Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Sensitive data. Show all posts
telecommunications
Data Breach Orange Group Security Systems Sensitive data telecommunications

Hacker Leaks Stolen Data After Cyberattack on Orange Group

 


A hacker has claimed responsibility for breaking into the systems of Orange Group, a well-known French telecommunications provider. The attacker alleges that they stole a large number of internal files, including confidential details about customers and employees. After failing to extort the company, the hacker released some of this data on an underground forum.  


Orange Verifies the Cyberattack  

Orange Group has acknowledged the breach, stating that the attack targeted a non-essential system. The company has started an internal investigation and is taking steps to limit the damage. However, reports suggest that significant amounts of data have already been exposed.  

The hacker, who goes by the online name Rey, is associated with a cybercriminal group called HellCat. Despite this, Rey insists that this was not a ransomware attack. The breach primarily impacted Orange Romania, a regional branch of the company.  


What Information Was Compromised?  

According to the hacker, the stolen files contain nearly 380,000 email addresses, as well as confidential company records. The leaked data includes:  

• Customer and employee details  

• Business contracts and invoices  

• Internal source code  

• Payment card information, though many of these details are outdated  

Some of the email addresses in the leaked files belonged to former employees and business partners who had been associated with Orange Romania over five years ago. Additionally, the breach affected records from Yoxo, Orange’s subscription-based mobile service.  


How Did the Breach Occur?  

Rey claims to have accessed Orange’s systems for over a month before stealing data. The hacker reportedly gained entry using stolen login credentials and weaknesses in Jira, a software tool the company uses for project management and issue tracking.  

On the day of the attack, the hacker extracted company files for about three hours without triggering any security alerts. They also left a ransom note, but Orange did not respond or engage in negotiations.  


Orange’s Official Statement  

When asked about the breach, an Orange spokesperson confirmed that their Romanian operations had been targeted by hackers. The company’s cybersecurity and IT teams are currently working to understand the full extent of the breach and are focused on reducing its impact.  


A Pattern of Attacks?  

This is not the first time attackers have used Jira security flaws to steal information from large corporations. In similar cases, cybercriminals have managed to extract huge amounts of data, including 40GB in one breach and 2.5GB in another.  

This incident shows us the reality of weakened security systems and stolen login details can allow hackers to infiltrate major organizations. Companies must regularly update their cybersecurity measures to prevent such attacks. Employees and customers affected by this breach should remain cautious of phishing scams or fraudulent activities that may arise from their leaked data.  

As the investigation progresses, more details about the Orange Group breach may emerge. For now, the company is working on securing its systems and preventing further exposure of sensitive information.

Read more »
Sensitive data
Builder.ai Data Breach database Identity Theft Sensitive data

Builder.ai Data Breach Exposes Sensitive Information of Over 3 Million Users

 

A huge data security breach has come to light, with the data platform Builder.ai. It's a service that lets organizations build their own proprietary, custom software applications, which don't need heavy programming. According to a blog post by a security researcher, sensitive information from more than three million users' accounts was inadvertently leaked to the internet, leaving an open question of what now?

Jeremiah Fowler, a cybersecurity expert known for discovering unsecured online databases, found a Builder.ai archive with over 3 million records. This archive reportedly contained 1.29 terabytes of data, including very sensitive materials such as invoices, NDAs, email screenshots, and tax documents.

Worryingly, files contained access keys and configurations of two cloud storage systems. These keys, in the wrong hands, could grant hackers access to even more sensitive data.  


What Was Exposed

The exposed database included the following:  

337,434 invoices: The documents comprised transactions between Builder.ai and its clients.

32,810 master service agreements: Most agreements included user names, e-mail addresses, IP details and project estimations of the cost associated with a particular project giving a holistic overview of their sensitive information.  


Such data left unprotected poses grave risks. This information could be used for phishing scams, identity theft, or even financial fraud by criminals. Phishing is the art of making people give up their personal information by claiming to be a trusted person. The presence of cloud storage keys in the database further increases the worry, as this may also open access to more sensitive files elsewhere.

Fowler quickly notified the company, Builder.ai. However, the company, in its defense, showed that it could not tighten the database security due to "complexities with dependent systems." It is already a month, and nobody knows if the problem persists.  

Misconfigured databases are one of the constant problems of the digital era. Companies don't realize they have a shared responsibility to secure the data when it comes to cloud services, leaving large repositories of information exposed unintentionally. 

