Tag: hacked

0ktapus hackers are back and targeting tech and gaming companies, says leaked report
Risk, Security

0ktapus hackers are back and targeting tech and gaming companies, says leaked report

According to a report obtained by TechCrunch, the hackers who reportedly attacked more than 130 organizations last year and stole the login information for close to 10,000 employees are still focusing on a number of tech and video game companies. The hackers are referred to as "Scattered Spider" in the report written by cybersecurity company CrowdStrike. The company made reference to the report released by Group-IB, another cybersecurity company, last year when it stated that this group is also known as "Roasted 0ktapus" in a prior report that was made publicly available. Threat intelligence firms create reports like the one TechCrunch was able to receive for their clients in an effort to warn them about hackers who are either directly targeting them or other businesses in the same ...
Google Fi hack victim had Coinbase, 2FA app hijacked by hackers
Risk, Security

Google Fi hack victim had Coinbase, 2FA app hijacked by hackers

A technologist going by the handle regexer received an email from Coinbase on January 1 confirming that he had successfully reset his account. Unfortunately, and this is concerning, he had not in fact asked for a password reset.  Regexer instantly noticed he was being hacked and tried unsuccessfully to log into his Coinbase to restore control. Regexer asked to be referred to by his online alias out of concern that he might be attacked by hackers once more. He soon discovered he had lost cell phone coverage. Then, he received a notification from his two-factor app, Authy, saying that a new device ha...
North Korean Hackers Exploit Unpatched Zimbra Devices in ‘No Pineapple’ Campaign
Risk, Security

North Korean Hackers Exploit Unpatched Zimbra Devices in ‘No Pineapple’ Campaign

A recent intelligence operation connected to the well-known Lazarus Group, which is supported by the North Korean government, exploited security holes in unpatched Zimbra devices to compromise victim PCs. According to the Finnish cybersecurity firm WithSecure (formerly F-Secure), which gave the incident the nickname No Pineapple in homage to an error message seen in one of the backdoors, this is the case. A leading research university's chemical engineering department, an Indian healthcare research organization, and a company that makes technology for the energy, research, defence, and healthcare industries were all targets of the malicious operation, which may have been an attempt to compromise the supply chain. Following the penetration of an unnamed customer, the North Korean ...
New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities
Risk, Security

New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

The Russian state-sponsored threat actor known as Gamaredon has come under fire from the State Cyber Protection Center (SCPC) of Ukraine for his targeted cyberattacks on the nation's public institutions and vital information infrastructure. Actinium, Armageddon, Iron Tilden, Primitive Bear, Shuckworm, Trident Ursa, and UAC-0010 are some of the other names for the advanced persistent threat, which has a history of attacking Ukrainian targets going back to 2013. The SCPC stated that the UAC-0010 group's continued activity is characterized by a multi-step download strategy and executing spyware payloads designed to keep control over infected hosts read the complete article New Russian-Backed Gamaredon's Spyware Variants Targeting Ukrainian Authorities. You can protect your business ...
Hackers Abused Microsoft’s Verified Publisher OAuth Apps to Breach Corporate Email Accounts
Risk, Security

Hackers Abused Microsoft’s Verified Publisher OAuth Apps to Breach Corporate Email Accounts

On Tuesday, Microsoft announced that it had taken action to disable phony Microsoft Partner Network (MPN) accounts that were being used to build malicious OAuth applications as part of a criminal operation to infiltrate the cloud environments of enterprises and steal email. The IT company claimed that the fraudulent actors "built applications that were subsequently deployed in a consent phishing campaign, which duped users into authorizing access to the phony apps." "This phishing campaign primarily targeted clients in the United Kingdom and Ireland." Consent phishing is a type of social engineering assault in which users are persuaded to provide permission to malicious cloud applications read the complete article Hackers Abused Microsoft's Verified Publisher OAuth Apps to Breach Co...
Hackers Use TrickGate Software to Deploy Emotet, REvil, Other Malware
Risk, Security

Hackers Use TrickGate Software to Deploy Emotet, REvil, Other Malware

Threat actors have been getting around endpoint detection and response (EDR) security products for more than six years by using a malicious live software service called TrickGate. The findings were provided to Infosecurity earlier today by Check Point Research (CPR). According to a recent advisory, the analysis also indicates that a number of threat actors from organizations including Emotet, REvil, Maze, and others used the service to spread malware. More specifically, CPR calculated that threat actors used TrickGate to carry out between 40 and 650 attacks weekly over the course of the previous two years. The industrial industry was where most victims were found, but there were also victims in the business, healthcare, education, and finance sectors read the complete article Ha...
Record-Breaking Year for DDoS Attacks Targeting Russia
Risk, Security

Record-Breaking Year for DDoS Attacks Targeting Russia

According to the largest internet service provider in the nation, web and DDoS attacks were relentless against Russian enterprises last year in an effort to interfere with operations, sabotage websites, and "sow panic" (ISP). In a recent study, Rostelecom claimed to have observed "a record-breaking DDoS attack in terms of power and duration" in 2022. It stated that the strongest attack was 760Gb/s, roughly twice as powerful as the strongest attack in 2021. The research stated that the longest DDoS lasted 2000 hours or around three months. The ISP claimed to have examined data on around 600 businesses in a range of sectors read the complete article Record Breaking Year for DDoS Attacks Targeting Russia. Reconbee.com can help you learn about the most recent security services and p...
Riot Games Halts Work After Cyber Attack
Risk, Security

Riot Games Halts Work After Cyber Attack

A well-known gaming company in California has acknowledged that a significant cyber-attack on its servers has stopped all upgrades. Riot Games, which is owned by Tencent and creates well-known games like League of Legends and Valorant, provided a concise explanation of what transpired on Friday in a series of tweets. Earlier this week, a social engineering attack led to the vulnerability of systems in our development environment. The statement read, "At this time, we don't have all the answers, but we wanted to reach out to you early to let you know that there is no evidence that player data or personal information was obtained. We regret that this has temporarily hampered our capacity to publish content. While our staff is putting great effort towards a fix read the complete art...
Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks
Risk, Security

Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks

Threat actors are becoming more interested in Sliver, a legal command-and-control (C2) framework that has emerged as an open-source substitute for Cobalt Strike and Metasploit. The research was conducted by Cybereason, which last week released a thorough investigation of its internal operations. Sliver is a cross-platform post-exploitation framework built on Golang and created by cybersecurity startup BishopFox for use by security experts in red team operations read the complete article Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks.
T-Mobile says hacker accessed personal data of 37 million customers
Risk, Security

T-Mobile says hacker accessed personal data of 37 million customers

T-Mobile disclosed that a hacker gained access to a treasure trove of personal information belonging to 37 million users in a financial statement on Thursday. The telecommunications behemoth claimed that the data theft began on November 25 and that the "bad actor" stole "name, billing address, email, phone number, date of birth, T-Mobile account number, information such as the number of lines on the account and plan features." T-Mobile claimed in the SEC filing that it discovered the breach on January 5—more than a month after it occurred—and that a day later it had addressed the issue of the hacker taking advantage of it. According to T-Mobile, the hackers misused an application programming interface (API) rather than breaking into any business system read more T-Mobile says hac...