Tag: Hackers

Music Label Working With Famous musicians Facing Cyber Threat

April 25, 2024

Hip-hop music industry heavyweight Empire Distribution, an independent record label, is now open to hackers.

The Cybernews investigation team found on February 4th, 2024, that Empire Distribution, an independent American record label, had misconfigured its systems and exposed its data to hackers.

The San Francisco-based label was established in 2010 and features a wide range of musical genres, including hip-hop, R&B, reggaeton, and reggae. Prominent musicians including Kendrick Lamar, Tyga, Iggy Azalea, Busta Rhymes, 50 Cent, and Snoop Dogg have collaborated with the label.

A publicly accessible environment file holding sensitive credentials is the source of the issue. Important configuration settings are kept in a text file called an environment file (.env). These settings frequently contain API keys, database access information, and other variables necessary for the application to run correctly. For this reason, granting access to the file must be secure.

Malicious actors might have compromised sensitive data including client information, financial records, or intellectual property by using the label’s compromised credentials to gain illegal access to Empire Distribution’s vital systems.

After contacting the company, Cybernews was able to get access to the credentials.

Leaked data included:

  • JSON Web Token secret
  • Mailgun API and domain
  • SES key and secret
  • Multiple database credentials
  • Memcached server credentials

Hackers Steals Data From United Health Large Portion of America Compromised

April 23, 2024

 In a statement, UnitedHealth said that files hacked by cybercriminals contain protected health information (PHI) or personally identifiable information (PII).

Hackers gained access to a vast amount of private information from its IT division Change Healthcare, which may include a “substantial proportion of the American population.” The business has been removed from its victim’s page by a second ransomware outfit that was requesting money. A malevolent threat actor reportedly shared 22 screenshots from allegedly exfiltrated files—some of which contained PHI and PII—on the dark web for over a week. There hasn’t been any further PHI or PII published as of yet, according to the press release.

The business keeps an eye out for leaks on the dark web, but so far it hasn’t discovered any indications that information like medical records or doctor charts have been compromised.

United Health has set up a call center  offering free credit monitoring and identity theft protections for two years to anyone who believes they’re impacted.

One-Time
Monthly
Yearly

Make a one-time donation

Make a monthly donation

Make a yearly donation

Choose an amount

$5.00
$15.00
$100.00
$5.00
$15.00
$100.00
$5.00
$15.00
$100.00

Or enter a custom amount

$

Your contribution is appreciated.

Your contribution is appreciated.

Your contribution is appreciated.

DonateDonate monthlyDonate yearly

Dozens Sign Up To Never Pay Ransomware Hackers

November 2, 2023

Today, forty nations are anticipated to make a commitment to never again pay ransom demands to cybercriminals. The third annual International Counter-Ransomware Initiative (CRI) summit, which began earlier this week in Washington, D.C., is expected to be the setting for the signing.

Anne Neuberger, the Deputy National Security Adviser for Cyber and Emerging Technology in the Biden Administration, claims that the action is a direct reaction to the current surge in unprecedented ransomware activities.

“The problem of ransomware is one that has no boundaries. Additionally, Neuberger warned reporters on Monday that “the problem will continue to grow as long as money is flowing to ransomware criminals.”

Along with representatives from the European Union and Interpol, the Initiative will be attended by 48 national representatives. It was stated, meanwhile, that not all of them would be signing the pledge.

It is also anticipated that the partners will talk about ways to stop the money that the criminals use to fund their operations.

Amateur Teen Hackers Breaching The Big Conglomerates

August 10, 2023

A bunch of amateur hackers, many of them teenagers with little technical training, breaching large targets, including Microsoft, Okta, Nvidia, and Globant. The federal government is studying their methods to get a better grounding in cybersecurity.

The group, known as Lapsus$, is a loosely organized group that employs hacking techniques that, are unsophisticated, but highly effective. What the group lacks in software exploitation, it makes up for with persistence and creativity. One example is their technique for bypassing MFA (multi-factor authentication) at well-defended organizations.

Instead of compromising infrastructure used to make various MFA services work, as more advanced groups do, a Lapsus$ leader last year described his approach to defeating MFA this way: “Call the employee 100 times at 1 am while he is trying to sleep, and he will more than likely accept it. Once the employee accepts the initial call, you can access the MFA enrollment portal and enroll another device.”

