Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Online data breach. Show all posts

Alkem Labs: Rs 52 Crore Cyber Fraud Shakes Security

 


Alkem Laboratories, a prominent pharmaceutical company, is grappling with a cybersecurity issue involving a Rs 52 crore fraudulent transfer. The company had taken steps to protect itself by teaming up with Check Point Software Technologies in November 2023 to prevent cyber attacks. 
The recent breach allowed unauthorised access to email accounts of some employees in one of Alkem's subsidiaries. Although the company is investigating, specific details about the incident are not disclosed. 

Despite the breach, Alkem Laboratories assured that the amount involved didn't surpass certain predefined limits. In the financial realm, the company reported a strong performance with an operating revenue of Rs 2,634.6 crore and a net profit of Rs 646.5 crore for the quarter ending September 2023. 

This incident highlights the ongoing challenges businesses face in the digital age. Even a well-established company like Alkem is not immune to cyber threats, emphasising the need for increased awareness and security measures in today's interconnected world. Following the cybersecurity incident at Alkem Laboratories, the company took proactive steps by enlisting an external agency to investigate the matter. The investigating agency submitted a detailed report to the Board of Directors, emphasising that the impact of the incident was confined to the previously mentioned amounts. 

In a move towards transparency and good governance, the Board of Directors, during their meeting on January 12, 2024, decided to disclose the cybersecurity incident to the stock exchanges. The decision, rooted in the principles of openness and accountability, aims to keep stakeholders informed about the situation. 

While the investigation's conclusion indicated that the impact was limited, the company recognizes the importance of sharing such incidents for the sake of transparency. This move aligns with industry best practices and demonstrates Alkem Laboratories' commitment to keeping shareholders and the public well-informed about developments that could affect the company's operations and reputation. 

Addressing the cybersecurity incident, Alkem Laboratories clarified that it did not stem from any fraudulent activities involving promoters, directors, key managerial personnel, or any staff within the company or its subsidiary. The company affirmed its commitment to ethical practices and reported taking necessary steps, including filing complaints with relevant governmental and regulatory authorities. 

In November 2023, Alkem Laboratories strategically partnered with Check Point Software Technologies, a Nasdaq-listed cybersecurity solutions company, to strengthen defences against cyber threats. This collaboration aimed to shield the pharmaceutical company's facilities from potential cyber attacks. 

As the company works out the aftermath of the cybersecurity breach, it remains dedicated to transparency and accountability. The assurance that the incident was not internally driven, coupled with proactive measures taken alongside Check Point Software Technologies, underscores Alkem Laboratories' commitment to prioritising cybersecurity and maintaining stakeholder trust. 

In an era where cybersecurity threats are on the rise, such actions not only serve to address the immediate situation but also contribute to the broader conversation around the need for robust cybersecurity measures in the corporate landscape. The disclosure to stock exchanges stresses upon the company's dedication to ethical business practices and maintaining trust with its stakeholders.


Researchers Updated Twitter Data Breach as “More Harmful” Than Reported


Last year, Twitter exposed more than five million phone numbers and email addresses following a massive data breach. The research team of 9TO5Mac has been provided with evidence that suggests the same security vulnerability was exploited by multiple threat actors at the same time. Additionally, several sources have advertised the availability of the hacked data on the dark web for sale as well. 

This vulnerability was first reported back in January by HackerOne. Using this tool, anyone could enter a phone number or e-mail address and then find the Twitter account associated with that number or email address. A Twitter handle can be easily converted into an internal identifier used by Twitter, even though it is an internal identifier utilized by Twitter. 

In reality, a threat actor would be able to construct a single database that would contain Twitter handles, email addresses, and phone numbers accumulated from the web. 

When Twitter released an announcement in May, it confirmed that the vulnerability existed and had been patched, but it did not mention that anyone had exploited it. 

According to the restoration privacy report, a hacker had indeed used the vulnerability to gain access to millions of accounts around the world. He had gotten access to personal information as a result. 

There has been a massive breach of Twitter data, and not just one

In a Twitter thread yesterday, there was a suggestion that some threat actors had accessed the same personal data in more than one way. Having seen evidence of multiple breaches, 9to5Mac can now verify that this is indeed the case. 

The security researchers explained that, in a previous report, they had seen a dataset that contained the same information in a different format, and the source told researchers that it was "definitely a different threat actor." This was just one of several files that they had seen. The researchers at 9TO5Mac found that the dataset was just one of several similar files. 

