By Waqas
New INTERPOL Financial Fraud assessment reveals how cybercrime is being fueled by the abuse of AI and other technologies.
This is a post from HackRead.com Read the original post: AI-Powered Scams, Human Trafficking Fuel Global Cybercrime Surge: INTERPOL

AI tech fuels surge in financial fraud and cybercrime, warns INTERPOL. Sophisticated scams and human trafficking rings exploit cryptocurrency and social engineering to steal billions. Urgent global action is needed to combat this growing threat.

In its latest assessment of global cybercrime and financial fraud, INTERPOL has rung the alarm on the rapidly increasing threat posed by growing sophisticated criminal operations leveraging technology.

The report reveals a difficult-to-face reality: the **emergence of Artificial Intelligence (AI)**, large language models, cryptocurrencies, and service-based fraud models like phishing and ransomware are empowering a surge in fraudulent activities worldwide.

Advanced technologies have enabled organized crime groups to carry out professional and complex fraud campaigns with minimal technical expertise and cost previously required. The emergence of malicious AI-powered chatbots like **WormGPT and FraudGPT** are a few such examples.

Notably, the report highlights the expansion of human trafficking networks involved in call center operations, particularly in executing hybrid scams such as ‘**pig-butchering**‘ schemes, which blend elements of romance and investment frauds while exploiting cryptocurrencies.

Secretary General of INTERPOL, Jürgen Stock, expressed serious concern over the epidemic of financial fraud, emphasizing the devastating impact on individuals, businesses, and even governments. He emphasised the urgent need for coordinated action to close existing loopholes, enhance information-sharing mechanisms, and encourage a global response to combat this threat.

Key findings from the report highlight the pervasive nature of financial fraud, with prevalent trends including investment fraud, advance payment fraud, **romance fraud**, and business email compromise. Furthermore, financial fraud typically involves networks of co-offenders, varying from highly organized to loosely affiliated groups.

To address the growing menace of financial fraud, the report advocates for the establishment of multi-stakeholder Public-Private Partnerships to trace and recover lost funds.

Notably, since the launch of INTERPOL’s Global Rapid Intervention of Payments (I-GRIP) mechanism in 2022, over USD 500 million in criminal proceeds have been intercepted, primarily originating from cyber-enabled fraud.

Regional trends **outlined in the report** shed light on the evolving nature of financial fraud across continents:

**Africa:** Business Email Compromise (**BEC**) remains prevalent, with emerging trends in ‘pig butchering’ fraud. West African criminal syndicates are expanding transnationally, exhibiting expertise in various forms of online financial fraud.

**Americas:** Fraud types include impersonation, romance, tech support, advance payment, and telecom fraud. **Human trafficking-driven fraud** is on the rise, with syndicates exploiting victims coerced into committing financial crimes.

**Asia:** ‘**Pig butchering**‘ fraud schemes have proliferated, alongside telecommunication frauds where perpetrators impersonate officials to deceive victims. Criminal organizations in Asia are adopting business-like structures to facilitate fraudulent activities.

**Europe:** Online investment frauds and **phishing schemes are escalating**, targeting selected individuals and exploiting mobile phone apps. Criminal networks involved exhibit sophisticated modi operandi, often combining multiple fraud types.

In response to the news, we reached out to **Oliver Spence**, CEO of Cybaverse who emphasised the importance of employee training, of not ignoring the threats and tackling them before it is too late.

“This news from Interpol should not be taken lightly by organisations and clearly, financially motivated cybercrime is on the rise, and generative AI tools are heightening the problem while lowering the technical barrier of entry into cybercrime._”_

“To counter the threat, employees need to be trained about AI-generated phishing scams and taught to question emails, even when they seem realistic. Organisations must bolster this with email security solutions that can detect malicious code embedded into emails, so they can be stopped before reaching user inboxes,_”_ he advised.

As financial fraud continues to evolve and increase globally, the INTERPOL report goes on to highlight the urgent need for collaborative efforts to stem this growing epidemic and protect vulnerable individuals and entities from exploitation.

1.  INTERPOL Dismantles ’16shop’ Phishing-as-a-Service Platform
2.  Interpol Nets $300M, Arrests 3,500 in Major Cyber Crime Bust
3.  US government seizes classified advertising website Backpage
4.  Utilizing Programmatic Advertising to Locate Abducted Children
5.  Operation Narsil – INTERPOL Busts Decade-Old Child Abuse Network

AI-Powered Scams, Human Trafficking Fuel Global Cybercrime Surge: INTERPOL

By Deeba Ahmed
Another day, another massive data breach!
This is a post from HackRead.com Read the original post: Massive Data Breach Exposes Info of 43 Million French Workers

A massive data breach at a French employment agency is affecting over 43 million users – representing more than half of France’s total population.

