company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO/CTO

DevOps Engineer

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

DataVault

Encryption

loading..
loading..
loading..

DataVault Encryption application vulnerable to Brute-Force attacks

Vulnerabilities in DataVault encryption software allows attackers to brute force passwords and gain unauthorized access...

31-Dec-2021
2 min read

Related Articles

loading..

Internet Archive

Internet Archive's Wayback Machine suffers a catastrophic breach; hackers steal ...

In a shocking turn of events, the Internet Archive's Wayback Machine has fallen victim to a massive data breach. Hackers compromised the website, stealing a user authentication database containing 31 million unique records. This alarming incident has raised serious concerns about the security of one of the internet's most cherished repositories. ### Breach Unveiled On Wednesday afternoon, visitors to archive.org were met with an unexpected and unsettling JavaScript alert: > _"Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!"_ The message was a stark announcement from the hackers themselves, indicating not only the breach but also hinting at the data's impending addition to Have I Been Pwned (HIBP), a renowned data breach notification service. ### Confirmation from Have I Been Pwned Troy Hunt, the creator of HIBP, confirmed that he received a file nine days prior containing the stolen data: File Name: `ia_users.sql` Size: `6.4GB SQL file` Contents: `Email addresses, screen names, password change timestamps, bcrypt-hashed passwords, and other internal data`. Unique Email Addresses: `31 million` Hunt verified the data's authenticity by matching it with known user accounts, including that of cybersecurity researcher Scott Helme. Helme confirmed that the bcrypt-hashed password in the database matched his own records. ### Internet Archive's Response Later that evening, Brewster Kahle, founder of the Internet Archive, acknowledged the breach on X (formerly Twitter): > _"What we know: DDoS attack—fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords. What we've done: Disabled the JS library, scrubbing systems, upgrading security. Will share more as we know it."_ In addition to the data breach, the Internet Archive suffered a Distributed Denial of Service (DDoS) attack, causing significant downtime and accessibility issues for users worldwide. ### Attackers: BlackMeta Hacktivist Group An account on X named SN_Blackmeta claimed responsibility for the attack. The group has a history of targeting the Internet Archive, with previous DDoS attacks reported in May. They indicated plans for additional attacks, stating they act "just because they can," without any explicit demands or statements. ### Timeline of Events September 28th, 2024: Most recent timestamp in the stolen data, likely when the database was compromised. October 6th, 2024: Troy Hunt contacts the Internet Archive, initiating a disclosure process. October 9th, 2024: The Internet Archive's website is defaced and subjected to a DDoS attack while HIBP prepares to notify affected users. ### Implications for Users The stolen data includes sensitive information: Email Addresses Screen Names Password Change Timestamps Bcrypt-Hashed Passwords Although bcrypt is a strong hashing algorithm, the exposure of hashed passwords poses a risk, especially if users have weak passwords or reuse passwords across multiple sites. ### What You Should Do If you have an account with the Internet Archive: - 1. Change Your Password Immediately: Choose a strong, unique password. - 2. Enable Two-Factor Authentication (2FA): If available, add an extra layer of security. - 3. Monitor Your Accounts: Be vigilant for any suspicious activity on your email and other online services. - 4. Check Have I Been Pwned: Visit haveibeenpwned.com to see if your email has been compromised in this or other breaches. ### Technical Analysis Breach Vector While the exact method of the breach remains unknown, the attackers managed to: Compromise a JavaScript Library: Used to deface the website and display the alert message. Access the User Authentication Database: Extracting sensitive user data. ### Data Protection Measures The passwords were stored using bcrypt hashing, which is considered secure due to its computational difficulty. However, given enough time and resources, especially with weak passwords, hashed passwords can potentially be cracked. ### Security Challenges The breach highlights potential vulnerabilities: Third-Party Libraries: Compromised JavaScript libraries can be an attack vector. Delayed Response: The Internet Archive's lack of immediate communication may have exacerbated the situation. ### Official Statements Jason Scott, an archivist at the Internet Archive, noted on Mastodon: > _"According to their Twitter, they're doing it just to do it. Just because they can. No statement, no idea, no demands."_ Brewster Kahle assured users that steps are being taken to enhance security and that more information will be shared as it becomes available.

loading..   11-Oct-2024
loading..   4 min read
loading..

Ethereum

LEGO

Hackers breached LEGO's website, promoting a fake crypto coin scam. Learn how th...