On Thursday, the Homeland Security Department’s Cyber Safety Review Board released a report  that documented many of the most effective tactics in the Lapsus$ playbook and urged organizations to develop countermeasures to prevent them from succeeding.

Like a few other more technically advanced threat groups, Lapsus$ “showed adeptness in identifying weak points in the system and a special talent for social engineering, luring a target’s employees to essentially open the gates to the corporate network.”

Highlights of the group’s feats and unconventional practices are:

  • A phishing campaign that used MFA bombing and other unsophisticated techniques successfully breached San Francisco-based MFA provider Twilio and came close to breaching content delivery network Cloudflare were it not for the latter’s use of MFA that’s compliant with the FIDO2 industry standard.
  • The breach of Nvidia’s corporate network and purported theft of 1 terabyte of company data. In return for Lapsus$ not leaking the entire haul, the group demanded Nvidia allow its graphics cards to mine cryptocurrencies faster and to make its GPU drivers open source.
  • The posting of proprietary data from Microsoft and single-sign-on provider Okta, which Lapsus$ said it obtained after hacking into the two companies’ systems.
  • The network breach of IT services provider Globant and the posting of as much as 70 gigabytes of data belonging to the company.
  • The reportedly multiple breaches in March 2022 of T-Mobile. The hacks reportedly used a technique known as SIM swapping—in which threat actors trick or pay phone carrier personnel to transfer a target’s phone number to a new SIM card. When the group got locked out of one account, it performed a new SIM swap on a different T-Mobile employee.
  • Hacking into Brazil’s Ministry of Health and deleting more than 50 terabytes of data stored on the ministry’s servers.
  • The mostly successful targeting of many additional organizations, including, according to security firm Flashpoint, Vodafone Portugal, Impresa, Confina, Samsung, and Localiza.

Lapsus$ explained just how easy it was for its members (juveniles, in some instances) to infiltrate well-defended organizations. Lapsus$ seemed to work at various times for notoriety, financial gain, or amusement, and blended a variety of techniques, some more complex than others, with flashes of creativity.

Information retrieved From Ars Technica

Ransomware Has Been Listing Their Victims On The Dark Web

June 15, 2023

The Ransomware gang responsible for creating critical security vulnerability in a popular corporate file transfer tool, has begun listing victims of their intrusive hacks.

Since late May, the Ransomware gang has been exploiting the security flaw in MOVEit Transfer, a tool used by corporations and enterprises to share large files over the internet. The vulnerability was patched by Progress Software, which develops the MOVEit software, after the compromise.

Clop a dark web leak site posted the victim list on Wednesday. The victim list, which was posted to Clop’s dark web leak site, includes U.S.-based financial services organizations 1st Source and First National Bankers Bank; Boston-based investment management firm Putnam Investments; the Netherlands-based Landal Greenparks; and the U.K.-based energy giant Shell.

GreenShield Canada, a non-profit benefits carrier that provides health and dental benefits, was listed on the leak site but has since been removed.

Other victims listed include financial software provider Datasite; educational non-profit National Student Clearinghouse; student health insurance provider United Healthcare Student Resources; American manufacturer Leggett & Platt; Swiss insurance company ÖKK; and the University System of Georgia (USG).

Clop, which like other ransomware gangs contacts its victims and demands a ransom payment to decrypt or delete their stolen files. However, they posted a blackmail message posted on its dark web leak site told victims to contact the gang prior to its June 14 deadline.

No stolen data has been published at the time of writing, but Clop tells victims that it has downloaded “alot [sic] of your data.”

Various organizations have previously disclosed they were compromised as a result of the attacks, including the BBC, Aer Lingus and British Airways. These organizations were all affected because they rely on HR and payroll software supplier Zellis, which confirmed that its MOVEit system was compromised.

The Government of Nova Scotia, which uses MOVEit to share files across departments, also confirmed it was affected, and said in a statement that some citizens’ personal information may have been compromised.

While the full extent of the attacks remains unknown, new victims continue to come forward.

Johns Hopkins University also confirmed a cybersecurity incident believed to be related to the MOVEit mass-hack.

Clop was also responsible for previous mass-attacks exploiting flaws in Fortra’s GoAnywhere file transfer tool and Accellion’s file transfer application.