A large-scale data breach has compromised the personal information of a staggering 43 million French workers, raising concerns about identity theft and fraud. The attack is believed to have impacted around two-thirds of France’s population. The unclaimed cyberattack targeted two French employment agencies France Travail and Cap Emploi.

On March 13, 2024, French employment agency France Travail, previously called Pole Emploi, announced becoming the victim of a data breach that exposed the personal data of their registered users. This includes names, social security numbers, dates of birth, email, postal addresses, phone numbers, and user IDs.

France Travail named another company Cap Emploi, a government employment service supporting people with disabilities, as the victim of this breach. France Travail confirmed that login credentials, passwords, and bank details are not at risk. 

On March 8, the agency notified the Commission Nationale de l’Informatique et des Libertés (CNIL), the national data protection agency, and filed a police complaint after which a formal investigation was launched.

Initial probing by the Paris Public Prosecutor’s Office and the Cybercrime Brigade of the Paris Judicial Police Department revealed that a malicious actor gained unauthorized access to Cap Emploi’s systems on February 6, impersonating a Cap Emploi civil service officer. France Travail began noticing suspicious activity within its IT systems between 6 February and 5 March 2024. 

According to CNIL, a cyberattack on France Travail (francetravail.fr) could have potentially exposed data of those currently registered on the job seekers list, those registered over the last 20 years, and those with a candidate space on the platform. The company will notify impacted users individually.

The French cybersecurity community has criticised France Travail’s security shortcomings, with some professionals surprised that the agency took around a month to notify authorities and 20 years of users’ data being accessible online.

While it is legally required to keep users’ data for a certain period, storing the oldest part in a secure backup repository is generally recommended. The CNIL has now initiated an investigation to assess the company’s compliance with data security measures with the EU’s General Data Protection Regulation (GDPR).

Interestingly, ethical hacker Olivier Laurelli (aka Bluetouff) attempted to publicly notify France Travail of security flaws in the agency’s new web application in February without receiving a response. The French government has warned of potential cyber threats, including phishing, scams, and identity theft, following the data breach.

> Bonjour @FranceTravail on a bien rigolé ce weekend, mais on est d'accord que l'info est remontée et que vos équipes travaillent d'arrache pied à corriger ce truc avant qu'un drame national n'arrive ? https://t.co/O7V4HCUqw1
> 
> — ☠ Bluetouff (@bluetouff) February 26, 2024

CNIL is urging French workers to remain vigilant and be cautious of any suspicious communication. They recommend monitoring bank statements closely for unusual activity and considering placing a fraud alert on credit reports. 

This massive data breach comes as a significant blow to France’s reputation for data security, highlighting the need for stricter regulations and improved cybersecurity practices within French companies, particularly those handling sensitive employee data.

For insights into the data breach, we reached out to Nick Tausek, Lead Security Automation Architect at Swimlane who added, “The scale of this latest breach surpasses previous incidents, highlighting the ongoing challenges faced by governmental agencies entrusted with safeguarding the personal data of millions.”

“To mitigate against these threats, organizations need to adopt a proactive cybersecurity approach. Investing in security platforms that centralize investigation and detection through the use of automation will allow security teams to respond to threats in real time and gain visibility across the SOC,” Nick advised.

1.  Air France website hacked by ‘Algerian Mujahideen’ Hackers
2.  France Weather Forecast Website Hacked By Anti-War Hacker
3.  Franch newspaper exposed 8TB of data with 7.4 billion records
4.  France Believes Russia Hacked TV5Monde Posing as ISIS Hackers
5.  Death linked to prank – France seeks extradition of hacker from Israel

Massive Data Breach Exposes Info of 43 Million French Workers

By Deeba Ahmed
The data breach is linked to a December 2023 cyberattack.
This is a post from HackRead.com Read the original post: Nissan Confirms Data Breach Affected 100,000 Customers and Employees

Following a cyberattack in December 2023, Nissan confirms a data leak impacting customers, dealers, and employees. Information potentially compromised includes names, contact details, and even government-issued IDs for up to 10% of those affected. Nissan is notifying individuals and offering support services.

Nissan Motor Corporation’s Oceania region has confirmed a data breach impacting roughly 100,000 individuals. The breach, linked to a December 2023 cyberattack claimed by the Akira ransomware group, exposed the personal information of customers, dealers, and some current and former employees.

For your information, Nissan Motor Corporation and Nissan Financial Services in Australia and New Zealand were impacted by a cyberattack on December 5, 2023.

