Search This Blog

Showing posts with label Personal Information. Show all posts

Lubbock County Denies Data Leak, Says Data Temporarily Attainable Under New Software System

 

Earlier this month, the personal court records for residents of Lubbock County, located in the US state of Texas, were exposed when the county transitioned to a new computer software system. The exposed data contained non-disclosure orders, criminal cases, and civil and family law records. 

According to the county’s official website, Lubbock County Defense Lawyers Association and county officials are not on the same page concerning how to define the incident.

In a news release from the County, Judge Curtis Parrish said: “On Tuesday, September 14, 2021, Lubbock County Information and Technology Department became aware that certain court records that were previously unavailable for review by the public had become viewable under Lubbock County’s new software system. Some of these records include non-disclosure orders, criminal cases, civil and family law records. This access portal has now been blocked temporarily until we can identify which court records maybe [sic] accessed by the parties, attorneys, and the general public.

This was not a data breach [sic], or an issue where the computer system was compromised. Lubbock County will continue to review policies concerning all court records, in our effort to make these documents accessible to the attorneys and the public.” 

However, an earlier release by the Lubbock County Defense Lawyers Association characterized the incident as a data breach. The association said it became aware of the situation on September 10. 

“This data includes information on individuals who have had criminal cases expunged or non-disclosure orders signed in their criminal case. This breach affected cases at all levels and in all courts in Lubbock County. Some individuals’ data have been removed from the public access system, while other individuals’ data are still available,” said Lubbock County Defense Lawyers Association in their news release. 

The attacks on local governments is a growing concern for law enforcement agencies and government officials. Due to their shoestring budget, local governments rarely have dedicated security experts and that leaves a huge hole in their security. In March 2021, a report from consumer tech information site Comparitech revealed that American government organizations suffered a loss of $18.88 billion due to cyber-attacks. 

Over the past three years, 246 ransomware attacks struck U.S. government organizations. These attacks potentially affected over 173 million people and nearly cost $52.88 billion. The motive of most of these attacks was to halt processes, interrupt services and cause disruption, not to steal data, according to the report.

Hackers Can Use the SSID Stripping Flaw to Mimic Real Wireless APs

 

A group of researchers discovered what appears to be a new way for threat actors to mislead people into connecting to their wireless access points (APs). The method, called SSID Stripping, was revealed on Monday by AirEye, a wireless security company. It was discovered in conjunction with Technion - Israel Institute of Technology researchers.

Simply put, unwary users might be duped into connecting to hacker-created Wi-Fi hotspots. This vulnerability exposes users to data theft as well as access to their personal information on their devices. Because it affects nearly all software systems, including MS Windows, macOS, Apple iOS, Ubuntu, and Android, SSID Stripping has emerged as a serious concern. 

A user can see a connection that resembles the name of one of their trusted connections in an SSID Stripping attack, according to researchers. The catch is that the user must manually join the false network. The network, on the other hand, will get through the device's security restrictions since the original SSID name will be saved in the string the attacker has added, which the user won't be able to see on the screen. As a result, people will connect to the phoney AP.

“The SSID published by any AP in the proximity of a wireless client is processed by that client – regardless of whether there is any trust between the client device and the AP. Hence an attacker may attempt to include malicious payload within the SSID in an attempt to exploit a vulnerable client implementation,” researchers noted. 

They were able to create three different sorts of "display errors," as they call them. One of these entails adding a NULL byte into the SSID, which causes Apple devices to show just the portion of the name preceding this byte. To achieve the same effect on Windows machines, the attacker may utilize "new line" characters. 

Non-printable characters are used to represent the second sort of display error, which is more prevalent. Without notifying the user, an attacker may add unusual characters to the SSID's name. For example, instead of aireye_network, the attacker can show aireye_x1cnetwork, where x1c indicates a byte having a hex value of 0x1c. 

The third display error removes a section of the network name from the viewable region of the screen. In this case, an iPhone may show an SSID named aireye_networknnnnnnnnnnnrogue as aireye_network, eliminating the word rogue. This method, along with the second type of error, can successfully disguise the suffix of a rogue network name.

