Search This Blog

Showing posts with label Data Breach. Show all posts

Steris Corporation, The Latest Victim of Ransomware Gang Called ‘Clop’.

 

Data related to a customer of a recently targeted California-based private cloud solutions firm Accellion is being published online for sale by threat actors. Accellion is a file-transfer platform that is used by Steris Corporation. Many other firms were targeted by hackers a few weeks ago, threat actors exploited the security loopholes in the server of the company.

Ransomware gang ‘Clop’ has taken responsibility for the attack and is claiming to have critical information in their possession belonging to Steris Corporation. Steris Corporation is an American Irish-domiciled medical equipment firm specializing in sterilization and a leading provider of surgical products for the American healthcare system. Documents that are missing from the sever system of Steris Corporation include a confidential report regarding a phenolic disinfectant comparison study dating from 2018. This report bears the signatures of two Steris employees – technical services manager David Shields and quality assurance analyst Jennifer Shultz. 

Threat actors also managed to lay their hands on another critical document containing the formula for CIP neutralizer, a highly confidential trade secret owned by Steris Corporation.

Threat analyst Brett Callow stated to Infosecurity Magazine that “Clop is known to use data stolen from one organization to attack (spear phish) others. This is why, for example, there was a cluster of cases in Germany. So, any organization that has had dealings with one of the compromised entities should be on high alert.”

“It really makes no sense for companies to pay to prevent the publication of their data. There have been multiple instances in which threat actors have published or otherwise misused information after the victims have paid the ransom. In some cases, actors have even used the same data to extort companies a second time. And this is really not at all surprising”, he further added.

Apart from Steris Corporation, the Clop ransomware gang has targeted several clients of Accellion including Jones Day, Inrix, Singtel, ExecuPharm, Plantol, Software Ag, Fugro, Nova Biomedical, Amey Plc, Allstate Peterbit, Danaher, and the CSA Group.

SQL Triggers Used by Hackers to Compromise User Database

 

Over the past year, a broader pattern of WordPress malware with SQL triggers has occurred within infected databases to mask intrusive SQL queries. Whenever the trigger condition is fulfilled, these queries insert an admin-level user into a contaminated database. Users can use a MySQL database to store essential data, including CMS settings and a common CMS is used on their website (such as WordPress). Something that might change the MySQL database is whether injecting harmful code or removing the content of your Website, could also do severe harm to the website. 

Potential for protection is one factor why the MySQL database has its own unique username and password, which will deter someone from checking the MySQL database manually without the required login details. Unfortunately, if attackers have unauthenticated access, they can also read a wp-config.php file to understand the website's database authentication credentials — which can then be used to connect to the database using code from the attacker and malicious adjustments. 

An intruder with unwanted access to a website, who would like to create a permanent loophole if the files of the Website are washed, is indeed an example from real life.

An intruder's approach is to set an admin user in the CMS database of the website. Usually, these can be conveniently found in the administrative dashboard or SQL client. The unauthorized admin account is a loophole outside of the website and in the directory of the webserver. This knowledge is critical since owners of a compromised website will also forget the index. However, the exclusion of suspected users from the database of the website does not entail the removal of any potential backdoors. 

A SQL trigger is an automatically stored process that runs when certain database modifications are introduced. While there have been several useful implementations, that bad actors use SQL triggers to retain unwanted access after a compromise. To achieve this, attackers are placing a SQL trigger in a compromised website database and malicious activity is performed if specific conditions have been reached or an incident happens.

If attackers breach a site, they will bet on any database passwords that are stored in wp-config or other CMS configuration files — and once the hacker has obtained the data at any post-infection period, it can be extremely hard to identify if the hacker has harvested any valuable information. Users must change passwords, including the databases if a breach occurs. Failure to pursue this post-hack phase will allow an attacker to enter and change the website even after the user has assumed the infection was removed.

15,000 Clients Data Leaked Accidently by a Turkish Firm

 

Accidentally, a law firm has disclosed client data of 15,000 incidents in which individuals have been killed and wounded after a cloud misconfiguration. Through a misconfigured Amazon S3 bucket, the WizCase team unearthed a huge data leak with private details regarding Turkish residents. The server includes 55,000 judicial records concerning more than 15,000 court proceedings, affecting hundreds of thousands of individuals. The firm affirmed that it does not require any permission to browse the 20GB trove that anyone with the URL may have viewed the very confidential information.

WizCase is one of the leading multinational websites offering cybersecurity resources, tricks, and best practices for online safety. Also incorporates VPN ratings and tutorials. The data was traced by WizCase, back to the Turkish actuarial consulting company, Inova Yönetim, which analyses details for risk and premium estimation.

