Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label data stealing. Show all posts

Massive Data Breach Exposes Personal Information of 2.9 Billion People Worldwide

 

No matter how cautious you are online, your personal data can still be vulnerable, as demonstrated by a recent data breach that exposed the information of 2.9 billion people. This alarming incident was brought to light as part of a class action lawsuit filed earlier this month. The lawsuit, submitted to the U.S. District Court for the Southern District of Florida, claims that the personal data, including full names, addresses, and Social Security Numbers, was compromised by a public records data provider named National Public Data, a company specializing in background checks and fraud prevention.  

The stolen data, which includes detailed personal information dating back 30 years, was taken by a cybercriminal group known as USDoD. According to the complaint, these hackers attempted to sell the vast collection of data on the dark web for $3.5 million. Given the enormous number of people affected, it is likely that the data includes individuals not only from the U.S. but from other countries as well. National Public Data allegedly obtained this massive amount of personal information through a process known as scraping, a technique used to collect data from websites and other online sources. The troubling aspect of this case is that the company reportedly scraped personally identifiable information (PII) from non-public sources, meaning many of the individuals affected did not voluntarily provide their data to the company. 

One of the plaintiffs, a California resident, became aware of the breach after receiving a notification from an identity theft protection service that his information had been leaked on the dark web. As part of the lawsuit, this plaintiff is seeking a court order for National Public Data to securely dispose of all the personal information it acquired through scraping. Additionally, the plaintiff is asking for financial compensation for himself and other victims, along with the implementation of stricter security measures by the company. In the wake of such a breach, the exposed data could be used by hackers to commit various forms of identity theft and fraud. While National Public Data has yet to issue a formal statement, it is likely that the company will be required to notify affected individuals of the breach. These notifications are expected to arrive by mail, so it is important to monitor your mailbox closely. 

Typically, companies responsible for data breaches offer affected individuals free identity theft protection or credit monitoring for a period of time. Until such services are offered, it is crucial to be vigilant in checking your emails and messages, as hackers may use the stolen data to conduct phishing attacks. Additionally, carefully monitoring your bank and financial accounts for any signs of unauthorized activity is recommended. 

This breach, which is nearly as significant as the 2013 Yahoo! breach that exposed the data of 3 billion people, is likely to have far-reaching consequences. Tom’s Guide has reached out to National Public Data for further information and will provide updates as the situation develops.

Data-Stealing Malware Infections Surge by 600% in Three Years, Kaspersky Reports

 

The digital landscape has become increasingly treacherous, with a startling surge in data-stealing malware compromising millions of devices worldwide. According to cybersecurity firm Kaspersky, the number of devices infected with data-stealing malware has skyrocketed by over 600% in the past three years alone. This alarming trend underscores the urgent need for heightened vigilance and robust cybersecurity measures to safeguard personal and corporate data in an era plagued by relentless cyber threats. 

Kaspersky's Digital Footprint Intelligence data paints a grim picture, revealing that the number of compromised devices reached a staggering 10 million in 2023, marking a 643% increase since 2020. The threat posed by data-stealers has escalated exponentially, posing a significant risk to both consumers and businesses alike. What's particularly concerning is the sheer volume of log-in credentials pilfered by cybercriminals from infected devices. 

On average, each compromised device surrenders a staggering 50.9 log-in credentials, encompassing a wide array of sensitive accounts ranging from social media and online banking services to cryptocurrency wallets and email accounts. This abundance of stolen credentials fuels the illicit underground economy, where cybercriminals peddle stolen data for profit. The actual scope of the problem may be even more extensive than reported, as Kaspersky's data draws insights from infostealer malware log files traded on underground markets. 

The clandestine nature of these transactions makes it challenging to quantify the full extent of the threat landscape accurately. According to Sergey Shcherbel, a cybersecurity expert at Kaspersky Digital Footprint Intelligence, the dark-web value of log files containing login credentials varies depending on their appeal and the method of sale. These credentials may be sold through subscription services, aggregators catering to specific requests, or exclusive shops offering freshly acquired login credentials to select buyers. 

Prices typically start at $10 per log file, highlighting the lucrative nature of stolen data in the cyber underground. The impact of data-stealing malware extends beyond individual devices, with a staggering 443,000 websites worldwide falling victim to compromised credentials in the past five years alone. In the .in domain associated with India, compromised accounts surged to over 8 million in 2023, underscoring the global reach and pervasive nature of the threat. 

As the threat landscape continues to evolve, organizations and individuals must prioritize cybersecurity as a fundamental aspect of their digital hygiene practices. Proactive measures such as robust antivirus software, regular software updates, and user education can help mitigate the risk of data breaches and protect sensitive information from falling into the wrong hands. 

The exponential rise in data-stealing malware serves as a stark wake-up call for individuals and organizations worldwide. By staying vigilant, informed, and proactive in combating cyber threats, we can collectively fortify our defenses and safeguard against the perils of the digital age.