School Childrens' Personal Information on Dark Web: Potential Identity Theft

 

NBC News, an American broadcaster has published a report on the data theft of millions of school children and how it can set up a child for a lifetime of potential identity theft. The data includes medical condition, family financial status, Social Security numbers, and birth dates of school children.

According to the NBC report, threat actors posted the excel sheet titled “Basic student information”, maintained by one of the schools on the dark web after they refused to pay the ransom, as instructed by the FBI.

 “It lists students by name and includes entries for their date of birth, race, Social Security number, and gender, as well as whether they’re an immigrant, homeless, marked as economically disadvantaged, and if they’ve been flagged as potentially dyslexic,” states the NBC report. 

When NBC News contacted some of the targeted schools regarding the data leak, they were unaware of the problem. “I think it’s pretty clear right now they’re not paying enough attention to how to ensure that data is secure, and I think everyone is at wits’ end about what to do when it’s exposed. And I don’t think people have a good handle on how large that exposure is,” said Doug Levin, the director of the K12 Security Information Exchange, a nonprofit organization devoted to helping schools protect against cyberthreats. 

Worsening Situation 

The recent surge in ransomware attacks has aggravated the problem, as those hackers often release victims’ files on their websites if they refuse to pay the ransom. While the average person may not know where to find such sites, criminal hackers can find them easily. In 2021 only, hackers released data from more than 1,200 American K-12 schools, according to a tally provided to NBC News by Brett Callow, a ransomware analyst at the cybersecurity company Emsisoft. 

The situation is complicated by the fact that many schools are unaware of all the information that’s stored on all their computers, and therefore do not realize the extent of what hackers have stolen. When the Dallas-area Lancaster Independent School District was targeted in a ransomware attack in June, it notified parents but told them the school’s investigation “has not confirmed that there has been any impact to employee or student information,” Kimberly Simpson, the district’s chief of communications, said in an email. 

But the NBC News’ investigation uncovered the truth when it discovered the audit from 2018 that listed more than 6,000 students, organized by grade and school, as qualifying for free or reduced-price meals. When contacted for comment on the audit, Simpson did not respond. 

Another tactic employed by the attackers is to target a third party that holds students’ data. In May 2021, attackers published files they had stolen from the Apollo Career Center, a northwestern Ohio vocational school that was in the collaboration with 11 regional high schools. The leaked data included hundreds of high schoolers’ report cards from the last school year, all of which are currently visible on the dark web.

“We are aware of the incident and are investigating it. We are in the process of providing notifications to the students and other individuals whose information was involved and will complete the notifications as soon as possible,” Allison Overholt, a spokesperson for Apollo, said in an email. 

 Taking action 

American parents are quickly releasing that addressing these problems may fall to them. Due to the poor knowledge regarding the data stored on their computers, schools may not even know if they have been hacked or if those hackers have released students’ information on the dark web. Federal and state laws for student information often do not issue clear guidance for what to do if a school is hacked, Levin said. 

Eva Velasquez, the president of the nonprofit Identity Theft Resource Center, which helps victims of data theft, is advising parents to freeze their children’s credit to keep them safe from identity theft. “We should for all intents and purposes believe that for the most part, all of our data’s been compromised. We’ve been dealing with data breaches since 2005, and they are absolutely ubiquitous, and just because you didn’t receive a notice doesn’t mean it didn’t happen,” Velasquez said.

Freezing a child’s credit can often be time-consuming, and doing it effectively requires completing the process with all three major credit monitoring services, Experian, Equifax, and TransUnion. But it has become an essential step for digital safety, Velasquez said. 

“We encourage parents to freeze children’s’ credit. From an identity theft perspective, that is one of the most robust, proactive steps that a consumer can take to minimize the risk. And it applies to kids, and it’s free,” she concluded.