“On 5 December 2023, a malicious third party obtained unauthorised access to our local IT servers. We took immediate action to contain the breach, and promptly alerted the relevant government authorities, including the Australian and New Zealand national cyber security centres and privacy regulators” Nissan revealed in an update released on 13 March 2024.

**Akira ransomware group** claimed to have stolen 128 GB of information including corporate files and personal information. Other impacted businesses included Mitsubishi, Renault, Skyline, Infiniti, LDV, and RAM. Hackers then published files stolen from Nissan systems, indicating the company refused ransom demands.

Akira ransomware announcing Nissan Australia data breach (Screenshot: Hackread.com)

Nissan detected the ‘disruptive incident’ the same month and notified customers but crucial details about data exfiltration weren’t confirmed until now. While the exact nature of the compromised data remains under investigation, Nissan acknowledges the possible leak of government-issued identification documents, names, and contact details. The company emphasizes that they are still validating contact information and removing duplicates, so the final number affected might be slightly lower.

Nissan Oceania has now started contacting the 100,000 affected individuals. The carmaker has reported that the type of information compromised in the breach might be different for each affected individual.

The company estimates that up to 10% of individuals may have had their government identification compromised, with the data set including 4,000 Medicare cards, 7,500 driver’s licenses, 220 passports, and 1,300 tax file numbers. The remaining 90% of the affectees Nissan is notifying have had other personal information impacted, including loan-related transaction statement copies, employment or salary information, and general information like dates of birth. 

The company is providing support services to affected individuals and enhancing cybersecurity measures to prevent future incidents, while also offering free identity theft and credit services.

Nissan advises customers to remain vigilant and be cautious of any suspicious emails, calls, or text messages. They recommend monitoring financial statements for unauthorized activity and considering placing a fraud alert on their credit reports.

Commenting on the news and providing insight, Erfan Shadabi, a cybersecurity expert at comforte AG said, “This data breach on Nissan demonstrates just how important it is for every organization to rethink data security. Nissan must now assess just how much sensitive information has been released.”

“Hopefully, they can navigate this situation effectively with minimal damage. The distressing fact is that ordinary individuals and users invariably find themselves at the mercy of organizations failing to fortify their data against potential breaches. The fallout from such incidents can range from identity theft to financial losses, leaving users vulnerable to a myriad of cyber threats,” Shadabi warned.

“The ironic thing is that enterprises can avoid the threat of leaked hijacked data simply by taking a data-centric approach to protecting sensitive information. Using tokenization or format-preserving encryption, businesses can obfuscate any sensitive data within their data ecosystem, rendering it incomprehensible no matter who has access to it. These reports should all be treated as cautionary tales, as any enterprise might find itself in the same boat without the proper data-centric approach,” he stressed.

1.  Cybercriminals Exploit CAN Injection Hack to Steal Cars
2.  Nissan Leaf Maybe At Threat Because of Vulnerable APIs
3.  App Flaw Allowed Nissan Cars Hack by Knowing VIN number
4.  Nissan Canada cyber attack; millions of customer accounts stolen
5.  Nissan source code leaked, “admin” was its as username, password

Nissan Confirms Data Breach Affected 100,000 Customers and Employees

By Waqas
Microsoft's Copilot for Security will be accessible through a pay-as-you-use licensing model.
This is a post from HackRead.com Read the original post: Microsoft is Opening AI-Powered “Copilot for Security” to Public

Microsoft’s innovative security solution, Copilot for Security, will be available to the public from April 1, 2024, marking a significant advancement in the fight against cybercrime.

Microsoft Copilot for Security, initially accessible to select users through an exclusive early access initiative, is an innovative AI-driven tool aimed at fortifying defenders’ capabilities and efficiency in tackling security challenges. The feature is now becoming available to the public, enabling everyone to leverage its benefits.

****What is Microsoft Copilot?****

Copilot is an industry-first **generative AI** solution designed to empower security and IT professionals. It leverages the power of artificial intelligence to analyze vast amounts of data and provide crucial insights, allowing security teams to:

*   **Catch hidden threats:** Copilot’s AI capabilities can uncover subtle anomalies that human analysts might miss, bolstering overall threat detection.
*   **Respond faster:** By automating routine tasks and offering real-time guidance, Copilot streamlines security operations, enabling a quicker response to security incidents.
*   **Boost expertise:** The AI assistant serves as a valuable learning tool, helping security professionals stay up-to-date on the latest threats and best practices.

