WebProNews

Tag: BleepingComputer

  • Acer Suffers Data Breach, 160GB of Data For Sale Online

    Acer Suffers Data Breach, 160GB of Data For Sale Online

    Acer has confirmed a data breach, one that has resulted in 160GB of data being posted for sale online.

    According to BleepingComputer, bad actors compromised “a server hosting private documents used by repair technicians.” The data, some 160GB worth, was allegedly stolen in mid-February and has since been posted for sale on a popular hacking forum.

    Acer confirmed the breach in a statement to BleepingComputer:

    “We have recently detected an incident of unauthorized access to one of our document servers for repair technicians.

    “While our investigation is ongoing, there is currently no indication that any consumer data was stored on that server.” – Acer.

    Hopefully, Acer’s initial evaluation will prove true. Unfortunately, not only have major data breaches been on the rise, but it’s becoming far more common for initial investigations to reveal only half the story, with subsequent investigations revealing the scope of the breaches being far more than originally thought.

    For now, anyway, customers appear to have dodged the bullet. We will continue to monitor and update as more details become available.

  • Okta’s GitHub Repo Hacked, Source Code Stolen

    Okta’s GitHub Repo Hacked, Source Code Stolen

    Okta’s GitHub repo was reportedly hacked and the company’s source code stolen, raising questions about a critical cybersecurity platform.

    Okta is one of the world’s leading authentication platforms, offering single sign-on and Identity and Access Management (IAM) solutions. BleepingComputer saw a ‘confidential’ email regarding a reported breach.

    GitHub evidently notified Okta of suspicious activity on their account. Investigation revealed that bad actors evidently accessed the companies source code and copied it.

    “Upon investigation, we have concluded that such access was used to copy Okta code repositories,” writes David Bradbury, the company’s Chief Security Officer (CSO) wrote in an email being sent to the company’s security contacts.

    Despite the breach, Okta says there is little reason for concern. The company says “HIPAA, FedRAMP or DoD customers” were not impacted since the company’s security “does not rely on the confidentiality of its source code as a means to secure its services.”

  • Microsoft May Be Testing Adds in the Windows 11 Sign-Out Menu

    Microsoft appears to be testing yet more ads in Windows 11, this time displaying them in the sign-out menu.

    Windows 11 has started displaying ads in more and more elements of the operating system (OS). Microsoft already displays ads in the File Explorer, Start Menu, and Wordpad. According to BleepingComputer, the company seems to be conducting an A/B test regarding the ads.

    The ads were first spotted by Windows fan Albacore. The fact that BleepingComputer could not replicate Albacore’s experience seems to indicate the company is still testing the waters to see how the ads will be received.

    Needless to say, the revelation is not going over well, with some users even pointing out that Microsoft’s actions could be the reason why Windows 11 adoption is proceeding at a near-glacial pace.

  • Toyota Leaves Access Key on GitHub Exposing Customer Data

    Toyota Leaves Access Key on GitHub Exposing Customer Data

    Toyota is the latest company to experience a major security breach, leaving an important access key on GitHub for five years.

    According to BleepingComputer, source code for Toyota’s T-Connect software was left online for roughly five years. T-Connect allows users to connect their smartphone with their cars. The feature integrates phone calls, navigation, notifications, music, and vehicles status information.

    Unfortunately, the source code also contained an access key to the server storing customer data, including both email addresses and management numbers. Fortunately, Toyota says customer names, phone numbers, and credit card information were not stored in the same database and remain secure.

    The company also claims there is no evidence anyone accessed the data that was stored in the compromised server, but cannot be sure.

    “As a result of an investigation by security experts, although we cannot confirm access by a third party based on the access history of the data server where the customer’s email address and customer management number are stored, at the same time, we cannot completely deny it,” explains the company, machine translated by BleepingComputer.