For businesses, this is an important wake-up call regarding comprehensive cybersecurity practices- periodic checks and ensuring the databases are properly secured for users' data protection.

For users, vigilance is key. Anyone who's interacted with Builder.ai should keep an eye out on their accounts for anything weird and be on their toes for phishing scams.

And in this hyperconnected world, security breaches such as this remind us that vigilance is key, too, for companies as much as it is for their users.



Read more »
Sensitive data
CAPTCHA Mobile Security phishing Sensitive data

Executives Targeted by Advanced Mobile Phishing Attacks

 

Mobile phishing attacks have continued to advance, targeting corporate executives. A report from mobile security firm Zimperium describes these attacks as highly sophisticated means of exploiting mobile devices. Thus, there is an emerging need for awareness and security measures.

How the Attacks Function

One campaign uncovered by Zimperium’s research team (zLabs) impersonated Docusign, a widely trusted e-signature platform. The attackers sent fake emails designed to look like urgent communications from Docusign. These emails urged recipients to click on a link to review an important document, playing on trust and the sense of urgency.

Initial Stage: Clicking the link redirected victims to a legitimate-looking webpage, masking its malicious intent.

Second-level Credibility: Then it led to a phishing site with a compromised university website address, which gave it a third level of credibility.

Mobile Specific Ploys: The phishing site on mobile was a Google sign-in page, created to steal login credentials. Desktop users were taken to actual Google pages to avoid detection.

Using CAPTCHA: To gain user trust, attackers added CAPTCHA verification in the phishing pages, so it resembled a real one.

Why Mobile Devices Are the Target

Mobile devices are generally less secure than traditional computers, making them a preferred target. The attackers planned well and even registered domains and SSL certificates just days before sending phishing emails. This was very hard to detect, because of the time invested in preparation.

Steps to Stay Protected

Experts advise that businesses take several steps to protect themselves from these attacks:

  • Train Employees: Educate employees, especially executives, on how to detect phishing attempts and not to click on suspicious links.
  • Mobile Security: Strengthen security on mobile devices and update policies to address emerging threats.
  • Use Advanced Tools: Implement advanced detection systems that can identify these new, highly hidden attacks.

Mika Aalto, the CEO of the security company Hoxhunt, believes that organizations should think about early prevention and equip employees with the skills to identify phishing attacks. He also advocates for better technical tools to help detect and block schemes more effectively.

Therefore, with the understanding and preparation about these threats, organizations can ensure their executives and sensitive data are protected from this mobile phishing campaign danger.

Read more »
Sensitive data
Bucharest Cyber Security Electrica Group Sensitive data

Electrica Group Under Cyber Attack, Systems Secure

 


Romanian energy provider Electrica Group has confirmed a cyber attack on its systems. Despite the breach, the company assured customers that its critical infrastructure remains secure. 

Incident Overview 
 
Electrica revealed that emergency response protocols were activated in line with cybersecurity requirements. While some operations faced short-term disruptions, these measures were necessary to protect internal systems and maintain business continuity. 
  
Collaboration with Cybersecurity Experts 
 
Electrica's technical teams are working with national cybersecurity agencies to:
  • Identify the source of the breach.
  • Prevent further disruptions.
  • Ensure the protection of sensitive data.
The company remains committed to delivering reliable electricity and safeguarding customer information. 

Customer Safety Advisory 
 
Electrica urged customers to remain vigilant and issued the following recommendations:
  • Avoid sharing personal information through unverified channels.
  • Be cautious of messages claiming to be from Electrica.
These measures are vital to prevent scams during the incident. 
  
Commitment to Transparency 

Electrica pledged to provide regular updates as efforts to mitigate the attack continue. The company is focused on minimizing the impact, restoring normal operations, and addressing vulnerabilities. 

This incident underscores the rising threats utility providers face and the critical need for robust cybersecurity mechanisms to protect infrastructure and public trust. Electrica is addressing the situation proactively, prioritizing reliability and customer safety.
Read more »
Social Security Number
Data Breach Digital Security Passwords Sensitive data Social Security Number

Why Ignoring Data Breaches Can Be Costly




Data breaches are now more rampant than ever, exposing passwords and payment details to hackers. You could be getting breach alerts that pop up every so often, warning you that your data has been exposed. It's a wake-up call on how rampant the breaches are.

