Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label IntelBroker. Show all posts
User Security
Data Breach Data Leak Data Sale IntelBroker User Privacy User Security

Cisco Investigates Data Breach After Hacker Claims Sale of Data

 

Cisco has acknowledged that it is investigating reports of a data breach after a hacker began offering allegedly stolen firm data for sale on a hacking platform. As per a report in a local media outlet, the investigation was launched following claims made by a well-known hacker identified as “IntelBroker.”

“Cisco is aware of reports that an actor is alleging to have gained access to certain Cisco-related files,” a Cisco spokesperson stated. “We have launched an investigation to assess this claim, and our investigation is ongoing.” 

The allegations surfaced after IntelBroker claimed, along with two others designated as "EnergyWeaponUser" and "zjj," that they infiltrated Cisco's servers on June 10, 2024, and obtained a large amount of developer-related data.

IntelBroker's post on a hacking forum showed that the data would include "GitHub projects, GitLab projects, SonarQube projects, source code, hard-coded credentials, certificates, customer SRCs, Cisco confidential documents, Jira tickets, API tokens, AWS private buckets, Cisco technology SRCs, Docker builds, Azure storage buckets, private and public keys, SSL certificates, Cisco premium products, and more." The hacker uploaded samples of a database, client information, multiple files, and screenshots of customer management interfaces. 

According to a recent update from IntelBroker, the breach also involves the theft of sensitive data from other major global companies such as Verizon, AT&T, and Microsoft. The stolen data is now allegedly being offered for sale on the cybercrime platform Breach Forums, with IntelBroker specifying that the transaction would take place in exchange for Monero (XMR), a cryptocurrency known for its anonymity properties. 

The hacker expressed a willingness to use an intermediary to facilitate the sale, assuring anonymity for both the buyer and seller. This technique is often used by hackers to evade detection by authorities. 

IntelBroker, which is known for high-profile data thefts, has already claimed responsibility for compromising other prominent firms. In June 2024, IntelBroker reported that they had infiltrated Apple, taking source code for internal tools, as well as Advanced Micro Devices (AMD), stealing employee and product information. In May 2024, IntelBroker claimed to have hacked Europol, which the organisation later confirmed.

IntelBroker did not provide any specific details on the techniques employed to acquire the data. The stolen data originated from a third-party managed services provider that specialises in software development and DevOps, according to sources knowledgeable with the breaches who spoke with BleepingComputer. It's still unclear if the earlier June incidents and the recent Cisco hack are linked.
Read more »
Privacy
Apache Solir Cyberattacks CyberCrime Cybersecurity Cyberthreats Data Breach Data Breaches Deloitte Communication Hacker Forensic IntelBroker Privacy

IntelBroker Leak Claims Involve Deloitte Communications

 


An anonymous threat actor named IntelBroker claimed to be responsible for the leak of internal messaging from Deloitte, one of the world's leading auditing firms. According to reports, the breach occurred in September 2024 when an Apache Solr server had its default login credentials accidentally exposed to the internet, allowing unauthorized access to the server with default credentials. 

There are numerous types of data breaches which can be classified as violations of privacy. A breach of confidentiality can involve unauthorized access to, alteration, or release of personal data at an organization without its consent. In other words, a data breach does not only refer to releasing (leaking) the data but also to the underhanded data processing that initiates the release. 

There has been a breach in the security of personal data (as referred to in Article 13 of the Personal Data Protection Act of 2018) that has led to unauthorized access to the information. Whenever there is a data breach, personal data are exposed to loss or unauthorised processing, and these are the issues against which the security measures are meant to protect. 

An anonymous threat actor named IntelBroker claimed to be responsible for the leak of internal messaging from Deloitte, one of the world's leading auditing firms. A breach occurred when an Apache Solr server, an open-source search engine, was unintentionally exposed to the internet in September 2024, allowing unauthorized users to access the system. This oversight made Deloitte vulnerable, one of the leading auditing and consulting firms in the world. 

There is a wide range of information that has been compromised, including email addresses, internal settings, and intranet communications. As a result of the evidence that IntelBroker, which is part of the BreachForums community, provided, it is obvious that they were provided access to sensitive communications while using this platform, with evidence that supports this claim. 

Founded in 2004 as a resource for cybercriminals, BreachForums has become a hub for the organization ever since. With over 120,000 members, Hacker Forensics serves as the successor to RaidForums, an online market where stolen data and hacking tools are traded. The site has been the subject of law enforcement efforts that have led to multiple seizures of the site; however, it appears under different guises every time it is investigated. 

In this community, IntelBroker is an important figure and has been identified with several successful breaches that have resulted in high-level media attention. The breach forums have built up a reputation for being a hub for cybercriminals since their inception. As the successor to RaidForums, it facilitated the trade of stolen data and hacking tools online by supporting the trading of stolen data. 

There have been numerous seizures of the site by law enforcement agencies, but it has continued to resurface under various guises despite the efforts of law enforcement. Among the prominent figures in the cyber community, IntelBroker has become well-known for orchestrating several high-profile breaches over the years. 

There was a breach of security that was made possible by exploiting a vulnerability in Deloitte's Apache Solr server, which was left unpatched. Several organizations around the world use Apache Solr as their enterprise search platform due to its ease of use and reliability. If these vulnerabilities are not addressed properly, they can result in serious breaches of security in such software and to a person. 

With the increasing reliance on digital infrastructures by organizations, it is crucial to ensure these systems are secure from unauthorized access due to the prevalence of cyber attacks. To gather more information about the claim, Cyber Security News contacted Deloitte for more information. During the breach, Deloitte took advantage of an Apache Solr server that had been left unsecured by Deloitte, which enabled the hack. 