****Microsoft Copilot for Security: Tailored for the Modern Defender****

This specific feature of Copilot focuses on the unique needs of cybersecurity professionals. It integrates seamlessly with existing security workflows, offering features such as:

*   **Natural language interaction:** Security personnel can interact with Copilot using plain English, asking questions and receiving clear, actionable responses.
*   **Enhanced incident response:** Copilot assists in investigations by analyzing data, suggesting potential causes, and recommending next steps.
*   **Proactive threat hunting:** The AI proactively scans for vulnerabilities and suspicious activity, helping to identify potential threats before they escalate.
*   **Improved posture management:** Copilot continuously monitors an organization’s security posture, providing valuable insights for strengthening defences.

> _“Threat actors are getting more sophisticated. Things happen fast, so we need to be able to respond fast. With the help of Copilot for Security, we can start focusing on automated responses instead of manual responses. It’s a huge gamechanger for us.”_
> 
> Mario Ferket, Chief Information Security Officer, Dow Inc.

****General Availability and Beyond****

Microsoft **announced** the general availability of Copilot for Security on April 1, 2024. This means the solution is now accessible for purchase by any organization seeking to strengthen its cybersecurity efforts.

The future of Copilot appears bright, with Microsoft continuously developing new capabilities. The company emphasizes its commitment to working with security professionals to further refine the solution and ensure it remains a valuable asset in the growing cyber threat landscape.

1.  Microsoft’s new tool detects, reports pedophiles in chats
2.  Kali Linux 2023.4 is Out: Cloud ARM64, Hyper-V, Pi 5, & More!
3.  Microsoft’s Windows File Recovery tool recovers your lost data
4.  Microsoft launches Linux memory forensics tool to detect malware
5.  McAfee’s Mockingbird AI Tool Detects Deepfake with 90% accuracy

Microsoft is Opening AI-Powered “Copilot for Security” to Public

By Deeba Ahmed
Mikhail Vasiliev, a Russian-Canadian citizen faces four years in a Canadian prison and is likely to be extradited to the US after completing his sentence.
This is a post from HackRead.com Read the original post: LockBit Affiliate Sentenced to 4 Years in Canada, Faces Extradition

Mikhail Vasiliev was also fined $860,000 for his involvement in the LockBit gang’s attacks. This case highlights the international effort to combat cybercrime and the severe consequences awaiting perpetrators.

A Russian-Canadian citizen, Mikhail Vasiliev, has been sentenced to nearly four years in prison for his involvement in the notorious **LockBit ransomware operation**. Vasiliev will also pay $860,000 in restitution to his Canadian victims.

Vasiliev’s lawyer reportedly argued that he turned to cybercrime due to financial difficulties during the **COVID-19 pandemic**.  However, Justice Michelle Fuerst rejected this justification, calling Vasiliev a _Cyber Terrorist_ whose actions were motivated by _greed_ and his crimes were “_far from_ _victimless crimes_.”

Investigations revealed Vasiliev’s role as a key member of the LockBit ransomware gang, involved in a significant number of cyberattacks with ransom demands ranging between €5m-€70 million. Vasiliev took responsibility for his actions, as confirmed by his lawyer Louis Strezos.

Vasiliev, 34, was arrested in October 2022 from his residence in Bradford, Ontario where he had moved from Moscow 20 years ago. He pleaded guilty in February 2024 to stealing victims’ computer data and using it for extortion.

Moreover, according to Canadian media **reports**, he admitted targeting at least three Canadian organizations, encrypting their data, and seeking ransom payments between 2021-2022, making $100 million in ransom demands for the gang from around 1,000 cyberattacks on victims in the U.S. and globally,

Vasiliev primarily targeted businesses in Saskatchewan, Montreal, and Newfoundland. His attacks likely caused significant disruptions and financial losses to the targeted businesses.

In November 2022, the US Department of Justice announced separate charges for his involvement in LockBit attacks. Vasiliev is set to be extradited to the U.S. for facing these additional charges

**LockBit, active since 2020**, operates under a ransomware-as-a-service (RaaS) business model, where affiliates exploit intrusions and deploy ransomware in exchange for some percentage of ransom payment.

In 2023, the gang gained significant profits from targeting companies like Boeing and Allen & Overy and exploited the **Citrix bleed security flaw** tracked as CVE-2023-4966 (CVSS score: 9.4).

LockBit’s infrastructure was **dismantled** by the law enforcement authorities in February 2024 as part of Operation Cronos with the seizure of 34 servers and 200 cryptocurrency accounts. Just a week after its seizure, LockBit **reemerged** with new leak sites, but RaaS is unlikely to recover. It claimed Operation Cronos was successful due to its negligence in updating PHP settings.

