Throughout 2024, a disturbing trend has emerged as hackers exploit Facebook ads to distribute fake Chrome extensions masquerading as legitimate password managers like Bitwarden. This sophisticated malvertising campaign preys on users’ fears of cyber threats and deceives them into downloading malicious software.

Hackers exploit Facebook ads to distribute fake Chrome extensions

Bitdefender Labs has closely followed these campaigns, revealing that the latest operation was launched on November 3, 2024. Targeting users aged 18 to 65 across Europe, the attackers create a sense of urgency by claiming that users must install a critical security update. By impersonating a trusted brand, they effectively leverage Facebook’s advertising platform to gain users’ trust.

The deceptive process begins when users encounter a Facebook ad that warns them their passwords are at risk. Clicking the ad directs them to a fraudulent webpage designed to mimic the official Chrome Web Store. However, instead of a safe download, users are redirected to a Google Drive link hosting a ZIP file containing the harmful extension. To install it, users must follow a detailed process that involves enabling Developer Mode on their browser and sideloading the extension, a method that circumvents standard security protocols.

How the fake Bitwarden extension operates

Once the malicious extension is installed, it requests extensive permissions allowing it to intercept and manipulate user activity online. As outlined in the extension’s manifest file, it operates across all websites and can access storage, cookies, and network requests. This provides hackers full access to sensitive information. For instance, the permissions include:

• contextMenus
• storage
• cookies
• tabs
• declarativeNetRequest

The extension’s background script initiates a series of harmful activities as soon as it is installed. It routinely checks for Facebook cookies and retrieves vital user data, including personal identifiers and payment information associated with Facebook ad accounts. The sensitivity of the stolen data can lead to severe repercussions, including identity theft and unauthorized access to financial accounts.

Hack Microsoft win $4 million with Zero Day Quest

The use of legitimate platforms like Facebook and Google Drive obscures the malware’s true nature. Security experts recommend several strategies to mitigate risks associated with this threat:

• Verify extension updates through official browser stores rather than clicking on ads.
• Exercise caution with sponsored ads, especially those that prompt immediate updates for security tools.
• Review extension permissions critically before installation.
• Utilize security features, such as disabling Developer Mode when not in use.
• Promptly report suspicious ads to social media platforms.
• Implement a reliable security solution that detects and blocks phishing attempts and unauthorized extensions.

Bitdefender offers a tool called Scamio, which helps users identify malicious content online. It assesses links, messages, and other digital interactions to highlight potential scams, giving users an extra layer of defense.

Featured image credit: Soumil Kumar/Unsplash

Cardano’s Lace Wallet isn’t just introducing a new security feature—it’s putting it to the ultimate test with a $1 million bug bounty challenge. Announced by Charles Hoskinson, CEO of Input Output (IO), during the Rare Evo blockchain event in Las Vegas, this challenge is designed to see if anyone can crack the security of Lace Wallet’s latest upgrade.

If you can hack it; You can keep it! 1 million dollars! https://t.co/TTtHocHHbs

— Charles Hoskinson (@IOHK_Charles) August 17, 2024

It will not be easy

The Lace Wallet now uses Pretty Good Privacy (PGP) encryption to protect its private keys. PGP is a strong encryption method that’s been trusted for years to keep information secure. This upgrade is a big deal for paper wallets, which are usually just printed pieces of paper with your keys on them—easy to use, but also easy to lose or steal.

In the Lace Wallet, both the public and private keys are shown as QR codes. The public key can be shared with anyone to receive payments, but the private key is encrypted with PGP, which means it’s locked up and can’t be used unless you have the right decryption key.

PGP is known for being secure, but this challenge will really test its strength. If nobody can break it, it will prove just how secure PGP is.

Let’s talk about how to get the $1 million bug bounty

The challenge is simple: if you can break the PGP encryption and access the private key of the Lace Wallet, you win $1 million in USDM stablecoin. Here’s how it works:

• The wallet: The Lace Wallet involved in this challenge is specially created for it. It has a public key and a private key, but the private key is protected by PGP encryption.
• The reward: The wallet currently holds an NFT (Non-Fungible Token). If someone manages to hack the wallet and get the private key, the NFT will be swapped out for $1 million in USDM stablecoin.
• Time frame: The challenge runs until the end of 2024, giving hackers plenty of time to try to break into the wallet.

This is a way for Cardano to show how confident they are in their security. By putting $1 million on the line, they’re saying they believe their encryption is tough enough to keep everyone out.

Bigger picture

The $1 million bug bounty challenge tied to Lace Wallet is more than just a test of security—it’s an experiment in combining traditional cryptographic methods with modern blockchain technology. By integrating PGP encryption into a paper wallet, the challenge invites the crypto community to explore new ways of securing digital assets.

This challenge is not just about the prize money; it’s about examining the effectiveness of PGP encryption in protecting sensitive information in the blockchain space. Whether or not the bounty is claimed, the outcome will contribute valuable insights into the future of crypto security and the role of encryption in safeguarding digital assets.

Featured image credit: Eray Eliaçık/Bing

On August 10, 2024, Donald Trump’s 2024 presidential campaign publicly confirmed that it had been hacked. The campaign has attributed the breach to Iranian cyber actors, following a report from Microsoft that highlighted increased Iranian online activity targeting U.S. political entities. This confirmation came after Politico reported receiving sensitive documents from the Trump campaign through an anonymous source.

Trump campaign hack explained

The Trump campaign hack was initially uncovered when Politico received anonymous emails containing internal documents from the Trump campaign. These documents included sensitive information about Trump’s vice-presidential nominee, Ohio Senator JD Vance, and other campaign materials. Here is a quick look at all:

• A comprehensive 271-page document that details the record and public statements of JD Vance, who was being considered for the vice-presidential nomination.
• Documents related to other potential candidates for the vice-presidential slot, such as Florida Senator Marco Rubio. These documents likely contain:
• Communications and discussions among campaign staff.
• Various legal documents related to the campaign.

The leaked Trump campaing documents encompass a broad range of materials from strategic and operational insights to sensitive personal and legal information. The Trump leak includes detailed research on the vice presidential nominee, internal communications, and legal documents, all of which represent a significant breach of campaign security and could have various implications for the ongoing presidential race.

Trump’s campaign confirmed the breach in a statement by spokesperson Steven Cheung. The campaign described the hack as a significant security incident, emphasizing that the documents were obtained illegally from foreign sources hostile to the U.S., specifically naming Iran. Cheung linked the hack to a Microsoft report indicating that Iranian hackers had targeted a high-ranking official within the U.S. presidential campaign through a phishing attack in June 2024. This attack coincided with the timing of Trump’s selection of his vice-presidential nominee.

The identity of the hacker and the full extent of the compromised information are still under investigation. The Trump campaign has not provided further details on the evidence supporting Iran’s involvement or any potential collaboration with Microsoft or law enforcement.

Be ready for more

Former officials and cybersecurity experts are warning that the recent hack of Donald Trump’s 2024 campaign could be the start of more cyberattacks leading up to the November elections. The Trump campaign hack, attributed to Iranian hackers, echoes the 2016 Russian attacks on Hillary Clinton’s campaign.

Featured image credit: Donald J. Trump

The Russia and US prisoner swap has shocked the cybersecurity world, leaving experts scratching their heads and keyboards clacking with speculation. The digital tango between two global giants has taken an unexpected turn.

In a plot worthy of a Hollywood blockbuster, the US released two Russian cybercriminals as part of a prisoner swap with Russia. This unprecedented move shocked the international community, especially in cybersecurity circles.

Russia and US prisoner swap is a conflict of interest

Russia and US prisoner swap took place in Türkiye, a country that both countries want to get closer to. The exchange took place in the capital Ankara and there were no security problems between Turkish, Russian and US officials.

On August 1, 2024, the largest prisoner exchange since the Cold War took place, releasing a total of twenty-six people. Russia and Belarus released 16 prisoners, while the United States, Germany, Poland, Slovenia, Slovenia, and Norway released a total of 8 prisoners and two children. Among those released are The Wall Street Journal reporter Evan Gershkovich and former US Marine Paul Whelan. Whelan was sentenced to 16 years in prison on espionage charges.

The Russia and US prisoner swap involved eight Russians, including two notorious hackers: Vladislav Klyushin and Roman Seleznev. Both men, now in their early 40s, were serving time in US prisons for their roles in elaborate cybercrime schemes. Their release highlights the deals and vested interests the US has in such cases.

The Russia and US prisoner swap has raised eyebrows among cybercrime experts. Klyushin was arrested in 2021 for his involvement in a sophisticated stock market hacking scheme. Meanwhile, Seleznev, apprehended in 2014, was known as one of the most infamous “carders” – hackers who specialize in credit card fraud. These cybercriminals were traded for American citizens held by Russia, including Wall Street Journal reporter Evan Gershkovich. This exchange illustrates the complex nature of international relations and the lengths countries will go to secure the release of their citizens.

It is known that the US released eight Russian prisoners as part of the deal. It is not clear how many US prisoners Russia has released in return. Among those freed are Wall Street Journal reporter Evan Gershkovich and former Marine Paul Whelan. But Marc Fogel, who has long been the subject of a US investigation, was not among those released. This suggests that the Russia and US prisoner swap is part of US efforts to free political prisoners held by the Kremlin.

Cracking the code of international cybercrime

Prosecuting international cybercrime cases is notoriously difficult. The Russian and US prisoner swap, as reported by NBC, brings this challenge into sharp focus. Cybersecurity experts point to several factors that make these cases difficult:

1. Proving a hacker’s identity and actions can be technically demanding.
2. Laws often lag behind the rapid evolution of cybercrime techniques.
3. Geopolitical tensions can hinder international cooperation in cybercrime investigations.

Todd Carroll, a retired FBI special agent and current chief information security officer at CybelAngel, emphasizes the complexity of these cases. He notes that the process involves not only international cooperation but also navigating extradition laws and legal filings across different jurisdictions.

What is a prisoner swap?

A prisoner swap is an agreement between two or more countries to exchange detainees or prisoners. Typically, these exchanges involve individuals held for political reasons, espionage, or other sensitive matters. The goal is to repatriate nationals to their home countries, often as a part of diplomatic negotiations. Such swaps can be complex and require extensive legal and political coordination.

Who is Paul Whelan?

Paul Whelan is a former U.S. Marine who was arrested in Russia in December 2018 and later convicted of espionage in June 2020. He was sentenced to 16 years in a Russian penal colony. The U.S. government has consistently maintained that Whelan is wrongfully detained and has called for his immediate release. His case remains a significant point of contention in U.S.-Russia relations.

He was arrested in Russia on December 28, 2018, and charged with espionage. On June 15, 2020, he was sentenced to 16 years in prison. He was released in Ankara on August 1, 2024, as part of a Russia and US prisoner swap. On August 1, 2024, Whelan was released along with Evan Gershkovich as part of a prisoner exchange at Ankara Esenboğa Airport. David Whelan issued a statement thanking the press for insisting on covering his brother’s story throughout his 2,043 days in captivity. He asked for some privacy for his brother and declared that his role as spokesperson was over.

Who is Marc Fogel?

Marc Fogel, a U.S. citizen and teacher, was detained in Russia in August 2021 for possessing medical marijuana, which he claimed was for medical purposes. He was later sentenced to a lengthy prison term under Russia’s strict drug laws. Fogel’s detention has drawn attention to the harsh penalties for drug offenses in Russia and has become another example of the complex nature of Russia and US prisoner swap issues.

Fogel is not part of the 2024 Russia and US prisoner swap, but negotiations for his release were ongoing, according to an American official. Fogel’s family expressed disappointment that Fogel was not included in the swap, implying that it was due to his lack of notoriety: “Marc has been unjustly detained for too long and should be a priority in any exchange negotiations with Russia, regardless of his reputation.”

On August 1, 2024, National Security Advisor Jake Sullivan announced that Fogel had been wrongfully detained, the first time a US official had done so.

The Russian connection

Russia and the US prisoner swap highlights the unique position of Russia and the US in cybercrime. The countries are known to be home to a thriving cybercrime ecosystem, but both countries’ constitutions prohibit the extradition of their citizens. This legal barrier has long frustrated Western law enforcement efforts to combat Russian-based cybercriminal activities.

U.S. authorities often resort to public indictments and sanctions against Russian hackers. However, arrests are only possible when these individuals travel to countries that cooperate with U.S. or allied law enforcement. Both Klyushin and Seleznev were apprehended under such circumstances – Klyushin in Switzerland and Seleznev in the Maldives.

The Russia and US prisoner swap has sparked debate about its potential impact on future cybercrime deterrence efforts. Philip Reiner, CEO of the Institute for Security and Technology, points out that Russia’s economy benefits from cybercriminal activities while the government maintains plausible deniability.

This unprecedented exchange raises questions about the balance between diplomatic negotiations and cybersecurity enforcement. As nations grapple with these complex issues, the cybersecurity community watches closely, wondering how this Russia and US prisoner swap might reshape the digital battleground of the future.

Featured image credit: Toa Heftiba / Unsplash

Disney hacked and became the latest high-profile victim of a significant cyberattack, allegedly perpetrated by the hacktivist group NullBulge. The Disney data breach reportedly exposed over 1.1 TiB (1.2 TB) of internal data, primarily sourced from the company’s Slack communications with the help of an inside man until he got “cold feet.”

Although there is no official confirmation yet, Disney’s unreleased projects, messages, raw images, and other sensitive data started to circulate on breach forums.