The online security team has revealed a major abuse of the data from an Amazon Bucket misconfigured by INOVA YÖNETIM & AKTÜERYAL DANIŞMANLIK, a Turkish legal attorney. Inova is an actuarial consulting firm that gathers mathematical data and measures the probability and premiums of insurers. Since 2012, Inova has been in operation and has dealt with thousands of cases. 

The researchers have found that, along with insurance and accident data, the personally identifiable information (PII) about the survivor in each of the 15,000 court cases including name, national ID and marital status, and day of birth is also available. Some records have revealed much more specific details about claimants, witnesses, and others, including detailed accident information, car registration numbers, breathalyzer test reports, incident descriptions, and many more. In certain cases, the data has more details about the victims or other persons involved in it. It involved information of parties such as victims, event participants, police officers, lawyers. 

The data appeared to relate to the circumstances between the beginning of 2018 and the end of summer 2020. Many who are vulnerable to the snafu could be at risk from scammers following extremely persuasive phishing emails or telephone calls to get more financial and personal details. 

“With some social engineering, bad actors or criminals could contact an [mobile] operator, masquerading as the victim, and verify all kinds of verification questions operators would ask to clone a SIM card,” WizCase stated. “After having access to victims’ phone calls and SMS messages, bad actors could then try to do the same operation with clients’ insurance and bank.” 

According to WizCase, for situations like this, preserving the internal data is unusually challenging since it is always in the hands of the organization one deals for. One must be sure that they just send the correct details and ask them what security steps they are undertaking to keep their private data private. If one gets a call relating to the crash, please notify their Inova contact and ensure that an application comes from them, and never trust someone asking for personal details over a phone.

The data of 110 thousand customers was stolen from the Lithuanian car rental service

It became known that on the night of February 15-16 in Lithuania, the data of about 110 thousand customers of the local car rental service CityBee was stolen.

The information was published on one of the forums of cyber hackers.

"On the night of February 15-16, cybercriminals posted a message on a foreign-registered forum that they had not only the names and personal codes of some CityBee customers, as previously announced, but also phone numbers, email addresses, residential addresses, driver's license numbers and encrypted passwords," said CityBee.

Experts reported that, according to available information, passwords are provided in the SHA1 format without additional security criteria (salt), so they can be guessed automatically and used for unauthorized access.

The company noted that the data is already three years old — and their theft will not affect the security of CityBee customers, since the organization does not store information about payment methods. However, CityBee representatives still asked customers who registered in the system before February 22, 2018, to change their passwords if they used the same or similar password.

According to the Minister of Justice Agnė Širinskienė, such personal data can be used very widely. Especially in the case of international crimes.

"For example, illegal immigration from third countries often occurs with the use of fake documents. Let's just think about how a citizen of a third country X can easily move around the EU with the personal data of a CityBee customer in a fake passport. Now imagine that a resident of country X, who has personal documents filled out with CityBee customer data, is involved in the arms trade, the organization of a terrorist network in Europe, and is suspected of money laundering... while the client of CityBee, the "owner" of the identity, is flying to the Maldives on vacation," Širinskienė gave an example.

CityBee has launched an investigation to find out how customer data was stolen.

The police are conducting a pre-trial investigation.

Personal Information of Nearly 1,30,000 Singtel Users' Stolen in a Data Breach

 

Singapore’s leading telecom company Singtel confirmed the exploitation of a third-party file-sharing system Accellion which led to a massive data breach that affected nearly 1,30,000 clients. Private information of clients including National Registration Identity Card numbers and a combination of names, dates of birth, contact numbers, and addresses have been stolen by the hackers. 

Singtel, an associate of Bharti Airtel completed its initial investigation into the data leak and discovered which files on the Accellion file sharing system were illegally accessed. Hackers also managed to steal the bank account details of 28 former Singtel employees and credit card details of 45 staff members of a corporate client with Singtel mobile lines, the company stated in a news release.

Singtel said “some information from 23 enterprises, including suppliers, partners, and corporate customers, was also stolen. The company has started notifying all affected individuals and enterprises to help them and their staff manage the possible risks involved and take appropriate follow-up action.”

Yuen Kuan Moon, CEO of Singtel’s Group said in a news release that we are extremely apologetic for the inconvenience to our loyal customers due to this data breach and assured that we are taking all the necessary steps to beef up the security and negate the potential threats.

CEO said “data privacy is paramount; we have disappointed our stakeholders and not met the standards we have set for ourselves. Given the complexity and sensitivity of our investigations, we are being as transparent as possible and providing information that is accurate to the best of our knowledge. We are doing our level best to keep our customers supported in mitigating the potential risks.”

Telecom company explained that a large part of the stolen data comprises internal information that is non-sensitive such as data logs, test data, reports, and emails. Threat actors targeted Accellion file transfer appliance (FTA); a third-party file-sharing system used by Singtel to exploit the vulnerabilities.