Companies Tricked Into Sharing Customers Information

April 26, 2022

 As a result of fraudulent legal requests, companies like Apple, Google, Meta and Twitter have been tricked into sharing sensitive personal customer information. We knew that was happening as recently as last month when Bloomberg published a report on hackers using fictitious emergency data requests to commit financial fraud. However, according to a newly published report from the outlet, some creep type individuals are also using the same tactics to target women and minors with the intent of extorting them into sharing sexually explicit images and videos of themselves.

It’s not certain on how many fake data requests the tech giants have fielded since they appear to come from legitimate law enforcement agencies. But what makes the requests particularly effective as an extortion tactic is that the victims have no way of protecting themselves other than by not using the services offered by those companies. Law enforcement officials and investigators Bloomberg spoke to told the publication they believe the use of the tactic has become “more prevalent” in recent months.

All the companies that commented on Bloomberg’s reporting, including Google and Snap, said they have policies and teams in place to verify the legitimacy of user data requests.

Part of what has allowed the fake requests to slip through is that they abuse how the industry typically handles emergency appeals. Among most tech companies, it’s standard practice to share a limited amount of information with law enforcement in response to “good faith” requests related to situations involving imminent danger.

The information shared in instances where it includes the name of the individual, their IP, email and physical address might not seem like much, but it’s usually enough for bad actors to harass, dox or SWAT their target. According to Bloomberg, there have been “severl instances” of police showing up at the homes and schools of underage women.

The issue of fake data requests is reportedly prompting companies to think of new ways to verify legitimate ones. It has also pushed US lawmakers to weigh in on the issue. Senator Ron Wyden of Oregon said last month that “No one wants tech companies to refuse legitimate emergency requests when someone’s safety is at stake,” said . “But the current system has clear weaknesses that need to be addressed.”

Warning! USBs Containing Ransomware

January 10, 2022

According to the FBI., a cybercrime group has been mailing out USB thumb drives hoping that recipients will plug them into their PCs and install ransomware on their networks,

The USB drives contain so-called ‘BadUSB’ attacks. They were sent in the mail through the United States Postal Service and United Parcel Service. One type contained a message impersonating the US Department of Health and Human Services and claimed to be a COVID-19 warning. Other malicious USBs were sent in the post with a gift card claiming to be from Amazon.

BadUSB allows an attacker to reprogram a USB drive to, for example, emulate a keyboard to create keystrokes and commands on a computer, install malware prior to the operating system booting, or to spoof a network card and redirect traffic. 

Hackers & A Backdoor

December 31, 2021

A backdoor is any method that allows — hackers, governments, IT people, etc. — to remotely access your device without your permission or knowledge.

Hackers can install a backdoor onto your device by using malware, by exploiting your software vulnerabilities, or even by directly installing a backdoor in your device’s hardware/firmware.

Once hackers log into your machine without your knowledge, they can use backdoors for a variety of reasons, such as:

  • Surveillance.
  • Data theft.
  • Cryptojacking.
  • Sabotage.
  • Malware attack.

What Is a Backdoor & How Does It Work?

What Is a Backdoor & How Does It Work?

In cybersecurity, a backdoor is anything that can allow an outside user into your device without your knowledge or permission. Backdoors can be installed in two different parts of your system:

  • Hardware/firmware. Physical alterations that provide remote access to your device.
  • Software. Malware files that hide their tracks so your operating system doesn’t know that another user is accessing your device.

A backdoor can be installed by software and hardware developers for remote tech support purposes, but in most cases, backdoors are installed either by cybercriminals or intrusive governments to help them gain access to a device, a network, or a software application.

Any malware that provides hackers access to your device can be considered a backdoor — this includes rootkits, trojans, spyware, cryptojackers, keyloggers, worms, and even ransomware.

How Do Backdoor Attacks Work?

In order for cybercriminals to successfully install a backdoor on your device, they first need to gain access to your device, either through physical access, a malware attack, or by exploiting a system vulnerability — here are some of the more common vulnerabilities that hackers target:

  • Open ports.
  • Weak passwords.
  • Out-of-date software.
  • Weak firewalls.

Once a malware file infects your device, or your device is physically compromised (stolen or broken into), or you become the target of an exploit attack, hackers can install a backdoor on your system.