Disney hacked 2024: Inside the Disney leak

NullBulge announced their exploit on breach forums on July 12, 2024, claiming they had accessed and leaked extensive data from Disney’s internal Slack workspace. This workspace, heavily utilized by Disney’s development teams, contained thousands of channels filled with sensitive information, including:

• Messages: Conversations between employees discussing projects, plans, and proprietary information.
• Files: Various documents and media files shared internally.
• Unreleased projects: Details about projects that had not yet been publicly announced.
• Raw images and code: Source code and graphic assets in development stages.
• Credentials and internal links: Access information for internal APIs and web pages.

Here is a sample of what they allegedly have:

How did the Disney leak happen? You should probably ask it to Matthew J. Van Andel

“The exact details of how the Disney leak occurred have not been fully disclosed, as investigations are ongoing. The alleged hackers (NullBulge) stated on X (formerly Twitter) that they had compiled and leaked everything they could access, inviting the public to view Disney’s internal workings. According to NullBulge’s claims, they had an insider for the Disney hack, and they attempted to go deeper until their insider, Matthew J. Van Andel, decided to kick them out. According to his LinkedIn profile, he works as a build manager for The Walt Disney Company. There is no official information on whether he is really involved or not.

#DisneySlackLeak#Disney has had their entire dev slack dumped. 1.1TiB of files and chat messages. Anything we could get our hands on, we downloaded and packaged up. Want to see what goes on behind the doors? go grab it.https://t.co/saVx4lxgsy pic.twitter.com/FitM8hmOEE

— NullBulge (@NullBulgeGroup) July 12, 2024

It’s more than just a hack for NullBulge

NullBulge claims to advocate for artists’ rights, seeking fair compensation and recognition for creators and claim that the Disney leak happened for it. This mission resonates amid ongoing disputes at Disney, where figures like Neil Gaiman and Alan Dean Foster allege the company withholds royalties from artists, especially those involved in franchises like “Star Wars” and “Alien.”

Rumors suggest NullBulge might be linked to the LockBit ransomware gang, using tools associated with them for the Disney data breach.

Need a recap? Disney hacked by the hacktivist group NullBulge, which allegedly resulted in the exposure of extensive internal data. This Disney data breach, reportedly facilitated by an insider, leaked over 1.2 terabytes of sensitive information, including unreleased projects, internal communications from Slack, and raw images. The incident prompted Disney to investigate the breach’s scope and bolster its cybersecurity measures. Legal ramifications are expected, with concerns over data protection and corporate governance likely to be scrutinized.

Featured image credit: Eray Eliaçık/Bing

Recent revelations about the Twilio Authy data breach have once again thrust the firm into the spotlight of cybersecurity concerns. Following a major data breach in 2022 affecting numerous customers, the company faced a new challenge last week. Hackers, operating under the alias ShinyHunters, claimed to have accessed data from millions of Twilio users, including users of its widely-used Authy two-factor authentication app.

In 2022, the company experienced a bigger breach when hackers accessed data from over 100 Twilio customers. This breach led to a phishing campaign that resulted in the theft of approximately 10,000 employee credentials across 130 companies. During this incident, hackers targeted 93 individual Authy users, registering additional devices on those users’ accounts and stealing real two-factor codes. So, will the Twilio Authy data breach have similar consequences? Let’s understand the situation better first.

Twilio Authy data breach: What happened?

Last week, the cybersecurity landscape was shaken by the news that hackers, operating under the alias ShinyHunters, claimed to have stolen 33 million phone numbers from Twilio, a prominent U.S. messaging service. This breach was particularly concerning as it involved users of Authy, a widely-used two-factor authentication (2FA) app owned by Twilio.

On a popular hacking forum, ShinyHunters announced their successful hack of Twilio, claiming to have obtained the phone numbers of 33 million users. This claim was validated when Twilio confirmed the breach to TechCrunch, admitting that “threat actors” had accessed data associated with Authy accounts through an unauthenticated endpoint.

“Has detected that threat actors were able to identify data associated with Authy accounts, including phone numbers, due to an unauthenticated endpoint. We have taken action to secure this endpoint and no longer allow unauthenticated requests.”

We have seen no evidence that the threat actors obtained access to Twilio’s systems or other sensitive data. As a precaution, we are requesting all Authy users to update to the latest Android and iOS apps for the latest security updates and encourage all Authy users to stay diligent and have heightened awareness around phishing and smishing attacks,”

-Twilio spokesperson Kari Ramirez told TechCrunch

According to Ramirez, the company identified that threat actors had accessed data linked to Authy accounts due to an unsecured endpoint. He also emphasized that there was no evidence indicating that the hackers accessed Twilio’s broader systems or other sensitive data. As a precaution, Twilio advised all Authy users to update their Android and iOS apps to the latest versions, which include important security updates. They also urged users to remain vigilant against potential phishing and smishing attacks.

The official security alert for Twilio Authy data breach

Twilio issued an official security alert on their website, detailing the breach and the measures taken:

Security Alert: Update to the Authy Android (v25.1.0) and iOS App (v26.1.0)

Twilio has detected that threat actors were able to identify data associated with Authy accounts, including phone numbers, due to an unauthenticated endpoint. We have taken action to secure this endpoint and no longer allow unauthenticated requests.

We have seen no evidence that the threat actors obtained access to Twilio’s systems or other sensitive data. As a precaution, we are requesting that all Authy users update to the latest Android and iOS apps for the latest security updates. While Authy accounts are not compromised, threat actors may try to use the phone number associated with Authy accounts for phishing and smishing attacks; we encourage all Authy users to stay diligent and have heightened awareness around the texts they are receiving.

This latest update addresses bug fixes, which include security updates. Please click on the link to download the latest version:

• Android
• iOS

We know the security of our systems is an important part of earning and keeping your trust. We sincerely apologize that this happened. The Twilio Security Incident Response Team will post any updates here if there are any changes. If you have further questions, please reach out to your Technical Account Manager or our Support team.

Notice: If you cannot access your Authy account, we recommend you immediately contact Authy support. One of our specialists will respond to your request and work with you to get your Authy account back up and running again.

Latest data breaches: Roll20 data breach strikes a critical hit

Are we in danger?

While the exposure of phone numbers alone may not seem catastrophic, it can pose significant risks to the owners of those numbers. Hackers could use the stolen phone numbers to impersonate Authy or Twilio, making phishing attacks more convincing. By targeting known Authy users, attackers can craft more believable messages, increasing the likelihood of successful phishing attempts.

What should you do now?

In the wake of the Twilio Authy data breach, where the phone numbers of 33 million users were exposed, it’s crucial to take proactive steps to protect your personal information and mitigate potential risks. Here are key actions to consider:

• Update Authy apps: Ensure you have the latest versions of the Authy app installed on your Android or iOS devices to benefit from security fixes.
• Be vigilant against phishing and smishing: Verify the sender of any messages claiming to be from Authy or Twilio, look for signs of phishing, and avoid sharing sensitive information.
• Enable additional security measures: Use a password manager, enable two-factor authentication (2FA) on all accounts, and choose strong security questions.

• Monitor your accounts: Keep an eye on your bank and credit card statements for unauthorized transactions and consider using credit monitoring services.
• Contact support if necessary: If you suspect your Authy account has been compromised, contact Authy support immediately for assistance.
• Stay informed: Regularly check Twilio’s official communications for updates on the breach.

By taking these steps, you can significantly reduce the risks associated with the Twilio Authy data breach and protect your personal information.

The Twilio breach is a critical reminder of the ever-present threat of cyberattacks. It underscores the necessity for robust security measures and constant vigilance. Twilio’s prompt response to secure the compromised endpoint and their transparent communication with users are commendable steps. However, users must also play their part by updating their apps, remaining aware of potential phishing attacks, and maintaining overall cybersecurity hygiene.

Featured image credit: Eray Eliaçık/Bing

On June 3, 2024, Roll20 users received an unsettling email: the platform had suffered a data breach. Roll20, a digital platform for playing tabletop role-playing games such as Dungeons & Dragons, revealed that personal data had been compromised. The breached data included names, email addresses, last known IP addresses, and the last four digits of stored credit cards.

In this article, we’ll cover what happened, what data was exposed, and what steps you should take now to protect yourself. You want to see the email first? Here it is:

Roll20 data breach 2024: What we know so far

On June 3, 2024, Roll20 notified some of its users about a data breach. This incident has sparked considerable concern within the gaming community, particularly given Roll20’s previous experience with data breaches.  This breach is not Roll20’s first encounter with such issues. In 2018, the platform suffered a significant data breach affecting four million users. Similar types of personal data were compromised during that incident, raising ongoing concerns about the platform’s security measures.

The firm discovered the Roll20 data breach 2024 on June 29 at 6:30 PM when a compromised administrative account was detected. Recognizing the potential risk, the platform acted fast, blocking all access to the compromised account within an hour. An immediate investigation was launched to understand the extent and implications of the breach.

The Roll20 data breach 2024 investigation revealed that the unauthorized third party had gained access to Roll20’s administrative tools. This breach potentially exposed several types of personal information:

• First and last names: Basic identifying information of the users.
• Email addresses: The email addresses linked to user accounts.
• Last known IP addresses: The most recent IP addresses used by the affected accounts.
• Last four digits of credit cards: Only applicable if the user had stored payment information on the platform.

Importantly, the Roll20 data breach did not include users’ passwords or complete payment information, such as full credit card numbers or billing addresses.

Roll20 informed affected users via email, emphasizing that there was no current evidence suggesting misuse of the compromised data. In the email, Roll20 assured users that passwords and full payment details were secure. They provided a link to the Roll20 Help Center, where users could open a support ticket to view a detailed copy of the data specifically compromised in their case.

Roll20 advises: What you need to do now

In light of the Roll20 data breach 2024, the firm has advised users to:

• Monitor account activity: Regularly check for any unusual or suspicious activities on their accounts.
• Review compromised data: Use the support ticket system to understand the specific data affected.
• Change passwords and payment information: Consider updating passwords and payment methods as a precautionary measure.
• Be wary of phishing attempts: Be cautious of any unsolicited communications that could exploit the compromised information.

While no threat actor has claimed responsibility for this recent breach, Roll20 is likely to enhance its security protocols to prevent future incidents. The company’s fast action and transparency in handling the Roll20 data breach 2024 have been positive steps, but they highlight the necessity of robust cybersecurity measures.

Roll20 has been a crucial platform for gamers, especially during the COVID-19 pandemic, which saw a surge in its user base. As of March 2021, Roll20 boasted over eight million users worldwide.

Featured image generated by Eray Eliaçık/Bing

TeamViewer hacked news is in all the headlines today. The TeamViewer data breach, discovered within its internal corporate IT systems on June 26, 2024, started a panic on an industrial level. Because TeamViewer’s software is integral to remote access for millions worldwide, any breach raises critical concerns about data security and operational integrity. Let’s delve into the specifics of how the breach was detected, what measures TeamViewer is taking to mitigate the fallout, and what users and businesses can do to protect themselves in the wake of this cybersecurity incident.

Is TeamViewer hacked?

TeamViewer, known for its remote access software that allows users to control computers remotely, disclosed the breach through its Trust Center. The company emphasized that the TeamViewer hack occurred within its internal corporate IT environment, which is distinct from its product environment serving customers. This distinction is crucial because it suggests that while TeamViewer’s internal operations were compromised, there is no evidence to indicate a direct impact on the functionality of its remote access software or the security of customer data.

Upon detecting the irregularity, TeamViewer activated its response team and collaborated with global cybersecurity experts to initiate investigations and implement remediation measures. Howevere, the company’s decision to use a <meta name=”robots” content=”noindex”> tag on its security update page has sparked criticism for limiting the page’s discoverability, potentially hindering transparency efforts.

Meet the alleged threat actor: APT

Reports suggest that an Advanced Persistent Threat (APT) group may have carried out the TeamViewer data breach. While TeamViewer has not disclosed specific details about the identity or motives of the attackers, cybersecurity firm NCC Group issued an alert indicating a significant compromise of TeamViewer by an APT group. Such groups are typically associated with sophisticated cyber espionage activities, targeting valuable intellectual property, financial data, or other sensitive information.

What does the TeamViewer data breach mean?

While TeamViewer says the TeamViewer data breach didn’t touch the software that customers use, it’s still a big deal because TeamViewer is used by millions of people and businesses worldwide. It’s a reminder of how important it is for companies to keep their internal systems safe from hackers. However, according to TeamViewer, you don’t need to worry yet.

In response to the TeamViewer breach, alerts have been circulated by cybersecurity bodies such as the Dutch Digital Trust Center and Health-ISAC, highlighting concerns about potential exploitation of TeamViewer services by threat actors. TeamViewer is being transparent about the TeamViewer hack, but some are critical because their updates about the TeamViewer data breach aren’t easy to find on search engines.

What can you do now?

If you’re concerned about the TeamViewer data breach or cybersecurity in general, here are a few steps you can take:

• Update security measures: Ensure your antivirus software, firewalls, and any other security tools are up to date.
• Monitor accounts: Watch for any unusual activity on your TeamViewer or other remote access accounts.
• Enable two-factor authentication: If available, enable two-factor authentication (2FA) for added security.
• Educate employees: If you manage a business using remote access tools, educate your team about phishing scams and other security threats.
• Stay informed: Follow updates from TeamViewer and cybersecurity news sources for the latest developments and best practices.
• Review access logs: Regularly review access logs for any unauthorized or suspicious remote access attempts.

