The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: data breach

Cybersecurity Firm FireEye Got Hacked; Red-Team Pentest Tools Stolen

Cybersecurity Firm FireEye Got Hacked; Red-Team Pentest Tools Stolen

December 09, 2020Ravie Lakshmanan
FireEye, one of the largest cybersecurity firms in the world, said on Tuesday it became a victim of a  state-sponsored attack  by a "highly sophisticated threat actor" that stole its arsenal of Red Team penetration testing tools it uses to test the defenses of its customers. The company said it's actively investigating the breach in coordination with the US Federal Bureau of Investigation (FBI) and other key partners, including Microsoft. It did not identify a specific culprit who might be behind the breach or disclose when the hack exactly took place. However,  The New York Times  and  The Washington Post  reported that the FBI has turned over the investigation to its Russian specialists and that the attack is likely the work of  APT29  (or Cozy Bear) — state-sponsored hackers affiliated with Russia's SVR Foreign Intelligence Service — citing unnamed sources. As of writing, the hacking tools have not been exploited in the wild, nor do they contain zero-day expl
Beware: New Android Spyware Found Posing as Telegram and Threema Apps

Beware: New Android Spyware Found Posing as Telegram and Threema Apps

October 01, 2020Ravie Lakshmanan
A hacking group known for its attacks in the Middle East, at least since 2017, has recently been found impersonating legitimate messaging apps such as Telegram and Threema to infect Android devices with a new, previously undocumented malware. "Compared to the versions documented in 2017, Android/SpyC23.A has extended spying functionality, including reading notifications from messaging apps, call recording and screen recording, and new stealth features, such as dismissing notifications from built-in Android security apps," cybersecurity firm ESET  said  in a Wednesday analysis. First detailed by Qihoo 360 in 2017 under the moniker  Two-tailed Scorpion (aka APT-C-23 or Desert Scorpion), the mobile malware has been deemed "surveillanceware" for its abilities to spy on the devices of targeted individuals, exfiltrating call logs, contacts, location, messages, photos, and other sensitive documents in the process. In 2018, Symantec discovered a  newer variant  of the
Russian Who Hacked LinkedIn, Dropbox Sentenced to 7 Years in Prison

Russian Who Hacked LinkedIn, Dropbox Sentenced to 7 Years in Prison

October 01, 2020Swati Khandelwal
A Russian hacker who was found guilty of  hacking LinkedIn ,  Dropbox , and Formspring over eight years ago has finally been  sentenced  to 88 months in United States prison, that's more than seven years by a federal court in San Francisco this week. Yevgeniy Aleksandrovich Nikulin , 32, of Moscow hacked into servers belonging to three American social media firms, including LinkedIn, Dropbox, and now-defunct social-networking firm Formspring, and stole data on over 200 million users. Between March and July 2012, Nikulin hacked into the computers of LinkedIn,  Dropbox, and Formspring , and installed malware on them, which allowed him to remotely download user databases of over  117 Million LinkedIn  users and more than  68 Million Dropbox  users. According to the prosecutor, Nikulin also worked with unnamed co-conspirators of a Russian-speaking cybercriminal forum to sell customer data he stole as a result of his hacks. Besides hacking into the three social media firms, Nikulin
Experian South Africa Suffers Data Breach Affecting Millions; Attacker Identified

Experian South Africa Suffers Data Breach Affecting Millions; Attacker Identified

August 20, 2020Mohit Kumar
The South African arm of one of the world's largest credit check companies Experian yesterday announced a data breach incident that exposed personal information of millions of its customers. While Experian itself didn't mention the number of affect customers, in a report , the South African Banking Risk Information Centre—an anti-fraud and banking non-profit organization who worked with Experian to investigate the breach—disclosed that the attacker had reportedly stolen data of 24 million South Africans and 793,749 business entities. Notably, according to the company, the suspected attacker behind this breach had already been identified, and the stolen data of its customers had successfully been deleted from his/her computing devices. "We have identified the suspect and confirm that Experian South Africa was successful in obtaining and executing an Anton Piller order which resulted in the individual's hardware being impounded and the misappropriated data being
OkCupid Dating App Flaws Could've Let Hackers Read Your Private Messages