Example:

  • Trojans. Trojans are malware files that pretend to be legitimate files to gain access to your device. Once you click on the “allow insert-program-here to make changes on your device?” button on your PC, the Trojan is then able to install itself on your device. Trojan backdoors can allow users to access your files and programs, or install more serious malware files on your device.
  • Rootkits. Rootkits are advanced malware threats that are able to camouflaged their activities from an operating system so that the operating system gives security privileges (root access) to the rootkit. Rootkits can allow a hacker to remotely access your device, alter your files, observe your activity, and sabotage your system. Rootkits can take the form of either software or even physically altered computer chips —
  • Hardware backdoors. Hardware backdoors are modified computer chips or other firmware/hardware that provide non-users access to a device. This can include phones, IoT devices like thermostats and home security systems, routers, and computers. Hardware backdoors can communicate user data, provide remote access, or be used for surveillance. Hardware backdoors can be shipped with products (either by a rogue manufacturer or for some benign purpose), but they can also be physically installed in the event that a device is stolen.
  • Cryptographic backdoors. Cryptographic backdoors are essentially a “master key” that can unlock every piece of encrypted data that uses a specific encryption protocol. Encryption standards like AES use end-to-end encryption so that only the parties that have exchanged a randomly generated cryptographic key are able to decrypt the information being shared. Backdoors are a way of breaking this secure conversation, manipulating the complex mathematics of a specific cryptographic protocol to give an outside user access to all of the encrypted data being shared between parties.

Examples of Backdoor Attacks

  • DoublePulsar cryptojacker. In 2017, security researchers discovered that the DoublePulsar backdoor malware (which was originally developed by the NSA, the US’s National Security Agency) was being used to monitor Windows PCs, installing a cryptojacker on computers with sufficient memory and CPU power. The cryptojacker stole processing power from infected computers to mine Bitcoin, secretly joining thousands of PCs into a massive crypto-mining botnet.
  • Dual_EC (NSA cryptographic backdoor). Dual_EC is a cryptographic protocol that uses a mathematical formula called the elliptic curve to generate complex random numbers necessary to encrypt user data. However, Dual_EC also has a backdoor, meaning it can be decrypted by high-level users with a secret key. The NSA pushed tons of large companies to adopt Dual_EC as their main cryptographic protocol, and in 2013 Edward Snowden leaked documents that proved that the NSA was in possession of the secret keys, essentially enabling them to decrypt and read any communications encrypted with Dual_EC. Companies like Blackberry, RSA, Cisco, and Microsoft all made use of Dual_EC in a variety of their products, which left millions of users open to surveillance by the NSA.
  • PoisonTap. PoisonTap is a backdoor malware that allows hackers to access almost any website that you’ve logged into (including sites that are secured with two-factor authentication). PoisonTap a pretty scary piece of malware, but fortunately, it can only be installed by directly plugging a Raspberry Pi computer into the victim’s USB port. PoisonTap was developed by hacker Samy Kamkar, and it hasn’t been deployed in a widespread attack.

Log4j flaw: Attackers Attempting To Exploit This Severe Vulnerability

December 13, 2021
Log4j software vulnerability: Major tech companies rush to ...

Log4j, which is used by millions of web servers and leaves them vulnerable to attack. Teams around the world are scrambling to patch affected systems before hackers can exploit them.  Log4j was first noticed in the video game Minecraft, but it quickly became apparent that its impact was far larger. The software is used in millions of web applications, including Apple’s iCloud. Attacks exploiting the bug, known as Log4Shell attacks, 

Cybersecurity researchers warn about attackers scanning for vulnerable systems to install malware, steal user credentials, and more.

Cyber attackers are making over a hundred attempts to exploit a critical security vulnerability in Java logging library Apache Log4j every minute, security researchers have warned.

The Log4j flaw (also now known as “Log4Shell”) is a zero-day vulnerability (CVE-2021-44228) that first discovered on December 9, with warnings that it can allow unauthenticated remote code execution and access to servers.

Log4j is used in many forms of enterprise and open-source software, including cloud platforms, web applications, and email services, meaning that there’s a wide range of software that could be at risk from attempts to exploit the vulnerability. Attackers are already attempting to scan the internet for vulnerable instances of Log4j, with cybersecurity researchers at Check Point warns that there are over 100 attempts to exploit the vulnerability every minute.