Taking these steps can help mitigate risks and enhance your cybersecurity posture in light of incidents like the TeamViewer hack.

Recap

TeamViewer detected a breach in its internal corporate IT network on June 26, 2024, unrelated to its customer-facing services. While the incident did not affect user data or software functionality, it prompted immediate response and collaboration with cybersecurity experts globally. Reports suggest involvement of an Advanced Persistent Threat (APT) group, raising industry concerns. TeamViewer faces scrutiny for using a <meta name=”robots” content=”noindex”> tag on its security updates page, potentially limiting transparency. Ongoing updates are available as investigations continue, advising users to maintain vigilance and follow cybersecurity protocols.

All images are generated by Eray Eliaçık/Bing

Neiman Marcus data breach is a major breach that puts the personal information of around 64,472 customers at risk.

The breach was confirmed by a Neiman Marcus spokesperson during an interview with The Cyber Express. The spokesperson explained, “Neiman Marcus Group (NMG) recently learned that an unauthorized party gained access to a cloud database platform used by NMG that is provided by a third party, Snowflake.” Upon discovering the breach, Neiman Marcus promptly controlled the situation by disabling access to the compromised platform.

The Neiman Marcus data breach: A detailed overview

In May 2024, luxury retailer Neiman Marcus experienced a significant data breach, exposing sensitive personal information of approximately 64,472 customers. The breach involved unauthorized access to a cloud database platform operated by Snowflake, a third-party service provider.

The investigation revealed that the Neiman Marcus data breach compromised various types of personal information. The specific data exposed included:

• Customer names
• Contact information (such as email addresses and phone numbers)
• Dates of birth
• Neiman Marcus and Bergdorf Goodman Gift Card Numbers (excluding gift card PINs)

The extent of compromised information varies by individual, but these data points are critical as they can be used in identity theft or targeted phishing attacks.

Actions taken by Neiman Marcus

Neiman Marcus responded to the breach with urgency and transparency:

• Containment: The company disabled access to the affected platform to prevent further unauthorized access.
• Investigation: Neiman Marcus initiated a comprehensive investigation with the help of leading cybersecurity experts to understand the scope and impact of the breach.
• Notification: The company notified law enforcement authorities and began informing affected customers in compliance with regulatory requirements. The Maine Attorney General’s office was among the notified authorities.
• Support for customers: Customers were advised to monitor their financial statements for any unusual activity. Neiman Marcus provided resources to assist those concerned about identity theft, including instructions on obtaining free credit reports, reporting fraud, and placing security freezes on credit files. Also, Neiman Marcus has established a dedicated toll-free hotline (1-885-889-2743) to assist affected customers with questions or concerns related to the data breach. This hotline is part of the company’s efforts to provide continuous support and transparency to those impacted.

What do you need to do now?

The first step is to check your bank and credit card statements regularly. Look for any charges you don’t recognize. If you find any unusual activity, contact your bank or credit card company right away. Keeping a close eye on your accounts helps you catch problems early and deal with them quickly.

You can get free credit reports from the major credit reporting agencies. It’s important to do this, especially after a data breach. Review these reports carefully to spot any new accounts or credit inquiries you didn’t make. Regularly checking your credit reports can help you find and address identity theft early on.

If you find anything suspicious, report it immediately. Contact local law enforcement and file a complaint with the Federal Trade Commission (FTC). Reporting these issues quickly helps authorities investigate and stop fraud. The FTC can also help you create a record of identity theft, which can be useful when resolving issues with creditors and financial institutions.

If you’re worried about identity theft, consider placing a security freeze on your credit files. A security freeze stops others from accessing your credit report, making it harder for identity thieves to open new accounts in your name. While you’ll need to lift the freeze when you want to apply for new credit, it offers strong protection. To do this, contact each of the major credit reporting agencies: Equifax, Experian, and TransUnion.

Stay updated on any new information about the data breach, and be cautious of scams. Neiman Marcus has set up a toll-free hotline to help affected customers with any questions or concerns. Use these resources to get support and guidance. Be wary of phishing attempts and other scams that might try to take advantage of the situation.

About Neiman Marcus

Neiman Marcus Group, Inc., headquartered in Dallas, Texas, oversees prestigious brands such as Neiman Marcus, Bergdorf Goodman, Horchow, and Last Call. Since September 2021, the company has been owned by a consortium of investment firms led by Davidson Kempner Capital Management, Sixth Street Partners, and Pacific Investment Management.

All images are generated by Eray Eliaçık/Bing

The Disney Club Penguin hack has become a focal point in recent discussions about the security of online game servers and the lengths to which fans will go to access their favorite game data.

Club Penguin, a popular multiplayer online game (MMO) that ran from 2005 to 2018, allowed players to engage in various activities within a virtual world. Created by New Horizon Interactive and later acquired by Disney, Club Penguin was officially shut down in 2017, with its successor, Club Penguin Island, following suit in 2018.

Despite this, the game continues to thrive on private servers maintained by dedicated fans and independent developers.

The Disney Club Penguin hack and its initial findings

This week, news broke about Club Penguin fans hacking into a Disney Confluence server to retrieve information about their beloved game. The hackers uploaded a link to “Internal Club Penguin PDFs” on the 4Chan message board, accompanied by a simple statement, “I no longer need these :)”.

The link shared on the Disney Club Penguin hack led to a 415 MB archive containing 137 PDFs, including emails, design schematics, documentation, and character sheets, all related to Club Penguin. BleepingComputer, a cybersecurity news outlet, reported that this data was at least seven years old, making it primarily interesting to fans of the game.

However, as BleepingComputer delved deeper into the Disney Club Penguin hack, it became apparent that the Club Penguin data was just a small part of a much larger breach. The hackers had inadvertently accessed and downloaded 2.5 GB of internal corporate data from Disney’s Confluence server, which stores documentation for various business, software, and IT projects.

This data included Disney‘s:

• Corporate strategies
• Advertising plans
• Internal developer tools
• Business projects
• Infrastructure details

and far beyond what the hackers initially sought.

Detailed findings from the hack

The extensive data stolen from Disney’s Confluence server included internal information on various initiatives and projects. According to an anonymous source, the breach occurred using previously exposed credentials. The hackers’ initial target was Club Penguin data, but they ended up with a broader range of sensitive information. This trove of data revealed details about internal developer tools like Helios and CommuniCore, which had not been publicly disclosed before.

CommuniCore is described as a high-performance asynchronous messaging library intended for use in distributed applications. Helios, on the other hand, is a show authoring and playback tool that enables Disney producers and authors to create interactive, non-linear experiences using real-world inputs from sensors in Disney parks.

Telegram combolists show that we are all hacked

The leaked documents also contained links to internal websites used by Disney developers, which could potentially be exploited by threat actors aiming to target the company.

Although the Club Penguin data is relatively old, some of the other stolen data is much newer, with documentation from 2024. The original Club Penguin PDFs shared on 4Chan were reportedly stolen weeks ago, but the broader Disney corporate data appeared to have been downloaded much sooner. One document contained the following text:

“Document generated by Confluence on Jun 01, 2024 21:59,”

Indicating the recency of the breach.

Backlash of Disney Club Penguin hack

The Disney Club Penguin hack underscores the persistent vulnerabilities in online platforms and the ongoing challenges in securing sensitive data. BleepingComputer reached out to Disney multiple times with information and questions about the breach, but the company has yet to respond. This silence leaves many questions unanswered regarding the extent of the breach, the potential impact on Disney’s operations, and the measures being taken to prevent future incidents.

The hack also highlights the dedication and determination of the Club Penguin fanbase. Despite the game’s official shutdown, the passion for Club Penguin endures, leading fans to seek out and preserve the game’s legacy through private servers and, in this case, unauthorized access to internal data.

As the story continues to unfold, it will be important to monitor the responses from Disney and the broader implications for online platform security and fan engagement.

Featured image credit: Club Penguin

AI platform Hugging Face has revealed that its Spaces platform was hacked, allowing cybercriminals to access members’ authentication secrets. Hugging Face Spaces is a repository where users can create and share AI apps for others to demo.

What’s behind the Hugging Face hack?

“Earlier this week our team detected unauthorized access to our Spaces platform, specifically related to Spaces secrets,” warned Hugging Face in a blog post. “As a consequence, we have suspicions that a subset of Spaces’ secrets could have been accessed without authorization.”

In response to the hack, Hugging Face has already revoked the compromised authentication tokens and notified the affected members via email. They recommend that all users of Hugging Face Spaces refresh their tokens and transition to fine-grained access tokens, which provide tighter control over who can access their AI models.

The company is collaborating with external cybersecurity experts to investigate the hack and has reported the incident to law enforcement and data protection agencies. Following the hack, Hugging Face has intensified its security measures over the past few days.

“Over the past few days, we have made other significant improvements to the security of the Spaces infrastructure, including completely removing org tokens (resulting in increased traceability and audit capabilities), implementing key management service (KMS) for Spaces secrets, robustifying and expanding our system’s ability to identify leaked tokens and proactively invalidate them, and more generally improving our security across the board. We also plan on completely deprecating “classic” read and write tokens in the near future, as soon as fine-grained access tokens reach feature parity. We will continue to investigate any possible related incident,” Hugging Face said

As Hugging Face gains more recognition, it has also attracted the attention of cybercriminals aiming to misuse the platform for harmful activities.

“We deeply regret the disruption this incident may have caused and understand the inconvenience it may have posed to you. We pledge to use this as an opportunity to strengthen the security of our entire infrastructure,” Hugging Face stated.

The Snowflake data breach is a tangled mess

About Hugging Face Spaces

Hugging Face Spaces is a platform that serves as a repository for AI applications created and shared by the community’s users. It allows developers to submit their AI models and apps, which can then be demoed and utilized by other members of the community. This collaborative environment encourages innovation and sharing of AI technologies, providing a space for users to explore and experiment with various AI solutions.

Image credits: Kerem Gülen/Midjourney

A troubling report has emerged that could impact millions of Ticketmaster customers worldwide. Rumors are circulating about a huge Ticketmaster data breach, potentially putting personal information at risk. As investigations continue, customers are left wondering how safe their data really is.

Ticketmaster data breach: Is Live Nation/Ticketmaster hacked?

Recently, alarming news emerged about a potential data breach at Ticketmaster and its parent company, Live Nation. The hacking group ShinyHunters claims to have accessed Ticketmaster’s systems and obtained 1.3 terabytes of sensitive customer information. They are now offering this data for sale for $500,000.

While Ticketmaster has yet to make an official announcement, the potential scale of this breach has sparked widespread concern.

Here’s what we know so far about the alleged Ticketmaster data breach:

• Nature of the Ticketmaster data breach: The alleged Ticketmaster hack involved unauthorized access to Ticketmaster’s systems by a hacker group known as ShinyHunters. This group claimed responsibility for the breach and stated that they had obtained 1.3 terabytes of customer data from Ticketmaster.
• Scope of the data compromised: The compromised data reportedly includes a wide range of personal information belonging to Ticketmaster customers. This information includes names, addresses, contact details (such as phone numbers and email addresses), credit card numbers, payment details, ticket orders, credit card expiration dates, and fraud information.
• Potential impact on customers: The Ticketmaster data breach has raised concerns about the potential misuse of the compromised data. Customers whose information was exposed in the breach are at risk of various forms of identity theft, financial fraud, and targeted phishing attacks. The sensitive nature of the stolen data makes affected individuals vulnerable to exploitation by cybercriminals.
• Hacker’s demands: ShinyHunters, the group behind the breach, has demanded a ransom of $US500,000 for the stolen data. They have offered to sell the information on the dark web, where it could potentially be purchased by other cybercriminals for illicit purposes.
• Response from authorities and experts: The alleged Ticketmaster data breach has prompted responses from various authorities and cybersecurity experts. The Department of Home Affairs has acknowledged the incident and is working with Ticketmaster to investigate its extent. Cybersecurity experts have emphasized the importance of vigilance and proactive measures to mitigate the risks associated with the alleged Ticketmaster data breach.

• Broader context and legal action: The Ticketmaster data breach occurs against the backdrop of increasing cybersecurity threats and concerns about data privacy. It also coincides with legal action taken by the US Department of Justice against Ticketmaster and its parent company, Live Nation, alleging illegal monopolistic practices in the live entertainment industry.

As investigations into the alleged Ticketmaster hack continue, the full extent of the breach and its ramifications remain unclear. Affected customers are urged to stay vigilant, monitor their financial accounts for suspicious activity, and adopt proactive measures to protect their personal information. The alleged Ticketmaster hack underscores the critical need for robust cybersecurity practices and greater transparency from corporations in safeguarding sensitive data.

We will provide updates as more information becomes available.

What to do now?

If you’re concerned about the potential Ticketmaster data breach, here are some steps you can take to protect yourself:

• Monitor your accounts: Regularly check your bank and credit card statements for any unusual activity. Report any suspicious transactions to your financial institution immediately.
• Change your passwords: Update your Ticketmaster account password and any other accounts that use the same or similar credentials. Use strong, unique passwords for each account.
• Enable multi-factor authentication (MFA): If you haven’t already, enable MFA on your Ticketmaster account and other important accounts. This adds an extra layer of security.
• Be wary of phishing attempts: Be cautious of emails, texts, or calls asking for personal information. Verify the sender’s identity before responding to any requests.