So far, Authorities have arrested six suspects in connection to LockBit, including Vasiliev, Ruslan Magomedovich Astamirov who was arrested **in June 2023**, two Russian nationals Artur Sungatov and Ivan Kondratyev, alias Bassterlord, and two others **arrested** in Ukraine and Poland.

Vasiliev’s potential extradition is a sign of growing international cooperation in combating cybercrime and serves as a warning to other gangs involved in such activities.

1.  Ragnar Locker Ransomware Dismantled, Key Suspect Arrested
2.  Alcasec Hacker, aka “Robin Hood of Spanish Hackers,” Arrested
3.  Operator of Proxy Botnet ‘IPStorm’ Arrested, Pleads Guilty in US
4.  LockBit ransomware blames victim for DDoS attack on its website
5.  Multimillion-Dollar Vishing Scam Busted: Czech-Ukrainian Gang Arrested

LockBit Affiliate Sentenced to 4 Years in Canada, Faces Extradition

By Deeba Ahmed
Critical security flaws found in ChatGPT plugins expose users to data breaches. Attackers could steal login details and…
This is a post from HackRead.com Read the original post: ChatGPT Plugins Exposed to Critical Vulnerabilities, Risked User Data

Critical security flaws found in ChatGPT plugins expose users to data breaches. Attackers could steal login details and access sensitive data on third-party websites – Update your plugins now and only use extensions from trusted sources to stay safe from AI-driven cyber threats.

Salt Security, a leader in application programming interface (API) security, has discovered critical security vulnerabilities within popular plugins of OpenAI’s AI chatbot **ChatGPT**. These flaws may allow attackers to steal sensitive user data and gain unauthorized access to accounts on third-party websites or data retrieval from **Google Drive**. 

This means ChatGPT plugin functionality, now known as GPTs, could be an attack vector, allowing vulnerabilities to access third-party user accounts, including GitHub repositories, and letting bad actors gain control of an organization’s account on third-party websites and access sensitive data.

For your information, ChatGPT plugins (exclusively accessible for users with a GPT-4 model, requiring a **ChatGPT Plus subscription** for utilization), are designed to enhance the chatbot’s capabilities by enabling it to interact with external services and be applicable across various domains. However, while using ChatGPT plugins, organizations may inadvertently permit them to send sensitive data to third-party websites and access private external accounts. 

****Three Vulnerabilities****

According to Salt Labs **research** shared with Hackread.com ahead of publication on Wednesday, the company discovered three vulnerabilities within ChatGPT plugins.

****First Vulnerability****

The first was within ChatGPT itself, where users are directed to the plugin website to receive a code to be approved. Attackers can exploit this function to deliver users a code approval with a malicious plugin, allowing them to install their credentials on a victim’s account. Any message written in ChatGPT may be forwarded to a plugin and the attacker can then access proprietary information.

****Second Vulnerability****

The second vulnerability was identified in PluginLab, a framework used to develop ChatGPT plugins. Salt Labs found that PluginLab doesn’t implement proper security measures during the installation process, hence, allowing attackers to potentially install malicious plugins without users’ knowledge. 

Since PluginLab did not authenticate user accounts, attackers can insert another user ID and gain a victim’s code, leading to account takeover. One affected plugin, “AskTheCode,” integrates between ChatGPT and GitHub, allowing attackers to access a victim’s account. 

****Third Vulnerability****

Another vulnerability was OAuth redirection manipulation, allowing attackers to send malicious URLs to victims, and steal user credentials. Many ChatGPT plugins request broad permissions to access various websites. This means compromised plugins could potentially steal login credentials or other sensitive data from these third-party websites.

Following responsible disclosure practices, Salt Labs’ researchers collaborated with OpenAI and third-party vendors to promptly address issues before their exploitation in the wild.

This research highlights the growing prevalence of AI and its potential security risks. In January 2024, **Kaspersky discovered over 3,000 dark web posts** where threat actors discussed exploiting AI-powered chatbots like ChatGPT for developing similar tools to conduct cybercrimes.

Recently **published Group-IB’s “Hi-Tech Crime Trends 23/24” report** shows a surge in the use of AI by cybercriminals, particularly for stolen ChatGPT credentials, which can be used to access sensitive corporate data. Over 225,000 infostealer logs containing compromised ChatGPT credentials were detected between January-October 2023.

Therefore, users are advised to carefully review permissions, only install plugins from trusted sources, and regularly update ChatGPT and plugins. Developers should address code execution vulnerabilities to safeguard user data. PluginLab developers should implement robust security measures throughout the plugin development lifecycle.

