Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label User Credentials. Show all posts
Usernames exposed
DarkBeam DarkBeam Data Breach Data Breach User Credentials Usernames exposed

Darkbeam Data Breach: Billions of Usernames and Credentials Exposed Online


In a massive security breach, digital risk protection company ‘DarkBeam’ has lost billions of its users’ usernames and passwords that are now at high risk of getting leaked online. 

Apparently, the breach was first discovered on September 18 by Bob Diachenko, CEO of security company Security Discovery.

While the database is adequately secured now, at the time of the attack, over 3.8 billion user data was left unattended online making it accessible to anyone.

It is important to note that each one of the stolen passwords and email addresses in this database actually came from earlier data breaches. Although this is likely that this leak also impacts non-customers, it appears that DarkBeam has been gathering this data to notify its customers about potential data breaches.

These kinds of releases are frequently the result of hacking, as has earlier been observed with the most recent TMX Finance data breach. 

However, this does not appear to be the case this time. As Diachenko notes, human mistakes can lead to data leaks like this one, such as when a worker forgets to password-protect a sizable database containing critical information.

Even if a user has not heard of DarkBeam before, it is very possible that his login credentials are not exposed, since this leak includes usernames and passwords from both reported and unreported data breaches.

To address the matter, DarkBeam spokesperson released a statement, saying: 

"A third-party researcher notified us of a single unprotected instance containing a compilation of publicly available data collected by a DarkBeam researcher in 2020. We immediately closed access to this instance which contained research on previously discovered cyber breaches occurring between 2018 and 2019 and was created for the purpose of developing DarkBeam’s compromised accounts identification tool prior to the launch of our platform. No DarkBeam client information or data related to our systems was exposed and there is no evidence of unauthorized access except on September 19th by the researcher.”

How to Check if a User’s Credentials Are Exposed 

In cases, such as this one, where a news break of a data leak, it is a good idea for users to check if their own credentials were lost. 

There are various ways to do this, such as using Troy Hunt's well-known HaveIBeenPwned or Mozilla's Firefox Monitor. 

Tools mentioned above can easily let a user know if their credentials have been compromised. This way, one can manually alter their credentials to evade risk. One can also utilize some of the best-known password managers in case they believe that the aforementioned methods are time-taking. Password managers will change a user’s password automatically, thus saving their effort.  

Read more »
Zero Trust Authentication
Business Security Cyber Security Online Security User Credentials User Privacy Zero Trust Authentication

Beyond Identity Officially Announces the Release of ‘Zero Trust Authentication'

 

Beyond Identity's launch of Zero Trust Authentication is a game-changer in the field of cybersecurity. The sub-category of zero-trust security is a step forward in aligning verification with zero-trust principles. The passwordless capability and phishing resistance features of Zero Trust Authentication enable businesses to verify the identities of people and devices with zero-trust-level certainty. This is crucial because, without such enhanced verification capacities, organizations cannot truly implement zero trust security. 

Organizations supporting Zero Trust Authentication, which was created to address the drawbacks of conventional authentication techniques, include Palo Alto Networks, CrowdStrike, Optiv, Ping Identity, the Cloud Security Alliance, and the FIDO (Fast Identification Online) Alliance. While its category-defining book, Zero Trust Authentication, describes the precise capabilities, requirements, policies, and best practises, Beyond Identity said it will provide practical Zero Trust Authentication advice to clients and channel partners through international and local events throughout 2023. 

One of the trickier problems that CISOs still have to deal with is authentication, as interoperability, usability, technical constraints, and vulnerabilities frequently make it difficult to identify and authorise individuals and devices effectively.

Zero Trust Authentication's seven prerequisites 

In order to distinguish Zero Trust Authentication from conventional authentication, Beyond Identity outlines seven requirements.

Passwordless: No passwords or other shared secrets that can be easily gained from users, recorded on networks, or hacked from databases are used. 

Phishing resistance: No chance of obtaining codes, magic links, or other authentication elements via phishing, adversary-in-the-middle, or other assaults. 

Capable of verifying user devices: Capable of ensuring that requesting devices are bound to a user and have access to information assets and applications. 