The majority of the data is based on Twitter users in the UK, most EU member countries, and several US states. 

Essentially, the setting the security researchers are referring to here refers to a setting that is quite deeply buried within the settings of Twitter. This setting appears to be on by default if you open Twitter's settings. 

An estimated 500k record was downloaded within one hour by the bad actors, it has been reported. On the dark web, multiple sources have offered this data for sale for a price between $5,000 and $10,000. 

It has been reported that a security expert's account has been suspended after tweeting about it. There was also another security specialist whose Twitter account was suspended the same day. Chad Loder, a well-recognized computer security expert, predicted Twitter's reaction within minutes of it being announced and it was confirmed by other experts. 

There is evidence that multiple hackers have obtained the same data and combined it with other data sourced from other breaches to steal the information.

Phishing Scam Targeting American Express Customers

Armorblox security researchers discovered a brand new phishing campaign targeting American Express customers. Threat actors sent emails to lure American Express cardholders into opening an attachment and trying to get access to their confidential data and their accounts. Also, the hackers created a fake setup process for an “American Express Personal Safe Key” attack. 

The emails sent by hackers to customers urged them to create this account to protect their system from phishing attacks. Once you click the given link, it takes you to a fake page that asks for private data such as social security number, mother's maiden name, date of birth, email, and all American Express card details, including codes and expiration date. 

Additionally, the group of threat actors crafted the counterfeit webpage smartly to resemble the original American Express login page, including a logo, a link to download the American Express app, and navigational links. 

“The victims of this targeted email attack were prompted to open the attachment in order to view the secure message. Upon opening the attachment, victims were greeted with a message announcing additional verification requirements for the associated account. The urgency was instilled within the victims through the inclusion of the language, “This is your last chance to confirm it before we suspend it”, and a prompt for victims to complete a one-time verification process that was needed as part of a global update from the American Express team,” Armorblox security blog reads. 

Armorblox security researchers further added in their blog that, the hackers try to create a sense of urgency within the victim's mind that the sent email is essential and should be opened at once. Once the customer opens the link, the email appears as a legitimate email communication from American Express. 

“The language used within this attachment evoked a sense of trust in the victim, with the inclusion of the American Express logo in the top left and a signature that made the message seem to have come from the American Express Customer Service Team,” Armorblox security blog reads. 

Armorblox co-founder and CEO DJ Sampath said that financial institutions are often targeted with credential phishing scams. The main targets of this phishing scam are American Express charge card holders.

State Bar of California's Confidential Details Leaked by a Website

 

The State of Bar California is inspecting a data attack after hearing that a site is publishing sensitive information about 260,000 attorney discipline cases pertaining to California and different jurisdictions. State Bar officials came to know about the posted records on Feb 24 on Saturday night, all the sensitivity details that were posted on the site judyrecords.com, that includes case numbers, information about various cases and statuses, respondents, file dates, and witness names that were removed. 

State Bar executive Leah Wilson in a statement said that the bar apologizes for the site's unauthorized display of personal data. The bar takes full responsibility for protecting confidential data with sincerity, and it is currently doing everything it can to resolve the issue quickly and protect respondents from further attacks. 

According to reports, full case records were not leaked, as per officials, they don't know if the published information was due to a hacking attack. Judyrecords.com is a site that covers court case records nationwide. 

The State Bar website lets the public search for case details, but the details about the attorney discipline case published by judyrecords.com are not meant for public access. The information was stored in State Bar's Odyssey case management system, which is given by vendor Tyler Technologies. 

As per the California Business and Professions Code, disciplinary investigations are confidential filing of formal charges. The conclusion of the data breach is that the State Bar notified law enforcement and asked forensic expert teams to inspect the issue. Tyler Technologies is currently assisting in the inquiry. 

Besides this, the state bar also asked the hosting provider of the website to take down the published information. Judyrecords website says, "Judyrecords is a 100% free nationwide search engine that lets you instantly search hundreds of millions of United States court cases and lawsuits. Judy records have over 100x more cases than Google Scholar and 10x more cases than PACER, the official case management system of the United States federal judiciary. As of Dec 2021, Judy records now features the free full-text search of all United States patents from 1/1/1976 to 11/10/2021 — over 7.9 million patents in total."

Online Payments for Water Services Intercepted By Hackers


The City of Waco warns residents that their online payments for water services may have been impeded by hackers who stole credit card details.

As per a spokesperson for the City of Waco, the Click2Gov portal for water bill payments was breached by vindictive hackers who had the option to plant pernicious code that redirected sensitive data between August 30th and October 14th.

