Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label sensitive credential. Show all posts

Hackers Leak 50 Million Records in 'Free Leaksmas' Spree

Just before Christmas, hackers leaked around 50 million records full of private information. They shared these leaks on the Dark Web under the name "Free Leaksmas." It seems like they were doing this to thank each other and attract new customers during the busy holiday season. 

According to cybersecurity company Resecurity, they noticed that right before Christmas Eve, various hackers released a lot of data all at once. Some of this data seemed to come from previous security breaches, but there were also new breaches involved. The information was either stolen or copied from people worldwide. 

“Numerous leaks disseminated in the underground cyber world were tagged with 'Free Leaksmas,' indicating that these significant leaks were shared freely among various cybercriminals as a form of mutual gratitude”, Resecurity wrote on its website. 

One of the largest data releases came from a hack at the Peruvian telecom company Movistar. In this data dump, there were about 22 million records with sensitive information like customer phone numbers and DNI numbers (which are the main IDs for people in Peru). 

Other big leaks around Leaksmas included one with 2.5 million records from a Vietnamese fashion store's customers and another with 1.5 million records from a French company's customers. 

“A significant event during the 'Leaksmas' in the Dark Web involved the release of a large dataset from Movistar, a leading telecommunications provider in Peru. This dataset contained over 22 million records, including customers' phone numbers and DNI (Documento Nacional de Identidad) numbers”, Resecurity added. 

Not all the shared data Resecurity noticed during the holidays were from recent hacks; some seemed to be from older incidents. For instance, there was info about customers from a Swedish fintech company, Klarna. The hackers might have gotten this data from a rumoured (though not officially confirmed) breach in 2022. 

Another example was a data dump with 2 million records from customers of a Mexican bank. Resecurity's analysis suggested it might have come from a breach in 2021 or 2022. Over the holidays, cybersecurity experts found groups like SeigedSec and "Five Families" sharing stolen data online. 

SeigedSec targeted critical infrastructure in Israel and claimed responsibility for a breach in the Idaho National Laboratory. "Five Families" stole records from a Chinese store due to labour issues. Some criminals selling credit card data offered discounts. Cybercriminals are keen on getting personal info and exploiting weaknesses in websites and software.

PDC Discovered a Phishing Campaign that Spoofs Power BI Emails to Harvest Microsoft Credentials

 

The Cofense Phishing Defense Center (PDC) has discovered a new phishing effort that impersonates Power BI emails in order to steal Microsoft credentials. Power BI is a business intelligence-focused interactive data visualisation programme developed by Microsoft. It's a component of the Microsoft Power Platform. 

Power BI is a set of software services, apps, and connectors that work together to transform disparate data sources into coherent, visually immersive, and interactive insights. Data can be read directly from a database, a webpage, or structured files like spreadsheets, CSV, XML, and JSON. Power BI offers cloud-based BI (business intelligence) services known as "Power BI Services," as well as a desktop interface known as "Power BI Desktop."

It provides data warehouse functionality such as data preparation, data discovery, and interactive dashboards. Microsoft added a new service called Power BI Embedded to its Azure cloud platform in March 2016. The ability to import custom visualisations is a key differentiator of the product. 

The email appears to be a genuine Microsoft notification. There are a couple of reasons how this happens. Threat actors have grown accustomed to using authentic Microsoft notifications into their phishing designs. Researchers also saw them use stolen credentials to generate a legitimate-looking notification from a legitimate Microsoft instance. They noticed that the threat actor in this email employed a common theme to entice the recipient to click on the links. 

After clicking the link in the email, the user is taken to a website that appears to be a legitimate Microsoft log-in page. The first sign that anything is wrong with the page, aside from the lack of conventional imagery, is that the URL does not look anything like what is specified in the email or linked with Microsoft services. 

Following the recipient's input of their credentials, the attack concludes with an error message indicating that there was a problem with the account verification. This is yet another Microsoft spoof used by the threat actor to divert the recipient's attention away from the fact that they were not routed to the Power BI report they anticipated to view. This makes the recipient less likely to suspect that they have just given away their credentials. 

"Cofense continues to observe credential phishing as a major threat to organizations. This is why it’s critical to condition users to identify and report suspicious messages to the security operations team. Attacks such as this one are effective at eluding common email security controls, and are – by design — overlooked by end users," the company said.

Fake Oximeter Apps For Smart Devices, Here’s How To Check If It’s Safe Or Not

 

In recent days the demand for oximeters has gone up owing to the deadly second wave of Covid-19 in India. Earlier today, cybersecurity intelligence has reported that many fake oximeter apps are available on the Play Store. 

The researchers’ group from Quick Heal Security Labs has discovered that the threat actors were exploiting the official apps with a trojan to get access to users’ banking credentials.

“Threat actors use reliable tools to deploy payload and third-party app stores for distribution of these fake apps,” the researchers said in a statement. 

These days Oximeter device has become very crucial to fight the Coronavirus as this device helps in monitoring blood oxygen levels in the human body. Meanwhile, various Oximeter apps are available on Android mobile devices that can help you in measuring your blood oxygen levels without any charge. 

However, these fake apps can cost you more than you can expect. According to the Quick Heal report, fake oximeter apps can exploit your online financial data for PhonePe, Google Pay, Paytm, etc. The Indian government has also warned against these apps. 

According to the findings, threat actors target those app stores where they can find both free and paid apps. They use several different tools such as GitHub or firebase to employ fake apps and various types of app markets like QooApp, Huawei, etc. 

How you can protect your financial data from fake oximeter apps? 

Here are some things to remember before downloading an oximeter app on your device: 

•  Don’t open links shared through messages or on social media platforms. 

• Check for grammar errors in the app descriptions as attackers usually use the wrong English.

•  Reviews and ratings can also be fake, focus more on reviews with low ratings. 

"Avoid approaching to third-party app stores for downloading apps or through links shared via SMSs, emails, and WhatsApp. These avenues don`t invest in security and hence make space for any type of app, including the infected ones,” researchers further added.