Capable of assessing device security posture: Able to identify whether devices adhere to security policies by ensuring that necessary security settings are enabled and security software is operating. 

Capable of assessing a wide range of risk signals: Competent of ingesting and analysing data from endpoints as well as security and IT management tools, allowing policy engines to assess risks based on parameters such as user behaviour, device security posture, and detection and response tool status. 

Ongoing risk assessment: The ability to analyse risk throughout a session rather than depending on one-time authentication. Integrating with security infrastructure: Connecting with a range of security infrastructure technologies to increase risk detection, faster reaction to suspicious behaviour, and improve audit and compliance reporting. 

Modern authentication techniques are ineffective

Existing identification approaches are failing miserably, says Jasson Casey, CTO at Beyond Identity, to CSO. The conventional method of security was creating a perimeter around the network and placing your trust in the users and equipment inside of it. This strategy, though, is no longer adequate. The perimeter-based paradigm failed since there are many cloud-based resources and users can work or access resources from anywhere. 

A network-based perimeter and implicit trust are absent from a zero-trust strategy, Casey continues. Casey contends that as every person and device must instead demonstrate their reliability, zero-trust authentication is a crucial component of any comprehensive zero-trust strategy. 

Simply put, efforts to prevent adversaries from penetrating systems, gaining access to accounts, or delivering ransomware won't be successful if an organisation executes the majority of zero-trust features flawlessly while continuing to rely on ineffective authentication techniques. 

By eschewing passwords and outdated multifactor authentication (MFA) and adopting the tenet of "never trusting and always confirming," Casey claims that adopting zero-trust authentication enables enterprises to put contemporary, effective security techniques into practice. 

“The approach enables several benefits for organizations including a higher level of security by reducing the attack surface and making it more difficult for attackers to move within the network. In addition, it enables more flexible working arrangements as employees can work remotely while maintaining high security. Lastly, it helps organizations to remain compliant with constantly updating regulations by providing a secure, auditable security framework,” Casey concluded.
Read more »
User Security
Android Trojans Mobile Security User Credentials User Priavcy User Security

Android Trojan Spotted in Multiple Applications on Google Play Harvesting User Credentials

 

Cybersecurity researchers at Dr. Web monitoring the mobile app ecosystem have spotted a major tip in trojan infiltration on the Google Play Store, with one of the applications having over 500,000 installations and available to download. 

The majority of these applications belong to a family of trojan malware used in a variety of scams, resulting in money losses as well as the theft of sensitive private details. Additionally, a new Android trojan called ‘Android.Spy.4498’ designed as a WhatsApp mod has been discovered in the wild. The trojan is spreading via malicious websites promoted by social media posts, forums, and SEO poisoning.

According to Dr. Web's report published in January 2022, the ‘Android.Spy.4498’ was identified in some of the unofficial WhatsApp applications (mods) named GBWhatsApp, OBWhatsApp, or WhatsApp Plus. These mods provide Arabic language support, home screen widgets, separate bottom bar, hide status options, call blocking, and the ability to auto-save received media. These mods are popular in the online communities because they offer additional features not available in the vanilla WhatsApp.

The Trojan is also capable of downloading apps and offering users to install them in order to display dialog boxes with the content it receives from malicious actors. During the attack, Android.Spy.4498 requests access to manage notifications and read their content. 

Additionally, the threats identified on the Play Store include cryptocurrency management applications, social benefit aid tools, Gasprom investment clones, photo editors, and a launcher themed after iOS 15. The majority of fake investment apps trick the victims to design a new account and deposit money supposedly for trading, which is simply transferred to the fraudster’s bank account. Other apps attempt to trick the user into signing up for expensive subscriptions. 

The user reviews under the app describe tactics that resemble subscription scams, charging $2 per week for verification or ad removals, yet offering nothing in return. As the report details, apps discovered by security analysts will load affiliate service sites and enable paid subscriptions through the Wap Click technology after tricking the user into entering their phone number.  