The director of the US Cybersecurity and Infrastructure Security Agency, Jen Easterly, says the security flaw poses a “severe risk” to the internet. “This vulnerability, which is being widely exploited by a growing set of threat actors, presents an urgent challenge to network defenders given its broad use”.

How Can They Steal Passwords

September 2, 2021

How hackers steal your passwords

  • #1 Credential stuffing. …
  • #2 Monitoring public Wi-Fi. …
  • #3 Keylogging. …
  • #4 Phishing emails. …
  • #5 Brute force attacks. …
  • #6 Unsecured sites. …
  • #7 Extortion or blackmail. …
  • #8 Local discovery.
Blog-Img-Security-Phishing_iStock-684872518

Passwords have become a daily part of everyone’s lives as much as mobile devices and technology have. People use passwords to gain access to company resources, manage their personal or financial accounts, and for entertainment and recreational purposes.

#1 Credential stuffing

In credential stuffing, cybercriminals use programs to bombard systems with multiple combinations of exposed usernames and passwords until they find a match. Once inside a system, cybercriminals are free to steal any information they want, including more passwords. And since many people use the same set of credentials for multiple accounts, hackers are free to infiltrate these accounts.

#2 Monitoring public Wi-Fi

Wi-Fi traffic monitoring is another method hackers use to steal passwords. With the help of a simple application, cybercriminals can monitor the traffic on public Wi-Fi networks. The app will send hackers a notification once a user inputs their credentials to access a specific site. The hackers can then intercept and steal this information, allowing them to commit fraud or selling the information on the dark web.

Stealing passwords is easier than most people think, and cybercriminals can employ various methods to do it.

#3 Keylogging

Keylogging is one of the oldest methods cybercriminals use to steal passwords and other valuable information. They use monitoring software called keyloggers, which are one of the many types of malicious programs internet users/web surfers can get from infected sites and phishing emails. Once a keylogger is installed, it covertly tracks and logs a person’s keyboard activity and sends it back to the cybercriminal who planted it.

#4 Phishing emails

Phishing is one of the most common types of cyberattack hackers use to steal passwords and other valuable information. It involves an email planted with a malicious link that takes users to a spoofed site and tricks them into giving out their private information. Phishing emails can also contain attachments that will infect computers with malware once clicked.

#5 Brute force attacks

A brute force attack is a tactic hackers use to gain unauthorized access to a network by guessing usernames and passwords. They can either do this manually or with the help of applications or automated programs called bots. This method is almost similar to credential stuffing, but the only difference is that credential stuffing relies on stolen credentials rather than guessing.

#6 Unsecured sites

People using unsecured sites open themselves up to a man-in-the-middle (MitM) attack. In a MitM attack, a hacker inserts themselves in a conversation between two parties, usually a user and an application. The hacker impersonates one of the parties to eavesdrop and steal the user’s personal information.

#7 Extortion or blackmail

Some hackers use straightforward blackmail and extortion techniques to steal passwords. They will use sensitive and often private information (e.g., videos and photos) to either embarrass or harm their victims if their demands are not met.

#8 Local discovery

Sometimes a user’s carelessness is enough for a hacker to steal that user’s password. Listing down passwords and leaving them in plain sight is an open invitation for hackers. Some cybercriminals will even go as far as to dumpster-dive to acquire usernames and passwords.

How to prevent hackers from stealing passwords

Businesses and individuals can keep their passwords from being stolen by:

  • Being wary of suspicious email – Phishing emails are the preferred method of most hackers to steal information. A suspicious email should be deleted or reported immediately.
  • Using antivirus software – Reliable antivirus software can filter websites and emails for malware such as keyloggers.
  • Staying away from public Wi-Fi – Public Wi-Fi is a treasure trove of information for cybercriminals and a big security risk. A better alternative is to use mobile data or a virtual private network.
  • Avoiding unsecured sites – When visiting any site that asks for personal information, make sure it’s secure. Check the URL of the site. It should start with an https (Hypertext Transfer Protocol Secure) prefix instead of just http. An https prefix means the site is using a secure socket layer connection to encrypt data before sending it over to a server. Another sign to look out for is a lock or shield icon on the address bar of the browser. The presence of either icon is a sign that a site is secure.
  • Using multifactor authentication (MFA) – MFA adds an extra layer of security to passwords by requiring the user to provide additional credentials such as a fingerprint, voice recognition, or retinal scan. So even if hackers use a stolen password, they would still need to provide the other credentials

Google’s Patch For Chrome

February 5, 2021



Google has released today version 88.0.4324.150 of the Chrome browser for Windows, Mac, and Linux.