Robo-Calls and Texts Are Stealing Money Every Day, What You Should Do?

 

The Future of Jobs Report 2020 from the World Economic Forum highlights a growing trend among businesses. Organizations are accelerating their adoption of AI and automation in the wake of the pandemic. Alongside this progress, there is a concurrent rise in cybersecurity challenges and advancements occurring on a daily basis. 

While the notion of AI domination has been a recurring theme in countless narratives, my apprehensions lie more with the impact of simpler, less advanced technologies, rather than highly sophisticated generative artificial intelligence. Every day, unsuspecting individuals fall victim to robocalls and text scams, losing hard-earned money. 

According to Robokiller, this year alone, Americans have suffered losses of $14 billion from robotexts and $34 billion from robocalls. The report warns that scammers are relentlessly honing their tactics to pilfer money. Their projection suggests that by year-end, the total losses to phone scams could escalate to a staggering $90 billion for Americans. 

What are Robocalls? 

Robocalls refer to automated phone calls made by a computerized system, typically using a pre-recorded message. These calls are often sent out in large volumes to reach a wide audience. They can be used for various purposes, including telemarketing, political campaigning, and scamming. 

Robocalls can be intrusive and annoying for recipients, especially when they are unsolicited or used for fraudulent activities. Many countries have implemented regulations and measures to combat unwanted robocalls and protect consumers from scams. 

According to Robokiller's estimates, an astounding 78 billion robotexts and 31 billion robocalls inundated phone lines between January and June. This marks an 18% surge compared to the corresponding period last year. 

Identifying a scam robocall or text can be tricky. Protecting oneself from robocalls involves a combination of awareness and proactive measures. 

Here are steps that individuals can take to identify and protect themselves from robocalls: 

1. Screening Calls: Give priority to known contacts and let unfamiliar numbers go to voicemail. Legitimate callers will often leave a message. 

2. Policy of Non-Engagement: Steer clear of interactions with suspicious calls. Refrain from pressing any buttons or engaging with automated systems, as this could validate the activity of your number. 

3. Make Use of Call-Blocking Features: Most modern smartphones come equipped with call-blocking capabilities designed to sift through potential spam calls. Ensure you activate this feature and routinely refresh your block list. 

4. Install Robocall-Blocking Applications: Explore trusted apps such as Robokiller, Nomorobo, or Hiya. These applications leverage sophisticated algorithms to detect and screen out robocalls effectively. 

5. Stay Informed: Stay in the loop with the latest news and updates regarding emerging robocall scams. Familiarity with their common tactics equips you to recognize and steer clear of potential threats. 

6. Verify Caller Identity: If you receive a call from an organization or government agency that raises suspicion, disconnect the call and independently confirm their contact information through official and reliable channels. 

By implementing these steps, individuals can significantly reduce their exposure to robocalls and safeguard themselves from potential scams.

CVE-2021-26084: Critical Atlassian Confluence Flaw Exploited in the Wild

Atlassian has confirmed that malicious actors are actively exploiting a new Atlassian Confluence zero-day vulnerability tracked as CVE-2022-26134, designed to install web shells with no fix available at this time. 

Atlassian released a security advisory in which it has stated that CVE-2022-26134 is a critical unauthenticated, remote code execution vulnerability that is compromising Confluence Server (7.18.0 ) and Data Center(7.4.0). 

It said that all versions of Atlassian's corporate Wiki system, Confluence are hit by a serious bug under active exploitation. Experts indicate a possibility of Chinese threat actors being behind the attack. 

“Atlassian has been made aware of current active exploitation of a critical severity unauthenticated remote code execution vulnerability in Confluence Data Center and Server. Further details about the vulnerability are being withheld until a fix is available.” reads the advisory published by the company. 

As of now, there are no patches available for this vulnerability, thus Atlassian suggested its customers make their servers inaccessible by following these steps  restricting Confluence Server and Data Center instances from the internet and Disabling Confluence Server and Data Center instances.

The attack was reported by security firm Volexity, the company announced the availability of the security fixes for supported versions of Confluence within 24 hours (estimated time, by EOD June 3 PDT). It has been further noted that organizations that are using Atlassian Cloud (accessible via atlassian.net) are safe from this vulnerability. 

“After successfully exploiting the Confluence Server systems, the attacker immediately deployed an in-memory copy of the BEHINDER implant. This is an ever-popular web server implant with source code available on GitHub. BEHINDER provides very powerful capabilities to attackers, including memory-only webshells and built-in support for interaction with Meterpreter and Cobalt Strike…” reads the analysis published by Volexity.

“… As previously noted, this method of deployment has significant advantages by not writing files to disk. At the same time, it does not allow persistence, which means a reboot or service restart will wipe it out. Once BEHINDER was deployed, the attacker used the in-memory webshell to deploy two additional webshells to disk: CHINA CHOPPER and a custom file upload shell.”