Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Phishing email. Show all posts
Sensitive customer information
Chrome Extension Customer Data Cyber Attacks Cybersecurity measures Data Loss data security Phishing email Sensitive customer information

Cyberattack on Cyberhaven Chrome Extension Exposes Sensitive Data

 


On Christmas Eve, Cyberhaven, a data loss prevention company, experienced a cyberattack targeting its Google Chrome extension. The breach exposed sensitive customer data, including passwords and session tokens. The company has since taken swift measures to address the issue and prevent future incidents.

The attack occurred after a Cyberhaven employee fell victim to a phishing email, inadvertently sharing their credentials. This gave the attacker access to Cyberhaven’s systems, specifically the credentials for the Google Chrome Web Store. Leveraging this access, the attacker uploaded a malicious version (24.10.4) of the Cyberhaven Chrome extension. The compromised version was automatically updated on Chrome-based browsers and remained active from 1:32 AM UTC on December 25 to 2:50 AM UTC on December 26.

Swift Response by Cyberhaven

Cyberhaven’s security team discovered the breach at 11:54 PM UTC on Christmas Day. Within an hour, they removed the malicious extension from the Web Store. CEO Howard Ting praised the team’s dedication, stating, “Our team acted swiftly and with remarkable dedication, interrupting their holiday plans to safeguard our customers and maintain our commitment to transparency.”

While no other Cyberhaven systems, such as CI/CD processes or code signing keys, were affected, the compromised extension potentially enabled the exfiltration of user cookies and authenticated sessions for specific targeted websites. This incident underscores the persistent risks posed by phishing attacks and the critical need for robust security measures.

Mitigation Measures for Users

To mitigate the impact of the breach, Cyberhaven has advised users to take the following steps:

  • Update the extension to version 24.10.5 or newer.
  • Monitor logs for unusual activity.
  • Revoke or reset passwords not protected by FIDOv2.

These proactive measures are essential to prevent further exploitation of compromised credentials.

Enhanced Security Measures

In response to the attack, Cyberhaven has implemented additional security protocols to strengthen its defenses. The company is also working with law enforcement to investigate the breach and identify the attackers, who reportedly targeted other companies as well.

This attack highlights the increasing sophistication of cyber threats, particularly those exploiting human error. Phishing remains one of the most effective tactics for gaining unauthorized access to sensitive systems. Companies must prioritize employee training on recognizing phishing attempts and establish multi-layered security frameworks to mitigate vulnerabilities.

Cyberhaven’s swift response and transparent communication reflect its commitment to customer security and trust. As the investigation continues, this incident serves as a stark reminder of the importance of vigilance in the ever-evolving landscape of cybersecurity threats.

Read more »
Ransomware attack
banking service outage Cyber Security Cybersecurity Breach online banking disruption Patelco Credit Union Phishing email Ransomware attack

Ransomware Attack on Patelco Credit Union Disrupts Services for Nearly Half a Million Members

 

A ransomware attack on Bay-area Patelco Credit Union has disrupted banking services for nearly half a million members, and the outage could persist for weeks.

The credit union announced the attack on June 29 via Twitter. The affected services include online banking, the mobile app, direct deposits, transfers, debit and credit card transactions, Zelle, balance inquiries, online bill payments, and monthly statements, among others.

Patelco Credit Union, based in Dublin, California, serves the San Francisco Bay Area and Northern California. In addition to consumer banking, it offers mortgage origination, home equity lines of credit, and mortgage refinancing.

Patelco CEO Erin Mendez issued a statement on Wednesday confirming that cybersecurity specialists have validated the "core systems" and assured members that their money is "safe and secure." However, she mentioned that full system functionality is not expected to be restored over the weekend.

"I know this continues to cause our members frustration and many of you have questions," she said, promising that any fees incurred due to the shutdown will be waived. "We hear your concerns and are working around the clock to address them. Our team is committed to doing everything we can to support our members through this difficult situation."

The Mercury News reported that hackers infiltrated the bank’s internal databases via a phishing email, encrypting its contents and locking the bank out of its systems.

Operating as a nonprofit cooperative, Patelco holds $9 billion in assets. Despite providing daily updates since the attack, there is no clear timeline for when systems will be fully restored, and further outages are possible.

Services that remain operational include check and cash deposits, ATM withdrawals, ACH transfers, ACH for bill payments, and in-branch loan payments.
Read more »
Threat Landscape
Cyber Crime Espionage Campaign Hacking Group Malicious Ads Phishing email Threat Landscape

This Hacker Outfit has Targeted Thousands of Companies Across the Globe

 

ESET's cybersecurity researchers have recently uncovered a relatively new hacker outfit that has had great success targeting organisations all around the world. 