A sophisticated cyberattack rocked the official LEGO website, exposing the popular global brand to a high-stakes cryptocurrency scam. Hackers briefly seized control of the platform, promoting a fraudulent LEGO Coin that could be purchased with Ethereum. The event, which lasted 75 minutes, sent shockwaves through the cybersecurity world, raising eyebrows not only for its bold execution but also for the odd choice of targeting one of the world’s most trusted family-friendly brands. ### Attack: What Happened? At approximately 9 PM EST, unsuspecting visitors to LEGO.com were greeted by a modified main banner promoting a new "LEGO Coin." This wasn't just any harmless image. The hackers crafted a seemingly legitimate ad, complete with the LEGO logo and promises of “secret rewards” for those who purchased the token. The banner read: > _"Our new LEGO Coin is officially out! Buy the new LEGO Coin today and unlock secret rewards!"_ For 75 minutes, this fraudulent campaign persisted, redirecting users to the Uniswap cryptocurrency platform. Here, the fake LEGO token could be purchased using Ethereum, luring in cryptocurrency enthusiasts and LEGO fans alike. However, unlike many traditional cryptocurrency scams, this breach did not utilize a crypto drainer to immediately steal funds from connected wallets. Instead, the focus was on selling fake tokens. By 10:15 PM EST, LEGO’s web administrators regained control, removing the malicious banner and restoring normal operations. ### Damage Control: LEGO Responds While the damage from the attack was limited, LEGO quickly moved to reassure customers. In a statement to SecureBlink Threat Researchers, LEGO confirmed the breach but kept the details on how hackers managed to access their system under wraps: > _"On 5 October 2024, an unauthorized banner briefly appeared on LEGO.com. It was quickly removed, and the issue has been resolved. No user accounts have been compromised, and customers can continue shopping as usual. The cause has been identified, and we are implementing measures to prevent this from happening again."_ The company’s swift response helped alleviate customer fears, and they emphasized that no user accounts or personal information were compromised during the attack. ### Odd Choice: Why LEGO? This attack left cybersecurity experts perplexed. Why LEGO? For such a high-profile brand with a vast, loyal customer base, many expected a more malicious payload. Hackers commonly exploit website breaches to: - Inject malicious JavaScript to steal customer information (such as credit card data). - Use the breach as a vector for data extortion. - Sell stolen data on darknet marketplaces. But in this case, the focus was a low-effort cryptocurrency scam, with only a handful of people purchasing the fake LEGO tokens, amounting to a few hundred dollars in revenue for the attackers. For the access they had, the scam’s execution and profit were both notably underwhelming. ### Bigger Picture: Website Vulnerabilities This incident serves as a stark reminder of the vulnerabilities high-profile websites face, especially in an era where cryptocurrency scams are becoming increasingly rampant. Unlike the traditional methods of stealing customer data or injecting malware, this hack showcased a growing trend of brand exploitation through direct crypto schemes. In recent years, phishing campaigns and supply chain attacks have given hackers a pathway to even the most secure websites. Once inside, the attackers can exploit a brand's reputation to give credibility to their scams—precisely what happened with LEGO. While this attack on LEGO.com may not have resulted in massive financial damage or data loss, it highlights several key concerns: 1. No site is immune to attacks, no matter how robust its security protocols. 2. Brand reputation can be a powerful weapon in the hands of cybercriminals. 3. Cryptocurrency scams are evolving and using more creative methods to capture unsuspecting victims. 4. Companies must not only guard against data theft but also brand hijacking in the crypto space.

loading..   08-Oct-2024
loading..   4 min read
loading..

ComCast

Over 230,000 Comcast customers' personal data exposed in a massive ransomware at...