• Check your credit report: Regularly review your credit report for any new accounts or inquiries that you did not authorize. You can request a free credit report from major credit reporting agencies.
• Stay informed: Keep up with updates from Ticketmaster and cybersecurity news to stay informed about any new developments or recommended actions.

By taking these steps, you can help protect yourself from potential fallout from the alleged data breach and minimize the risk of identity theft and financial fraud.

Featured image credit: Eray Eliaçık/Bing

Recent news from the United States Department of Justice (DOJ) and FBI has uncovered something alarming: a sophisticated network of cyber operations coming from China. According to the US State Department, seven Chinese hackers behind this web. Now, they’re offering a whopping $10 million reward to anyone who can help catch them.

Want to find out how it works, who it affects, what’s being done to stop it, and who these hackers are? We’ve explained everything known so far about this cybersecurity threat.

Cracking the code

The Chinese hacking web, as revealed by recent disclosures from the United States Department of Justice (DOJ) and FBI, represents a sophisticated and extensive network of cyber operations orchestrated by Chinese nationals.

Here’s a detailed breakdown of its components and implications:

How it works

This cyber operation is not a one-time thing; it’s been going on for a long time, stretching over 14 years. It’s not just a few individuals working independently either; there’s evidence suggesting that the Chinese government might be involved or supporting these activities.

These hackers are sneaky. They use tricks like sending fake emails to trick people into giving away important information or downloading harmful files. Once they get in, they use advanced software to steal data or mess with computer systems. And they’re not just randomly targeting anyone – they go after specific people, like government officials, critics of China, and big business leaders.

Who gets hurt

Their reach isn’t limited to one place; they’ve targeted people all over the world. The damage they cause is serious. People’s personal information can be stolen, leading to identity theft or fraud. Businesses can lose valuable ideas and inventions, making it harder for them to compete globally. Sometimes, they even demand money from their victims to stop the attacks or to keep stolen information secret.

Why they do it

Governments and organizations are fighting back. They’re publicly naming and shaming the hackers, putting pressure on them to stop. The US State Department published names and photos of suspected attackers in a statement. The defendants are Ni Gaobin (倪高彬), 38; Weng Ming (翁明), 37; Cheng Feng (程锋), 34; Peng Yaowen (彭耀文), 38; Sun Xiaohui (孙小辉), 38; Xiong Wang (熊旺), 35; and Zhao Guangzong (赵光宗), 38. All are believed to reside in the PRC.

The seven individuals reportedly dispatched more than 10,000 “malicious emails, affecting thousands of victims worldwide,” according to the Justice Department, labeling it a “highly active global hacking campaign” supported by the Chinese government. The US State Department unveiled a bounty of up to $10 million (£8 million) for any leads on the whereabouts or identities of the seven individuals.

People are also stepping up their online security, using better passwords, and being careful about what they click on.

What’s being done

In response to these cyber threats, governments and organizations are implementing countermeasures such as:

• Public indictments: The public disclosure of indictments aims to identify and hold accountable those responsible for cyber attacks.
• Enhanced cybersecurity measures: Governments and businesses are bolstering their cybersecurity defenses, including implementing stronger authentication mechanisms, regularly updating software, and conducting comprehensive security assessments.

Future

The Chinese hacking web represents a sophisticated and pervasive cyber threat with far-reaching implications for individuals, businesses, and governments worldwide. Understanding its structure, tactics, and motives is crucial for developing effective countermeasures and safeguarding against future attacks.

Collaboration between nations, organizations, and cybersecurity experts is essential in combating this evolving threat landscape and ensuring a secure digital environment for all.

Featured image credit: Eray Eliaçık/Bing

Imagine a tool meant to keep your home safe actually making it more vulnerable. That’s the unsettling discovery made by Consumer Reports in their recent investigation into certain video doorbells.

The report highlights serious flaws in video doorbells from brands like Eken, Tuck, Fishbot, and Rakeblue, all of which use the Aiwit app for control. Shockingly, this app lacks a basic security feature called encryption, leaving the doorbells’ video feeds open to snooping from unauthorized people.

Aren’t we supposed to be safe?

What’s worse, it’s incredibly easy for anyone, even without technical know-how, to take control of these doorbells. Just by downloading the app and pairing it with their phone, someone could potentially spy on your home without you ever knowing.

Even if you get notified about unauthorized access, the doorbell doesn’t hide its serial number, allowing intruders to keep watching your home indefinitely.

Adding to the worry is the fact that these risky doorbells are sold under different names on major online stores like Amazon and Walmart. This means many people might unknowingly buy them, putting themselves at risk.

To make matters worse, these doorbells don’t even have the necessary identification numbers required by law, making their sale potentially illegal.

Consumer Reports urges consumers to be cautious when choosing smart home devices, do their research, and demand better security standards to protect their privacy and safety.

The Christian Horner messages leak controversy

What to do now?

If you currently own a video doorbell and are concerned about its security, here are some steps you can take:

• Update firmware and software: Check if there are any firmware or software updates available for your video doorbell. Manufacturers often release updates to address security vulnerabilities, so keeping your device up to date is essential.
• Change default passwords: If your video doorbell came with default login credentials, change them immediately. Using default passwords makes it easier for hackers to gain access to your device.

• Enable two-factor authentication (2FA): Many video doorbell apps offer two-factor authentication as an added layer of security. Enable this feature if available to prevent unauthorized access to your account.
• Review app permissions: Take a closer look at the permissions granted to the video doorbell app on your smartphone. Disable any unnecessary permissions that could potentially compromise your privacy.
• Consider disabling remote access: If you’re not frequently using the remote access feature of your video doorbell, consider disabling it altogether. This reduces the risk of unauthorized access to the device.
• Contact customer support: Reach out to the manufacturer’s customer support team to inquire about the security measures in place for your specific model of video doorbell. They may be able to provide further guidance or assurances regarding security.
• Consider replacement: If your video doorbell is among the models identified as having significant security vulnerabilities, you may want to consider replacing it with a more secure alternative from a reputable manufacturer.

Additionally, stay informed about any developments or security advisories related to your specific video doorbell model. Being proactive and taking appropriate precautions can help mitigate potential home security and privacy risks.

Image credits: Eray Eliaçık/Bing Image Creator

The gaming community buzzes with speculation about an alleged Epic Games hack. Mogilevich claims they’ve breached Epic’s defenses, potentially stealing personal data like emails and passwords, as well as important game code. Epic Games already started to investigate it, but the situation is not clear yet.

Did Epic Games hack?

There’s been a lot of talk about a possible Epic Games hack, the minds behind Fortnite. It’s being reported that a group called Mogilevich may have gotten their hands on a bunch of sensitive data, like emails, passwords, and even the code used to make Epic’s games.

The group asserted that they breached Epic Games’ servers, seizing 189GB of data. Beyond acquiring source code and an assortment of additional data, reports suggest that personal information was also compromised. Allegedly, any interested buyers, including Epic Games, purportedly have until March 4th to procure the pilfered data. However, it is not clear whether the Epic Games hack happened or not.

Mogilevich tells me they are selling the data for 15K and will not provide proof of the breach unless you are looking to purchase it and show "proof of funds."

Doesn't feel real. https://t.co/zTts0Zklfb

— Lawrence Abrams (@LawrenceAbrams) February 27, 2024

This is a big deal because it means that people’s personal info could be at risk, and the code that Epic uses to build their games might have been stolen too. If that code gets out, it could cause all sorts of problems for Epic and the people who play their games.

Epic Games has responded by saying they’re investigating it, but they haven’t found any solid evidence of a hack yet.

“We are investigating but there is currently zero evidence that these claims are legitimate. Mogilievich has not contacted Epic or provided any proof of the veracity of these allegations. When we saw these allegations, which were a screenshot of a darkweb webpage in a Tweet from a third party, we began investigating within minutes and reached out to Mogilevich for proof.”
– An Epic Games spokesperson said in a statement

For now, players are being told to be cautious and take steps like changing their passwords to protect themselves. It’s a reminder that in today’s digital world, we all need to be careful about our online security. Hopefully, Epic Games can get to the bottom of this and keep everyone’s information safe.

Disney x Epic Games: Disney’s $1.5 billion Fortnite bet

What can you do about the alleged Epic Games hack?

If you’re concerned about the alleged Epic Games hack, there are several steps you can take to protect yourself:

• Change your password: If you have an account with Epic Games, consider changing your password to a strong, unique one. This can help prevent unauthorized access to your account even if your login credentials were compromised.

• Enable two-factor authentication (2FA): 2FA adds an extra layer of security to your account by requiring a second form of verification, such as a code sent to your phone, in addition to your password. This can significantly reduce the risk of unauthorized access.
• Monitor your accounts: Keep an eye on your bank accounts and credit cards for any suspicious activity. If you notice any unauthorized charges or unusual transactions, report them to your financial institution immediately.
• Stay informed: Follow updates from Epic Games and reputable news sources for any official announcements or developments regarding the alleged hack. Being informed can help you take appropriate action to protect yourself.
• Be cautious online: Be wary of any emails, messages, or websites that seem suspicious or ask for personal information. Phishing attempts often increase following security breaches, so exercise caution when interacting online.
• Report suspicious activity: If you believe hackers have targeted you or have encountered any suspicious activity related to the alleged hack, report it to Epic Games and relevant authorities. They can investigate further and take appropriate action.

By taking these proactive measures, you can help safeguard your personal information and minimize the potential impact of the alleged Epic Games hack.

Who is Mogilevich?

The ransomware group known as Mogilevich burst onto the scene on February 20th with an attack on Infiniti USA, a Nissan subsidiary, claiming to have seized 22 gigabytes of sensitive data. Within days, they struck again, targeting Bazaarvoice, a global content firm. Their latest victims include Ireland’s Department of Foreign Affairs and gaming giant Epic Games.

The true motives and affiliations of the group remain unknown.

Featured image credit: Epic Games

VF Corp Hack was revealed today! In a recent revelation, VF Corp., the parent company behind iconic apparel brands like Vans, Supreme, and The North Face, has fallen prey to a significant cyberattack. The breach, which unfolded in December, cast a shadow over the personal data of 35.5 million customers, prompting VF Corp. to take swift action to address the incident. Here are all the VFC brands that might be affected by the breach:

• Vans
• The North Face
• Timberland
• Dickies
• Altra
• Eastpak
• icebreaker
• JanSport
• Kipling
• Napapijri
• Smartwool
• Supreme

From the company’s data breach disclosure to the potential involvement of ransomware and the subsequent claim by the ALPHV (BlackCat) hacking group, here are all the details known right now about the VFC data breach.

VF Corp hack: Details

VF Corp., the parent company of popular apparel brands such as Vans, Supreme, and The North Face, recently disclosed a cyberattack that occurred in December. The VF Corp Hack compromised the personal data belonging to 35.5 million customers. Here is a detailed breakdown of the VF Corp. hack:

• VFC data breach disclosure: VF Corp. reported the cyberattack to regulators and the public, emphasizing transparency in addressing the incident.
• Nature of the data compromised: The public disclosure did not specify the exact types of stolen personal data. It remains unclear whether the company has fully identified the scope of the compromised information.
• No retention of sensitive information: VF Corp. reassured customers that it does not retain sensitive information such as Social Security numbers, bank account details, or payment card information for its consumer businesses.
• Absence of password theft: The company stated that no evidence suggests that the hackers gained access to or stole customer passwords during the cyberattack.
• Operational disruption and ransomware: VF Corp. had previously acknowledged that the hackers disrupted its operations by encrypting some IT systems. This implies a potential ransomware attack, where cybercriminals encrypt a victim’s data and demand a ransom for its release.
• Claim by ALPHV (BlackCat) Gang: Subsequently, the hacking group known as ALPHV (or BlackCat) claimed credit for the cyberattack on VF Corp.
• Extent of impact on operations: At the time of the incident, VF Corp. reported experiencing operational disruptions and delays in order fulfillment due to the cyberattack.
• Post-incident status: In the latest filing, VF Corp. revealed that it has made significant progress in restoring the impacted IT systems and data. The company mentioned that it is still dealing with minor operational impacts but has successfully caught up on fulfilling orders that were delayed.
• Ongoing investigation: The company continues to investigate the cyberattack and its aftermath, working towards a comprehensive understanding of the incident.

VF Corp. encourages individuals with insider information about the cyberattack to come forward, promoting an open line of communication. The company aims to keep stakeholders informed about the situation.

It’s essential to note that cybersecurity incidents can evolve, and investigations may uncover additional details over time. For the latest and most accurate information, individuals are encouraged to follow official updates from VF Corp.

Naz API breach concerns 71 million emails, says Have I been Pwned

What to do now?

If you are a customer or stakeholder affected by the VF Corp hack, or if you’re simply interested in staying informed about the situation, here are some suggested steps:

Keep an eye on official updates from VF Corp. Follow their statements, press releases, or any communication channels they use to provide information about the cyberattack. This will ensure you have the latest and most accurate information.

If you are a customer of VF Corp. or have an account with any of their brands (such as Vans, Supreme, or The North Face), check your email or account notifications for any direct communication from the company regarding the breach. Companies often provide specific instructions or information for affected users.

If you have accounts with VF Corp. brands or used the same password elsewhere, consider updating your passwords to enhance security. Use strong, unique passwords for each account, and consider enabling two-factor authentication if available.

Although VF Corp. has stated that sensitive financial information was not compromised, it’s always a good practice to monitor your financial statements regularly. Be vigilant for unauthorized transactions and immediately report them to your financial institution.