A Persistent Problem 

Data breaches have become part of our online lives. From credit card numbers to social security information, hackers never cease their attempts to access sensitive data. In fact, many breaches are financially driven, and about 95% of cyberattacks aim for money or valuable information. Still, despite all the news every day, companies often do not realise they have been breached until almost six months pass. The average time to discovery is 194 days according to Varonis. Therefore, the attackers have sufficient time to use the information before the companies can even initiate their response.

Rise of Breach Blindness

Over time, exposure to breach after breach has created "breach blindness," as if these alerts do not matter anymore. Since most of the time, nothing immediate happens, it is easy to scroll past breach notifications without thinking twice. This apathy is dangerous. Such a lack of care could mean stolen identities, financial fraud, and no one holding the companies accountable for their inability to protect the data.

When companies lose money as a result of these breaches, the consumer pays for it in the form of higher fees or costs. IBM reports that the worldwide average cost of a data breach is nearly $5 million, a 10% increase from last year. Such a high cost is a burden shared between the consumer and the economy at large.

How to Protect Your Data

Although companies are liable for securing data, there are various measures that can be undertaken personally. The first and most obvious measure is that your account should have a very strong and unique password. Hackers rely on frequently used, weakly protected passwords to bypass most accounts. Changing them with complexity makes it even more challenging for attackers to bypass and get to compromising your data.

It is much important to stay vigilant nowadays with data breaches being as common as a part and parcel of the internet. This breach, little by little, erodes privacy online and security. Stop pretending not to know those prompts; take them as warnings to check on your web security and work on strengthening it if needed. The one thing to do with all this is to keep apprised so as to not be taken in on the hook.




Read more »
Vulnerabilities and Exploits
Google Cloud Mandiant Investigation Patching Sensitive data Vulnerabilities and Exploits

Think You’re Safe? Cyberattackers Are Exploiting Flaws in Record Time

 


There has been unprecedented exploitation by attackers of vulnerabilities in the software, Mandiant announced. According to the newly released report of the Mandiant cybersecurity firm, after an analysis of 138 exploits published in 2023, on average, in five days an attacker already exploits a vulnerability. Because of this speed, very soon it has become paramount for organisations to make their system updates quickly. The study, published by Google Cloud bloggers, shows that this trend has greatly reduced the time taken for attackers to exploit both unknown vulnerabilities, known as zero-day, and known ones, called N-day.

Speed in the Exploitation Going Up

As indicated by Mandiant research, the time-to-exploit, which is a statistic indicating the average number of days taken by attackers to exploit a discovered vulnerability, has been reducing rapidly. During 2018, it took nearly 63 days for hackers to exploit vulnerabilities. However, in the case of 2023, hackers took merely five days for exploitation. This shows that the attackers are getting more efficient in exploiting those security vulnerabilities before the application developers could patch them satisfactorily.

Zero-Day and N-Day Vulnerabilities

The report makes a distinction between the zero-day vulnerabilities, being the undisclosed and unpatched flaws that attackers would exploit immediately, and N-day vulnerabilities, which are already known flaws that attackers aim at after patches have already been released. In the year 2023, types of vulnerabilities targeted by the attackers changed, with rates of zero-day exploitation, which rose to a ratio of 30:70 compared with N-day attacks. This trend shows that attackers now prefer zero-day exploits, which may be because they allow immediate access to systems and sensitive data before the vulnerability is known to the world.

Timing and Frequency of Exploitation

This again proves that N-day vulnerabilities are at their most vulnerable state during the first few weeks when the patch is released. Of the observed N-day vulnerabilities, 56% happened within the first month after a patch was released. Besides, 5% were attacked within just one day of the patch release while 29% attacked in the first week after release. This fast pace is something that makes the patches really important to apply to organizations as soon as possible after they are available.

Widening Scope for Attack Targets

For the past ten years, attackers have enormously widened their scope of attacks by targeting a growing list of vendors. According to the report, on this front, the count increased from 25 in the year 2018 to 56 in 2023. The widening of such a nature increases the trouble for teams, who have now encountered a significantly expanded attack surface along with the ever-increasing possibility of attacks at a number of systems and software applications.