To mitigate the risks, researchers advised installing the apps from trustworthy sources, checking user reviews, scrutinizing permission requests upon installation, and monitoring battery and internet data consumption afterward. Also, to monitor the status of Google Play Protect regularly and add a second layer of protection by using a mobile security tool from a reputable vendor.
Read more »
User Credentials
Banking scam Cyber Crime Hackers SMS User Credentials

The Zelle Scam Aims to Steal Your Bank Credentials

 

One of the most prevalent methods for hackers to gain access to bank accounts is to drain the victim's assets via Zelle, a "peer-to-peer" (P2P) payment service utilised by many banking institutions that allows users to send money to friends and family instantly. Naturally, many of the phishing scams that lead up to these bank account takeovers start with a counterfeit SMS from the target's bank alerting them to a suspected Zelle transfer. 

According to the text, someone attempted to withdraw a substantial sum of money from their bank account and deposit it into their Zelle account. The notification asks for a response of "Yes," "No," or "1" to decline. Regardless of which option is selected, the recipients are instantly contacted by a person posing as a bank official. Incoming phone numbers are frequently faked to make it appear as if they are from the person's bank. 

The scammer asks for the customer's online banking username and then instructs them to recite back a passcode given through text or email to "verify their identity." In actuality, the fraudster begins a transaction — such as the "forgot password" option on the financial institution's website — that creates the member's authentication passcode. 

Ken Otsuka is a senior risk consultant of CUNA Mutual Group, an insurance company that offers credit unions financial services. Otsuka said a phone fraudster typically will say something like, “Before I get into the details, I need to verify that I’m speaking to the right person. What’s your username?” 

“In the background, they’re using the username with the forgot password feature, and that’s going to generate one of these two-factor authentication passcodes,” Otsuka said. “Then the fraudster will say, ‘I’m going to send you the password and you’re going to read it back to me over the phone.’” 

Once the scammer obtains control of the bank account, they will make different deposits to other accounts before draining the customer's funds. When a victim understands what has happened, they typically contact their bank right away. Unfortunately, most consumers who fall victim to this type of direct contact phishing fraud rapidly discover that many banks are unable to help them recover their stolen funds in any way. The banks argue that the transaction was initiated by the customer and thus does not fall under Regulation E's "unauthorised transaction" protection.
Read more »
User Security
Data Breach Data Leak data security Privacy User Credentials User Data User Privacy User Security

7M Robinhood Customers Email Addresses for Sale on Hacker Forum

 

A prominent hacker forum and the marketplace is selling the data of about 7 million Robinhood customers who were compromised in a recent data breach. 

Last week,  Stock Trading Company Robinhood announced a data breach when one of its workers was hacked, and the threat actor utilised their account to get access to the personal information of around 7 million consumers via customer care services. The following personal information about Robinhood users was taken during the attack: 
  • TikTok phishing threatens to delete influencers’ accounts 
  • Email addresses for 5 million customers. 
  • Full names for 2 million other customers. 
  • Name, date of birth, and zip code for 300 people. 
  • More extensive account information for ten people. 
In addition to acquiring the information, Robinhood stated that the intruder tried to extort money from the firm in order to keep the information from being disclosed. Stolen email addresses, especially those for financial services, are in high demand among threat actors because they may be used in targeted phishing attempts to gain additional sensitive information. 

Two days after Robinhood disclosed the breach on a hacker forum, A threat actor known as 'pompompurin' revealed that they were selling the data. pompompurin stated in a forum post that he was selling 7 million Robinhood clients' stolen information for at least five figures, or $10,000 or more. 

The sold data includes 5 million email addresses, as well as 2 million email addresses and complete names for another tranche of Robinhood users. However, pompompurin stated that they will not sell the data of 310 clients who had more sensitive information compromised, including some users' identity cards. The threat actor claims that they downloaded the ID cards through SendSafely, a secure file transfer service utilised by the trading platform while conducting Know Your Customer (KYC) procedures. Robinhood did not initially reveal the theft of ID cards. 

Robinhood told BleepingComputer, "As we disclosed on November 8, we experienced a data security incident and a subset of approximately 10 customers had more extensive personal information and account details revealed. These more extensive account details included identification images for some of those 10 people. Like other financial services companies, we collect and retain identification images for some customers as part of our regulatory-required Know Your Customer checks." 