When the company was initially alerted to exploits against the system in December last year, Singtel ‘promptly applied’ a series of patches provided by Accellion to patch the vulnerabilities. On January 23, Accellion advised that a new flaw has emerged that rendered the earlier patches previously applied in December incapable. Since January 23, the FTA system has been kept offline.

Cybercriminal Gang Clop Attacked an International Law Firm Jones Day For Ransom

 

Jones Day, a U.S.-based international law firm has suffered a major ransomware attack, and the allegedly stolen files from Jones Day were leaked on the internet. A Cybercriminal group known as Clop has taken the responsibility for attacking and stealing the files from the law firm.

The incident was first reported on February 13 by Databreaches.net and soon after the attack ransomware gang Clop claimed the responsibility and threatened the law firm to leak the files unless a ransom is paid. This group is known to encrypt files on exploited systems, as well as stealing files from the target. Former U.S. President Donald Trump is among Jones Day’s clients.

Accellion Inc., a Palo Alto-based private cloud solutions company is believed to be a source for the ransomware attack due to the vulnerability in its software, Accellion software was connected to a data breach in which 1.4 million unemployment records were stolen from the Office of the Washington State Auditor on 2nd February. Goodwin Procter, a global 50 law firm uncovered in an internal memo earlier this month that some client information has been accessed in a breach of an unnamed vendor, later discovered as Accellion.

Threat actors are claiming to have more than 100 gigabytes of data and have started to leak the stolen files online as evidence of their successful ransomware attack. This same group attacked the German tech giant Software AG in October last year and demanded a ransom of $20 million in return for a decryption key and promised not to leak the redacted files they had stolen.

Jones Day stated that “Jones Day’s network has not been breached. Nor has Jones Day been the subject of a ransomware attack. Jones Day has been informed that Accellion’s FTA file transfer platform, which is a platform that Jones Day – like many law firms, companies, and organizations – used, was recently compromised and information was taken. Jones Day continues to investigate the breach and has been, and will continue to be, in discussion with affected clients and appropriate authorities.”

Data of 14 Million Amazon and eBay Accounts Leaked on Hacking Websites

 

An anonymous user offered 14 million data from Amazon and eBay accounts on a prominent hacking website for dissemination. The details seem to have been obtained from customers of Amazon or eBay having accounts from 18 countries between 2014-2021.

In Seattle, USA- focused on e-commerce, cloud computing, internet streaming, and artificial intelligence, Amazon.com Inc. is an international corporation based in Washington. Founded in 1994, the business was named "one of the most influential economic and cultural forces in the world" as well as the most valuable brand in the world. Whereas eBay Inc. is also a U.S. international e-commerce company headquartered in San Jose, California that allows transactions and sales to customers and companies through its website. eBay was founded in 1995 by Pierre Omidyar and became a remarkable success story for the dot-com bubble. 

The database acquired by the hacker was sold for 800 dollars where the accounts were divided through each country. The details leaked contain the entire customer name, mailing code, shipping address and store name, and a telephone number list of 1.6 million users. Although two copies had already been sold, the blog publisher has now closed the deal. 

The way the blog-publisher has acquired data is at present- unclear. Though the firm researching this incidence did not independently check or validate that Amazon or eBay data were certainly from the 2014-2021 period. A representative of Amazon said that the allegations had been reviewed with no evidence of any data violation. 

Also, it is more probable that Amazon or eBay have not experienced any infringements. Instead, a common form of password spraying was presumably used by the threat actor to get the passwords. Spraying passwords is an attack attempting to enter a wide number of accounts with a few popular passwords (usernames). Standard attacks by brute forces seek to enter a single account by guessing the password.

Fortunately, highly confidential material, including billing records, national ID numbers, or even e-mail addresses, does not exist on the server. However, the data being sold at this time is also potentially vulnerable and can be used for a range of reasons, such as doxing users by public dissemination of private data (e.g. sensitive things that nobody needs to hear about). The data may also be exploited by cybercriminals for purposes of creating a spam list or business intelligence.

Russian explained why hackers steal personal data of CD Projekt RED employees

 Hackers have broken into the Polish development studio CD Projekt RED, the authors of the sensational game Cyberpunk 2077, and threaten to publish the source codes of the video games, as well as the personal data of the company's employees. Moreover, the attackers have already fulfilled the first part of the promise: the source code of several games of the Polish studio has appeared in the public domain. It is likely that cybercriminals will also reveal the personal data of employees. Alexey Kubarev, Head of the Solar Dozor Business Development Group at Rostelecom-Solar, spoke about why hackers hunt for such information and how they use it.

