategy. The breach raises concerns about the cybersecurity measures protecting Hungary’s defense systems, particularly given the escalating reliance on advanced technology in modern military infrastructure. With ransomware attacks becoming increasingly sophisticated, governments and agencies globally are facing heightened pressure to bolster their cybersecurity defenses. 

Hungary’s response to this incident will likely involve a combination of intensified cybersecurity protocols and ongoing collaboration with NATO allies to mitigate similar threats in the future. As the investigation continues, the government is expected to release further updates about the breach’s scope and any additional preventive measures being implemented.
Read more »
Subscribe to: Posts (Atom)