1.  **OpenAI’s ChatGPT Can Create Polymorphic Malware**
2.  **Malicious Abrax666 AI Chatbot Exposed as Potential Scam**
3.  **Malicious Ads Infiltrate Bing AI Chatbot in Malvertising Attack**
4.  **Following WormGPT, FraudGPT Emerges for AI-Driven Cyber Crime**
5.  **Researcher create polymorphic Blackmamba malware with ChatGPT**

ChatGPT Plugins Exposed to Critical Vulnerabilities, Risked User Data

By Waqas
A massive data leak (585.81 GB) exposed customer information at Qmerit, including home images, charger locations, and potentially…
This is a post from HackRead.com Read the original post: Leading EV Charging Firm Spills Trove of Customer Info in Server Leak

A massive data leak (585.81 GB) exposed customer information at Qmerit, including home images, charger locations, and potentially more – Qmerit took immediate action to secure the data.

Cybersecurity researcher Jeremiah Fowler has uncovered a troubling data exposure incident, yet again drawing attention to broader concerns surrounding data security. Fowler, in collaboration with WebsitePlanet, uncovered a non-password-protected database containing over half a million records, including sensitive customer information and invoices from a prominent American EV services provider.

The exposed database, totalling 585.81 GB in size, contained a trove of documents such as work invoices, price proposals, electrical permits, and surveys, alongside customer-submitted information including images of their homes and charger location details.

According to Fowler’s **blog post**, upon investigation, he identified the data as belonging to Qmerit, a Texas-based company specializing in EV charging infrastructure installation and maintenance since 2016.

Following the responsible disclosure by Fowler, Qmerit swiftly took action to secure the exposed data and initiate an internal investigation. In response to the incident, Qmerit emphasized its commitment to prioritizing security and protecting Personally Identifiable Information (PII). However, the duration of the data exposure and potential unauthorized access remain uncertain, warranting further scrutiny through internal forensic audits.

Screenshot from the exposed records (Screenshot credit: Websiteplanet\_

Fowler clarified that his findings do not imply wrongdoing on Qmerit’s part or suggest imminent threats to customer or contractor safety. However, the incident must be taken as a lesson surrounding the importance of vital data protection measures in protecting customer privacy and maintaining trust in the market.

Despite this incident, Qmerit continues to position itself as a leading player in North America’s EV services industry, boasting partnerships with major automakers and a track record of over 269,000 EV charger installations.

1.  EV Charging Stations at Risk of DoS Attacks
2.  Navigating London’s Free Electric Car Charging Points
3.  Massive Cloud Database Leak Exposes 380 Million Records
4.  US Credit Union Service Leaks Millions of Records and Passwords
5.  Aussie Travel Agency Data Leak Puts Thousands of Tourists at Risk

Leading EV Charging Firm Spills Trove of Customer Info in Server Leak

By Waqas
Some reports suggest that LockBit ransomware gang is behing the EquiLend data breach.
This is a post from HackRead.com Read the original post: EquiLend Employee Data Breached After January Ransomware Attack

EquiLend, a financial technology firm, experienced a data breach following a January ransomware attack – EquiLend is offering credit monitoring and identity theft protection to affected individuals.

Financial technology firm EquiLend recently disclosed a data breach reportedly originating from a January ransomware attack. The attack, which according to Bloomberg’s report, is attributed to the LockBit ransomware group, compromised the personal information of EquiLend employees.

The claim that LockBit ransomware is involved in the incident is concerning for businesses, as the group, despite its shutdown, has not only resurfaced but is already targeting new victims.

****Breach Details Emerge****

EquiLend initially reported a “technical issue” on January 24th, leading to service disruptions. The company later confirmed a ransomware attack but provided limited details. Recent notifications to affected individuals and authorities reveal the extent of the data breach.

****Employee Information Exposed****

According to the notification sent by the company to impacted customers, the attack compromised sensitive employee data, including names, dates of birth, Social Security numbers, and internal payroll information. EquiLend assures it has no evidence of this information being misused but is offering two years of complimentary credit monitoring and identity theft protection services to affected individuals.

****Ransomware Attack Scope Unclear****

While client-facing services were restored by February 5th, the full impact of the attack remains unclear. Speculation suggests EquiLend may have negotiated with the attackers, but the company has not confirmed any ransom payment.

It’s worth noting that at the time of writing, LockBit’s dark web leak site showed no mention of EquiLend. This could indicate that negotiations have occurred, or the group has yet to list EquiLend on their website.

****EquiLend Responds****

EquiLend is working with cybersecurity experts to investigate the incident and prevent future occurrences. The company emphasizes its commitment to data security and is urging affected individuals to remain vigilant and monitor their financial statements for suspicious activity.