  • TikTok Says It Was Not Hacked After Billions of Users’ Data Leaked

    TikTok Says It Was Not Hacked After Billions of Users’ Data Leaked

    TikTok is doing damage control, denying it was hacked after hackers claimed to have stolen source code and data on billions of users.

    TikTok is one of the most popular social media platforms, making it a prime target for hackers. According to BleepingComputer, hacker group AgainstTheWest (ATW) announced on a hacking forum that they had breached TikTok, as well as WeChat, displaying screenshots of what they claimed is a database containing 2.05 billion user records, source code, server info, and more.

    Despite the hackers’ claims, TikTok says their servers were not breached, and the stolen code is unrelated to their backend source code, giving the following statement to BleepingComputer:

    “This is an incorrect claim — our security team investigated this statement and determined that the code in question is completely unrelated to TikTok’s backend source code, which has never been merged with WeChat data.”

    Contrary to what their name may imply, ATW is not anti-West, but rather targets anti-Western countries. Only time will tell if their claims of breaching TikTok are true or not. In the meantime, TikTok maintains that its users are safe.

  • Cisco Breached by Ransomware Gang, 2.75GB Reportedly Stolen

    Cisco Breached by Ransomware Gang, 2.75GB Reportedly Stolen

    Cisco was hacked by a ransomware gang in May, with the criminals reportedly stealing 2.75GB of data and trying to extort the company.

    According to BleepingComputer, Cisco confirmed the Yanluowang gang compromised the company’s network but said the bad actors only made off with non-sensitive data. The data was from an employee’s Box folder.

    “Cisco experienced a security incident on our corporate network in late May 2022, and we immediately took action to contain and eradicate the bad actors,” a Cisco spokesperson told BleepingComputer.

    The company said the breach did not impact its business.

    “Cisco did not identify any impact to our business as a result of this incident, including Cisco products or services, sensitive customer data or sensitive employee information, intellectual property, or supply chain operations,” the spokesperson continued.

    “On August 10 the bad actors published a list of files from this security incident to the dark web. We have also implemented additional measures to safeguard our systems and are sharing technical details to help protect the wider security community.”

    The company also found no evidence of encrypted files that could be used in a traditional ransomware scheme, although it appears that was likely a prime goal.

    “While we did not observe ransomware deployment in this attack, the TTPs used were consistent with ‘pre-ransomware activity,’ activity commonly observed leading up to the deployment of ransomware in victim environments,” the company wrote in a blog post.

  • Windows 10 and 11 Have a Critical, Seven Month-Old Zero-Day Flaw

    Windows 10 and 11 Have a Critical, Seven Month-Old Zero-Day Flaw

    Windows has a critical, zero-day flaw and the worst part is that Microsoft has known about it for seven months and can’t seem to fix it.

    The exploit in question impacts Windows 10, Windows 11, and Windows Server, allowing a user to gain administrative privileges, according to BleepingComputer. Microsoft has already released two separate patches to address the issue, but neither of them has successfully fixed it.

    To make matters even worse, Microsoft’s latest effort to fix the vulnerability actually broke an unofficial patch that did fix it. 0patch (Zero Patch) is an independent security organization that provides patches for issues Microsoft cant/won’t fix, as well as older, end-of-life versions of Windows that Microsoft no longer supports. 0patch had successfully patched the fix, but now Microsoft’s patch has broke it.

    When BleepingComputer asked Microsoft for info on their future plans to fix the issue, they received this response:

    “We’re aware of this report and will take action as needed to protect customers.”

    0patch has once again issued a fix that actually works, leading some to wonder why Microsoft can’t seem to do that with a product they made in the first place.

  • LAPSUS$ May Have Hacked Microsoft

    LAPSUS$ May Have Hacked Microsoft

    Continuing its string of high-profile attacks, Lapsus$ may have hacked Microsoft’s code repositories.