Case Studies Exposing Different Exploits

Mandiant has published case studies on how attackers exploit vulnerabilities. For example, CVE-2023-28121 is a vulnerability in the WooCommerce Payments plugin for WordPress, which was published in March 2023. Although it had been previously secure, it became highly exploited after the technical details of how to exploit the flaw were published online. Attacks started a day after the release of a weaponized tool, peaking to 1.3 million attacks in one day. This fast growth shows how easy certain vulnerabilities can be in high demand by attackers when tools to exploit are generally available.


The case of the CVE-2023-27997 vulnerability that occurred with respect to the Secure Sockets Layer in Fortinet's FortiOS was another type that had a different timeline when it came to the attack. Even though media alert was very much all over when the vulnerability was first brought to the limelight, it took them about two or three months before executing the attack. This may probably be because of the difficulty with which the exploit needs to be carried out since there will be the use of intricate techniques to achieve it. On the other hand, the exploit for the WooCommerce plugin was quite easier where it only required the presence of an HTTP header.

Complexity of Patching Systems

While patching in due time is very essential, this is not that easy especially when updating such patches across massive systems. The CEO at Quarkslab says that Fred Raynal stated that patching two or three devices is feasible; however, patching thousands of them requires much coordination and lots of resources. Secondly, the complexity of patching in devices like a mobile phone is immense due to multiple layers which are required for updates to finally reach a user.

Some critical systems, like energy platforms or healthcare devices, have patching issues more difficult than others. System reliability and uninterrupted operation in such systems may be placed above the security updates. According to Raynal, companies in some instances even ban patching because of the risks of operational disruptions, leaving some of the devices with known vulnerabilities unpatched.

The Urgency of Timely Patching

Says Mandiant, it is such an attack timeline that organisations face the threat of attackers exploiting vulnerabilities faster than ever before. This is the report's finding while stating that it requires more than timely patching to stay ahead of attackers to secure the increasingly complex and multi-layered systems that make up more and more of the world's digital infrastructure.


Read more »
United States
Data Breach MC2 data National Public Data Sensitive data United States

Massive Data Breach Exposes Personal Info of Millions of Americans

 



One-third of all the Americans' information has been leaked by a background check company in the United States due to a disturbing data breach report. MC2 Data, which is one of the largest providers of background checks in the US, has left an enormous database unchecked online, putting millions of people's sensitive information at risk.

According to a Cybernews report from 23 September, this was first found out when MC2 Data left 2.2 TB of personal data open for anyone on the internet. This translates to over 106 million records about individual entities, which it claims may have affected the privacy of more than 100 million individuals. More than 2.3 million users' record details are also compromised; they had also asked for background checks, and their details were now open to the public.


Potential Effects of the Leaks

Comments by Aras Nazarovas, Cybernews security researcher: "These leaks are quite concerning, thinking of all the possible aftermaths which will not only result in extra problems always connected with identity theft, but may also involve numerous communities and organisations in battles-the cybercrime attackers commonly draw on background checks for such detailed personal information to prepare for attacks on individuals or groups.".

Background check services, intended to enhance security, have themselves not gone scot-free from cyber attacks and threats. The magnitude of the leakage can form a treasure trove of malicious users who can now access sensitive information more easily while still incurring less risk in perpetuating cyber attacks. Such leakage may underlie long-term trends in which personal data will be insecure in a society that increasingly digitalizes.


A Persisting Industry Problem

To the dismay of privacy advocates, this is not the first major breach involving a background check company. In August 2024, National Public Data, another giant in the background check sector, disclosed that it had suffered a breach exposing 2.7 billion public records. The compromised data included sensitive details such as names, social security numbers, email addresses, phone numbers, and birth dates.

It was reported that the leak at National Public Data started in December 2023, but the leaked data was published in April 2024. Cybersecurity specialists warn that such sensitive information being free for all to access increases the risk of more cyber attacks on people whose sensitive data have been leaked.

 

Consumer Watchdogs Raise the Alarm

In light of such repeated breaches, the consumer watchdog director for the U.S. Public Interest Research Group, Teresa Murray, said that this is indeed an extremely serious issue. Talking to ASIS International, Murray pointed out that due to its scale, what happened in the National Public Data breach makes it even more frightening compared to similar breaches. She said that people should view this as a "five-alarm wake-up call" to start taking their data security seriously.

Both those breaches are harsh reminders about the vulnerabilities that exist in the background check industry and the necessity of further security measures. Individuals are encouraged to monitor their personal information on a regular basis and take proactive steps about protecting them from identity theft and other forms of cybercrime.


