Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Password Hashing. Show all posts

Reddit Braces for Data Leak as Hackers Threaten to Expose Stolen Information

 

A new wave of cybersecurity threats looms over Reddit as hackers, known as BlackCat, have recently surfaced with a dire warning. The group claims to have obtained confidential data during a breach that occurred back in February. Reddit, the popular social media platform and discussion forum, is now facing the potential release of sensitive user information, causing alarm among its millions of users.

According to reports from Bleeping Computer, the hackers have threatened to leak a massive 80GB trove of stolen data. This news has sent shockwaves throughout the online community, sparking concerns about privacy and cybersecurity. The stolen information is said to include email addresses, encrypted passwords, and private messages exchanged between users.

The breach has caused unrest among Reddit users who are worried about the potential exposure of their personal information. The platform has a vast user base, with countless individuals actively engaging in discussions, sharing personal stories, and participating in various communities. The leak of such data could have significant consequences, including identity theft, phishing attacks, and harassment.

Reddit has been grappling with cybersecurity issues in recent years. The breach in February, initially thought to be minor, now appears to be much more severe than anticipated. The company has been working diligently to enhance its security measures and address the breach promptly. However, the latest threats from BlackCat highlight the ongoing challenges faced by online platforms in safeguarding user data.

In response to the threats, Reddit has taken immediate action to protect its users. The company has informed law enforcement agencies and is cooperating fully with their investigations. Reddit is also urging its users to update their passwords and enable two-factor authentication as an additional security measure.

While the motivations of the BlackCat hackers remain unclear, their actions emphasize the pressing need for individuals and organizations to prioritize cybersecurity. It is essential for users to regularly update their passwords, use strong and unique passwords for each platform, and enable multi-factor authentication whenever possible. Online platforms, too, must invest in robust security systems to safeguard user data and actively monitor for potential breaches.

The Reddit breach serves as a stark reminder that no organization is immune to cyber threats. It underscores the importance of implementing comprehensive security protocols, conducting regular vulnerability assessments, and maintaining a proactive stance against potential attacks.

Slack Fixed Security Flaw for Passwords

When establishing or revoking shared invitation links for workplaces, a bug revealed salted password hashes, therefore Slack claimed it reset passwords for around 0.5 percent of its users.

A cryptographic method known as hashing converts any type of data into a fixed-size output. Salting is intended to strengthen the hashing operation's security and make it more resilient to brute-force attacks.

The flaw was found and patched in Slack's Shared Invite Link functionality, which allows Slack workspace owners to generate a link that will allow anybody to join, according to official Slack documentation. The function is provided as an alternative to sending out individual email invitations to join the workplace.

All users who created or canceled shared invitation links between 17 April 2017 and 17 July 2022 are said to have been affected by the problem, which was discovered by an anonymous independent security researcher.

Bret Taylor, co-CEO of Salesforce, stated on the business's most recent earnings call in May for the period ending April 30 that the number of customers investing more than $100,000 on Slack annually had increased by more than 40% on an annualized basis for four straight quarters. In July 2021, Salesforce completed the $27.7 billion acquisition of Slack.

The business claimed that no Slack client kept or displayed the hashed password and that active encrypted network traffic monitoring was necessary for its discovery. The business is also using the event to encourage people to enable two-factor authentication as a defense against account takeover attempts and develop original passwords for online services.

Here's why a Greece Hacker Easily Hacked Croatian University?

 

A hacker from Greece has published the database of the University of Rijeka in the context of Croatia supporting the anti-Serb movement. Reportedly, the hacker was fueled by the prevailing situation in the Balkans, and his acts were motivated by the same; addressing his Serbian brothers he wrote, "it's time to defend our land and our history". 

Hashing is a one-way road to security and a reliable password storage strategy that makes storing passwords less risky and complex by creating a strong foundation for securely storing passwords.
 
The database contains a table that compares every username with a password. The server receives a request for authentication with a payload containing a username and a password when a user logs in; then the username is being looked up in the database and matched with the stored password, and when the right match is being found, the user gets the access to the application or the website. 
 
The strength of security depends upon the format of storing the password, one of the most basic ways of password storage is 'cleartext', which however is also the least secure of all as it is readable data stored in the clear, for instance, unencrypted. To say, using cleartext for storing passwords is the real-world equivalent of writing them down on paper – here a digital one.  
 
Notably, the University website has been using Md5 to store the passwords which is yet another outdated format that can be easily cracked. Now coming back to hashing – it uses an algorithm to map data regardless of its size to a fixed length, one must not confuse hashing with encryption as encryption is a two-way function and hence reversible while hashing is a one-way function and hence is not reversible. The computing power required to reverse-hash something is unfeasible. 
 
What is salting?
 
Salting is a unique value that is added at the end of the password to distinguish its hash value from that of a similar password, without salting the same hash will be created for two identical passwords. It is done to strengthen security by complicating the cracking process. However, in the abovementioned hash, there are no additional values added to the passwords. 

They have simply used the md5 method without salting and as the main virtue of a secure hash function is to make its output difficult to predict, this method used by the University defies the whole purpose – making passwords weak and easy to crack. Some of the pre-cracked passwords are shown below. 



Malware Campaigns Attacking Asian Targets Using EternalBlue and Mimikatz



Asian targets are falling prey to a cryptojacking campaign which takes advantage of 'Living off the Land' (LotL) obfuscated PowerShell-based scripts and uses EternalBlue exploit to land Monero coinminer and Trojans onto targeted machines.
At the beginning of this year, a similar malware campaign was identified by the research team of Qihoo 360; reportedly, the campaign was targeted at China at the time. Open source tools such as PowerDump and Invoke-SMBClient were employed to carry out password hashing and execute hash attacks.
The campaign resorts to an exploit which uses SMBv1 protocol which was brought into the public domain by the Shadow Brokers a couple of years ago. It has now become one of the standard tools used by the majority of malware developers.
Referenced from Trend Micro’s initial findings, the aforementioned cryptojacking campaign was only targeting Japanese computer devices but eventually the targets multiplied and now they encompassed Taiwan, India, Hong-Kong, and Australia.
Trend Micro’s research also stated that the EternalBlue exploit, developed by NSA is a new addition into the malware; alongside, they drew a co-relation between the exploit and the 2017 ransomware attacks.  
How does the malware compromise computers?
With the aid of "pass the hash" attacks, it inserts various infectious components into the targeted computer by trying multiple weak credentials in an attempt to log in to other devices which are connected to that particular network.
Upon a successful login, it makes changes in the settings concerning firewall and port forwarding of the compromised machine; meanwhile, it configures a task which is scheduled to update the malware on its own.
Once the malware has successfully compromised the targeted computer, it goes on to download a PowerShell dropper script from C&C server and then it gets to the MAC address of the device and terminates the functioning of all the antimalware software present on the system. Immediately after that, it furthers to place a Trojan strain which is configured to gather the information of the machine such as name, OS version, graphics detail, GUID and MAC address.
“We found the malware sample to be sophisticated, designed specifically to infect as many machines as possible and to operate without immediate detection. It leverages weak passwords in computer systems and databases targets legacy software that companies may still be using,” said Trend Micro.
Trend Micro advises users and enterprises to, “use complicated passwords, and authorize layered authentication whenever possible. Enterprises are also advised to enable multi-layered protection the system that can actively block these threats and malicious URLs from the gateway to the endpoint.”