"The main goal of hackers is to profit from the spread of malicious attacks and fraud. Personal data can be both an end goal - it can be sold, and an intermediate goal - it can be used for the implementation of attacks," explained Kubarev.

According to the specialist, the most demanded information in the cybercriminal world is personal data related to the financial sector, for example, the bank's customer base.

The expert claims that fraudsters buy personal data on the Darknet. "There, the databases are placed by hackers, either who hacked the resource with the database, or received it from insiders."

Attackers figure out the employees they are interested in and, in various ways, make them provide either data or technical access to it.

According to Kubarev, a person cannot influence the protection of personal data that he provides to companies, since the companies that process them are responsible for the security of data.

"So, you should be careful about any letters and websites that require you to enter data about yourself and check whether they really belong to the official domain of the company. In addition, attackers can use social media to collect information, so it would be better to minimize the information with personal data in your accounts or restrict public access to them, if possible," concluded he.

Romania's Iimobiliare.ro Website Suffer Major Security Breach

 

The website Iimobiliare.ro, Romania's biggest advertisement platform for real estate ads, was infringed last December by a security breach that allowed unauthenticated access to more than 201,087 files in the company's data archive (including copies of identity cards), as reported by the IT security experts- Website Planet, informs the specialized site DPO-net.ro. The operator reported last month that it had remediated the flaw but did not report it to the Data Protection Authority. 

Although it remains unclear if consumer knowledge has fallen into harsh hands, as there is no password protection or authentication on the bucket of the company. The leaked data has been saved in 35,738.PDF and 165,316.JPG files, including full names, telephone numbers, home addresses, emails, CNP (social security), and personal signatures. This included personal identity information (PII) as well. Notably, anyone can just insert a correct URL to reach the bucket. 

This violation disclosed over 200,000 documents, but the exact number of persons impacted by the violation remains unclear. Additional customer information compromised includes real estate contracts between customers and the company, property records including architectural plans, detailed descriptions and location, land extractions and ANCPI document, user profile photos, scanned copies of national identity cards containing the identification of codes, demanded property price, detailed explanation of properties including Real estate agreements. 

Imobiliare.ro officials stated, "In January 2021, we detected a potential vulnerability in our internal data storage systems. Our company promptly launched an investigation. The vulnerability was quickly remedied. Internal investigations on the causes and potential consequences continue. We ensure in this way that for Imobiliare.ro data security is a priority and work continuously to protect the confidentiality and integrity of our platforms, meeting all current standards and in cooperation with. " 

Given the nature of the leaked information, the possible effects on consumers may be serious. Initially, malicious actors may use the information to learn about the residential address of the person, the estimated sales, and the financial status. Explicit financial data or information was not leaked, but unauthorized users could use property values as a proxy indicator for net wealth. Identity stealing is the primary concern of this material, but even other crimes such as robbery are more likely to arise from the leak. 

Imobiliare.ro users may have done little to avoid leakage of their results. The organization is held responsible for the server leak. Users will nevertheless minimize the danger they pose from weak cybersecurity from third-party firms, such as customer credit reviews offering identity recuperation support if they have leaked personal data to destroy the credit records of others or commit other crimes under a presumed name.

CEO of Koo App Denies the Allegations of Data Breach by French Hacker

 

Koo, a home-grown microblogging platform has come under the scanner after a French ethical hacker known by the moniker Elliot Alderson on Twitter uncovered the security loopholes in the Koo app. Cybercriminals can exploit the vulnerabilities in the app to retrieve personally identifiable information such as e-mail ID, date of birth, name, marital status, gender, and more.

Several Union ministers, politicians, and film actors are switching to the micro-blogging platform Koo but this leak has raised serious concerns regarding the safety of private information of the users. “You asked so I did it. I spent 30 min on this new Koo app. The app is leaking the personal data of users: email, dob, name, marital status, gender…” Alderson tweeted with emended screenshots of the data he was able to access.

Aprameya Radhakrishna, Koo’s co-founder, and CEO responded that the app is fully secured and data visible is something that the users have voluntarily shown on the profile. Aprameya explained on Twitter that “some news about data leaking being spoken about unnecessarily. Please read this: The data visible is something that the user has voluntarily shown on their profile of Koo. It cannot be termed a data leak. If you visit a user profile you can see it anyway”.

Alderson countered the tweet by sharing a screenshot of an IAS officer on Koo, he claimed he could gain access to the data of an IAS officer without it being visible on the profile page and he tagged Aprameya in his tweet.

Aprameya replied to the tweet – “@fs0c131y (Elliot Alderson) We’re attempting to do something for our country, India. All help is appreciated. If you want to help out in this journey of ours please write to me at ar@kooapp.com and we can take a look at all the feedback you have. Thanks!” 