    As BleepingComputer points out, Lapsus$ operates differently than many ransomware gangs. Rather than targeting a company’s desktop machines and servers, holding them for a ransom, Lapsus$ targets companies’ code repositories. Once the group has compromised a repository, it demands a ransom in exchange for not releasing the company’s source code and intellectual property (IP) to the world.

    According to BleepingComputer, the group claims it has successfully compromised Microsoft’s source code repositories, specifically its Azure DevOps server. Microsoft has not been able to confirm the claims, but is investigating to see if they are true.

    We will continue to monitor this story and report on any additional details.

  • Russia Has Two Months of Domestic Digital Storage Left

    Russia Has Two Months of Domestic Digital Storage Left

    In an unexpected consequence of the sanctions it has faced, Russia only has two months of digital storage left domestically.

    Companies have been pulling out of Russia at a record pace, led by some of the biggest names in the tech industry. According to BleepingComputer, that has put Russia in a precarious position, with only two months of digital storage left. With Microsoft, AWS, and Google Cloud all boycotting the country, Russia simply doesn’t have the resources to handle its domestic needs.

    A number of possibilities are on the table, including Moscow leasing all remaining domestic storage, or taking over the leftover equipment from providers that have left the country.

    As BleepingComputer points out, Huawei may be another option. The company initially suspended operations in Russia till March 26, 2022. However, given that Huawei is already sanctioned by the US and can’t be hurt anymore than it already has, it may see little to lose and much to gain by becoming Russia’s primary tech supply chain.

  • Lapsus$ Strikes Again: Hackers Steal Samsung Galaxy Code

    Lapsus$ Strikes Again: Hackers Steal Samsung Galaxy Code

    Hacker group Lapsus$ is in the news again, this time for stealing 190GB of Samsung data and Galaxy code.

    BleepingComputer reported last week that Lapsus$, the same group that stole Nvidia GPU source code, had stolen a treasure trove of Samsung data. The data included “source code for every Trusted Applet (TA) installed in Samsung’s TrustZone environment used for sensitive operations (e.g. hardware cryptography, binary encryption, access control).” The code also included biometric unlock algorithms, bootloader source code, Samsung activation server code, confidential Qualcomm source code, as well as code for authenticating Samsung accounts.

    Samsung has now confirmed the breach, and the theft of the Galaxy source code, in a statement to *Bloomberg.*

    “There was a security breach relating to certain internal company data,” Samsung said. “According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees. Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption.”

    It has not been a good few days for Samsung, with the company accused of throttling games and other apps on a wide array of its devices, including its most recent flagship S22. The company has promised to release a fix, but it’s not clear what long-term repercussions there may be.

    One thing is certain: A breach of this magnitude is only going to add to Samsung’s woes.

  • Cox Suffered Data Breach by Hacker Impersonating Support Staff

    Cox Suffered Data Breach by Hacker Impersonating Support Staff

    Cox Communications has notified customers of a data breach, a breach it suffered at the hands of a hacker posing as a support agent.

    Social engineering remains of the most successful attack vectors for hackers to exploit. Regardless of how hardened an organization’s security, the human element is often the weakest. 

    It appears Cox has learned this the hard way, with a hacker successfully posing as a support agent to gain access to customer information, including highly sensitive information, according to BleepingComputer.

    “On October 11, 2021, Cox learned that an unknown person(s) had impersonated a Cox agent and gained access to a small number of customer accounts. We immediately launched an internal investigation, took steps to secure the affected customer accounts, and notified law enforcement of the incident,” reads the notification, which was signed by Amber Hall, Chief Compliance and Privacy Officer, and obtained by BleepingComputer.

    “After further investigation, we discover that the unknown person(s) may have viewed certain types of information that are maintained in your Cox customer account, including your name, address, telephone number, Cox account number, Cox.net email address, username, PIN code, account security question and answer, and/or the types of services that you receive from Cox.”

    Cox doesn’t specifically say financial information was accessed, but the company is advising impacted customers to monitor their financial accounts, and is even offering them one year of free Experian IdentityWorks credit monitoring.