The attacker gained access to the Robinhood customer service systems, according to BleepingComputer, by defrauding a worker into installing remote access software on their desktop. When the hacker has it installed, he or she can do the following: 
  • keep an eye on the victim's activities, 
  • capturing screenshots 
  • access the computer remotely, 
  • utilise the employee's stored login credentials to access internal Robinhood systems 
"I was able to see all account information on people. I saw a few people while the support agent did work," pompompurin told BleepingComputer. 

pompompurin posted images of the fraudsters obtaining access to internal Robinhood systems to prove that they carried out the attack. When approached by BleepingComputer, Robinhood did not explicitly confirm that the screenshots were obtained from their systems.
Read more »
User Credentials
Bitcoin Scam Crypto Wallets Cryptocurrency Frauds Cyber Fraud Google Ads Scam User Credentials

Fraudsters Used Google Ads to Steal Around $500k Worth of Cryptocurrency

 

Crypto-criminals are using Google Ads to target victims with fraudulent wallets that steal credentials and empty accounts. So far, the cyber-thieves appear to have stolen more than $500,000 and counting. 

As per a recent Check Point Research analysis, the ads appear to connect to popular crypto-wallets Phantom and MetaMask for download. Based on the research, attackers began their hunt for potential victims by utilizing Google Ads and clicking on the fraudulent Google Ad leads to a malicious site that has been falsified to seem like the Phantom (or sometimes MetaMask) wallet site. 

The researchers stated, “Over the past weekend, Check Point Research encountered hundreds of incidents in which crypto-investors lost their money while trying to download and install well-known crypto wallets or change their currencies on crypto-swap platforms like PancakeSwap or Uniswap.” 

After that, the target is prompted to create a new account with a "Secret Recovery Phrase." They must also construct a password for the alleged account (which is harvested by the attackers). As per Check Point, users are subsequently given a keyboard shortcut to open the wallet and then directed to the legitimate Phantom site. The legitimate site offers users the Phantom wallet Google Chrome extension. Crypto-criminals have also targeted MetaMask wallets by purchasing Google Ads that drove users to a fake MetaMask site. 

The analysts further stated, “In a matter of days, we witnessed the theft of hundreds of thousands of dollars worth of crypto. We estimate that over $500k worth of crypto was stolen this past weekend alone. I believe we’re at the advent of a new cybercrime trend, where scammers will use Google Search as a primary attack vector to reach crypto wallets, instead of traditionally phishing through email.” 

“In our observation, each advertisement had careful messaging and keyword selection, in order to stand out in search results. The phishing websites where victims were directed to reflected meticulous copying and imitation of wallet brand messaging. And what’s most alarming is that multiple scammer groups are bidding for keywords on Google Ads, which is likely a signal of the success of these new phishing campaigns that are geared to heist crypto wallets. Unfortunately, I expect this to become a fast-growing trend in cybercrime. I strongly urge the crypto community to double-check the URLs they click on and avoid clicking on Google Ads related to crypto wallets at this time.” 

Check Point researchers recommended a few protective measures: 
  1. Verify the browser's URL: Only the extension should create the password, and always check the browser URL to see if it's an extension or a website. 
  2. Find the icon for the extension: The extension will have a chrome-extension URL and an extension icon near it. 
  3. Skip the ads. If users are looking for wallets, crypto trading, and swapping platforms in the crypto world, always look at the first website that comes up in the search rather than the ad, since they might lead to users being fooled by attackers. 
  4. Take a look at the URL: Last but not least, make sure the URLs are double-checked.
Read more »
User Credentials
Cyber Security Iranian hackers Phishing Attacks United States User Credentials

APT35 Continues Targeting Important US Citizens and Institutions

 

This year, the Google Threat Analysis Group (TAG) has noticed an increase in government-sponsored hacking. According to the data revealed in the blog post, Google has sent over 50,000 warnings of phishing and malware attempts to account holders thus far in 2021. The number of people has increased by 33% from the same period last year. 