What Needs to Be Done

Amid this swelling tide of data breaches, companies involved in handling sensitive information - such as firms conducting background checks - must be more attentive to their cybersecurity. Better data protection practices and more robust encryption and authentication systems can minimise this risk very well. In addition, individuals need to be vigilant as well. They must monitor each suspicious activity related to their personal information at regular intervals.

These breaches underscore the need for better regulations and also more oversight of operations that house large amounts of personal data. Unless further security is achieved, millions of Americans will remain vulnerable to danger from poor data protection.

Most recently, information fraud related to MC2 Data and National Public Data placed the identities of millions of Americans at risk of identity theft and other cybercrimes. Therefore, such cases occur frequently, and it is time for the business world and consumers to take data security seriously to prevent sensitive information from falling into the wrong hands.


Read more »
Spoofing
Cyber Attacks Ransomware Sensitive data SMBs Spoofing

Why SMBs Have Become Easy Prey for Cyber Criminals

 



The global phenomenon of cybercrime is emerging. And the soft targets in this regard are the small and medium-sized business enterprises. Day after day, while a few cyberattacks on big corporations capture the headlines in the news, many SMBs experience similar attacks, but these never gain much attention. However, the damage inflicted on them can be just as debilitating as those affecting the large corporations.

Actually, SMBs are so vulnerable to cyber attacks for several reasons. For instance, most SMBs cannot afford to pay for professional and effective cybersecurity solutions. As compared to large businesses that budget millions of money for cybersecurity, SMBs only spend a small amount on the protection systems hence becoming easy targets. Small businesses usually have just a few IT staff who are not as skilled in dealing with the sophisticated nature of contemporary cybersecurity threats.

Another reason is that most SMB owners do not treat cybersecurity issues seriously enough. Cybersecurity is rarely on their priority list, and owners give more attention to ready operational issues rather than long-term digital security. In this area of complacency, the wide open window to many cyber threats, including phishing attacks, malware, and ransomware attacks, counts in favour of SMBs.


Cyber Threats Amongst SMBs

Among other problems facing SMBs is ransomware. Attackers of ransomware attack by locking or exfiltrating the company's valuable data. They then send messages demanding payment for the access to the data again. In the absence of proper data backup, an SMB will be caught between a rock and a hard place-to pay the ransom or to lose all the data.

Besides the ransomware, phishing attacks targeting SMBs involve hackers impersonating legit sources for extracting sensitive information. Malware and spoofing attacks may alter or camouflage digital communications to deceive the users.

In addition, cybercriminals often use SMBs as stepping stones to access larger businesses that they associate themselves with. Therefore, hackers can leverage any security loopholes in an SMB to their bad books by using such information to act against larger attacks.


Why Cybercriminals Prefer Targeting SMBs

Cybercriminals focus on SMBs as these are comparatively softer targets. Small organisations are unlikely to be as advanced in cybersecurity matters as big ones. Although they are applying widely used tools like Microsoft Excel, Outlook or cloud services, SMBs often fail to secure those platforms properly.

Furthermore, cyber attackers know that vulnerabilities in SMB systems may eventually find a way into more harmful attacks. For example, if the attackers succeed in stealing all the client or customer data in SMBs, they can use the same stolen information at later dates to link it with other available stolen information in conducting even more devastating cyberattacks.


How Small and Medium Businesses Can Avoid Cyberattacks

Small and medium-sized organisations will need to be proactive in preventing cyberattacks. Although investment in cybersecurity software is important, it is more than this. A good starting point would be implementing some easy security protocols, such as email authentication and spam filters, but training employees on the warning signs and what to do can make all the difference.

For example, one important step that an SMB must take is the development of a cybersecurity plan. The plan should detail the procedures for maintaining access and properly handling sensitive data, including permission management and regularly backing up important files. The IT departments of the SMBs need to be very vigilant with the monitoring of access to cloud-based and locally stored data, protecting it from unauthorised access.

Since SMBs can no longer claim to be immune from cyber threats, in the digital world of today, the SMBs must crack down and invest in measures aimed at protecting their businesses against cyber threats. Make haste to ensure that appropriate security measures are put in place and guard themselves against potentially costly cyberattacks that could jeopardise their operations and reputation otherwise.


Read more »
Subscribe to: Posts (Atom)