Private Details of 70M AT&T Users Offered For Sale on Underground Hacking Forum

 

A notorious hacking group, known as Shiny Hunters, is reportedly selling a database containing private details of 70 million AT&T customers. However, AT&T, an American telecommunication provider denied suffering from a data breach. 

Last week, ShinyHunters posted a sale for “AT&T database + 70M (SSN/DOB)” on RaidForums, a popular Darkweb marketplace. Threat actors set the bidding with a starting price of $200,000 and incremental offers of $30,000. Apart from this, there is also a flash sale where customers can buy the entire database for $1 million. 

"In the original post that we discovered on a hacker forum, the user posted a relatively small sample of the data. We examined the sample and it appears to be authentic based on available public records,” Sven Taylor of RestorePrivacy, who first reported the data breach, stated. 

ShinyHunters shared a sample subset of stolen data, name, contact numbers, physical addresses, social security numbers (SSN), and dates of birth. An anonymous security expert told BleepingComputer that two of the four people in the samples were identified users in the AT&T database. The hackers are also working on decrypting the data that they believe comprises customer accounts’ PINs.

"Based on our investigation today, the information that appeared in an internet chat room does not appear to have come from our systems," AT&T responded to the claims of ShinyHunters.

In a follow-up email to BleepingComputer, the telecom provider hedged over whether the data could have been stolen from a third party: “Given this information did not come from us, we can’t speculate on where it came from or whether it is valid,” the firm stated. 

In the past, ShinyHunters has targeted the likes of Microsoft, Mashable, Tokopedia, BigBasket, Nitro PDF, Pixlr, TeeSpring, Promo.com, Mathway, and droves of other small-to-mid-sized platforms. Its modus operandi is to steal credentials, API keys or buy large troves of data, then dump and sell it on underground platforms.

Earlier this month, a fellow Telecom provider, T-Mobile suffered a data breach that exposed the private details of tens of millions of its users. To address the issue, T-Mobile assured its users to provide free identity protection services.

Personal Information of 2,000 FOID Cardholders Compromised in ISP Website Breach

 

The Illinois State Police are notifying Firearm Owners Identification cardholders regarding a possible data breach after attackers attempted to breach the agency's Police FOID card portal.

According to ISP officials, the personal information of about 2,000 FOID cardholders, or about .0008% of the total number of FOID cardholders in the state, may have been compromised in the attempted hack. Those people will be contacted, the agency said in a news release.

“The software vendor determined that using previously stolen personal data to access existing accounts, unauthorized users may or may not have accessed additional “auto-populated” personal identifiers unique to that account and card such as the last four of a social security number. 2,067 FOID card holders, less than .0008 % of total cardholders, were possibly impacted by these attempts. In accordance with state law and out of an abundance of caution, all affected persons were sent a notice and issued a new card at no cost, according to the news release.

The ISP has strengthened its online security requirements and is limiting the use and access of personal information that FOID card applicants submit in their online FOID account that could match Illinois resident personal identification information unlawfully obtained from any number of previous cyber breaches. The personal information did not come from their systems and servers, ISP officials said after an investigation. 

The FOID website software vendor, working with ISP, recently determined unauthorized persons were attempting to use this type of previously unlawfully obtained personal information to match with and access existing FOID online account information to add further detail to their existing stolen data, the release read. 

The site is back online and is accepting applications. The residents who want to buy and own firearms and ammunition possess a Firearm Owners Identification card issued by Illinois State Police. For more than 18 months, the state has been delayed in processing applications for the required ID, with many waiting months, the agency said. 

“I’d rather there not be a database somewhere of gun owners and their addresses. It doesn’t take that much imagination to figure out how that information can be used in ways that increase the risk to those persons,” Cybersecurity consultant John Bambenek said while raising questions regarding cybersecurity.

Millions of Login Credentials Stolen By an 'Unnamed Malware'

 

Cybersecurity researchers from Nord Security have unearthed a new set of Trojan-type malware that has exploited over three million Windows computers and has stolen nearly 26 million login credentials for about a million websites. 