Cybercriminals may try to take advantage of the situation by sending phishing emails or messages. Be cautious about clicking on links or downloading attachments from unknown sources. Verify the legitimacy of communications related to the cyberattack.

Familiarize yourself with VF Corp.’s privacy policies and how they handle data breaches. Understanding their procedures for handling such incidents can provide insights into their steps to protect users.

If you have specific questions or concerns, reach out to VF Corp.’s customer support or relevant support channels. They may be able to provide additional information or assistance based on your individual situation.

Remember that cybersecurity incidents can be fluid, and new information may emerge over time. Staying informed and taking proactive steps to secure your personal information are crucial during these situations.

Featured image credit: Queens/Unsplash

One such digital tempest hit social media platforms in early December 2023, with users frantically sharing ominous warnings that “Amazon hacked.” Allegedly, criminals had infiltrated the e-commerce giant, adding fake locker addresses to unsuspecting users’ accounts, leaving a trail of potential chaos in their wake. Here is what the Amazon hacked warning says:

“PSA: check your saved addresses on Amazon. Amazon got hacked and a lot of people (including me) have random “Amazon lockers” saved in their addresses – which are not actual lockers. If you do use Amazon lockers, be sure to verify that the locker you’re sending it to an actual locker.

Double check your order history and make sure there aren’t any orders you don’t recognize. And check your bank accounts to make sure your credit card on file is also not being used for unauthorized purchases.”

As the news rippled through the digital landscape, fear and uncertainty followed suit. However, amid the uproar, it becomes crucial to dissect the sensationalism from reality.

Is Amazon hacked news true?

The claim that “Amazon hacked” circulated as a viral rumor on social media, particularly on Facebook, in early December 2023. The rumor suggested that criminals had compromised Amazon user accounts by adding fake locker addresses labeled Amazon Locker, Amazon Hub Locker, Amazon Fresh, or Amazon Counter. According to the circulating posts, these fake addresses could potentially allow criminals to order products and have them delivered at the expense of innocent Amazon users.

Users were urged to check their saved addresses on Amazon, specifically looking for any unauthorized “Amazon lockers” in their accounts. The warning also advised users to double-check their order history for any unrecognized purchases and monitor their bank accounts for unauthorized credit card charges.

In response to the widespread concern, Amazon’s global media relations spokesperson, Montana MacLachlan, issued a statement denying any evidence of a security event at Amazon. The company asserted that its systems remained secure and encouraged customers with account-related questions to contact customer service.

“We have no evidence of a security event at Amazon and our systems remain secure. Customers who have questions about their account should contact customer service.”

-Montana MacLachlan, Amazon’s global media relations spokesperson to the Snopes

Upon investigation, it was discovered that misunderstandings may have fueled the panic. Screenshots shared by users claiming to have fake Amazon pickup addresses in their accounts turned out to be legitimate and trustworthy pickup locations. Some users had incorrectly labeled these addresses as “not actual lockers.”

While the viral rumor created a wave of concern, there was a lack of concrete evidence supporting the claim that criminals were exploiting these addresses for unauthorized purchases. The situation raised questions about the accuracy of Amazon’s system in automatically suggesting pickup alternatives, especially when users reported addresses from different U.S. states appearing in their accounts.

Despite the uncertainty surrounding the origin of the added addresses, Amazon advised users to remain vigilant about their digital security. The company recommended changing passwords regularly and enabling two-step verification for an additional layer of account protection.

In summary, the Amazon hacked news turned out to be a viral rumor with no substantial evidence of a security breach at Amazon. The situation highlighted the importance of discerning information on social media and maintaining good cybersecurity practices in the digital age.

Users seek justice with 23andMe data breach class-action lawsuit

Are you still hesitating?

If you’ve come across the news about the rumored Amazon hack and want to do something for your security, here are some steps you can consider taking to ensure the security of your Amazon account and personal information:

• Check your Amazon Account: Log in to your Amazon account and review your saved addresses. Look for any unfamiliar or suspicious addresses, especially those labeled as Amazon Locker, Amazon Hub Locker, Amazon Fresh, or Amazon Counter. Remove any addresses that you did not add or recognize.
• Review order history: Examine your order history for any purchases you don’t recognize. If you find any unauthorized orders, report them to Amazon immediately.
• Monitor bank statements: Check your bank or credit card statements for any unauthorized charges related to Amazon purchases. Report any suspicious transactions to your bank and follow their recommended procedures.
• Contact Amazon Customer Service: If you have concerns about your account security or if you find anything suspicious, reach out to Amazon Customer Service. Amazon’s customer service can provide assistance and guidance on securing your account.
• Enable two-step verification: Enhance the security of your Amazon account by enabling two-step verification. This additional layer of security typically involves receiving a code on your mobile device that you’ll need to enter along with your password when logging in.
• Change your password: Consider changing your Amazon password to a strong and unique one. Avoid using the same password across multiple online accounts.
• Stay informed: Keep an eye on official statements from Amazon regarding the alleged hack. Stay informed about security best practices and be cautious about sharing sensitive information online.
• Educate yourself: Understand the nature of online rumors and hoaxes. Verify information before reacting to social media posts, and rely on official statements from reputable sources.

Understand the nature of online rumors and hoaxes. Verify information before reacting to social media posts, and rely on official statements from reputable sources.

Remember that, according to Amazon’s official statement, there is no evidence of a security event at Amazon, and their systems remain secure. However, taking proactive steps to secure your account and personal information is always a good practice in the digital age. If you have specific concerns or questions, reaching out to Amazon’s customer service for personalized assistance is advisable.

Featured image credit: Nik/Unsplash

The Okta hack compromised many users’ data and information, and the company made an official announcement about the incident. Should you be worried? Let’s take a closer look at the incident.

Okta, a big cybersecurity company, shared some concerning news on Tuesday about a recent hack on its customer support system. The impact appears to be more extensive than the initial estimate, which stated that around 1% of Okta’s customers, roughly 184 clients, were affected.

Update: Okta revealed that hackers stole data for all customer support users in the cyber breach

Okta hack compromised users’ information

Okta, known for helping businesses with identity management, is now facing a larger security breach. The company initially believed the hack had a limited impact, but it turns out that a more significant number of users might be affected. This puts the security of these users at risk, and there’s a concern about potential attacks and phishing attempts. However, Okta clarified that customers in government or Department of Defense environments are not affected.

The news was first reported by Bloomberg and the media outlet managed to get an official announcement from a company’s spokesperson. The spokesperson confirmed the Okta hack and gave additional information about it. Here is their full statement to Bloomberg:

“We are working with a digital forensics firm to support our investigation and we will be sharing the report with customers upon completion,” the company said in its statement. “In addition, we will also notify individuals that have had their information downloaded.”

Fidelity National Financial data breach: All details

While Okta is a significant player in cybersecurity, this breach highlights the challenges in keeping user data safe. Okta’s role in managing employee sign-ons makes it an appealing target for hackers looking to exploit weaknesses for broader attacks.

Previous attacks on big names like MGM and Caesars demonstrated how hackers can use tactics like social engineering to target Okta platforms. These incidents resulted in substantial losses, including a large ransom payment. The history of such breaches emphasizes the seriousness of the current situation.

Okta’s shares dropped

The revelation about the Okta hack caused a drop in company’s shares. The company admitted that a stolen credential was used to access its support system. Further investigation showed that the number of affected clients and the amount of stolen data were higher than initially thought. Okta conducted an audit that led to revised findings, indicating the evolving nature of the situation.

Welltok data breach hits 8.5 million American citizens

The stolen data includes things like customer names, company names, and phone numbers. However, Okta assured users that most of the compromised information did not contain sensitive details. For the majority of affected customers, only names and email addresses were exposed.

How to defend yourself against hacks and data breaches

In light of the recent Okta hack, it’s crucial for individuals and businesses to take proactive steps to safeguard their information. Here are some practical tips to defend yourself against hacks and data breaches:

1. Update Passwords Regularly: Ensure that you regularly change passwords for your accounts and use strong, unique passwords for each account to minimize the risk of unauthorized access.
2. Enable Two-Factor Authentication (2FA): Add an extra layer of security by enabling 2FA wherever possible. This requires a second form of verification, such as a code sent to your phone, in addition to your password.
3. Stay Informed About Security Practices: Stay updated on the latest cybersecurity practices and follow recommended guidelines to secure your online presence.

Interestingly, a significant number of affected users are Okta administrators, says Bloomberg. As Okta gears up to report its earnings, there’s anticipation about the additional details that will be made public. This incident serves as a reminder of the ongoing challenges in keeping information safe in our digital world. Okta, like other cybersecurity companies, faces the ongoing task of staying ahead of evolving cyber threats and making sure user data remains secure.

Featured image credit: Fili Santillán/Unsplash

In the wake of the Mr. Cooper data breach, a major disruption has unfolded in the mortgage lending landscape, prompting concerns and questions from millions of customers.

One of the United States’ mortgage lending giants, Mr. Cooper, has found itself thrust into the spotlight due to a recent and alarming data breach. The breach forced the company to shut down crucial IT systems, including access to its online payment portal, leaving a trail of confusion and concern among the company’s millions of customers.

As the story unfolds, we delve into the details of this cybersecurity incident, exploring its impact and the steps taken in response. Join us on this journey through the world of cybersecurity, as we dissect the Mr. Cooper data breach and its implications in an increasingly digital age.

Mr. Cooper data breach

The Mr. Cooper data breach is a significant incident involving one of the largest mortgage lending companies in the United States. Here’s a detailed explanation of the data breach:

• Background on Mr. Cooper: Mr. Cooper, previously known as Nationstar Mortgage LLC, is a prominent mortgage lending company headquartered in Dallas, Texas. The company employs around 9,000 people and services approximately 4.1 million customers. It holds loans worth an impressive $937 billion, making it the largest servicer in the nation.
• The cyberattack discovery: The breach came to light when customers attempted to access Mr. Cooper’s website to make payments on their mortgages or loans. Instead of being able to log in as usual, they were met with a message indicating a “system/technical outage.” This sudden disruption left customers confused and concerned about the status of their financial obligations.
• Official confirmation of cyberattack: Following numerous customer inquiries and complaints, Mr. Cooper officially confirmed the cyberattack. In a notice posted on their website, they disclosed that on October 31, 2023, they determined the company had fallen victim to a cybersecurity incident. An unauthorized third party had gained access to certain technology systems within their infrastructure.
• Immediate response: In response to the breach, Mr. Cooper quickly initiated cybersecurity response protocols. These measures included deploying containment strategies to safeguard systems and data. As a precautionary measure, certain systems were also shut down to prevent further unauthorized access and potential data exfiltration.
• Ongoing investigation: Mr. Cooper is actively investigating the incident to determine the full scope and impact of the breach. At this stage, the company has not publicly confirmed whether the incident is a ransomware attack, but they acknowledge that the characteristics of the attack resemble one. This suggests the possibility that the cybercriminals may have stolen data with the intention of using it as leverage for a ransom demand.
• Customer impact: The breach has left Mr. Cooper customers unable to make their mortgage payments through the company’s online portal, as the systems have been temporarily shut down. Nevertheless, the company has provided assurance to its customers that they will not incur any fees, penalties, or negative credit reporting as a result of late payments during this system downtime.

Check out the latest data breaches: MemeChat data breach, Casio data breach, and 23andMe data breach

Given the nature of Mr. Cooper’s business, which involves handling highly sensitive financial information, customers should remain vigilant against potential phishing attacks and identity theft. The breach has the potential to expose customers’ personal and financial data, making it crucial for them to take proactive steps to protect their information.

If you think that you are among the affected customers or received a message about the manner, you may refer to the steps outlined in our Mr. Cooper data breach settlement writing.

Featured image credit: Mr. Cooper

What happens when even the fortress’s guardians face a breach? Let’s take a closer look at the Okta data breach and find out!

A recent incident sent ripples through the cybersecurity world. Imagine a threat actor gaining access to the vaults of a trusted identity and access management company. This is not science fiction; it’s a reality that unfolded in October 2023. In this exposé, we dive deep into the intricacies of the Okta data breach, unraveling its implications, origins, and concerted efforts to protect your digital identity. Strap in, for we’re about to embark on a journey through the intricate world of cyber threats and resilience.

Okta data breach unveiled

The Okta data breach is an incident that occurred when a threat actor gained unauthorized access to certain parts of Okta’s infrastructure, potentially compromising sensitive data. Okta is a well-known company specializing in identity and access management solutions, serving many organizations and businesses. This breach raised significant concerns due to the potential impact on the security and privacy of customer data.