OkCupid Dating App Flaws Could've Let Hackers Read Your Private Messages

July 29, 2020Ravie Lakshmanan
Cybersecurity researchers today disclosed several security issues in popular online dating platform OkCupid that could potentially let attackers remotely spy on users' private information or perform malicious actions on behalf of the targeted accounts. According to a report shared with The Hacker News, researchers from Check Point found that the flaws in OkCupid's Android and web applications could allow the theft of users' authentication tokens, users IDs, and other sensitive information such as email addresses, preferences, sexual orientation, and other private data. After Check Point researchers responsibly shared their findings with OkCupid, the Match Group-owned company fixed the issues, stating, "not a single user was impacted by the potential vulnerability." The Chain of Flaws The flaws were identified as part of reverse engineering of OkCupid's Android app version 40.3.1, which was released on April 29 earlier this year. Since then, there
Hackers Using Google Analytics to Bypass Web Security and Steal Credit Cards

Hackers Using Google Analytics to Bypass Web Security and Steal Credit Cards

June 23, 2020Ravie Lakshmanan
Researchers reported on Monday that hackers are now exploiting Google's Analytics service to stealthily pilfer credit card information from infected e-commerce sites. According to several independent reports from PerimeterX , Kaspersky , and Sansec , threat actors are now injecting data-stealing code on the compromised websites in combination with tracking code generated by Google Analytics for their own account, letting them exfiltrate payment information entered by users even in conditions where content security policies are enforced for maximum web security. "Attackers injected malicious code into sites, which collected all the data entered by users and then sent it via Analytics," Kaspersky said in a report published yesterday. "As a result, the attackers could access the stolen data in their Google Analytics account." The cybersecurity firm said it found about two dozen infected websites across Europe and North and South America that specialized in
Hackers Leaked 269 GB of U.S. Police and Fusion Centers Data Online

Hackers Leaked 269 GB of U.S. Police and Fusion Centers Data Online

June 22, 2020Swati Khandelwal
A group of hacktivists and transparency advocates has published a massive 269 GB of data allegedly stolen from more than 200 police departments, fusion centers, and other law enforcement agencies across the United States. Dubbed BlueLeaks , the exposed data leaked by the DDoSecrets group contains hundreds of thousands of sensitive documents from the past ten years with official and personal information. DDoSecrets, or Distributed Denial of Secrets , is a transparency collective similar to WikiLeaks, which publicly publishes data and classified information submitted by leakers and hackers while claiming the organization itself never gets involved in the exfiltration of data. According to the hacktivist group, BlueLeaks dump includes "police and FBI reports, bulletins, guides and more," which "provides unique insights into law enforcement and a wide array of government activities, including thousands of documents mentioning COVID19. As you can see in the screens
Any Indian DigiLocker Account Could've Been Accessed Without Password

Any Indian DigiLocker Account Could've Been Accessed Without Password

June 08, 2020Ravie Lakshmanan
The Indian Government said it has addressed a critical vulnerability in its secure document wallet service Digilocker that could have potentially let a remote attacker bypass mobile one-time passwords (OTP) and sign in as other users. Discovered separately by two independent bug bounty researchers, Mohesh Mohan and Ashish Gahlot , the vulnerability could have been exploited easily to unauthorisedly access sensitive documents uploaded by targeted users' on the Government-operated platform. "The OTP function lacks authorization which makes it possible to perform OTP validation with submitting any valid users details and then manipulation flow to sign in as a totally different user," Mohesh Mohan said in a disclosure shared with The Hacker News. With over 38 million registered users, Digilocker is a cloud-based repository that acts as a digital platform to facilitate online processing of documents and speedier delivery of various government-to-citizen services.
Joomla Resources Directory (JRD) Portal Suffers Data Breach

Joomla Resources Directory (JRD) Portal Suffers Data Breach

June 01, 2020Ravie Lakshmanan
Joomla, one of the most popular Open-source content management systems (CMS), last week announced a new data breach impacting 2,700 users who have an account with its resources directory (JRD) website, i.e., resources.joomla.org. The breach exposed affected users' personal information, such as full names, business addresses, email addresses, phone numbers, and encrypted passwords. The company said the incident came to light during an internal website audit that revealed that a member of the Joomla Resources Directory (JRD) team stored a full unencrypted backup of the JRD website on an Amazon Web Services S3 bucket owned by the third-party company. The affected JRD portal lists developers and service providers specialized in Joomla, allowing registered users to extend their CMS with additional functionalities. Joomla said the investigation is still ongoing and that accesses to the website have been temporarily suspended. It has also reached out to the concerned third-pa
Brazil's Biggest Cosmetic Brand Natura Exposes Personal Details of Its Users