Nord Security researchers have grouped the websites into a dozen categories. These include email services, financial platforms, e-commerce platforms, file storage and sharing services, and social media platforms. In total, the report revealed that the unnamed malware succeeded in stealing about 1.2 terabytes of personal data including over a million unique email addresses, over two billion cookies, and more than six million other files.

There are millions of other details the threat actors were able to steal, according to the researchers. The researchers also discovered 6 million files from the victims’ download folders and desktops that were stolen from this unnamed malware. It also took screenshots of the infected systems and tried to take a picture of the victim using the device’s webcam. 

“For every malware that gets worldwide recognition and coverage, there are thousands of custom viruses made specifically for the buyer's needs. These are nameless pieces of malicious code that are compiled and sold on forums and private chats for as little as $100,” Nord Security, explained. 

During their analysis, Nord security researchers observed that each malware that gets worldwide attention has thousands of custom viruses designed specifically for the needs of the br. This is not helped by the fact that there are several nameless malicious codes easily sold on private chats and forums at very cheap amounts. 

“Antimalware software like antiviruses doesn’t fully protect our devices. Public Wi-Fi poses as much danger to our logins as malware does. In many cases, public Wi-Fi can have poorly configured firewalls that let hackers monitor your Wi-Fi connection,” Daniel Markuson, a digital security expert at NordVPN, Nord Security’s VPN service stated.

Hackers are now employing different attacking techniques to launch series of attacks on organizations and users. Last week, the REvil ransomware group targeted Kaseya VSA cloud-based solution and demanded $70 million as a price to unlock the systems encrypted during the supply-chain attack. The gang demanded the ransom of Bitcoin before releasing the tool that enables all affected businesses to recover their files.

Major Security Flaw Patched by Hyperkitty

 

Hyperkitty, a Django-based application responsible for providing a web interface for the popular open-source mailing list and newsletter management service Mailman, has patched a critical flaw that disclosed personal mailing lists while importing them.

Amir Sarabadani, a software engineer at Wikimedia Deutschland, identified the flaw while upgrading Wikimedia's mailing lists from Mailman 2 to Mailman 3.

“We were upgrading a test mailing list that was private but realized during the upgrade it was public. Once the upgrade was done, the list would become private. Private mailing lists can contain sensitive information, like publicly identifiable information,” Sarabadani stated. 

“When importing a private mailing lists archives, these archives are publicly visible for the duration of the import,” reads the security advisory on GitHub. This means a threat actor would be able to access the personal information of the users.

Security researchers marked the flaw in the critical list with a severity score of 7.5. The latest version of Hyperkitty has patched the flaw by obtaining privacy configurations of imported lists from Mailman instead of using default settings. According to the GitHub advisory, upgrades from older versions of Mailman to version three can last more than an hour. 

According to Sarabadani the impact of the flaw depends on the mailing list and how large it is. “Private mailing lists can contain sensitive information, like publicly identifiable information. If you communicated publicly that mailing lists are being upgraded [at] certain dates and times as a maintenance window (which you would usually), an attacker can use the opportunity to extract as much private data as possible, especially since Hyperkitty allows you to download all of the archives in batch.” Sarabadani further added.

“Don’t take security for granted. A new software being deployed in your infra, no matter how mature, can still have rather major security issues.”

The latest research revealed that nearly 41 percent of executives do not execute open-source governance in their organizations, a problematic figure considering that open-source components underpin vast sections of enterprise applications and networks. Security flaw in Hyperkitty caused the partially imported list to be marked as public regardless of its privacy setting in Mailman. 

Private Details Compromised After Cyber Attack on NSW Health

 

The New South Wales Ministry of Health (NSW Health) has confirmed that it was impacted by a cyberattack involving the Accellion file transfer system. The system was widely used to share and store files by organizations across the globe, including NSW Health. 

NSW Health has been working with NSW Police and Cyber Security NSW and to date, and so far, there is no evidence any of the information has been misused. Strike Force Martine has been set up to determine the impact on NSW government agencies that were caught up in the attack on Accellion.