Here is a detailed breakdown of the Okta data breach:

• Initial detection: The breach was initially detected by security experts at BeyondTrust, an identity management company. On October 2, 2023, BeyondTrust’s security team noticed an attempt to log into an in-house Okta administrator account using a stolen cookie from Okta’s support system. Here is the timeline according to BeyondTrust:
  • October 2, 2023 – Detected and remediated identity centric attack on an in-house Okta administrator account and alerted Okta
  • October 3, 2023 – Asked Okta support to escalate to Okta security team given initial forensics pointing to a compromise within Okta support organization
  • October 11, 2023 and October 13, 2023 – Held Zoom sessions with Okta security team to explain why we believed they might be compromised
  • October 19, 2023 – Okta security leadership confirmed they had an internal breach, and BeyondTrust was one of their affected customers.
• Delay in confirmation: BeyondTrust promptly informed Okta of their findings on the same day, but it took Okta more than two weeks to confirm the breach. During this time, BeyondTrust continued to escalate the issue within Okta.
• Support case management system compromised: The threat actor gained access to Okta’s support case management system, which is separate from the main Okta service. This system is used for managing customer support tickets and related data.
• Sensitive data exposed: While specific details about the exposed data were not disclosed, it is known that the breached system contained HTTP Archive (HAR) files. These files are used to record browser activity for troubleshooting purposes. They include sensitive data like cookies and session tokens, which are essential for maintaining user sessions. Threat actors could potentially misuse this information to impersonate users or hijack their accounts.
• Cloudflare involvement: Cloudflare, another prominent web infrastructure and security company, also detected malicious activity linked to the Okta breach on its servers. The attackers used an authentication token stolen from Okta’s support system to gain access to Cloudflare’s Okta instance, which had administrative privileges. However, Cloudflare’s security team acted swiftly to contain the threat, ensuring that no customer information or systems were impacted.
• Impact on customers: Okta has taken measures to notify customers whose environments or support tickets were impacted by the breach. If customers have not received an alert, their data remains secure. Okta has also advised customers to sanitize their HAR files before sharing them to prevent the exposure of sensitive credentials and tokens.
• Indicators of compromise: Okta shared a list of indicators of compromise observed during their investigation, including IP addresses and web browser User-Agent information linked to the attackers. This information can help organizations identify and respond to potential security threats.
• Previous incidents: It’s worth noting that Okta had experienced security incidents in the past. In January 2022, some customer data was exposed when the Lapsus$ data extortion group gained access to Okta’s administrative consoles. In August 2022, one-time passwords (OTPs) delivered to Okta customers over SMS were stolen by the Scatter Swine threat group, which breached cloud communications company Twilio.

This breach highlights the ongoing challenges and threats in the world of cybersecurity, emphasizing the need for robust security practices and measures. Okta and its partners have been actively working to address the situation and enhance their security to prevent such incidents in the future. The incident serves as a reminder of the importance of vigilance and prompt response in safeguarding sensitive data.

For more detailed information, click here.

With the 23andMe data breach, a massive database containing the genetic data of nearly a million individuals with Ashkenazi Jewish ancestry has surfaced on the dark web. The data was allegedly obtained from 23andMe, a popular genetic testing service that millions of people around the world have used to uncover their ancestry and health insights.

Imagine the very essence of who you are, stored in strings of DNA, exposed to the prying eyes of hackers, and potentially falling into the wrong hands. This is the unsettling reality faced by users of the renowned genetic testing service 23andMe. The 23andMe data breach has raised concerns about data security and privacy in an age when personal genetic information is becoming increasingly accessible. Here are the details.

23andMe data breach: Even your DNA is safe

In the 23andMe data breach, a database containing the genetic information of nearly one million individuals with Ashkenazi Jewish ancestry was discovered on the dark web. This database, titled “Ashkenazi DNA Data of Celebrities,” included personal details such as names, genders, and ancestral origins. While the title suggested celebrity data, most individuals in the database were ordinary users. The breach raised concerns about potential misuse of genetic data.

It’s important to note that 23andMe did not classify the breach as a traditional hack. Instead, they believed that hackers exploited vulnerabilities resulting from compromised passwords obtained from other data breaches. These hackers gained unauthorized access to 23andMe accounts and scraped information from individuals with Ashkenazi Jewish ancestry.

Here’s a detailed breakdown of the 23andMe data breach:

Discovery of the database

23andMe data breach came to light when a database titled “Ashkenazi DNA Data of Celebrities” began circulating on dark web forums. The database claimed to contain the personal information of 999,999 individuals who had used the genetic testing service 23andMe.

Despite the database’s title suggesting that it contained data on celebrities, it was primarily comprised of ordinary individuals, not public figures.

Contents of the database

The database included the following information for each individual:

• First and last name
• Gender
• 23andMe’s evaluation of their ancestral origins

Verification

NBC News, upon discovering the database, independently verified the authenticity of the data by cross-referencing it with two 23andMe users whose information appeared in the 23andMe data breach.

23andMe’s response

23andMe initiated an investigation into the incident. The company, in an official statement, did not classify the breach as a traditional hack. Instead, it suggested that hackers had exploited vulnerabilities stemming from compromised passwords obtained from previous breaches on other websites.

23andMe believed that the hackers gained access to accounts using stolen login credentials and then exploited the fact that 23andMe offers users extensive access to each other’s genetic information.

Potential for unauthorized access

The 23andMe data breach reportedly occurred when hackers gained unauthorized access to 23andMe accounts and scraped the information of individuals with Ashkenazi Jewish ancestry.

The company believes that these hackers reused passwords from other compromised accounts, thereby gaining access to the 23andMe accounts.

Ongoing investigation

23andMe continued its investigation into the incident, aiming to confirm the initial findings and understand the full scope of the breach.

The 23andMe experience

For the uninitiated, 23andMe offers genetic testing by analyzing DNA samples provided by users. It then categorizes users into various human populations, providing insights into their genetic ancestry. The leaked list appears to be a random selection of users with Ashkenazi Jewish ancestry ranking among their top three ancestral origins.

One feature, DNA Relatives, allows users to search for genetic matches among other account holders, even those who are distantly related. This feature, though valuable for genealogical research and connecting with relatives, can also be misused when hackers gain unauthorized access.

What to do now?

In response to the 23andMe data breach, the firm emphasizes its commitment to security and privacy. The company is actively investigating the matter and has not found any evidence to suggest that the breach originated within its systems.

To safeguard your genetic data and personal information, here are some recommended steps:

• Use strong and unique passwords: Ensure your 23andMe account has a robust password that is difficult to guess and not reused on other platforms.
• Enable Multi-Factor A(MFA): Activate MFA for an additional layer of security, preventing unauthorized access even with compromised passwords.
• Regularly review privacy and security settings: Take the time to review and update your privacy and security preferences on your 23andMe account.

You can contact 23andMe’s customer service at customercare@23andme.com if you need assistance.

It’s crucial to remember that protecting your genetic privacy is a shared responsibility between users and service providers. While 23andMe remains committed to enhancing its security measures, users must also take steps to fortify their online defenses.

In conclusion, the recent 23andMe data breach serves as a stark reminder of the importance of maintaining strong cybersecurity practices in an age where personal genetic information is at risk. By following these recommendations and staying vigilant, users can better protect their genetic privacy and personal data in an increasingly digital world.

For more information, click here.

Featured image credit: 23andMe

Estes Express Lines cyber attack makes headlines today. In the heart of America’s bustling logistics landscape, where every second counts, a quiet yet relentless battle rages on. On October 3rd, Estes Express Lines, a titan in the transportation industry, stood at the forefront of this cyber battleground, confirming that it had fallen prey to a relentless cyberattack. But amidst the digital turmoil, there was an unexpected twist – their trucks continued to crisscross the nation, delivering vital freight without missing a beat.

Join us as we delve into this remarkable tale of resilience, where a transportation giant refused to yield, even in the face of a relentless cyber siege.

Estes Express Lines cyber attack explained

The Estes Express Lines cyber attack was an incident in which the company’s information technology (IT) systems and infrastructure were targeted by malicious actors seeking unauthorized access or control over the company’s digital assets. Estes Express Lines confirmed the attack on October 3, although it likely began earlier, as is often the case with cyberattacks.

Here’s a breakdown of the key points related to the Estes Express Lines cyber attack:

• Initial discovery: The attack first came to light on October 2 when Estes Express Lines publicly acknowledged that they were experiencing issues with their core IT infrastructure. The company posted a message on a social media platform, which is now referred to as X, notifying their customers of the ongoing IT outage. They encouraged customers to contact their account managers for assistance, preferably through text messages.

pic.twitter.com/8GCRoqW0U2

— estesexpress (@estesexpress) October 3, 2023

• Nature of the attack: Specific details about the Estes Express Lines Cyber Attack, such as the type of attack (e.g., ransomware, data breach, or distributed denial-of-service attack), and the identity of the attackers were not disclosed by Estes Express Lines at the time of their statement. Cyberattacks can take various forms, and the specifics can vary widely.
• Operational continuity: Despite the IT infrastructure issues caused by the cyberattack, Estes Express Lines made it clear that their terminals and drivers were still actively engaged in picking up and delivering freight. This demonstrated the company’s commitment to minimizing disruptions in their services and ensuring that the flow of goods across North America remained relatively uninterrupted.
• Security measures: In response to the cyberattack, Estes Express Lines likely initiated comprehensive cybersecurity measures. These measures may include isolating affected systems, conducting forensic investigations to determine the extent of the breach, and implementing remediation measures to secure their IT infrastructure.
• Resilience and industry challenges: The incident underscores the increasing cybersecurity challenges faced by the transportation and logistics industry. Cyberattacks on companies within this sector can disrupt supply chains, delay deliveries, and potentially compromise sensitive customer and business data. Estes Express Lines’ ability to adapt and continue operations despite the cyberattack reflects the industry’s determination to overcome such challenges.
• Ongoing updates: The company assured its customers that they would provide updates as they worked to resolve the incident. Communication is essential during a cybersecurity incident, as it helps build trust with customers and partners and keeps them informed about the progress of the recovery efforts.

In summary, the Estes Express Lines cyber attack was a significant event that highlighted the critical role of IT systems in the logistics and transportation industry. While specific details about the attack were not disclosed, the company’s dedication to maintaining operations and its commitment to resolving the issue showcased resilience in the face of a cybersecurity challenge. Such incidents serve as a reminder of the importance of cybersecurity measures and preparedness in today’s digital business landscape.

Featured image credit: Estes Express/X

Johnson Controls ransomware attack is the topic of the day. Johnson Controls, a global industrial control systems leader, is battling the notorious Dark Angels hackers. The digital intruders have locked up the company’s data and are demanding an astonishing $51 million for its release.

This high-stakes cyber showdown has left Johnson Controls reeling, disrupting its daily operations. Worse, sensitive Department of Homeland Security (DHS) information may be on the line, raising national security concerns. Johnson Controls has almost one hundred thousand employees amongst its several divisions and affiliates (such as ADT, Tyco, York, SimplexGrinnell, and Ruskin).

In this article, we’ll break down what happened, the impact on Johnson Controls and national security, and the shadowy world of Dark Angels, a hacking group pushing the boundaries of cyber warfare.

Johnson Controls ransomware attack may cost $51 million

In a filing with the SEC on Wednesday, Johnson Controls International revealed that the business is dealing with the fallout from a cyber event that affected parts of its internal IT infrastructure and applications.

The Johnson Controls ransomware attack is a cyber incident where the prominent industrial control systems manufacturer, Johnson Controls, fell victim to a ransomware attack directed by a group known as Dark Angels. During the attack, the hackers infiltrated Johnson Controls’ IT systems, encrypted their data, and demanded a hefty ransom of $51 million for the decryption key and the promise to delete the stolen data.

The specific details of the data stolen during the Johnson Controls ransomware attack have not been publicly disclosed in great detail. However, it has been reported that the hackers claimed to have accessed approximately 27 terabytes of data. Of particular concern was the possibility that the stolen data might include sensitive information related to the Department of Homeland Security (DHS).

The reports suggested that the stolen data could potentially encompass security information tied to third-party contracts and floor plans of certain agency facilities. However, it’s important to note that the full extent of the stolen data and its contents may not have been fully disclosed to the public, and some details may remain confidential due to the ongoing investigation and the sensitive nature of the information involved.

In ransomware attacks, cybercriminals typically steal data from the victim’s systems before encrypting it, and they may threaten to release this data if their ransom demands are not met. This “double-extortion” tactic is intended to increase the pressure on the victim to pay the ransom, and Dark Angels heavily use this tactic.

Dark Angels unveiled

Dark Angels burst onto the scene in May 2022, targeting organizations worldwide. Their modus operandi involves breaching corporate networks, stealing data, and deploying ransomware. They’ve gained notoriety for their use of double-extortion tactics, threatening to leak stolen data if ransoms aren’t paid.

While Dark Angels initially employed Windows and VMware ESXi encryptors, the Linux encryptor used in the Johnson Controls attack has been traced back to the Ragnar Locker ransomware, which has been active since 2021.

In April 2023, Dark Angels unveiled ‘Dunghill Leaks,’ a data leak site designed to exert further pressure on their victims by exposing sensitive information if ransoms remain unpaid.

Johnson Controls

With headquarters in Cork, Ireland, Johnson Controls International is a worldwide business that manufactures fire, Ventilation, and security systems for commercial and residential properties. It has 105,000 employees by the middle of 2019 spread over about 2,000 sites on six continents.

Conclusion

In the wake of the Johnson Controls ransomware attack, we find ourselves at the crossroads of cyber warfare and corporate resilience. The audacity of Dark Angels’ digital siege reminds us that even industry titans can be brought to their knees by the relentless evolution of cyber threats.

The staggering $51 million ransom demand looms like a shadow over Johnson Controls, as the company grapples not only with the immediate consequences of the attack but also the potential long-term repercussions. The very real prospect of sensitive Department of Homeland Security data falling into the wrong hands adds a layer of urgency to an already complex situation.

As the cybersecurity community watches closely, it’s important to consider the potential ramifications beyond decryption keys and data loss. In the event of a data breach involving sensitive government information, hefty fines and legal repercussions could follow. The Department of Homeland Security, like other government entities, takes data breaches seriously, and the fallout from such an incident could be extensive.