The researchers are still unsure of the group's eventual goal, which goes by the name of Asylum Ambuscade. BleepingComputer claims that over the past three years, it has been active all over the world, but primarily in the West.

It makes use of many different tools, such as the Sunseed malware, Akhbot, and Nodebot, which enable the team to carry out a wide range of malicious operations, such as stealing screenshots, stealing passwords stored in well-known web browsers, deploying Cobalt Strike loaders, running a keylogger, and more. In short, the group's skills encompass everything from espionage to cybercrime. 

They have a wide range of targets, including small and medium-sized businesses (SMB), government officials and organisations, bank customers, cryptocurrency speculators, and traders. 

Modus operandi 

Typically, a phishing email including a malicious script is the first step in an assault. Depending on the target's endpoints, the group selects which extra payloads to send after downloading the Sunseed virus. 

The researchers discovered that in certain cases the group generated Google Ads that drove consumers to websites that included malicious JavaScript code.

Additionally, the organisation appears to be very successful. Researchers at ESET began monitoring the gang's activity in January of last year and have since discovered almost 4,500 victims, which suggests the group targeted 265 businesses and organisations each month.

The group's intentions continue to be the biggest mystery. The researchers are unable to precisely identify what the group is attempting to do because they have access to a wide variety of tools that can be used to commit all types of cybercrime and a diverse list of victims. One explanation contends that the group is just selling knowledge and access to other threat actors, which explains their diverse strategy.
Read more »
VPN
Cyber Security Endpoint Kaspersky Phishing email Ransomware Attacks. RDP Software VPN

Tackling the Top Initial Attack Vectors in Ransomware Campaigns

Ransomware attacks remain a major concern for organizations worldwide, causing significant financial losses and operational disruptions. A recent report by Kaspersky sheds light on the primary attack vectors used in ransomware campaigns, highlighting the importance of addressing these vulnerabilities to mitigate the risk of an attack.

According to the report, three common initial attack vectors account for the majority of ransomware campaigns: phishing emails, vulnerable remote access services, and software vulnerabilities. These vectors serve as entry points for threat actors to gain unauthorized access to systems and initiate ransomware attacks.

Phishing emails remain one of the most prevalent methods used by attackers to distribute ransomware. These emails often employ social engineering techniques to deceive users into opening malicious attachments or clicking on malicious links, leading to the execution of ransomware on their devices. It is crucial for organizations to educate employees about recognizing and avoiding phishing attempts and to implement robust email security measures to filter out such malicious emails.

Vulnerable remote access services pose another significant risk. Attackers target exposed Remote Desktop Protocol (RDP) and Virtual Private Network (VPN) services, exploiting weak or compromised credentials to gain unauthorized access to networks. Organizations should implement strong authentication mechanisms, enforce secure password practices, and regularly update and patch their remote access solutions to mitigate this risk.

Software vulnerabilities also play a crucial role in enabling ransomware attacks. Threat actors exploit known vulnerabilities in operating systems, applications, or plugins to gain a foothold in networks and deploy ransomware. It is essential for organizations to establish a comprehensive patch management process, promptly applying security updates and patches to address known vulnerabilities.

To effectively combat ransomware campaigns, organizations should adopt a multi-layered security approach. This includes implementing strong perimeter defenses, such as firewalls and intrusion detection systems, to detect and block malicious traffic. Endpoint protection solutions that utilize advanced threat detection and prevention mechanisms are also critical in identifying and mitigating ransomware threats.

Regular backups of critical data are essential to recovering from ransomware attacks without paying the ransom. Organizations should ensure that backups are stored securely, offline, and tested regularly to verify their integrity and effectiveness in restoring data.

Reducing the risk of ransomware attacks requires addressing the three primary attack vectors: phishing emails, weak remote access services, and software flaws. Businesses may fortify their defenses and lessen the effects of ransomware events by implementing strong security measures, employee education, timely patching, and backup procedures.
Read more »
User Privacy
Cyber Security Email Fraud email security Phishing email User Privacy

Five Important Tips for Keeping Your Email Safe

 

Whether it’s on our smartphones or desktops – we can’t really function today without scanning our emails on a daily basis. However, we often undermine the hacker's abilities and think we're immune to scams. take the privacy and security of our inboxes and emails for granted. 

Email scam is often the easiest way for malicious hackers to trick individuals into giving personal and private data. According to the FBI, email frauds are the most expensive type of cybercrime, costing American billions of dollars in losses. 