It is estimated that some 100 organizations across the globe were affected by the Accellion hack, including global corporations, financial institutions, government departments, hospitals, and universities. Within this group, the company said that fewer than 25 appeared to have suffered significant data theft. 

"Following the NSW government's advice earlier this year around a worldwide cyber-attack that included NSW government agencies, NSW Health is notifying people whose data may have been accessed in the global Accellion cyber-attack. Different types of information, including identity information and in some cases, health-related personal information, were included in the attack," NSW Health spokesperson stated.

The local authorities said medical records in public hospitals were not stolen and the software involved is no longer in use by NSW Health.

 “A cyber incident help line has been set up to provide further information and support to those people NSW Health is contacting. If you are contacted by NSW Health, you will be given the cyber incident help line details; if you are not contacted by NSW Health, no action is required. The privacy of individuals is of the utmost importance to NSW Health, and we are making impacted people aware of the attack so that they can take appropriate precautions and access our support services," the spokesperson added. 

In April 2020, the NSW government suffered a cyberattack compromising the private records of 186,000 customers. After an investigation that lasted four months, Service NSW said it discovered that 738GB of data (over 3.8 million documents), was stolen from 47 staff email accounts. 

The Australian Securities and Investments Commission (ASIC) confirmed in January that one of its servers was breached in relation to Accellion software used by the agency to transfer files and attachments.

What Cybercriminals Do with Your Personal Information? Here's How to Defend

 

We all know that data breach is a major issue that can cause devastating damage to organizations and individuals, but have you ever wondered what happens to the data that is stolen during these incidents?

It depends on the importance of the stolen data and the attackers behind a data breach, and why they’ve stolen a certain type of data. For instance, when threat actors are motivated to embarrass a person or organization, expose perceived wrongdoing or improve cybersecurity, they tend to release relevant data into the public domain. 

To prove this, the attack on Sony Pictures Entertainment in 2014 is the biggest example for the readers. Attackers backed by North Korea stole Sony Pictures Entertainment employee data such as Social Security numbers, financial records, and salary information, as well as emails of top executives. The hackers then published the emails to embarrass the company, possibly in retribution for releasing a comedy about a plot to assassinate North Korea’s leader, Kim Jong Un.

According to Verizon’s annual data breach report, nearly 86% of data breaches are about money, and 55% are committed by organized criminal groups. Stolen data often ends up being sold online on the dark web. For example, in 2018 hackers offered for sale more than 200 million records containing the personal information of Chinese individuals. This included information on 130 million customers of the Chinese hotel chain Huazhu Hotels Group.

The most reliable and common way to pay for the transaction is with cryptocurrency or via Western Union. The price varies on the type of data, its demand, and its supply. For example, a big surplus of stolen personally identifiable information caused its price to drop from $4 for information about a person in 2014 to $1 in 2015. Email dumps containing anywhere from a hundred thousand to a couple of million email addresses go for $10, and voter databases from various states sell for $100.

What Hackers Do with Your Personal Info? 

The most obvious thing hackers do is steal your money—either directly by funneling it from a bank account or by creating new accounts under your name. They may use your credit card details to shop at Amazon or set up a Netflix account. They might also use your info to create a sham social media profile to fool your friends or have a fake driver’s license made.

While that’s scary, there are even more frightening things to worry about. In some cases, hackers may steal info like personnel files, bank records, and private photos for purposes of blackmail, extortion, or even espionage.

Lastly, some hackers may target you or your organization directly. Stolen info, such as an online alias where you share political commentary or an online dating profile, maybe shared to prank or embarrass you. In more nefarious cases, doxing—releasing personal information about your identity—could put you in danger. Imagine internet users sending you hate mail, calling your cell phone, or even showing up to your house over a post you made online about a particular view you hold.

Three easy steps to protect your data

(1). The first step is to find out if your information is being sold on the dark web. You can use websites such as haveibeenpwned and IntelligenceX to see whether your email was part of stolen data.