Security researchers have been following these attacks against Click2Gov's payment portals for two or three years now, with numerous reports of breaches including the urban areas extending across the United States and Canada, bringing about a thousands of payment card details being traded on the dark web.

The core of the issue is said to have been the third-party online payment software that Waco and a few other urban communities and regions use to let residents pay their bills, pay parking fines, just as make other financial transactions. CentralSquare Technologies, the creators of Click2Gov, counters that lone a "limited number" of Click2Gov customers have announced unauthorized access by hackers and that a vulnerability they recognized in the portal has now been closed.

As indicated by media reports, on account of the latest breach including water utility payments, the City of Waco was informed regarding the issue with the Click2Gov software on November 8, 2019.

City representative Larry Holze says, “Of the 44,000 water customers, typically we receive 12,500 payments online each month. During the period identified, a little over 8,000 customers were mailed letters. Payments made with a credit card inside the water office (not online) are not involved in this incident.”

Consumers affected by the breach can hope to get a letter from the city the previous week informing them about the occurrence and advising them whenever required on the means that ought to be taken to secure against such fraud.

“We’ve sent out letters to all those people who they’ve been able to give us that have been compromised, in some fashion, asking them to be careful and watch their statements and make sure something doesn’t show up,” said spokesman Holze.

The city has additionally set up a hotline for residents with inquiries regarding the breach, accessible from Monday to Friday on 833-947-1419.7

Russian Intelligence Attempts to Crack Tor Anonymous Web Browser



On being breached by cybercriminals, a Russian intelligence contractor has been found to be attempting to crack an anonymous web browser, 'Tor', which is employed by the people who wish to bypass government surveillance and acquire access to the dark web. However, it is unclear how effective the attempt to crack the web browser was because the modus operandi relied largely on the luck factor to match Tor users to their activity.

According to the findings of the BBC, the intelligence contractor which is widely known in Russia is also working on various secret projects.

SyTech, a contractor for Russia's Federal Security Service FSB, fell prey to a massive data breach wherein hackers gained illicit access to around 7.5 terabytes of data and included details regarding its projects.

The internet homepage of the company was replaced by a smug smiley face by the hackers from a group namely 0v1ru$ who acquired illegal access to the company on 13th July.

In order to crack Tor, SyTech resorted to Nautilus-S which required them to become an active member of the browser's network.

Whenever a user gets connected to Tor, the usage of the web browser is visible to the internet service providers who later can provide this data to the FSB or any other state authority, on being asked.

Commenting on the viability of SyTech's attempt to crack Tor, a spokesperson for the Tor project said, "Although malicious exit nodes would see a fraction of the traffic exiting the network, by design, this would not be enough to deanonymize Tor users,"

"Large-scale effective traffic correlation would take a much larger view of the network, and we don't see that happening here," he added.


Over 200 Million Chinese CVs Compromised On The Dark Web


Over 200 Million Chinese CVs Compromised Online







Recently, a database comprising of over 200 million Chinese CVs was discovered online in a compromised position where it was laid bare for the dark web to devour. Naturally, it spilled explicitly detailed information.



Having lacked, fundamentally basic security endeavors, the database exposed some really personal data of people.



The database encompassed their names, addresses, mobile phone numbers, email addresses, education details and other what-not.



The much detailed information on the base was developed by persistently scouring various Chinese job sites.



Reportedly, the director of the researching institution cited on the issue that at the outset, the data was thought to be gained from a huge classified advert site, namely, BJ.58.com.



Nevertheless, BJ.58.com, vehemently denied the citation and their relation with this accident.



They had thoroughly analysed and checked their databases and found nothing questionable, hence reassuring that they had no role to play in the data leakage.



They also mentioned that certainly some third-party CV website “Scraper” is to blame.



It was via twitter that the news about this data cache first floated among people, and soon after that, it was removed from Amazon cloud where it had been stored.



But, as it turned out while further analyzing, before it was deleted it had previously been copied around 12 times.



There has been a series of incidents where the Chinese have been cyber-affected, and this data loss is the latest of all.



From online rail bookings to allegedly stealing rail travelers personal data, the early days of January were quite bad for the Beijing people.



Reportedly, in August last year, the police of China were busy investigating a data breach of hotel records of over 500 million customers.



Personal data, including the booking details and accounts, registration details and other similar information were leaked.



Also, the Internet Society of China had released a report wherein the several phishing attacks and data breaches the country’s residents had faced were mentioned.