****Experts Weigh In****

For insights, we reached out to Tamara Kirchleitner, Senior Intelligence Operations Analyst at Centripetal. “In the wake of this cyberattack, it’s a stark reminder of the relentless threat fintech firms face. Offering affected employees free identity theft protection is commendable, yet many companies remain reactive,” Tamara said.

“This incident underscores the need for proactive cybersecurity measures. Implementing robust protocols is imperative in today’s digital landscape. Businesses must embrace advanced technologies to safeguard their systems and customer data. It’s time for a paradigm shift towards anticipatory cybersecurity,” she warned.

****Importance of Cybersecurity****

This incident highlights the growing threat of ransomware attacks and the importance of strong cybersecurity measures. Financial institutions like EquiLend handle sensitive data, making them prime targets for cybercriminals.

EquiLend’s data breach should be a wakeup for organizations to prioritize data security investments and implement strong safeguards against cyberattacks.

1.  **FIN8 Resurfaces with New Sardonic Backdoor**
2.  **Hive Ransomware Resurfaces as Hunters International**
3.  **FBI Disrupts Chinese State-Backed Volt Typhoon’s KV Botnet**
4.  **Mirai botnet resurfaces with MooBot variant to target D-Link devices**
5.  **Nasty Mamba ransomware that encrypts entire hard drive resurfaces**

EquiLend Employee Data Breached After January Ransomware Attack

By Waqas
Another day, another malware exploiting cloud services to steal sensitve data from unsuspecting Windows users.
This is a post from HackRead.com Read the original post: New Vcurms Malware Targets Popular Browsers for Data Theft

Cybersecurity researchers at Fortinet’s FortiGuard Labs have discovered a new threat called Vcurms malware targeting popular browsers and apps for login and data theft. They urge security updates and caution with emails.

Fortinet’s FortiGuard Labs recently uncovered a new cybersecurity threat: a malware known dubbed “Vcurms.” The attackers behind Vcurms malware have employed sophisticated tactics, using email as their command and control center and leveraging public services such as AWS and GitHub to store the malicious software. Additionally, they have employed a commercial protector to evade detection, indicating a concerted effort to maximize the malware’s impact.

****Targeting Java Platforms****

This campaign primarily targets platforms with Java installed, posing a risk to any organization utilizing such systems. The severity of the threat cannot be understated, as successful infiltration grants attackers full control over compromised systems.

****Tactics and Techniques: Spreading Vcurms****

The modus operandi of the attackers involves luring users to download a malicious Java downloader, which serves as a vector for spreading Vcurms and STRRAT, a trojan previously found to be **posing as fake ransomware infection** to steal data. These malicious emails typically masquerade as legitimate requests, urging recipients to verify payment information and download harmful files hosted on AWS.

****Phishing Traits****

Once downloaded, the malware exhibits classic phishing traits, employing spoofed names and obfuscated strings to disguise its nefarious nature. Notably, it utilizes a class named “DownloadAndExecuteJarFiles.class” to facilitate the downloading and execution of additional JAR files, further expanding the attacker’s foothold.

The Remote Access Trojan (**RAT**) component of Vcurms communicates with its command and control center via email, demonstrating a concerning level of sophistication. It establishes persistence by replicating itself into the Startup folder and employs various techniques to identify and monitor victims, including keylogging and password recovery functionalities.

****Targeting Popular Browsers and Apps****

Furthermore, the malware employs advanced obfuscation techniques, such as the **Branchlock obfuscator**, to evade detection and analysis. Despite these challenges, cybersecurity researchers continue to develop methods for deobfuscating and understanding the inner workings of Vcurms.

Vcurms also exhibits notable similarities with the **Rude Stealer malware** but distinguishes itself through its unique transmission methods and targeted data acquisition. It prioritizes stealing sensitive information from popular browsers like Chrome, Brave, Edge, Vialdi, Opera, OperaGX, Firefox, etc. and applications, including Discord and Steam.

In response to this threat, FortiGuard Labs in their **blog post**, recommend proactive measures, including the deployment of updated security solutions and network segmentation. Additionally, maintaining vital password practices and exercising caution when handling email attachments are crucial steps in mitigating the risk of Vcurms infection.

Commenting on this, **Jason Soroko**, Senior Vice President of Product at Sectigo, emphasizes the importance of authentication methods in combating malware attacks.