    The company has also not disclosed the number of users impacted, but said the breach “impacted a small number of customer accounts.” Cox is working with law enforcement to assist in their investigation.

  • REvil Ransomware Gang Goes Dark, Puzzling Experts

    REvil Ransomware Gang Goes Dark, Puzzling Experts

    The REvil ransomware gang, behind the Kaseya attack, has gone dark and its websites have gone offline.

    REvil successfully pulled off the biggest ransomware attack in history, targeting Kaseya’s software used in managed services around the world. The gang originally demanded a $70 million ransom, later lowering it to $50 million in private talks.

    Despite the gang’s success, or perhaps because of it, the REvil gang appears to have gone dark. Its websites, including the one used as its “leak site,” have all shut down.

    As BleepingComputer points out, it’s not uncommon for some REvil servers to go down, but it’s highly irregular for all of them to go down at once. BleepingComputer also cites evidence to suggest REvil may have shut down and erased their servers in response to a government subpoena.

    It’s believed REvil has been operating out of Russia, and the code in its ransomware seems to specifically avoid computer systems where Russian languages are primary. Nonetheless, President Joe Biden has been putting additional pressure on Vladimir Putin to take action against cybercriminals operating within Russia’s borders.

    “I made it very clear to him that the United States expects when a ransomware operation is coming from his — even though it’s not sponsored by the state — we expect him to act if we give him enough information to act on who that is,” Biden told reporters, regarding a call he had with Putin.

  • Avaddon Ransomware Group Just Sent BleepingComputer All Its Decryption Keys

    Avaddon Ransomware Group Just Sent BleepingComputer All Its Decryption Keys

    Avaddon ransomware group appears to be closing shop and has sent all its decryption keys to BleepingComputer.

    Avaddon had previously announced they were shutting down operations, and it’s not uncommon for a group to release decryption keys when that happens, as there’s no longer any financial incentive to keep victims locked out of their files.

    BleepingComputer made the announcement via Twitter.

    All told, there 2,934 decryption keys, each one associated with a victim. Given that experts previously only had proof of 88 Avaddon victims, the number of keys suggest the group was far more successful than anyone realized. It also highlights how few companies actually disclose an attack.

    Fabian Wosar, an expert that helped BleepingComputer verify the decryption keys, told ZDNet that negotiations with Avaddon had recently taken on a new intensity, likely indicating the shutdown was planned and negotiators were trying to get whatever they could before the shutdown date.

    The shutdown likely resulted from the group making all the money they wanted.

    “This isn’t new and isn’t without precedence. Several ransomware threat actors have released the key database or master keys when they decide to shut down their operations,” Wosar told ZDNet.

    “Ultimately, the key database we obtained suggests that they had at least 2,934 victims. Given the average Avaddon ransom at about $600,000 and average payment rates for ransomware, you can probably come up with a decent estimate of how much Avaddon generated.”

  • Canon Suffers Major Ransomware Attack

    Canon Suffers Major Ransomware Attack

    Cannon has suffered a crippling ransomware attack, impacting numerous services and resulting in data loss and theft.

    Cannon’s online photo and video storage service experienced a nearly week-long outage, as well as data loss for customers using the 10GB of free storage Canon offered. Despite the obvious problems, Canon was tightlipped about the issue, and refused to comment.

    In response, BleepingComputer set out to investigate. A source confirmed to BleepingComputer that Canon’s email, Microsoft Teams and other applications were all experiencing outages. BleepingComputer was also able to obtain a partial copy of a Maze ransomware note Canon allegedly received. After reaching out to Maze, Maze operators confirmed to the publication they had successfully breached Canon, although denied they were responsible for issues with the image site that initially prompted BleepingComputer to investigate. The hackers also claimed to have stolen some 10TB of data, including private databases.