In the end, the Johnson Controls ransomware attack serves as a stark reminder that no entity is immune to the evolving tactics of cyber adversaries. It underscores the critical importance of robust cybersecurity measures and rapid response strategies in our interconnected world.

As we navigate these digital waters, one thing remains clear: the battle against cyber threats is an ongoing and ever-adaptive struggle, where vigilance, preparedness, and resilience are the keys to emerging unscathed from the shadows cast by those who seek to exploit our digital vulnerabilities.

Featured image credit: Michael Geiger/Unsplash

• Quick take: The Mixin hack, which occurred in Hong Kong, resulted in a cybercriminals stealing approximately $200 million from the crypto firm.
• Core insight: The hack led to a significant loss of funds, making it the most significant crypto pilferage of 2023, surpassing previous incidents.
• What’s next: This case highlights the ongoing challenges in digital security, emphasizing the need for stronger cybersecurity measures across various industries.

The Mixin hack occurred as the crypto firm, based in Hong Kong, disclosed on Sunday, suffering a security breach that led to approximately $200 million being stolen by cybercriminals.

The Mixin hack incident is officialy confirmed

“In the early morning of September 23, 2023 Hong Kong time, the database of Mixin Network’s cloud service provider was attacked by hackers, resulting in the loss of some assets. Deposit and withdrawal services on Mixin Network have been temporarily suspended. After discussion and consensus among all nodes, these services will be reopened once the vulnerabilities are confirmed and fixed.”

–Mixin

The company has reached out to Google and the crypto security specialists at SlowMist to assist in probing the Mixin hack.

Mixin characterizes its offering as an “open and transparent decentralized ledger, which is collectively booked and maintained by 35 mainnet nodes.” Essentially, the Mixin Network serves as a decentralized trading platform and a cross-blockchain system, facilitating users in the transference of digital assets.

Amid the circumstances, the specifics of how the Mixin hack allowed culprits to drain funds from the company’s cloud database remain nebulous, especially considering the decentralized nature of Mixin. Google’s representative, Melanie Lombardi, communicated to TechCrunch, revealing, “Mandiant is a cyber incident response firm that was acquired by Google last year.”

For context, Mandiant, known for their prowess in cyber incident management, became a part of Google’s umbrella the previous year. Both Mixin and SlowMist have yet to comment on the situation.

Mixin assured its user base that they intend to unveil a “solution” concerning the misappropriated assets, the details of which are yet to be disclosed.

Rekt, a body that catalogs compromised crypto entities and ventures, denotes the Mixin hack as 2023’s most significant crypto pilferage. This surpasses the prior record held by Euler, a digital lending platform that underwent an attack, suffering a staggering loss of approximately $197 million earlier in March.

Hacks never stop

2023 has proven to be a tumultuous year for digital security, with a myriad of high-profile companies falling victim to cyber-attacks and data breaches. Notable names such as Twitter, Sony, Dymocks, MGM, and Rollbar have been on the receiving end of such breaches.

Other significant entities like Nookazon, Forever 21, Duolingo, Discord.io, LifeLabs, PSNI, Maximus, Oregon DMV, and CoWIN have not been immune either, emphasizing the importance and urgency for strengthened cybersecurity measures.

Incidents such as the Mixin hack serve as stark reminders of the paramount importance of robust security measures. Here are some personal measures you can adopt to safeguard yourself:

• Ensure all your devices and software are updated regularly. Cyber attackers often exploit vulnerabilities in outdated systems.
• Whenever possible, enable two-factor authentication (2FA) for your online accounts. This adds an extra layer of security by requiring two forms of verification.
• Avoid using easily guessable passwords like “123456” or “password.” Instead, opt for complex combinations of letters, numbers, and symbols. Consider using a password manager to keep track of your passwords.
• Always double-check the URLs before entering personal information. Be skeptical of unsolicited communications asking for your credentials or personal details.
• Always ensure your Wi-Fi connection is secure. Avoid using public Wi-Fi for transactions or accessing personal accounts.
• Regularly back up your data. In case of a security breach, you won’t lose your valuable information.
• Be wary of sharing personal information on social media or other platforms, as hackers can use this to their advantage.
• Stay informed about the latest in cybersecurity threats and how to protect yourself against them.
• Consider using a Virtual Private Network (VPN) to encrypt your internet connection and hide your IP address.
• Always log out of accounts when you’re done, especially on public devices.

Featured image credit: Kerem Gülen/Midjourney

Is PlayStation hacked? That is what most of the news site says. Let’s take a deeper look at the Sony hack 2023 and tell you if your information is in danger or in good hands!

A new player has emerged on the dark web, claiming to have breached the formidable defenses of Sony’s gaming empire. Is that really true, though? This latest intrusion comes in the form of a ransomware attack, signaling a troubling development in the ongoing battle to safeguard sensitive digital assets.

Latest from the Sony data breach 2023: Even Sony doesn’t know whether they have been breached or not for now, but the investigation started

Sony Hack 2023: PlayStation hacked

On September 25, we received word through Australian cybersecurity publication Cyber Security Connect that Sony found itself in the crosshairs of a relatively new group known as Ransomed.vc. This group, despite its recent inception in September, has raised eyebrows due to its suspected connections with previous dark web forums and hacking collectives.

According to the report, the breach exposed a treasure trove of Sony’s internal data. Screenshots of Sony’s internal login page, an internal PowerPoint presentation divulging test bench details, numerous Java files, and a document repository containing over 6,000 files were laid bare.

“We have successfully compromissed [sic] all of sony systems. We won’t ransom them! we will sell the data. due to sony not wanting to pay. DATA IS FOR SALE. WE ARE SELLING IT,” the group said.

Among these files lies a wealth of documentation, including mysterious “build log files,” a multitude of Java resources, and HTML data, with many documents penned in Japanese. The motive behind this breach remains shrouded in uncertainty, as Ransomed.vc has yet to disclose its asking price for the pilfered data. However, the group did provide Sony with contact details and set a “post date” for September 28, hinting at a potential data dump.

The vx-underground X account, which has been analyzing malware source codes for years, shared the following about the case:

Because nerds keep asking us about alleged Sony ransomware incident

tl;dr Threat Actors did not deploy ransomware, no corporate data was stolen, services not impacted. Data was exfiltrated from Jenkins, SVN, SonarQube, and Creator Cloud Development. They're extorting Sony

— vx-underground (@vxunderground) September 25, 2023

Sony PlayStation data breach 2023

What makes this intrusion intriguing is Ransomed.vc’s dual identity as a ransomware operator and a ransomware-as-a-service organization. Not only does the group carry out high-profile hacks on major corporations, but it also reportedly collaborates with the European Union’s General Data Protection and Regulation (GDPR) framework and other data privacy laws to identify vulnerabilities in company systems and instances of legal non-compliance. As Cyber Security Connect reports, this leveraging of legal mechanisms may be a method to coerce victims into compliance, casting a shadow of uncertainty over the future of cybersecurity.

Sony, for its part, has remained tight-lipped regarding the breach and the extent of Ransomed.vc’s impact on the company’s operations. While the scale of this breach may not immediately evoke memories of the massive 2011 PlayStation Network hack, where 77 million registered accounts were compromised, it serves as a stark reminder that a breach, no matter the size, is a serious matter. With this latest threat looming, the hope is that Sony can swiftly reinforce its defenses to safeguard its digital empire.

PlayStation hacked, and not for the first time

Sony’s run-in with Ransomed.vc isn’t a one-time thing. It brings back memories of a similar problem they had in 2011 when their PlayStation Network (PSN) got attacked. Back then, things were much worse. Around 77 million user accounts were compromised, and it paralyzed the online part of PlayStation. Sony had to explain themselves to the U.S. Congress and spend years giving out free games and money to make things right.

Comparatively, this recent breach with Ransomed.vc seems smaller, involving less than 6,000 files. But it’s essential to remember that any breach is a big deal. Sony needs to be on high alert in today’s ever-changing digital world.

Is PlayStation hacked? If you haven’t read the article an adjust scrolled down, bad news: yes, the Sony hack 2023 is believed to be real.

Who is Ransomed.vc?

According to Techbriefly, Ransomed.vc serves as both a ransomware operator and a provider of ransomware as a service. In their advertising, they describe themselves as a “secure solution for addressing data security vulnerabilities within companies” and place a strong emphasis on adhering to GDPR and data privacy laws. They promise to report any violations of the GDPR to the agency and have a firm position against non-payment.

Featured image credit: Triyansh Gill/Unsplash

In the ever-evolving landscape of cybersecurity threats, a chilling new method has emerged that poses a significant risk to data security and user privacy. Researchers from prominent British universities have uncovered a groundbreaking hack that utilizes keystrokes’ voices, exploiting the power of deep learning to steal sensitive information.

This method showcases the alarming potential of modern technology to breach even the most robust security measures.

Your mic puts you at risk of hacks with 95% accuracy

In a groundbreaking study reported by Bleeping Computer, a team of researchers hailing from British universities has unveiled a startling new threat: acoustic hack. By harnessing the capabilities of deep learning models, these researchers have demonstrated the ability to steal data from keyboard keystrokes recorded through a microphone with an astounding accuracy of 95%. This technique represents a concerning advancement in cyberattacks, showcasing the ever-growing sophistication of hacking methods.

Interestingly, when the researchers utilized Zoom for training their sound classification algorithm, the prediction accuracy only dipped slightly to 93%. While still alarmingly high, this lower accuracy on Zoom demonstrates the versatility and potency of this attack method across various communication platforms. This finding underscores the need for heightened awareness and vigilance regarding data security, particularly in the era of remote work and virtual meetings.

How does it work?

The attack begins by recording the victim’s keystrokes so that a prediction algorithm can be trained. This may be done with the use of a nearby microphone or by using malware that gains access to the microphone on the target’s phone.

Another method involves secretly capturing the target’s keystrokes during a Zoom conversation and then cross-referencing those with the target’s voicemails to deduce what the target was saying.

The researchers recorded the sounds made by tapping each of 36 keys on a new MacBook Pro 25 times to use as training data.

The recordings were then processed in a certain way to enhance the signals that may be utilized for detecting keystrokes, and the resulting waveforms and spectrograms were used to depict the distinguishable changes between each key visually.

Training the image classifier ‘CoAtNet,’ using spectrogram images, took some trial and error with epoch, learning rate, and data splitting parameters to find the sweet spot that yielded the highest prediction accuracy.

The researchers conducted their tests with an iPhone 13 mini situated 17cm away from the target, Zoom, and the identical laptop whose keyboard has been used in all Apple computers for the previous two years.

The smartphone recordings gave the CoANet classifier an accuracy of 95%, while the Zoom recordings gave it an accuracy of 93%. Skype’s results were less impressive but still useable, at 91.7%.

For detailed information, click here.

Is a new hack trend starting?

What sets the keystrokes voices hack apart from other cyber threats is its reliance on acoustic attacks. Unlike traditional side-channel attacks that often require specific conditions and are subject to data rate and distance limitations, acoustic attacks have become increasingly simple due to the widespread availability of microphone-bearing devices capable of capturing high-quality audio. This accessibility, combined with the rapid advancements in machine learning, has significantly elevated the potential of sound-based side-channel attacks, rendering them far more dangerous than previously anticipated.

This novel attack method strikes at the heart of data security, potentially compromising sensitive information that users may assume is protected. The keystrokes voices hack has the capability to leak passwords, discussions, messages, and other confidential data to malicious third parties, opening the door to a plethora of privacy breaches and security compromises.

The urgent call for vigilance

As technology continues to evolve at an unprecedented pace, it is imperative that individuals, organizations, and technology providers remain vigilant in safeguarding against emerging cyber threats. The keystrokes voices hack serves as a poignant reminder that innovation in the digital realm cuts both ways – it can empower us but also expose us to unprecedented risks.

To defend against such attacks, stringent measures must be put in place. These include regular software updates, employing robust encryption methods, and implementing multi-factor authentication. However, the only way to prevent these kinds of future acoustic hacks is not to talk to anyone with a mic online.

Furthermore, awareness campaigns and cybersecurity training can empower individuals to recognize and respond effectively to potential threats.

Conclusion

The discovery of the keystrokes voices hack by British researchers shines a spotlight on the ever-evolving nature of cybersecurity threats. This method’s ability to extract sensitive data using sound-based side-channel attacks serves as a stark reminder of the importance of staying ahead of cybercriminals by adopting proactive measures to secure our digital lives.

As technology continues to advance, the battle for data security intensifies, requiring collaborative efforts from individuals, organizations, and the cybersecurity community as a whole. Only through vigilance, education, and innovation can we hope to safeguard our digital landscape from these emerging threats.

Featured image credit: Dries Augustyns/Unsplash 

T-Mobile data breach 2023 title made the headlines again. T-Mobile has been suffering from data breaches since 2018, and this time 37 million accounts were affected. T-Mobile revealed the hack on Thursday, saying that the unauthorized API access by the attacker dates back to November 25, 2022. One of its Application Programming Interfaces was compromised, allowing the attack to take place (APIs). Application programming interfaces (APIs) facilitate interaction between programs and computers.

In the T-Mobile data breach that occurred on August 16th, 2021, the personal information of about 77 million customers was compromised and settled after that. $350 million T-Mobile Data Breach Settlement represents US history’s second-largest payment for a data breach, and the company could make a list again with a new big deal.

T-Mobile data breach 2023: Could the breach result in a new multi-million dollar lawsuit?