(2). Inform credit reporting agencies and other organizations that collect data about you, such as your health care provider, insurance company, banks, and credit card companies.

(3). To help you create strong passwords and remember them, consider using a password manager. Secondly, check whether your accounts offer multi-factor authentication (MFA). If yes, then use MFA.

India's Top 5 Banks Targeted in a Phishing Scam

 

The customers of State Bank of India (SBI), ICICI, HDFC, Axis Bank, and Punjab National Bank (PNB) have been alerted regarding a serious security vulnerability. Threat actors are trying to lure Indian users into revealing important private information using the mobile apps of the aforementioned banks. The report suggests that suspicious messages prompted users to submit an application for disbursement of the income tax refund. 

The threat actors are attaching a link with these texts that looks like an income tax e-filing web page. The suspicious links originate from the US and France without a domain name and are not linked with the Indian government, as per the revelation made in an investigation by New Delhi-based think tank CyberPeace Foundation along with cybersecurity services firm Autobot Infosec. 

Furthermore, the report claims that all IP addresses associated with the campaign belong to some third-party cloud hosting providers. The entire campaign uses the normal or plain HTTP protocol instead of the secure https. This means that anyone on the network or the internet can intercept traffic and obtain confidential information in normal text format to misuse against the victim.

How do threat actors exploit vulnerabilities?

Threat actors install malware in these banking apps and then lure the users in downloading an application from a third-party source instead of the Google Play Store. This application then asks the administrator to provide all rights and permit unnecessary use of the device. 

On opening the link http://204.44.124[.]160/ITR, users are redirected to a landing page, which looks similar to the official government income tax e-filing websites. Now, the users are asked to click on the 'green color' and proceed to the verification steps. Users are further asked to submit private information such as their full name, PAN number, Aadhaar number, address, PIN code, date of birth, mobile number, email address, gender, marital status, and banking. 

Apart from this, they are also asked to fill in information such as account number, IFSC code, card number, expiration date, CVV, and card PIN. All of this information is being finally transferred to the threat actors.

Personal Information of Nearly 1,30,000 Singtel Users' Stolen in a Data Breach

 

Singapore’s leading telecom company Singtel confirmed the exploitation of a third-party file-sharing system Accellion which led to a massive data breach that affected nearly 1,30,000 clients. Private information of clients including National Registration Identity Card numbers and a combination of names, dates of birth, contact numbers, and addresses have been stolen by the hackers. 

Singtel, an associate of Bharti Airtel completed its initial investigation into the data leak and discovered which files on the Accellion file sharing system were illegally accessed. Hackers also managed to steal the bank account details of 28 former Singtel employees and credit card details of 45 staff members of a corporate client with Singtel mobile lines, the company stated in a news release.

Singtel said “some information from 23 enterprises, including suppliers, partners, and corporate customers, was also stolen. The company has started notifying all affected individuals and enterprises to help them and their staff manage the possible risks involved and take appropriate follow-up action.”

Yuen Kuan Moon, CEO of Singtel’s Group said in a news release that we are extremely apologetic for the inconvenience to our loyal customers due to this data breach and assured that we are taking all the necessary steps to beef up the security and negate the potential threats.

CEO said “data privacy is paramount; we have disappointed our stakeholders and not met the standards we have set for ourselves. Given the complexity and sensitivity of our investigations, we are being as transparent as possible and providing information that is accurate to the best of our knowledge. We are doing our level best to keep our customers supported in mitigating the potential risks.”

Telecom company explained that a large part of the stolen data comprises internal information that is non-sensitive such as data logs, test data, reports, and emails. Threat actors targeted Accellion file transfer appliance (FTA); a third-party file-sharing system used by Singtel to exploit the vulnerabilities.

When the company was initially alerted to exploits against the system in December last year, Singtel ‘promptly applied’ a series of patches provided by Accellion to patch the vulnerabilities. On January 23, Accellion advised that a new flaw has emerged that rendered the earlier patches previously applied in December incapable. Since January 23, the FTA system has been kept offline.