According to Google Safe Browsing, there are now nearly 75 times as many phishing sites as there are malware sites on the internet. Interestingly, 20% of all employees are likely to click on phishing email links, and, of those, a whopping 68 percent go on to enter their credentials on a phishing website. 

So how can we mitigate this and safeguard our emails? Here are 5 simple steps that can assist in protecting your email account and steer clear of threat actors. 

1. Apply a strong and unique password 

This one may seem cliche, but never employ a password that contains your name, date of birth, user name, email address, or any other piece of information that can be easily accessed by hackers. Your password needs to be six characters or longer. Employ different passwords for each of your accounts, never the same one. 

You can store all your passwords in multiple ways, including on a piece of paper, hard drive, password manager, or otherwise. If you're using a password manager app, keep in mind that these can be prone to hacks, as they rely on internet connections and software programs to store your data, both of which can be abused by hackers. 

2. Post minimal personal information on social media 

Recognize the privacy settings you have. Always scan the default privacy settings before posting anything on a social media platform. The default privacy settings on multiple social media platforms are often lenient and may permit the sharing of information with a big online community. A social networking platform’s settings should be adjusted before sharing any content there. 

3. Employ a spam filter 

Spam filters help you keep spam emails from your inbox or flag spam emails so that you are aware of them. Relying on the software and configuration, some spam filters can automatically eliminate junk emails and thwart web bugs that track your activity and system information. 

4. Block Suspicious Addresses 

While some scammers may only try to contact you once or twice, others will make repeated attempts at getting in touch. This is why you should block email addresses that you have confirmed to be dangerous. It's usually pretty quick and easy to block an email address, but the process may differ slightly depending on the provider you're using. It can usually be done by highlighting a specific email and choosing the Block option, or by going into your email account settings. 

5. Use Antivirus Software 

It is highly recommended that you install and maintain good and well-respected antivirus software on your desktop, smartphone, or tablet to mitigate infection. Search all email attachments with an antivirus program before downloading them, even if they come from someone you know.
Read more »
United Nations
Bank Security Cyber Attacks cybercriminals IP Address Phishing and Spam Phishing email United Nations

Users at Citibank Attacked by a Massive Phishing Scam

 

Scammers impersonating Citibank are now targeting customers in an online phishing campaign. Thousands of bogus email messages were sent to bank customers, according to Bitdefender's Antispam Lab, with the intent of collecting sensitive personal information and internet passwords. 

Responding to unusual activities or an unauthorized login attempt, the accounts have been placed on hold. As a result, the attackers claim all users should authenticate existing accounts as soon as possible to avoid a permanent ban.

According to Bitdefender's internal telemetry, these campaigns are focused primarily on the United States, with 81 percent of the phishing emails sent ending up in the mailboxes of American Citibank customers. However, it has also reached the United Kingdom (7 percent), South Korea (4 percent), and a small number have indeed made it to Canada, Ireland, India, and Germany. When it comes to the origins of these phishing attacks, 40% of the phoney emails appear to have come from the United States, while 13% came via IP addresses in Mexico. 

The cybercriminals behind the effort utilize email subject lines like "Account Confirm Confirmation Required," "Second Reminder: Your Account Is On Hold," and "Account Confirm Confirmation Required" to deceive Citibank clients into opening the emails. Other subject lines were, "Urgent: Account Confirmation Required," "Security Alert: Your Account Is On Hold," and "Urgent: Your Citi Account Is On Hold." 

Since some of the phishing emails in the campaign use the official Citibank logo to make them appear more real, the scammers who sent them did not take the time to correctly fake the sender's email address or repair any punctuation issues in the email body.

Citing phoney transactions or payments, and also questionable login attempts is another strategy used to create these phishing emails which appear to be from Citibank itself, to fool potential victims into authenticating actual accounts. When victims click the verify button, users are taken to a cloned version of the legitimate Citibank homepage. However, if a Citibank customer goes this far, fraudsters will steal the credentials and utilize them in future assaults. 

Bitdefender has discovered another large-scale phishing campaign that went live between February 11 and 15, 2022, offering victims the opportunity to seek cash compensation from the United Nations. The challenge in this situation is to identify the beneficiary as a scam victim, one of the 150 people who were declared eligible for a $5 million payout from Citibank. 

Banks rarely send SMS or email alerts to customers about critical account changes, thereby users can contact the bank and ask to speak to an agent if they receive a message which makes strong claims. Instead of calling the phone numbers included in the email, users should go to the bank's official website and look up the information on the contact page.
Read more »
User Security
Cryptocurrency Frauds Data Breach Hacking Phishing email User Credentials User Data User Privacy User Security

Coinbase: Hackers Stole Cryptocurrency From Around 6,000 Customers

 

Crypto Exchange Coinbase has revealed that hackers successfully stole money from at least 6,000 Coinbase users this spring, partly by exploiting a vulnerability in the cryptocurrency exchange's two-factor authentication mechanism. 