The popularity of the Koo app is increasing with each passing day and has surpassed over 3 million downloads on both Google Play and the Apple app store. Observably, the app is seen as the alternative to Twitter and many prominent personalities have moved to the Koo app.

Comcast Data Breach Compromised with 1.5 Billion Data Records

 

American cable and Internet giant Comcast was struck by a data breach few days back. An unprotected developer database with 1.5 billion data records and other internal information was available via the Internet to third parties during this data breach. 

Comcast Corporation is the largest cable operator network and, after the AT&T it is the second largest internet service provider as well as the third largest telephonic company in the US after the AT&T and Verizon Communications. 

Recently the research team of WebsitePlanet in collaboration with the security researcher, Jeremiah Fowler, identified a non-password-protected database with a total size of 478 GB of 1.5 billion records. The database of Comcast featured dashboard permissions, logging, client IPs, @comcast e-mail addresses and hashed passwords in publicly accessible domain. By this breach, a description of the internal functionality, logging and general network structure is established with the IP addresses contained in the database. The server also revealed the Comcast Development Team's email addresses and hashed passwords. Further the database also provided the error reports, warning and the task or job scheduling information, cluster names, device names, and internal rules marked by the tag “Privileged=True.” Middleware also was detected in error logs and can often be used for ransomware or other bugs as a secondary way. 

However the measures to control the access to the data were taken around in an hour, as the malicious actors could have easily accessed and retrieved the confidential information until the data was secured. The researchers relying on Comcast's data immediately submitted a notice of disclosure and affirmed their observations to their Security Defect Reporting team. 

Fowler also said that, this was among the fastest response times I have ever had. Comcast acted fast and professionally to restrict the data set that was accessible to anyone with an internet connection. 

A representative for Comcast stated that, “The database in question contained only simulated data, with no real employee, customer or company data, outside of four publicly available Comcast email addresses. The database was used for software development purposes and was inadvertently exposed to the Internet. It was quickly closed when the researcher alerted us of the issue. We value the work of independent security researchers in helping us to make our products and services safer and thank the researcher for his responsible disclosure in this matter.” 

Naturally, it is unavoidable to deal with errors which reveal data as long as people are engaged in configurations. However, Comcast's size does cause these mistakes to be very disruptive and can affect many subscribers and business customers. That's the reason why these firms would follow those security lists, double-check additional teams, and do whatever they can to reduce chance of publicity. Though in this incident the action was taken in time.

Tokyo Gas Discloses Data Breach Impacting Anime-style Dating Simulation Game

 

Recently a cyber attack has been reported by Tokyo Gas, the game’s developer and also known as a Japanese utility giant; the company said that around 10,000 email addresses belonging to players of an online animated style game were exposed during a data breach. 

Following the incident, the company has published a security alert post on January 30, whereby it stated that at present they have disabled the animated game's website  (popularly known as dating simulation game) and mobile app after it came to their notice that a third party has gained unauthorized control in the system and to the emails credentials and associated players’ nicknames. 

The translated name of the game is ‘Furo Koi: My Only Bath Butler’, the parent company of this application described it as a ‘romance game'. It is based on the Japanese role-playing genre, wherein users build relationships with the other users, mainly through conversations on the app. 

In response to the attack, the Japanese-language security alert has indicated that the game also appears as accessing the comparative effectiveness of various bathing products, whilst a video has been posted on the game’s Twitter account which shows various anime avatars. 

Tokyo Gas has been founded in 1885 in Japan and is Japan’s largest natural gas provider giant. According to the data about 10,365 emails credential has been exposed when the attack unfolded on January 29. 

In a press gathering, a spokesperson from the company said that the breach was discovered the following day, on January 30. However, currently, the company is not sure whether the stolen data has been misused or is safe. 

In the security alert, the company displayed a reference to the addition of a new feature to the game on January 28, but at present, it is unclear what, if any, connection this has to the data breach. 

It also indicated that all measures regarding the attack have been taken. Furthermore, law enforcement will be implementing security measures based on the findings of a security audit. 

The Tokyo Gas spokesperson said: “We recognize that the protection of customer information is extremely important. We sincerely apologize for any inconvenience caused to our customers”.

Cybersecurity Company Emisoft Suffers System Data Breach, Founder Apologizes

The founder of Emisoft, a cybersecurity company based in New Zealand has issued an apology over a configuration miscalculation that resulted in a system data breach. The company's test systems were breached and the news came out on February 3. Christian Mairoll, founder and managing director, Emisoft, told about the incident. She wrote that the cybersecurity incident shouldn't have occurred, due to the breach, the product and services that generate Emisoft's log records, were exposed to unauthorized third-party players.  