APT35 operations dating back to 2014 have been found by FireEye. APT35, also known as the Newscaster Team, is an Iranian government-sponsored threat group that carries out long-term, resource-intensive operations to gather strategic intelligence. APT35 usually targets military, diplomatic, and government people in the United States and the Middle East, as well as organisations in the media, energy, and defense industrial base (DIB), as well as engineering, business services, and telecommunications. 

Since 2017, APT35 has been targeting politicians, NGOs, government institutions, journalists, and academia under the names Ajax Security Team, Charming Kitten, and Phosphorus. During the 2020 elections, the group also attempted to target former US President Donald Trump's election campaign staff. 

Charming Kitten made 2,700 attempts to gather information about targeted email accounts in a 30-day period between August and September 2019, according to Microsoft. There were 241 attacks and four compromised accounts as a result of this. Despite the fact that the initiative was allegedly directed at a presidential campaign in the United States, none of the stolen accounts had anything to do with the election. Microsoft did not say who was directly targeted, although Reuters later reported that it was Donald Trump's re-election campaign. The fact that only the Trump campaign utilized Microsoft Outlook as an email client backs up this claim.

 "For years, this group has hijacked accounts, deployed malware, and used novel techniques to conduct espionage aligned with the interests of the Iranian government," Google said. 

Phishing attacks including malicious URLs are the most popular approach employed by APT35. APT35, for example, infiltrated a website affiliated with a UK university in early 2021. The group then set up a phishing kit on the website in order to collect user credentials and began sending out emails with a link to the site. The users were instructed to log in using the link provided in order to participate in a fictitious webinar. 

APT35 also attempted to use the Google Play Store to distribute spyware disguised as a VPN client. If the app is installed on the phone, it can gather SMS and call records, as well as location data and contacts. The attempt was thwarted when Google removed the app from the Play Store.
Read more »
User Credentials
Coinbase Cyber Crime One Time Password Phishing Campaign User Credentials

Phishers Steal One-Time Passwords from Coinbase Users

 

Crooks are growing smarter about phishing one-time passwords (OTPs) needed to complete the login process, as seen by a recent phishing campaign targeting Coinbase customers. It also reveals that phishers are attempting to create millions of new Coinbase accounts in order to find email addresses that are already associated with current accounts. 

With over 68 million users from over 100 countries, Coinbase is the world's second-largest cryptocurrency exchange. Coinbase.com.password-reset[.]com was the now-defunct phishing domain, and it was aimed towards Italian Coinbase users (the site's default language was Italian). According to Alex Holden, founder of Milwaukee-based cybersecurity firm Hold Security, it was a success. Holden's team was able to go inside some of the phishing site's poorly concealed file directories, including the administrator page. Before the site was taken down, the phishing attacks collected at least 870 sets of credentials, according to that panel. 

According to Holden, the phishing gang appears to have identified Italian Coinbase customers by attempting to create new accounts using more than 2.5 million Italian email addresses. His team was also able to recover the username and password information that victims had supplied to the site, as well as nearly all of the email addresses that had been submitted ending in ".it." 

According to Holden's research, this phishing group attempted hundreds of thousands of half-hearted account signups per day. On Oct. 10, for example, the scammers ran over 216,000 email addresses through Coinbase's servers. They attempted to register 174,000 new Coinbase accounts the next day.

Coinbase revealed last month that malicious hackers stole cryptocurrency from 6,000 clients after exploiting a flaw in the company's SMS multi-factor authentication security tool. This phishing attempt is another example of how criminals are devising ever-more clever ways to get around popular multi-factor authentication alternatives like one-time passwords. 

In an emailed statement, Coinbase said, “Like all major online platforms, Coinbase sees attempted automated attacks performed on a regular basis. Coinbase is able to automatically neutralize the overwhelming majority of these attacks, using a mixture of in-house machine learning models and partnerships with industry-leading bot detection and abuse prevention vendors. We continuously tune these models to block new techniques as we discover them." 

Researchers say the simplest way to avoid phishing scams is to avoid clicking on links that appear unexpectedly in emails, text messages, or other forms of media. They also advised that you should never give out personal information in response to an unsolicited phone call.
Read more »
Subscribe to: Posts (Atom)