Network In Review: Data Leak And Dark Web Sale

Network In Review: Data Leak And Dark Web Sale

Dark web users are freely sharing the ‘Star Tribune’ user data that was first sold by Shiny Hunters six months ago. That data, along with the Minted.com set, were protected by bcrypt hashing, so the passwords couldn’t be broken. This makes the data almost worthless for credentials stuffers, but they could still be used in phishing operations.

In May 2020, the notorious data broker “Shiny Hunters” put up a massive database for sale, offering 73.2 million user records from eleven companies. Among them, there was a set of one million user records belonging to ‘Star Tribune,’ the largest newspaper in Minnesota, USA.…

read more

TEK On The Street: Google Working The VPN

Google will roll out a VPN service for Android users in the US through the Google One app. The service will cover the entire activity of an Android device, so it won’t be app-specific. There are some concerns about user privacy, but Google is looking to clear them off with independent audits.

The Google One app on Android is about to get a VPN layer that will help users encrypt their online activity with a single tap. Google says this will work universally no matter what app or browser is used, so whatever the Android device streams, downloads, or sends as data packets over the internet will be encrypted.…

read more

Network In Review: Identity Deception, Securing Devices at Home and Work

 

We all enjoy a good sale, but at what expense? Cyberthreats are rising exponentially in the ‘new normal’.  Before we talk about how you can build a formidable defense against email attacks, let’s take a look at the top cyberthreats that frequently make their way into your inbox and wreak havoc.

Phishing/Spoofing/Identity Deception

Phishing involves hackers deploying various social engineering tactics to tempt users into clicking on malicious links and unwittingly giving up confidential information, such as user credentials. Hackers invest a tremendous amount of effort into assuming the identity of a trusted source, making sure that it is YOU who lets them into the system.…

read more

TEK On The Street: Location Exposed

Sharing your private and sensitive data with social media platforms is something that all users have to accept, and what matters for them is how responsibly the platform handles and protects that data.

In the case of the Swedish social media platform “Panion,” the situation could be much worse, as the company’s admins left a service bucket exposed online without requiring a password for access. The discovery was made by CyberNews investigators, who are always on the look for such exposures.

Even though the files in the publicly available Amazon S3 bucket do not contain deeply sensitive personal information like passwords, credit card data or social security numbers, bad actors can use the personal details in the database for a variety of malicious purposes:

  • Contact details like names and email addresses can be enough for phishers and scammers to commit targeted attacks against the exposed users via spam emails, while their stated interests can be used against them in social engineering campaigns
  • Determined criminals can combine the names and email addresses found in this bucket with other cyber breaches to build profiles of potential targets for identity theft
  • The location coordinates of these users can potentially be used for breaking and entering or cyberstalking

Thanks to their work and timely notice, Panion secured the leaky Amazon S3 bucket and locked the 694,116 files contained in it.…

read more

Network In Review: Teacher Assignment, Project Ransomware

The COVID-19 has pushed teachers to work from home, deliver online classes to their students, and expect the submission of the assignments via the online platform. Malicious actors are using this as a opportunity to set up traps for teachers. Ransomware actors send fake assignments to teachers who work remotely, hoping to infect them with malware. The actors are using documents that fetch the malware from a legitimate code-hosting platform. The ransom is not high, which indicates a low-level actor, yet it still serves as an example of what to watch out for.

The ongoing campaign was noticed by Proofpoint researchers, who are warning about it while at an early phase.…

read more

TEK On The Street: Apple Critical Flaws Found By Hacking Team

A team of hackers has discovered 55 vulnerabilities in Apple’s corporate network, 11 of which are critical. The team is to receive about half a million USD as bounty payments, and they already got most of it. Apple assured that everything has already been fixed and that the team of hunters was the first to discover the flaws. Hackers like to maintain that vulnerabilities are always there, and finding them is only a matter of looking deep for long enough. This is also the case for Apple’s corporate network, which was vulnerable to exploitation for months, as proven by a skillful hacking team.…

read more

Network In Review: New Kid On The Block

According to the latest reports, SunCrypt is now employing DDoS methods against its victims through affiliates. This form of vengeance strikes those who refuse to negotiate the requested ransom’s payment, followed by filesystem lockdown due to a ransomware attack.

Usually, groups like SunCrypt leak samples of stolen files online as a form of extortion and additional pressure, but there are many times when this is simply not enough. In these cases, distributed denial of service (DDoS) could serve the hackers as an additional convincing factor for the victim to pay them.

It sounds like a game-changer, and it really is since this method cannot remain exclusive to the SunCrypt group, at least not for long.…

read more

TEK On The Street: “Joker” Adware Apps Removed By Google

Another batch of “Joker” spyware/adware apps has been discovered and removed from the App Store. These apps already had 120,000 installations and are now blocked by the “Play Protect” service. The problem of “Joker” apps remains unabated because the apps turn rogue after Google’s review.

Google has removed another batch of apps that feature the “Joker” malware. This is a type of infection we’ve seen repeatedly in hundreds of Android apps, causing trouble to users through adware symptoms and subscriptions to premium services.

Moreover, “Joker” apps act as spyware, exfiltrating information from the infected devices and uploading it to the actor’s C2 server.…

read more