Christian said that the database was exposed from January 18 to February 3, 2020. During that period, she suspects, at least one individual had got access to its files when the attack happened. The investigation informed that 14 customer user IDs related to 7 distinct organizations comprised of the data compromised by the attack. Emisoft on its blog said, "the stolen data in question consists of technical logs produced by our endpoint protection software during normal usages, such as update protocols, and generally does not contain any personal information like passwords, password hashes, user account names, billing information, addresses, or anything similar. 

However, as part of the investigation, we noticed that 14 customer email addresses were part of the scan logs due to detections of malicious emails stored in the users’ email clients." Following the cyberattack, Emotet shut down the compromised systems and started a full foreign analysis of the incident. Emisoft has contacted the customers affected by the data breach. Besides this, to assure no such event happens again, Emisoft has pledged to conduct all its future experiments and tests in a safe isolated environment. It'd have no internet access and data would be AI-generated.  

"As always, we continually assess our procedures and policies and seek new ways to improve our approach to security. We understand the importance of our role as guardians of your information and online safety and will continue to work every day to re-earn your trust," said Emisoft in an apology. As of now, these are the only details that E Hacking News is aware of, stay updated.  

Webdev Tutorials Site 'SitePoint' has Disclosed a Data Breach

 

The website Sitepoint, which provides access to online study and information on web development content tutorials and books, reported a security breach. The organization has informed its users by email this week. 

The organization formally admitted a data breach after threat actors have successfully put up a collection of one million SitePoint user’s credentials on a cybercrime forum in December 2020 for sale.  

This week, SitePoint, while confirming the cyber attack on its systems, said in a report, "At this point, we believe the accessed information mainly relates to your name, email address, hashed password, username, and IP address," the company said. 

On the prevention front, SitePoint is instigating a password reset on all its users’ accounts while giving its users an option for new ones that must be at least ten characters long. 

Also, publishers of web development tutorials and books believe that the stolen credentials are currently in a secure space as they have been hashed with salted and bcrypt algorithms – which makes cracking the password strings to its plaintext version a very long process, which is a complex task. 

"We recommend that you change passwords from any other websites that may be a duplicate of your SitePoint password, just as a precaution," the company added. 

Besides, the company stated that based on current information, the data breach has taken place after threat actors acquired control of the system of the third-party which they used to monitor their GitHub account. 

"This allowed access through our codebase into our systems. This tool has since been removed, all of our API keys rotated and passwords changed," the company said. 

“This same tool was also used to breach custom apparel vendor Teespring, whose data was also sold by the same hacker, in the same package, at the same time”, the SitePoint data reads.

Security Firm Stormshield Discloses Data Breach, Theft of Source Code


Stormshield is a French based leading cyber-security firm that provides network security services and security equipment to the government. Recently the firm discovered that malicious actors have used one of its customer support portals and stole sensitive credentials of some of its customers. While reporting the same to the press, the firm also said that hackers successfully managed to steal parts of the source code for the Stromshield Network Security (SNS) firewall, a product certified for use in sensitive government networks, as part of infiltration. 

The organization told that its team is investigating the attack and assessing the impact of the breach on government systems with the French cyber-security agency ANSSI (Agence Nationale de la Sécurité des Systèmes d'Information). 

"As of today, the in-depth analysis carried out with the support of the relevant authorities has not identified any evidence of illegitimate modification in the code, nor have any of the Stormshield products in operation been compromised," Stormshield said in a message posted earlier today on its website. 

The cybersecurity department of the French government is taking this cyberattack as a major data breach. The French cyber-security agency ANSSI noted in its own press release that "Stormshield SNS and SNI products have been 'under observation' for the duration of the investigation." 

Additionally, Stromshield has informed that its department is reviewing the SNS source code and has also taken some major steps to prevent further attacks on the firm. The Company has also replaced the digital certificates which were used to sign SNS software updates. 

"New updates have been made available to customers and partners so that their products can work with this new certificate, all the support tickets and technical exchanges in the accounts concerned have been reviewed and the results have been communicated to the customers," Stormshield spokesperson said. 

“Only about 2% of customer’s accounts were affected in the breach, which is "around 200 accounts out of more than 10,000." He added. 

Furthermore, the French security firm said “it also reset passwords for its tech support portal, which the attackers breached, and the Stormshield Institute portal, used for customer training courses, which weren’t breached, but the company decided to reset passwords as a preventive measure”.

Oxfam Australia 1.7 Million users Compromise with the Data Breach

 

Recently, a hacking threat group has supposedly infected the data of 1.7 billion users, which is being investigated by Oxfam Australia – a humanitarian and non-profit organization that witnessed data breach and blatant violation of privacy. 