Brazil's Biggest Cosmetic Brand Natura Exposes Personal Details of Its Users

May 19, 2020Mohit Kumar
Brazil's biggest cosmetics company Natura accidentally left hundreds of gigabytes of its customers' personal and payment-related information publicly accessible online that could have been accessed by anyone without authentication. SafetyDetective researcher Anurag Sen last month discovered two unprotected Amazon-hosted servers—with 272GB and 1.3TB in size—belonging to Natura that consisted of more than 192 million records. According to the report Anurag shared with The Hacker News, the exposed data includes personally identifiable information on 250,000 Natura customers, their account login cookies, along with the archives containing logs from the servers and users. Worryingly, the leaked information also includes Moip payment account details with access tokens for nearly 40,000 wirecard.com.br users who integrated it with their Natura accounts. "Around 90% of users were Brazilian customers, although other nationalities were also present, including customers
British Airline EasyJet Suffers Data Breach Exposing 9 Million Customers' Data

British Airline EasyJet Suffers Data Breach Exposing 9 Million Customers' Data

May 19, 2020Swati Khandelwal
British low-cost airline EasyJet today admitted that the company has fallen victim to a cyber-attack, which it labeled "highly sophisticated," exposing email addresses and travel details of around 9 million of its customers. In an official statement released today, EasyJet confirmed that of the 9 million affected users, a small subset of customers, i.e., 2,208 customers, have also had their credit card details stolen, though no passport details were accessed. The airline did not disclose precisely how the breach happened, when it happened, when the company discovered it, how the sophisticated attackers unauthorizedly managed to gain access to the private information of its customers, and for how long they had that access to the airline's systems. However, EasyJet assured its users that the company had closed off the unauthorized access following the discovery and that it found "no evidence that any personal information of any nature has been misused" b
DigitalOcean Data Leak Incident Exposed Some of Its Customers Data

DigitalOcean Data Leak Incident Exposed Some of Its Customers Data

May 08, 2020Wang Wei
DigitalOcean, one of the biggest modern web hosting platforms, recently hit with a concerning data leak incident that exposed some of its customers' data to unknown and unauthorized third parties. Though the hosting company has not yet publicly released a statement, it did has started warning affected customers of the scope of the breach via an email. According to the breach notification email that affected customers [ 1 , 2 ] received, the data leak happened due to negligence where DigitalOcean 'unintentionally' left an internal document accessible to the Internet without requiring any password. "This document contained your email address and/or account name (the name you gave your account at sign-up) as well as some data about your account that may have included Droplet count, bandwidth usage, some support or sales communications notes, and the amount you paid during 2018," the company said in the warning email as shown below. Upon discovery, a qui
Researcher Discloses 4 Zero-Day Bugs in IBM's Enterprise Security Software

Researcher Discloses 4 Zero-Day Bugs in IBM's Enterprise Security Software

April 21, 2020Swati Khandelwal
A cybersecurity researcher today publicly disclosed technical details and PoC for 4 unpatched zero-day vulnerabilities affecting an enterprise security software offered by IBM after the company refused to acknowledge the responsibly submitted disclosure. The affected premium product in question is IBM Data Risk Manager (IDRM) that has been designed to analyze sensitive business information assets of an organization and determine associated risks. According to Pedro Ribeiro from Agile Information Security firm, IBM Data Risk Manager contains three critical severity vulnerabilities and a high impact bug, all listed below, which can be exploited by an unauthenticated attacker reachable over the network, and when chained together could also lead to remote code execution as root. Authentication Bypass Command Injection Insecure Default Password Arbitrary File Download Ribeiro successfully tested the flaws against IBM Data Risk Manager version 2.0.1 to 2.0.3, which is not the la
Marriott Suffers Second Breach Exposing Data of 5.2 Million Hotel Guests

Marriott Suffers Second Breach Exposing Data of 5.2 Million Hotel Guests

March 31, 2020Ravie Lakshmanan
International hotel chain Marriott today disclosed a data breach impacting nearly 5.2 million hotel guests, making it the second security incident to hit the company in recent years. "At the end of February 2020, we identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property," Marriott said in a statement . "We believe this activity started in mid-January 2020. Upon discovery, we confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests." The incident exposed guests' personal information such as contact details (name, mailing address, email address, and phone number), loyalty account information (account number and points balance), and additional information such as company, gender, dates of births, room preferences, and language preferences. The ho
How CISOs Should Prepare for Coronavirus Related Cybersecurity Threats