The zero-day, which was assigned the identifier of CVE-2021-21148, was described as a “heap overflow” memory corruption bug in the V8 JavaScript engine.
Google said the bug was exploited in attacks in the wild before a security researcher named Mattias Buelens reported the issue to its engineers on January 24.
Two days after Buelens’ report, Google’s security team published a report about attacks carried out by North Korean hackers against the cyber-security community.
Some of these attacks consisted of luring security researchers to a blog where the attackers exploited browser zero-days to run malware on researchers’ systems.

In a report on January 28, Microsoft said that attackers most likely used a Chrome zero-day for their attacks. In a report published today, South Korean security firm said they discovered an Internet Explorer zero-day used for these attacks as well.


Regular users are advised to use Chrome’s built-in update feature to upgrade their browser to the latest version as soon as possible. This can be found via the Chrome menu, Help option, and About Google Chrome section
Before today’s patches, Google went through a spell last year where it patched five actively-exploited Chrome zero-days in a span of three weeks.

North Korean Hackers

August 27, 2020
Hacker using laptop
Image: Getty Images/iStockphoto

The BeagleBoyz have made off with nearly $2 billion since 2015, and they’re back to attacking financial institutions after a short lull in activity.

The US Cybersecurity and Infrastructure Security Agency (CISA) has released an alert with details of how the BeagleBoyz have made off with an estimated $2 billion in fiat and cryptocurrency since 2015, along with details on how financial institutions can protect themselves against their known patterns of attack.

Along with the theft of massive amounts of money that the United Nations believes is used for North Korea’s nuclear weapons and ballistic missile programs, the robberies also pose a serious risk to financial institutions’ reputations, their operations, and public confidence in banking, CISA said.

The BeagleBoyz conduct a well-planned, disciplined, and methodical cyber operations more similar to careful espionage activities. Their operations have become increasingly complex and destructive. The tools and implants employed by this group are consistently complex and demonstrate a strong focus on effectiveness and operational security.

The group has used a variety of approaches to gaining initial access: Spear phishing, watering holes, social engineering, malicious files, and even contracted third-party hacking groups have been used for initial penetration.

Once inside a network, the BeagleBoyz have again used a wide variety of approaches to meet their objectives, establish a persistent presence, evade defense, and harvest credentials of privileged users. 

CISA said that the BeagleBoyz appear to seek out two particular systems in a financial institution’s network: It’s SWIFT terminal and the server hosting the payment switch application for the bank. They map networks using locally-available administrative tools, deploy a constantly evolving list of command and control software, and ultimately try to make off with any possible money they can get their hands on via fraudulent ATM cashouts. 

The BeagleBoyz monitor the systems to learn about their configurations and legitimate use patterns, and then they deploy bespoke tools to facilitate illicit monetization,” CISA said. 

It not known if the BeagleBoyz have successfully targeted a US-based financial institution.

Chinese Covid-19 Research Lab Hacked & For Sale On Dark Web

April 28, 2020

The data breach notification firm Cyble have identified a credible bad actor (Hacker)that goes online with moniker ‘THE0TIME’ claiming to have gained access to Huiying Medical Technology’s COVID-19 detection’s technology.

Huiying Medical Technology (Beijing) Co., Ltd. researches, develops, manufactures, and distributes medical imaging devices.

Huiying Medical Technology developed an AI-based system that can detect suspected contours of pneumonia from CT Chest DICOM images and identify the symptoms of a COVID-19 infection. Huawei, which partners with Huiying, currently sells the system for $50,000 per month.

The Hackers are selling the source code for AI-assisted COVID-19 detection and experimental data

THE0TIME is offering the stolen data for sale at 4 BTC, the dump includes:

  • Users — 1.5 MB
  • Technology + source code — 1GB
  • Knowledge for Covid-19 Experiments information — 150 MB
Huiying Medical Technology covid19