Multi-factor authentication bypassed to hack Office 365 & G Suite Cloud accounts

Massive IMAP-based password-spraying attacks successfully breached Microsoft Office 365 and G Suite accounts, circumventing multi-factor authentication (MFA) according to an analysis by Proofpoint.

As noted by Proofpoint's Information Protection Research Team in a recent report, during a "recent six-month study of major cloud service tenants, Proofpoint researchers observed attackers are targeting legacy protocols with stolen credential dumps to increase the speed and efficiency of the brute force attacks.

Based on Proofpoint study, IMAP is the most abused protocol, IMAP is the protocol that bypasses MFA and lock-out options for failed logins.

This technique takes advantage of the fact that the legacy authentication IMAP protocol bypasses MFA, allowing malicious actors to perform credential stuffing attacks against assets that would have been otherwise protected.

These intelligent new brute force attacks bring a new approach to the traditional normal brute force attack that uses the combination of usernames and passwords.

Based on the Proofpoint analysis of over one hundred thousand unauthorized logins across millions of monitored cloud user-accounts and found that:

▬ 72% of tenants were targeted at least once by threat actors
▬ 40% of tenants had at least one compromised account in their environment
▬ Over 2% of active user-accounts were targeted by malicious actors
▬ 15 out of every 10,000 active user-accounts were successfully breached by attackers

Their analysis unearthed the fact that around 60% of all Microsoft Office 365 and G Suite tenants have been targeted using IMAP-based password-spraying attacks and, as a direct result, approximately 25% of G Suite and Office 365 tenants that were attacked also experienced a successful breach.

On the whole, after crunching down the numbers, Proofpoint reached the conclusion that threat actors managed to reach a surprising 44% success rate when it came to breaching accounts at targeted organizations.

The ultimate aim of the attackers is to launch internal phishing and to have a strong foothold within the organization. Internal phishing attempts are hard to detect when compared to the external ones.

Hackers Target Popular Instagram Profiles

Cyber Hackers have now set their sights on the Instagram accounts of high-profile and social media influencers with phishing emails so as to gain access to their accounts before the influencers can even comprehend what's going on.

As indicated by sources it was reported that the hackers have especially targeted those Instagram profiles that have followers somewhere in the range of 15,000 and 70,000. Their targets for the most part go from well-known actors and artists to even proprietors of new companies.

Starting with the phishing emails showing up from Instagram requesting that the user should verify their accounts to get the 'Verified' batch on their respective Instagram profiles; it takes them to the phishing page that requests the following user certain details such as their date of birth, email, and credentials.

Once submitted, a batch notification shows up, yet for just four seconds. This is a trap to give the users the feeling that their profile has been verified thusly.

A visualization of how the hackers are stealing the Instagram profiles
As the user enters the credentials in the phishing page attackers gain access to those credentials and by utilizing them they access the Instagram profiles and change the data that requires recouping the stolen account.

The attackers change the username of the stolen address to show that it is hacked and use it to change the email address, over and over in order to trap the users with security emails making them feel as though the changes made were legitimate indeed.

Screenshot of the phishing email asking the user to verify his Instagram account
That is exactly what happened to a photographer who had approximately 15,000 followers on Instagram, when she had her account stolen.

The hackers nowadays have therefore, without any doubt become experts in areas where they 'lure' the victims into handing out their personal information to get a motivating force, particularly like the blue batch on their profiles and their mimicry of Instagram's messages nearly seems real.

Hence, here are some of the warnings users and organizations can keep an eye out for and eventually protect their accounts from being hacked;

1. Use of domains other than the social network's own
2. Dubious font styles (i.e., utilization of screenshots rather than genuine pictures)
3. Incorrect language and punctuation 
4. Emails that request credentials; social networks never request them outside of their real, secure login pages
5. Spam filters and Antispam portals.

Bank details of Bernard Matthews employees stolen

A suspected cyber-attack "potentially compromised" the bank account details of 200 workers at Bernard Matthews.

The turkey producer has made staff aware of the suspected hack.