Several organizations around the world use Apache Solr as their enterprise search platform due to its ease of use and reliability. As a result, vulnerable systems can provide a home for severe security breaches if these vulnerabilities are not addressed properly. Organizations must ensure that their digital infrastructures are protected from unauthorized access to ensure that they will continue to operate successfully. 
Read more »
Source Code leak
Apple data breach AppleConnect SSO AppleMacroPlugin dark web post Data Breach IntelBroker internal tools Security Breach Source Code leak

Infamous Hacker IntelBroker Breaches Apple's Security, Leaks Internal Tool Source Code

 

A prominent threat actor known as IntelBroker, notorious for orchestrating several high-profile data breaches, has now set its sights on Apple.

The hacker successfully leaked the company’s source code associated with several internal tools, announcing this development through a post on the dark web.

According to reports from IntelBroker, the iPhone maker experienced a significant security breach, leading to this exposure. The threat actor claims to have obtained the source code for various internal tools, including AppleConnect SSO and AppleMacroPlugin.

While details about these tools are scarce, it is known that AppleConnect SSO is a system used for authentication, allowing employees to access specific applications within the network.

These systems are integrated with the company's database, providing a secure form of access to its resources.Within iOS, apps launched by employees can use AppleConnect SSO for login purposes, where users set up patterns instead of passcodes for easier access.

The threat actor has not provided further details, but it is speculated that this data might be for sale, although this remains unconfirmed. Importantly, such breaches are localized internally and do not affect the company’s customer data.

A source familiar with these matters noted that dark web forums have strong vetting processes to filter out scammers attempting to sell leaked content. However, IntelBroker has managed to navigate these processes and has a reputation for successfully doing so.

This group has a history of hacking attempts, including attacks on American governmental institutions and websites, demonstrating its capabilities. Apple has yet to release a statement regarding this breach and the theft of its source code.
Read more »
Security
Cyberattacks CyberCrime Cybersecurity Cyberthreats Data Breach data security ID IntelBroker Pandabuy Passcodes Security

1.3 Million Customers Affected: Pandabuy Grapples with Data Breach Fallout

 


A data breach allegedly occurred on Sunday at Pandabuy, an online store that aggregates items from Chinese e-commerce sites. As a result, 1,348,307 accounts were affected. A large amount of information has been leaked, including user IDs, first and last names, phone numbers, emails, login IP addresses, full addresses, and order information. 

Sanggiero and IntelBroker both exploited multiple vulnerabilities to breach the company's systems, allegedly leading to the leakage of the company's data. People throughout the world can use Pandabuy’s marketplace to access products from Chinese online marketplaces, such as JD.com, Tmall, and Taobao. 

Approximately 1.3 million PandaBuy customers' data has been accessed after two threat actors exploited multiple vulnerabilities to gain access to PandaBuy's system, according to PandaBuy's website. In addition to allowing international customers to purchase goods from a variety of Chinese e-commerce platforms, including Tmall, Taobao, and JD.com, PandaBuy is offering international users to purchase products from different e-commerce platforms. 

There was a breach at PandaBuy yesterday claimed by an individual known as 'Sanggiero', allegedly performed by 'IntelBoker' in conjunction with the threat actor 'Sanggiero'. The breach, according to Sanggiero, was possible as a result of exploiting critical API vulnerabilities, which allowed unauthorized access to internal platform services.

It has been found that over 3 million unique user IDs are now available on underground forums. These data include personal information such as names, phone numbers, e-mail addresses, and even more. For interested parties to obtain this information, they will need to pay a nominal fee in cryptocurrency, further aggravated by the breach itself. 

PandaBuy has reported that 1,348,407 PandaBuy accounts are being compromised, according to data breach aggregation service Have I Been Pwned (HIBP), which confirmed the breach. Furthermore, Sanggiero has provided a sample of leaked data containing email addresses, customer names, transaction information, and order details as well as a sample of the leaked data to verify the authenticity of it. 

A password reset request that Troy Hunt, the creator of HIBP, submitted by PandaBuy users confirmed the breach, confirming that at least 1.3 million email addresses were indeed linked to PandaBuy accounts. In any case, the initial claim of three million entries made by the threat actors appears inflated, with some entries being manufactured or duplicates. 

There are several forums where PandaBuy shoppers' information was leaked, and any registered members can obtain it by paying a symbolic payment of cryptocurrency in exchange for the data. The PandaBuy company has not yet acknowledged an incident of this nature, but one of its administrators on the firm's Discord channel pointed out that the incident was a result of old information, which was already dealt with. 

As a precautionary measure, PandaBuy users have been urged to reset their passwords immediately and to be vigilant against scam attempts. Consequently, PandaBuy customers are facing a significant security threat since their customer data was leaked on underground forums. During the test period, threat actors provided a sample dataset containing email addresses, customer names, order details, and payment information as a means of verifying the authenticity of the breach. 

Troy Hunt's validation of the leaked email addresses further corroborated the breach's legitimacy, emphasizing the urgency of corrective action required for it. The PandaBuy users who have been affected by the breach should act immediately to mitigate the risks. Resetting their passwords will help protect their accounts from unauthorized access in the future. 

It is also important to be vigilant against potential scams and to be very sceptical when receiving unsolicited communications. In addition to timely notifications, Have I Been Pwned integrations with data breach aggregation services ensure users can take proactive measures to protect their online security when data exposure occurs? It is essential that companies, particularly those that handle large amounts of consumer data, prioritize the security of their platforms to prevent such incidents. 

Consumers should remain vigilant and adopt best practices in terms of digital security to keep themselves safe, including strong, unique passwords, and be wary of phishing attempts that may try to steal personal information.
Read more »
Subscribe to: Posts (Atom)