Oxfam Australia is a secular association which is focused on development and assistance, it is an autonomous organization that operates within the broader framework of Oxfam Umbrella to eradicate poverty across Australia, Asia, Africa, and the Middle East.

The company said in a statement on Thursday 4th of February, that they were informed about the data breach at the end of last week and that they immediately instigated an investigation to uncover the motives, origins, and damage incurred. 

Oxfam Australia is investigating a possible violation of privacy after a threat actor claimed to sell their database on a hacker website. The dark web database sample contains email addresses, names, physical addresses, telephone numbers, and donation sums, which seems to be all legit data to customers. One of the records includes legal donor data from threat actor pooled sample data. Although it is still unknown whether any data has been compromised, it was revealed earlier this week that a threat actor was trying to sell a charity database. Forensic experts were asked to help determine whether data were accessed and whether their supporters were affected. Oxfam Australia said they are currently undertaking investigations into the breach and have reported the infringements to the Australian Cyber Security Centre (ACSC) and Office of the Australian Information Commissioner (OAIC). 

"Late last week, Oxfam Australia was alerted to a suspected data incident. Oxfam immediately launched an investigation and engaged market-leading experts to assist in identifying whether data may have been accessed and any impact on its supporters." 

Chief Executive Lyn Morgain said, “Oxfam Australia had reported the matter to the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner (OAIC) while continuing to investigate the suspected incident.” 

In order to warn them of the alleged violation, Oxfam contacted supporters and stakeholders. Although no official confirmation was issued for the cyber-attack, an information violation has probably occurred based on the threat actor details. 

In these regards, all contributors and registered users on the Oxfam Australia platform need to update their passwords. They also need to change it if they use the same password on other pages. Threat actors may also use the data suspected to conduct targeted phishing attacks in that database. Both donors can watch for phishing attacks from Oxfam and submit additional personal details. 

Morgain added that “We are committed to communicating quickly to our supporters once the facts have been established, and we will provide updates as we learn more.”

Data Related to Thousands of Foxtons Clients Leaked Online

 

Estate agent Foxtons Group is under tremendous pressure after a daily newspaper named ‘publication i’ asserted that critical information pertaining to customers’ card and other personal details have been uploaded to a dak web site. As per the reports of publication i, on October 12 last year, a customer discovered card information, addresses, and personal messages belonging to over 16,000 individuals. 

The breached data has been linked to consumers before 2010 but what's alarming is that nearly one-fifth of the cards are still active. In most of the cases, threat actors exhibit their haul to the clients by selling a small sample online, before selling privately. The size of the personal data published online is relatively small, however, the total number of clients that have been affected remains the most intriguing question. 

Three weeks ago, Foxtons Group was notified of the published data by the client who discovered the same, however, it can be noted that the agency had not taken any measures to inform clients or the authorities yet. 

As per the reports, in the last three months, leaked files have been viewed over 15,000 times. Estate agent Foxtons Group released a statement saying that its Alexander Hall mortgage broking business was hit by malware in October 2020 during a strike that affected many other firms.

“Some IT systems were affected for several days but were restored without significant disruption to customers. All necessary disclosures have been made and full details of the attack were provided to the FCA and ICO at the time. We are satisfied that the attack did not result in the loss of any data that could be damaging to customers and believe that the ICO and FCA are satisfied with our response”, Foxtons Group stated.

The CTO of Cortex Insight, Stephen Kapp stated that “it is safe to assume the worst, and Foxton customers should look to protect themselves from identity fraud and card fraud as a result of this breach. With both personal information and payment card information lost, Foxtons customers should take some time to validate payments and potential credit history interactions since October and flag anything suspicious to their bank”.

USCellular Hit by a Data Breach After Hackers Access CRM Software

 

US Cellular, which is a mobile network operator, has suffered a data breach after threat actors gained access to its CRM and took control over customer’s account details. As per the complaint that has been filed with the Vermont attorney general’s office, USCellular mentioned that retail store employees were scammed into downloading software onto a computer. 

This software has given permission to the threat actors to gain access to computers remotely, and as the company employee was logged into the customer relationship management (CRM), hackers acquired access to this as well. 

"On January 6, 2021, we detected a data security incident in which unauthorized individuals may have gained access to your wireless customer account and wireless phone number. A few employees in retail stores were successfully scammed by unauthorized individuals and downloaded the software onto a store computer." 

"Since the employee was already logged into the customer retail management ("CRM") system, the downloaded software allowed the unauthorized individual to remotely access the store computer and enter the CRM system under the employee's credentials," states the USCellular data breach notification. 

According to USCellular, the attack has taken place on January 4th, 2021. On the basis of the information given by the USCellular, it is unclear as to how many customers were affected and whether the employees were scammed via a phishing email or some other method has been used. 