The Norfolk-based company said it was alerted by its bank on 22 January, as first reported in the EDP.

A spokesman said: “After being first alerted by our bank, we reported the incident to the relevant authorities and put in place extra security measures, as well as offering additional security advice to those affected.” "We continue to monitor the situation but we are not aware colleagues have been affected any further," he added.

The person or group behind the hack is unknown.

Bernard Matthews employs 3,000 people across East Anglia. The company is a major employer in Norfolk and Suffolk, including at its plant at Holton, near Halesworth, and its headquarters at Great Witchingham.
The business has been through a difficult time in recent years, coming close to collapse in 2013.

Last year, it was one of two interested parties bidding to take over Banham Poultry, in Attleborough, which was eventually sold to Chesterfield Poultry.

In 2016 the Boparan Private Office, owned by food tycoon and 2 Sisters Food Group entrepreneur Ranjit Boparan, known as the “Chicken King”, bought the firm in a pre-pack deal in 2016 from Rutland Partners, saving 2,000 jobs after the firm posted pre-tax losses of £5.2m.

US charges Russians for interfering in 2016 Elections, Identity theft in the centre

On Friday, Special Counsel Robert Mueller charged against 13 Russian nationals and three Russian groups for interfering with the 2016 U.S. elections.

The charges included creation of false U.S. identities as well as identity theft of six U.S. residents. The charges of identity theft were brought against four Russian nationals.

According to the indictment, the Russian nationals used stolen Social Security numbers, home addresses, and birth dates of the six persons to open bank and PayPal accounts and obtain fake government documents between June 2016 and May 2017.

“This indictment serves as a reminder that people are not always who they appear to be on the Internet,” Deputy Attorney General Rod J. Rosenstein said at a press briefing announcing the indictments.

The Russians allegedly used the stolen identities to open four accounts at an undisclosed U.S. bank and purchased more than a dozen bank account numbers from online sellers.

The stolen information was also allegedly used to evade PayPal security measures.

“We work closely with law enforcement, and did so in this matter, to identify, investigate and stop improper or potentially illegal activity,” PayPal said in a statement.

The Russians are claimed to have used the accounts to pay for the promotion of politically inflammatory social media posts, IRA expenses, political rallies and political props including banners, buttons and flags, in efforts to boost President Trump’s campaign, and are alleged to have been paid $25 to $50 per post from U.S. persons to promote content on IRA-controlled Facebook and Twitter accounts.

Hackers compromised over 50,000 accounts of 'Kinopoisk' website to change rating of movie 'Crimea'

Hackers compromised over 50,000 user accounts of the Kinopoisk(Movie Search) website - One of the leading online database for movies in Russia.  The main goal of hackers was increasing the rating of a film "Crimea", which was expected on the screens.

The incident first came to the spotlight when some of the users noticed the marks in their profile that they are expecting the premiere of the film "Crimea".  The administration of "Kinopoisk" received complaints from number of users.

After internal investigation, Representatives of the website has removed over 50,000 incorrectly marked marks.  After removing those marks, the number of marks is reduced from 70,000 to 17,000 - The rating of the move is reduced from 60% to 20%.

The technical Support staff of the portal also send notification to all the users of the hacked accounts to change the password.  They also recommended to set a strong password and not to use the same password in any other services.

- Christina

Twitter Account Of Actress Stefanie Scott for sale in UnderGround hacking forum

A recent post on an underground hacking forum claimed to sell the Twitter account of the actress "Stefanie Scott" . This is one of the rare time's the attack can be prevented before it happens so I am releasing this  post in public interest.And to show how such celebrity accounts are sold by hackers.

Now lets analyze the post . First I am worried by his statement of "pm me for her twitter ETC" which point's that he is in control of MORE than her twitter account. And she seems oblivious to the fact that her account's might be hijacked because she tweeted about an hour ago and the sales thread has been opened way before that .

As you can see such accounts can go for 400$ or more .The account has 256,211 followers which is worth a lot.Most such hacks don't affect the celebrities as much as the followers whose computers or accounts might be hijacked as the result of following the links posted by a hacker posing as the celebrity. 