How CISOs Should Prepare for Coronavirus Related Cybersecurity Threats

March 18, 2020The Hacker News
The Coronavirus is hitting hard on the world's economy, creating a high volume of uncertainty within organizations. Cybersecurity firm Cynet today revealed new data, showing that the Coronavirus now has a significant impact on information security and that the crisis is actively exploited by threat actors. In light of these insights, Cynet has also shared a few ways to best prepare for the Coronavirus derived threat landscape and provides a solution ( learn more here ) to protect employees that are working from home with their personal computers because of the Coronavirus. The researchers identify two main trends – attacks that aim to steal remote user credentials and weaponized email attacks: Remote User Credential Theft The direct impact of the Coronavirus is a comprehensive quarantine policy that compels multiple organizations to allow their workforce to work from home to maintain business continuity. This inevitably entails shifting a significant portion of the wor
TrueFire Guitar Tutoring Website Suffers Magecart-style Credit Card Breach

TrueFire Guitar Tutoring Website Suffers Magecart-style Credit Card Breach

March 17, 2020Mohit Kumar
Online guitar tutoring website TrueFire has apparently suffered a 'Magecart' style data breach incident that may have potentially led to the exposure of its customers' personal information and payment card information. TrueFire is one of the popular guitar tutoring websites with over 1 million users, where wanna-be-guitarists pay online to access a massive library of over 900 courses and 40,000 video lessons. Though TrueFire hasn't yet publicly disclosed or acknowledged the breach, The Hacker News learned about the incident after a few affected customers posted online  details of a notification they received from the company last week. The Hacker News also found a copy of the same ' Notice Of Data Breach ' uploaded recently to the website of Montana Department of Justice , specifically on a section where the government shares information on data breaches that also affect Montana residents. Confirming the breach, the notification reveals that an attack
Virgin Media Data Leak Exposes Details of 900,000 Customers

Virgin Media Data Leak Exposes Details of 900,000 Customers

March 06, 2020Swati Khandelwal
On the same day yesterday, when the US-based telecom giant T-Mobile admitted a data breach , the UK-based telecommunication provider Virgin Media announced that it has also suffered a data leak incident exposing the personal information of roughly 900,000 customers. What happened? Unlike the T-Mobile data breach that involved a sophisticated cyber attack, Virgin Media said the incident was neither a cyber attack nor the company's database was hacked. Rather the personal details of around 900,000 Virgin Media UK-based customers were exposed after one of its marketing databases was left unsecured on the Internet and accessible to anyone without requiring any authentication. "The precise situation is that information stored on one of our databases has been accessed without permission. The incident did not occur due to a hack, but as a result of the database being incorrectly configured," the company said in a note published on its website on Thursday night. Acc
A Massive U.S. Property and Demographic Database Exposes 200 Million Records

A Massive U.S. Property and Demographic Database Exposes 200 Million Records

March 05, 2020Ravie Lakshmanan
More than 200 million records containing a wide range of property-related information on US residents were left exposed on a database that was accessible on the web without requiring any password or authentication. The exposed data — a mix of personal and demographic details — included the name, address, email address, age, gender, ethnicity, employment, credit rating, investment preferences, income, net worth, and property information, such as: Market value Property type Mortgage amount, rate, type, and lender Refinance amount, rate, type, and lender Previous owners Year built Number of beds and bathrooms Tax assessment information According to security firm Comparitech , the database, which was hosted on Google Cloud, is said to have been first indexed by search engine BinaryEdge on 26th January and discovered a day later by cybersecurity researcher Bob Diachenko. But after failing to identify the database owner, the server was eventually taken offline more than a
Hackers Compromise T-Mobile Employee' Email Accounts and Steal User' Data

Hackers Compromise T-Mobile Employee' Email Accounts and Steal User' Data

March 05, 2020Swati Khandelwal
If you are a T-Mobile customer, this news may concern you. US-based telecom giant T-Mobile has suffered yet another data breach incident that recently exposed personal and accounts information of both its employees and customers to unknown hackers. What happened? In a breach notification posted on its website, T-Mobile today said its cybersecurity team recently discovered a sophisticated cyberattack against the email accounts of some of its employees that resulted in unauthorized access to the sensitive information contained in it, including details for its customers and other employees. Although the telecom company did not disclose how the breach happened, when it happened, and exactly how many employees and users were affected, it did confirm that the leaked information on its users doesn't contain financial information like credit card and Social Security numbers. What type of information was accessed? The exposed data of an undisclosed number of affected users incl
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.