While getting access to customers' accounts in the CRM, the malicious actors would have been able to get information including their names, addresses, PIN, cell phone numbers, service plan, and billing/usage statements. 

"As indicated above, your customer account was impacted in this incident. Information your customer account includes your name, address, PIN code, and cellular telephone numbers(s) as well as information about your wireless services including your service plan, usage, and billing statements known as Customer Proprietary Network Information ("CPNI")," the data breach notification further adds.

USCelluar also stated that customers' social security numbers and credit card information were not accessible as they are masked in the CRM; from a deleted data breach notification that was on USCellular's site, the hackers were able to port numbers for affected customers to another carrier. 

"After accessing your account, a wireless number on your account was ported to another carrier by the unauthorized individuals," stated USCellular. After learning about the attack, USCellular has taken the necessary steps to protect the system from further attacks. The measures included isolating the infected computer and resetting the employee's passwords.

Russians Warned for US-led Cyberspace Threat Ensuing Solar Wind Orion

 

On Thursday evening, the Russian government released a security notice to Russian firms warning of possible US-led cyber-attacks following the SolarWinds incident. In retaliation for SolarWinds hacking which has breached networks of a variety of US federal agencies including the Defense Department and top-tech businesses, the Russian government has warned corporations around the world of an imminent cyberspace threat. 

At least 250 federal agencies and leading US businesses have suffered from Russian-backed hackers by filtering into the surveillance and control platform 'SolarWinds Orion.’ The response of the Russian government comes after earlier statements from the current Biden administration.

New officers from the White House said that they are reserved with the freedom to respond to cyberattacks, and they would want to do so in answer to the questions about their plans for SolarWinds. The secretary of the press said that “We’ve spoken about this previously… of course we reserve the right to respond at a time and manner of our choosing to any cyberattack.” 

The reaction from Moscow to this statement was given hours later by the Federal Security Service, an internal security and intelligence body in Russia, the National Coordinating Centre for Computer Accidents. It took the form of a protection newsletter. 

The brief statement included a list of 15 best practice safety measures that companies have to follow to remain safer online, and cited the statements of the Biden government which are considered as a threat. The best practice in the warning is to include factory safety guidance and few businesses and even the least qualified safety, as noted by the experts. 

In reaction to Biden's hostile declaration earlier in the day further security warnings were released. In the SolarWinds incident, Russia has declined its stance. Following the event of SolarWinds, the Biden administration has dedicated $9 billion to cyber defense. Recently, at least 24 large corporations, including tech giants including Intel, Cisco, VMware, and Nvidia have been hacked. 

In Orion applications sold by the IT management firm SolarWinds, the alleged Russian hackers built and collected the confidential data of a number of U.S. government departments and firms. The original report was that 18,000 government and private networks were hacked by Russian hackers.

Data Breach: Chipmaker Intel Shares Fall by 9%

 

The stock of Intel Corp was rallied to close in the last minutes of Thursday 21st January 2021 after the unlikely announcement of quarterly results by the chipmaker at the end of the day, but the stock was reversed in prolonged trading as the firm dealt with long-term plans.

The Intel Corp. chip maker made an administrative mistake on Friday with a data breach – which led to a quarterly profits study being released early with a fall in shares as much as 9%. Intel further added that its corporate network was not affected. The Chief Financial Officer of the firm, George Davis, had earlier stated that “Intel had released its results ahead of the closing of the stock market on Thursday, claiming that the hacker had taken financially valuable information from the site.” 

The quarterly reports of the firm were initially expected to be released hours later after the end of the Wall Street market on Thursday. “Once we became aware of these reports, we made the decision to issue our earning announcement a brief time before the originally scheduled release time”, as per a statement by American computer chip corporation. “An infographic was hacked of our PR newsroom site,” disclosed Davis. The company is reviewing claims that one graph from its earnings report may have gained unauthorized entry. 

Intel further added that “the URL of our earnings infographic was inadvertently made publicly accessible before the publication of our earnings and accessed by third parties. Once we became aware of the situation, we promptly issued our earnings announcement. Intel's network was not compromised, and we have adjusted our process to prevent this in the future.”

The performance of Intel for the fourth quarter met the aspirations of analysts and dismissed the company's estimate of high PC revenues. The chipmaker saw a trimestral decline of 1% to $20 billion annually, but he still defeated Refinitiv's $17.49 billion forecasts by analysts. Net earnings were $1.52 per share for the year, relative to an estimated $1.10. 

At $62.46 following the release of holiday sales and a forecast that beats expectations, but slowed almost 4 percent after hours, Intel INTC's -9.29 percent share came to an end of 6.5 percent. The business studies claim that a graphic in its profits has been stolen and pressured to reveal the figures early.