T-Mobile said Thursday that the data breach occurred on November 25, 2022, and that the attacker had been using the vulnerable API since then. On January 6, 2023, the company promptly terminated the criminal’s access to the API after discovering the breach. Information such as “name, billing address, email, phone number, date of birth, T-Mobile account number, and information such as the number of lines on the account and plan features” was stolen.

At least for the time being, it appears that this particular type of sensitive client data was not compromised in today’s data breach.

“No passwords, payment card information, social security numbers, government ID numbers or other financial account information were compromised. Some basic customer information (nearly all of which is the type widely available in marketing databases or directories) was obtained, including name, billing address, email, phone number, date of birth, account number, and information such as the number of lines on the account and service plan features.”

–T-Mobile

T-Mobile said in a separate statement that the information taken in this hack was “basic customer information.” The company has informed the various US government agencies and is assisting them with their investigation. T-Mobile is notifying consumers whose data may have been compromised due to the hack.

“We are currently in the process of informing impacted customers that after a thorough investigation we have determined that a bad actor used a single Application Programming Interface (or API) to obtain limited types of information on their accounts.

As soon as our teams identified the issue, we shut it down within 24 hours. Our systems and policies prevented the most sensitive types of customer information from being accessed, and as a result, customer accounts and finances should not be put at risk directly by this event. There is also no evidence that the bad actor breached or compromised T-Mobile’s network or systems.”

-T-Mobile

At the end of the day, this data leak doesn’t appear to be nearly as serious as prior breaches that have affected T-Mobile. However, the fact that security issues persist within the organization is cause for alarm and company stock dropped 2% in the extended trading session.

“We understand that an incident like this has an impact on our customers and regret that this occurred. While we, like any other company, are unfortunately not immune to this type of criminal activity, we plan to continue to make substantial, multi-year investments in strengthening our cybersecurity program.”

–T-Mobile

T-Mobile data breach history: Do you know a better love story than T-Mobile and data breaches?

Since 2018, T-Mobile has reported eight separate data breaches. Although this is T-first Mobile’s known breach in 2023, the company has suffered seven others since 2018, including one in which almost 3% of all user data was compromised.

T-Mobile leaked prepaid customers’ data in 2019, and in 2020, unknown threat actors broke into employee email accounts.

In addition, in February 2021, attackers acquired unauthorized access to an internal T-Mobile application, and in December 2020, they gained access to confidential customer network information (phone numbers, call logs).

In August of 2021, hackers broke into T-network Mobile’s using a vulnerability in the company’s staging areas. T-Mobile failed to stop the leak of the stolen data even after paying the hackers $270,000 through a middleman company. In addition, the company admitted in April 2022 that the Lapsus$ extortion group had broken into its network by using stolen credentials.

Maybe T-Mobile should have added more security to its new year goals.

this year: new year: pic.twitter.com/aiEkc33rMh

— T-Mobile (@TMobile) December 30, 2022

Data breaches and hacks are today’s biggest problems. Check out the latest data breaches and hacks before we continue: Twitter data breach, CHI Health data breach, Facebook data breach, Uber security data breach, American Airlines data breach, Medibank cyber attack, and Binance hack.

Previous T-Mobile hack compensation

The cybersecurity vulnerability was first disclosed by T-Mobile and was made public on August 16, 2021. According to reports, almost 77 million consumers’ personally identifiable information was stolen due to the T-Mobile data breach. This contained database data such as addresses, dates of birth, social security numbers, driver’s license numbers, unique IMEIs and identification codes for client phones, etc.

If granted, the $350 million T-Mobile deal will represent US history’s second-largest payment for a data breach.

Take a closer look at how data breaches effects companies: T-Mobile Data Breach Settlement

Other outcomes of data breaches: Equifax

The credit reporting firm Equifax acknowledged on September 7, 2017, that one of its computer networks had had a data leak that had exposed the personal information of 143 million clients, which eventually rose to 147 million. These records included information about the customers’ names, residences, dates of birth, Social Security numbers, and credit card numbers, all of which may be exploited for fraud and identity theft.

Equifax agreed to establish a fund to provide customers with free credit monitoring, identity theft protection, and cash compensation of up to $20,000 per to people harmed by the event, per the deal’s conditions. Additionally, the company must pay court fees and government fines.

Take a closer look at how data breaches effects companies: Equifax Data breach settlement

Do you know that Medibank class action investigations also started? It’s important to keep in mind that there’s a significant cost attached to any data leak that businesses must eventually pay.

Dataconomy Wrapped 2022: The answers to your burning questions

Unfortunately, just a couple days following the end of 2022, another data breach (Twitter data breach 2023 or Twitter email leak) has occurred. More than 200 million Twitter users had their email addresses posted on underground hacker sites.

The Twitter data breach might reveal the true identity of anonymous Twitter users and make it simpler for criminals to take over accounts. More than 400 million Twitter accounts were impacted by a leak last month, and that leak appears to be the same one that was dumped online this time around, albeit with some of the personal information removed. So, how can one of the world’s largest social media platforms keep getting hacked over and over again? Keep reading and find out everything that you need to know about the Twitter data breach 2023.

Twitter data breach 2023: New year, same old problems

Researchers warn that data from 200 million Twitter users have been acquired and made freely available on an underground hacker site. The 63 GB of data that was transferred to the Dark Web on January 4 includes public account details such as account name, handle, account creation date, and follower count.

IMPORTANT UPDATE ON THE TWITTER HACK: https://t.co/05z8gQm9ZW pic.twitter.com/8sGpIMuOeN

— Hudson Rock (@RockHudsonRock) January 3, 2023

Experts in cyber security have warned that this might leave users vulnerable to extortion and expose those who have publicly criticized governments or powerful individuals on Twitter to possible exposure, arrest, or physical harm. If the accounts don’t have two-factor authentication, hackers can use the email addresses to try to reset the passwords and take over the accounts.

It’s likely that the data was collected in late 2021 when a security hole in Twitter’s system made it possible for anyone with a user’s email address or phone number to locate any account that had shared that information with Twitter.

The hacker responsible for the December breach had previously requested $200,000 in exchange for the return of the stolen data from Twitter, with the warning that if the demand was not met, the material would be made publicly available without payment.

Security experts warned that verified Twitter users whose accounts appeared to have been compromised in the Twitter email leak, or users with a large number of followers, would be particularly valuable targets as a result of the leak because they might be particularly influential celebrities or susceptible to extortion.

The best way for internet users to defend themselves against phishing is to use different passwords for each online service they use and to store all of those passwords in a central location. People should use caution when clicking on links in unsolicited emails and enable multi-factor authentication on all of their accounts.

I went to change my email address and Twitter isn't working. This hack puts activists and whistleblowers in danger. https://t.co/5SrSejgvO6

— Ian Linkletter (@Linkletter) January 5, 2023

The news of a significant Twitter data breach in 2023 may attract the attention of authorities on both sides of the Atlantic. Twitter’s compliance with European data protection standards and a US consent order have been monitored by the data protection authority in Ireland, where the business has its European headquarters.

The leak of more than 200 million user accounts is one of the greatest data breaches in history, but it is just the most recent in a series of security vulnerabilities at Twitter that extends back more than a decade.

Who will be the new CEO of Twitter?

Outcomes of similar major data breaches: Equifax & T-Mobile

The credit reporting firm Equifax acknowledged on September 7, 2017, that one of its computer networks had had a data leak that had exposed the personal information of 143 million clients, which eventually rose to 147 million. These records included information about the customers’ names, residences, dates of birth, Social Security numbers, and credit card numbers, all of which may be exploited for fraud and identity theft.

Equifax agreed to establish a fund to provide customers with free credit monitoring, identity theft protection, and cash compensation of up to $20,000 per to people harmed by the event, per the deal’s conditions. Additionally, the company must pay court fees and government fines.

Take a closer look at how data breaches effects companies: Equifax Data breach settlement

The cybersecurity vulnerability was first disclosed by T-Mobile and was made public on August 16, 2021. According to reports, almost 77 million consumers’ personally identifiable information was stolen due to the T-Mobile data breach. This contained database data such as addresses, dates of birth, social security numbers, driver’s license numbers, unique IMEIs and identification codes for client phones, etc.

If granted, the $350 million T-Mobile deal will represent US history’s second-largest payment for a data breach.

Take a closer look at how data breaches effects companies: T-Mobile Data Breach Settlement

Other settlements that made the news this year: Epic Games settlement, ATT settlement, Tiktok data privacy settlement, Snapchat privacy settlement, and Google location tracking lawsuit settlement

Data breaches and hacks are today’s biggest problems. Check out the latest data breaches for more information:

• CHI Health data breach
• Facebook data breach
• Uber security data breach
• American Airlines data breach
• Medibank cyber attack
• Binance hack

Is this Twitter email leak the final one we have to worry about? Unfortunately, we think it won’t be the last. Stay tuned for the latest news.

Binance hacked! This article explains the $560M Binance Smart Chain Hack. The world’s biggest cryptocurrency exchange was compromised, according to the CEO of Binance. Another significant DeFi bridge hack has been found to target Binance’s Ethereum-compatible blockchain.

Hackers can hack into a bridge connecting blockchains, but the CEO of Binance claims that the matter is now “contained.” Hackers have taken 2 million Binance Coins (BNB), worth $566 million, from the Binance Bridge.

Binance Hack: What is Binance Smart Chain Hack?

The Binance Hack appears to have started today at 2:30 PM EST when the attacker’s wallet received two transactions worth 1,000,000 BNB.

In an effort to turn the BNB into other assets, the hacker soon began dividing some of the funds among other liquidity pools.

Binance acknowledged the Binance Hack and suspended the BNB Smart Chain at 6:19 PM EST as they investigated.

After an exploit was used to send BNB to the attacker in the BSC Token Hub, the CEO of Binance announced at 7:51 PM EST that the Binance Smart Chain had been suspended.

Even while the majority of the stolen money is still on the BNB Smart Chain and hence no longer accessible to the hacker, Binance estimates that about $100m USD was moved off-chain.

Over $2 billion has reportedly been stolen through cryptocurrency attacks this year, many of which were carried out by groups with ties to North Korea, according to Bloomberg. Cross-chain bridges used to transfer coins across blockchains have been a frequent target.

Is North Korea behind the CHI Health data breach?

Cryptocurrencies have been significantly harmed by hacking incidents and a sell-off that reduced the value of digital assets by around $2 trillion.

Binance Smart Chain paused

The native coin of the Binance ecosystem was drained from the official bridge after more than $500 million in BNB, and Binance Smart Chain (BSC) was suspended.

Binance is the largest cryptocurrency exchange in the world, with $14.7 billion worth of trades made over the course of the last 24 hours. On BSC, deposits and withdrawals have been suspended. As a result, the $430M in BNB still on BSC will likely remain unreachable, leaving the hacker with just roughly $100M in assets on other chains.

The estimated value of Binance Hack was $100M. The attacker then deposited BNB into Venus, a lending system on BSC, and borrowed 150M in stablecoins.

As of 8 p.m. ET, there were $53 million in assets on Ethereum and around $49 million on Fantom. According to DeBank, the attacker later bridged portions of those assets to many other chains.

Check out the Equifax Data breach settlement

BNB price

Once the hack became known, BNB saw a 5% decline; however, it has since mostly recovered. The cost of a BNB is 285 USD as of this writing.

What is Binance?

Binance is the biggest cryptocurrency exchange in the world based on the daily trading volume of cryptocurrencies. It was founded in 2017 and is registered in the Cayman Islands.

Binance was started by Changpeng Zhao, a developer who had previously created high-frequency trading software. Fusion Solutions, founded in 2005 by CEO Changpeng Zhao, created high-frequency trading platforms for stockbrokers. In 2013, he joined the Blockchain.info bitcoin wallet team as its third employee. He also worked for less than a year as the chief technology officer at OKCoin, a platform for spot trading between fiat money and digital assets.

Binance was founded in China and later moved its headquarters there due to the country’s tightening cryptocurrency regulations.

What is Binance Smart Chain?

Binance Smart Chain aims to lower transaction fees while providing a platform for the creation of DApps and other DeFi products.

Latest data breaches: Uber Security data breach, American Airlines data breach, & CHI Health data breach

The level of centralization of the Binance Smart Chain has drawn a lot of criticism and resulted in many network attacks.

What is BNB?

The company has produced two cryptocurrencies over the course of its existence: Binance Coin (BNB) and BinanceUSD (BUSD). BNB was introduced in July 2017. It started as an Ethereum token and made its debut as a Binance Smart Chain (BSC) token in September 2020. Later, the older Binance Chain and BSC were joined to create the BNB chain.

Proofs of authority and stake are combined in the “Proof of Staked Authority” technique employed by BNB Chain. 21 authorized validators are available. As of 2021, Binance Coin had the third-highest market capitalization among cryptocurrencies. Fees on Binance’s exchange can be paid with BNB by users.

BSC supports smart contracts and is compatible with the Ethereum virtual computer (EVM).

There have been numerous complaints about the degree of centralization of the Binance Smart Chain, which led to numerous network attacks.

Here is a list of the best blockchain books in 2022 for better understanding. You may have heard about the blockchain talent gap and started to ask what is a blockchain developer. But unfortunately, you find some blockchain implementation challenges and security vulnerabilities. However, the advantages of blockchain are worth dealing with them. Rather than cryptocurrencies, there are several blockchain use cases, such as blockchain gaming.