    If the ransomware attack is as bad as the Maze operators are claiming, Canon is in a tough spot. While it’s understandable that they wouldn’t want to reveal details about the attack, being as tightlipped as they have been will likely backfire in the long run.

  • Ransomware Attack Shuts Down Knoxville’s Network

    Ransomware Attack Shuts Down Knoxville’s Network

    Knoxville, TN has suffered a major ransomware attack, forcing it to shut down its entire network.

    According to BleepingComputer, a notice was sent out to city employees Thursday morning informing them of the issues.

    “Please be advised that our network has been attacked with ransomware,” reads the notice.

    “Information Systems is currently following recommended protocols. This includes shutting down servers, our internet connections, and PCs. Please do not log in to the network or use computer applications at this time.”

    So far, Knox County government computers were not impacted. Police and fire department operations are intact, although neither can access the network.

    As BleepingComputer points out, no group has yet claimed responsibility, although the FBI is investigating the incident. At the same time, officials said no personal data or credit card information was accessed or stolen.

    Ransomware has become one of the biggest threats to online security, with attacks costing the US an estimated $7.5 billion in 2019. Knoxville is just the latest example of the problems these attacks can cause.

  • Java Ransomware Spotted In The Wild

    Java Ransomware Spotted In The Wild

    A Java-based ransomware that targets the software market and education sectors has been spotted in the wild by Blackberry.

    The BlackBerry Research and Intelligence Team, working with KPMG’s UK Cyber Response Services, recently discovered the ransomware, dubbed “Tycoon.” The ransomware is written in Java and has been in the wild since at least December 2019.

    According to the researchers, “it is deployed in the form of a Trojanized Java Runtime Environment (JRE) and leverages an obscure Java image format to fly under the radar.”

    Once a computer has been infiltrated, the software encrypts files using an AES-256 algorithm. To make matters worse, the ransomware overwrites deleted files in each encryption path, ensuring they cannot be recovered without the decryption key.

    There are two spots of good news, however. First, it does not appear that the ransomware is widespread, leading the researchers to believe “the malware may be highly targeted.”

    Even better, it appears the hackers used the same encryption key repeatedly. As a result, some have had success using a deception key purchased by one of the other victims.

    “Because of the use of asymmetric RSA algorithm to encrypt the securely generated AES keys, the file decryption requires obtaining the attacker’s private RSA key,” the researchers write. “Factoring a 1024-bit RSA key, although theoretically possible, has not been achieved yet and would require extraordinary computational power.

    “However, one of the victims seeking help on the BleepingComputer forum posted a private RSA key presumably coming from a decryptor the victim purchased from the attackers. This key has proven to be successful in decryption of some of the files affected by the earliest version of Tycoon ransomware that added the .redrum extension to the encrypted files.”

    Unfortunately, later versions of the malware use “.grinch” and “.thanos” as the file extensions, and the reused key does not work on those files.

  • Microsoft Can’t Shake Windows 7—New Bug Rears Its Head

    Microsoft Can’t Shake Windows 7—New Bug Rears Its Head

    Microsoft may have officially ended support for Windows 7 on January 14, 2020, but it seems the operating system (OS) is the company’s bad penny—Microsoft just can’t get away from it.

    No sooner did Microsoft announce that Windows 7 was end-of-life (EOL), than the company had to address a bug wherein a “desktop wallpaper might display as black when set to Stretch.” Now, a more serious bug is affecting Windows 7 users, according to Engadget.

    This latest issue is preventing some users from being able to shut down their PC or reboot it properly. Instead, users are receiving an error saying they don’t have permission to shut down the computer. BleepingComputer says some users have had success with a couple of different troubleshooting options, including disabling Adobe’s Windows services.

    Ultimately, however, no one knows for sure whether it is a third-party bug, or an issue with Windows 7 itself. If it is a Windows bug, Microsoft may find itself breathing new life into its EOL OS with yet another update.