In early 2024, U.S. telecom giant Comcast confirmed that over 230,000 customers had their sensitive personal data stolen during a ransomware attack on Financial Business and Consumer Solutions (FBCS), a third-party debt collection agency based in Pennsylvania. This breach underscores the critical risks posed by outsourcing sensitive operations to external vendors and the pervasive threat of ransomware in the modern digital landscape. ### Incident Overview The breach traces back to a cyberattack between February 14 and February 26, 2024, targeting FBCS’s systems. Initially, FBCS assured Comcast that no Comcast customer data had been compromised in the attack. However, in July 2024, FBCS revealed that the breach had, in fact, exposed data related to 237,703 Comcast customers. The stolen information includes: - Names - Addresses - Social Security numbers - Dates of birth - Comcast account numbers - Comcast ID numbers These customers were primarily registered with Comcast around 2021, though Comcast had already stopped using FBCS for debt collection services by 2020. ### Attack Nature: Ransomware The ransomware attack on FBCS involved unauthorized access to its computer network, during which time hackers downloaded sensitive data and encrypted several of FBCS’s systems. The perpetrators have not been identified, and no major ransomware group has claimed responsibility for the attack. FBCS’s own public statement only refers to the attacker as an “unauthorized actor.” The exact method of infiltration remains unknown, though typical vectors for ransomware attacks include phishing, malware, and exploiting known software vulnerabilities. ### Third-Party Vendor Vulnerability This breach is a textbook example of the vulnerabilities introduced when organizations rely on third-party vendors to handle sensitive data. In this case, although Comcast’s internal systems were not directly compromised, the company became collateral damage through its association with FBCS. The incident reveals a significant flaw in many organizations' cybersecurity strategies: while internal systems may be well-protected, outsourced services—often considered secondary—may be more vulnerable. FBCS’s failure to promptly disclose the involvement of Comcast’s data in the breach further highlights the communication breakdown that often occurs in vendor relationships. Comcast learned in March 2024 that there had been a ransomware attack on FBCS but was not informed about the exposure of its customers' data until several months later. This delay in notification likely exacerbated the potential damage to Comcast’s customers. ### Broader Impact and Related Breaches The FBCS breach is part of a broader cyberattack that affected millions of individuals and several large organizations, demonstrating the wide-reaching impacts of such incidents. In total, FBCS reported that over 4 million people had their personal information compromised during the February 2024 ransomware attack. CF Medical (Capio): A medical debt-purchasing company, CF Medical confirmed in September 2024 that more than 620,000 individuals had their health information, including medical claims, stolen in the breach. Health information is particularly sensitive, and the theft of such data heightens the risk of fraud and privacy violations. Truist Bank: One of the largest banks in the U.S., Truist Bank confirmed that its customer data was also exposed during the attack, including names, addresses, account numbers, dates of birth, and Social Security numbers. Truist Bank, which has over 10 million customers, has yet to reveal how many of its customers were impacted, but the exposure of account and financial data raises concerns about potential identity theft and financial fraud. ### Regulatory and Legal Implications The Comcast-FBCS breach has significant legal and regulatory consequences. Due to the type of data exposed—especially Social Security numbers and personal identification details—Comcast and FBCS are likely to face legal claims from affected customers. Both companies may also encounter regulatory scrutiny for their handling of the breach and the delayed notification of affected parties. In the U.S., data breaches involving sensitive personal information often lead to class-action lawsuits, as seen in previous high-profile incidents. Comcast may be required to provide credit monitoring services and identity protection measures for affected individuals to mitigate the potential risks of identity theft. Additionally, as the incident involved multiple states, state attorneys general may investigate the breach, potentially leading to fines or sanctions for non-compliance with data protection laws, such as the California Consumer Privacy Act (CCPA) or the Maine Data Protection Act. ### Role of FBCS in the Breach FBCS's role as the third-party vendor at the center of this breach cannot be overlooked. Despite their responsibility for protecting customer data, FBCS failed to secure critical information from its clients, including Comcast. Moreover, their delayed response and incomplete disclosure of the breach’s impact added to the potential damage for affected companies and individuals. The situation calls for stricter regulatory oversight of third-party service providers, particularly those handling sensitive financial and medical data. Organizations like Comcast must ensure that their vendors adhere to robust cybersecurity frameworks and employ rigorous risk management practices. ### Comcast’s Response and Future Actions Comcast’s decision to cease using FBCS for debt collection services in 2020 does not exempt it from responsibility for this breach. As the affected data dates back to 2021, Comcast will need to provide a clear explanation of how this older data was still in FBCS’s possession and what measures were in place to protect it. In the wake of the breach, Comcast will likely implement additional measures to secure its data when working with third-party vendors. This includes: Vendor Audits: Routine cybersecurity audits of all third-party vendors to ensure they comply with the company's data protection standards. Data Encryption: Ensuring that all sensitive data—both at rest and in transit—is encrypted, even when stored by external service providers. Stricter Contract Provisions: Future contracts with vendors may include stronger security requirements and financial penalties for breaches. ### Lessons for the Industry The Comcast-FBCS ransomware incident serves as a crucial reminder to industries relying on third-party services for sensitive operations. The breach highlights the importance of: - 1. Comprehensive Vendor Risk Management: Organizations must adopt a proactive approach to managing vendor risks. This includes regular assessments of third-party cybersecurity capabilities and imposing strict data protection requirements. - 2. Faster Incident Response and Transparency: Companies should demand timely breach notifications and transparent communication from their vendors to mitigate the risks of delayed responses and greater customer harm. - 3. Holistic Cybersecurity Strategies: Organizations must consider the full spectrum of their cybersecurity defenses, including vendor-related risks. Ensuring that external partners meet the same security standards as internal systems can significantly reduce exposure.

loading..   07-Oct-2024
loading..   6 min read