It is the responsibility of the celebrity to keep his/her account safe as they are not the only people affected, their fans often take the worst side of the attack.

PS: This might just be a scam by the user to rip off  other users but it seems unlikely since he is a higher level of user and would not like "scam reports" to be opened against him.I will update this article if I get more information. 

Facebook Page of Former Secretary of State Colin Powell hacked

Former US Secretary of State Colin Powell's official page was hacked. After hijacking the facebook page, the hacker started to post some of the pictures stolen from the email accounts of the Bush family by a hacker named "Guccifer".

"Kill the illuminati! Tomorrow’s world will be a world free of illuminati or will be no more!" The hacker said in one of the post.

After few hours, Powell managed to recover his facebook page and apologized for the offensive posts made by the hacker.

"Dear Friends, as most of you realize, my fb page has obviously been hacked. I'm sorry you have to see all the stupid, obscene posts that are popping up. Please ignore as we are working with fb to take care of this problem. I appreciate your patience." Powell posted after he recovered his facebook page.

"Dear Friends, I'm happy to report that the hacking problem has been fixed. We have been working with fb this morning and they took immediate action to remedy the situation."

Avengers: "The Hulk"(Mark Ruffalo) Twitter account hacked

The twitter account belong to actor Mark Ruffalo, who plays 'The Hulk' in the Avengers Movie, has been hacked by an unknown hacker.

The hacker took over the account, started to sending out crazy messages and post a link to who has the best booties in Hollywood, a link to which women in Hollywood have the best breasts, and how to have mind blowing sex.

"It's kind of hilarious me getting hacked today. I got to hand it to the hacker. Kind of genius." Tweet from Mark_Ruffalo reads.

After being accused of being the hacker, he wrote, “Giving up answering Tweets. Last word on the matter. Mark's account was hacked, and the hacker renamed it, so this username became free. I registered the name so Mark could get it back if he wanted it. I'm happy to hand it over, or e-mail the password to him. End of story.”

“Dude, You are my hero. Thanks for giving me back my identity. Thanks for thinking to save it. Best to you,” Ruffalo responded.

Twitter transferred the followers and the old tweets to Hulk’s new account, @Mark_Ruffalo.

North Korean hacked Email Accounts of Information Security School Students

Hackers breack into Information Security School server and compromised email accounts of alumni.  The National Intelligence Service investigated that North Korea was behind this hacking attack.  According to the report, They hacked e-mail accounts of 27 students of Korea University's Graduate School of Information Security.

"Analysis of the malware used to hack into the e-mail accounts confirmed that it is identical to malicious codes spread by North Korea," an NIS official said Wednesday. "We have tentatively concluded that North Korean hackers were behind the attack and are tracking the source."

The hackers send spam mail with malwares to alumni via the Korea University Center for Information Security Technologies. The investigation revealed that all of those who received it graduated in the same year. It appears that the hackers obtained the directory with all their email addresses and planted the malicious code.

The reason North Korea tried to hack into the e-mail accounts is because most of the school's graduates get jobs either at the Defense Ministry, NIS or other government security agency, intelligence officials believe.

International Foreign Government E-Mails Hacked by TeaMp0isoN

A hacker named as "Hex00010" , a member of Hackers Team "TeaMp0isoN" hacked about 200 emails accounts of International Foreign Government. He released the all database in pastebin. They got these email database by hacking into , website of Parliament of Australia (  and some other sites.

Microsoft's Official Youtube Channel hacked and All videos deleted

Microsoft Official Youtube Account is hacked by Unknown hacker. He removed all videos from their channel. Hacker uploaded four videos , all time-stamped within two hours.

A fifth video was apparently removed.. The video, “Garry’s Mod – Escape the Box,” featured what appeared to be an animated gunman shooting at the inside of a construction box.The channel’s description reads, “I DID NOTHING WRONG I SIMPLY SIGNED INTO MY ACCOUNT THAT I MADE IN 2006 :/"

Now Mcirosoft recovered the account and uploaded videos back. Still they didn't find how hacker hacked it.