Coinbase is the world's second-largest bitcoin exchange with over 68 million users from over 100 countries. In a data breach warning delivered to impacted clients this week, Coinbase disclosed the hacking activity. The notice states, “At least 6,000 Coinbase customers had funds removed from their accounts, including you,” 

Account breaches happened between March 2021 and May 20, 2021. Coinbase estimates hackers launched a wide-scale email phishing effort to deceive a significant number of customers into providing their email addresses, passwords, and phone numbers. 

Furthermore, the unknown attackers got access to victims' email inboxes through the use of malicious software competent of reading and writing to the inbox if the user enables permission. Although, a password is insufficient to gain access to a Coinbase account. 

The business secures an account by default using two-factor authentication, which means users must enter both a password and a one-time passcode issued on the phone to log in. 

However, the hackers were capable to obtain the one-time passcode in certain situations. This happened to users who used the two-factor authentication method, which depends on SMS texts to deliver the code. 

A spokesperson for the cryptocurrency exchange told PCMag in a statement, “Once the attackers had compromised the user’s email inbox and their Coinbase credentials, in a small number of cases they were able to use that information to impersonate the user, receive an SMS two-factor authentication code, and gain access to the Coinbase customer account.” 

Coinbase did not go into detail about how the impersonation occurred. However, according to the statement, the attackers employed a SIM-swapping attack to deceive the cell phone carrier into transferring over the victim's phone number. 

In response, Coinbase says it’s been compensating victims for the stolen cryptocurrency, following reports the company did little to help consumers hit in the hack. 

A company spokesperson added, “We immediately fixed the flaw and have worked with these customers to regain control of their accounts and reimburse them for the funds they lost.” 

It's also unclear how the issue was resolved. Coinbase, on the other hand, is pushing consumers to abandon the SMS-based two-factor verification scheme for more secure alternatives. This includes utilising a smartphone app to generate the one-time passcode or a hardware-based security key. 
Read more »
ransomware attacks
Conti Ransomware Cyber Attacks DDOS Attacks Phishing email RaaS ransomware attacks

Ransomware Attacks Increased Exponentially in 2021

 

The growing threat of ransomware has been highlighted by NCC Group's Research Intelligence and Fusion Team (RIFT) analysis. Between January-March 2021 and April-June 2021, the number of ransomware assaults studied by the team climbed by 288%, indicating that enterprises are still facing waves of digital extortion in the form of targeted ransomware. 

The rise of the "triple extortion" ransomware technique whereby attackers, in addition to stealing sensitive data and threatening to release it publicly unless a payment is made, also target the organization's customers, vendors, or business partners in the same way, has fuelled the increase in attacks. 

Conti ransomware, which commonly employs email phishing to remote into a network via an employee's device, was responsible for 22% of ransomware data leaks studied between April and June. The Avaddon ransomware, which was linked to 17% of ransomware data leaks, was just behind it. While victims of this ransomware strain faced data encryption, the potential of data breaches, and the larger risk of DDoS attacks disrupting operations, the ransomware strain is now thought to be dormant. 

In addition to the substantial increase in ransomware assaults, organizations have seen a 29% of cyber-attacks worldwide, with the largest growth rates in the Europe Middle East and Africa (EMEA) area and America, at 36% and 24%, respectively. While the Asia-Pacific (APAC) region witnessed only a 13% increase in attacks, it had the highest number of weekly cyber intrusions at 1,338. The weekly number for EMEA was 777, while the weekly number for America was 688. 

This issue is hurting organizations all over the world, with the United States accounting for 49% of victims with known locations in the last three months, followed by France at 7% and Germany at 4%. The Colonial Pipeline ransomware attack in June, which was carried out by DarkSide ransomware affiliates, is one significant case. Oil supplies were disrupted, and there were fuel shortages across the United States as a result of the strike. 

Christo Butcher, global lead for threat intelligence at NCC Group, said: “Over the years, ransomware has become a significant threat to organizations and governments alike. We’ve seen targets range from IT companies and suppliers to financial institutions and critical national infrastructure providers, with ransomware-as-a-service increasingly being sold by ransomware gangs in a subscription model.” 

“It’s therefore crucial for organizations to be proactive about their resilience. This should include proactive remediation of security issues, and operating a least-privilege model, which means that if a user’s account is compromised, the attacker will only be able to access and/or destroy a limited amount of information,” he added.
Read more »
Subscribe to: Posts (Atom)