_“_Malware writers are benefiting from the cloud and that shouldn’t surprise anyone. RAT malware typically harvests whatever it can, and the new VCURMS and STRRAT remote access trojans seem to have one or more keyloggers,_“_ Jason warned. _“_This technique has been around for quite some time and is yet another example of why stronger authentication methods than simply a username and password are necessary._“_

1.  ToxicEye RAT hits Telegram app to spy, steal user data
2.  Fake Skype, Zoom, Google Meet Sites Infecting Devices with RATs
3.  AsyncRAT Infiltrates Key US Infrastructure Through GIFs and SVGs
4.  BRATA Android malware factory resets phones after stealing funds
5.  New Bifrost RAT Variant Targets Linux Devices, Mimics VMware Domain

New Vcurms Malware Targets Popular Browsers for Data Theft

By Waqas
The February 2024 Global Threat Index report released by Check Point Software Technologies Ltd. exposes the alarming vulnerability of cybersecurity worldwide.
This is a post from HackRead.com Read the original post: FakeUpdates Malware Campaign Targets WordPress – Millions of Sites at Risk

WordPress websites are under attack! FakeUpdates malware exploits vulnerabilities and injects malicious code. LockBit3 dominates the world of ransomware. Web server flaws leave organizations exposed. Experts advocate strong security and zero tolerance for cyber threats.

As of March 2024, approximately 835 million websites are utilizing the WordPress Content Management System (CMS). This vast presence makes WordPress an extremely **lucrative target** for cybercriminals.

To highlight the ongoing threats to WordPress, according to the February 2024 Global Threat Index released by Check Point Software Technologies Ltd., this week, researchers have uncovered a fresh wave of cyber threats including malware attacks aimed at WordPress websites.

The campaign, identified as **FakeUpdates or SocGholish**, involved compromising WordPress sites through hacked admin accounts. The malware employed various tactics, including modified versions of legitimate WordPress plugins, to infiltrate websites and deceive users into downloading a Remote Access Trojan.

Despite efforts to combat it, FakeUpdates has persisted since at least 2017, posing a significant threat to website security. Some of the attack’s examples are previously identified incidents targeting products like **Windows** and **Chrome browsers**.

In the attack, the malware primarily targets websites with content management systems, aiming to trick users into downloading malicious software. Associated with the Russian cybercrime group **Evil Corp**, FakeUpdates is believed to generate revenue by selling access to infected systems.

As per the research shared with Hackread.com ahead of publication on Monday, Maya Horowitz, VP of Research at Check Point Software, emphasized the importance of protecting websites from cyber threats.

She highlighted the critical role websites play in modern society and the potential consequences of malware attacks on online presence and reputation. Horowitz stressed the need for proactive measures and a zero-tolerance approach to cybersecurity threats.

****LockBit and Ransomware****

Check Point’s Global Threat Index also **revealed** insights into ransomware activities, including data from approximately 200 ransomware “shame sites” operated by double-extortion ransomware groups.

Lockbit3, **despite its shutdown**, not only **returned** also but remained the most prevalent ransomware group in February, responsible for 20% of reported incidents. Play and 8base followed closely, with 8% and 7% of incidents, respectively. Play, which entered the top three for the first time, was responsible for a **recent cyberattack** on the city of Oakland.

Additionally, the report highlighted the most exploited vulnerabilities globally in February. The “Web Servers Malicious URL Directory Traversal” vulnerability affected 51% of organizations, followed by “Command Injection Over HTTP” and “Zyxel ZyWALL Command Injection,” each impacting 50% of organizations.

****Protect Your WordPress Website****

Here are 6 important tips to protect your WordPress website:

****Strong Login Credentials:****

*   Always use a strong and unique password for your WordPress admin account. Avoid using easily guessable information like your name, birthday, or pet’s name.
*   Consider using a password manager to generate and store strong passwords for all your online accounts.
*   Enable two-factor authentication (2FA) for an extra layer of security. This requires a second verification code, typically sent to your phone, in addition to your password when logging in.

**Regular Updates:**

*   Regularly update your WordPress core, themes, and plugins. Updates often contain security patches that address newly discovered vulnerabilities.
*   You can enable automatic updates in the WordPress dashboard to ensure your website stays up-to-date.

**Security Plugins:**

*   Consider installing a security plugin to add additional layers of protection to your website. These plugins can help monitor your website for malware, block suspicious activity, and protect against brute-force login attempts.

**Backups:**

*   Regularly back up your website files and database. This will allow you to restore your website to its previous state if it is compromised by a cyberattack.
*   There are several plugins available that can automate the backup process.

****Limit User Access:****

*   Only grant users the minimum level of access they need to perform their tasks. For example, if a user only needs to edit blog posts, there is no need to give them administrator privileges.

****Secure Hosting Provider**:**

Choose a reputable web hosting provider that prioritizes security measures. While choosing a hosting service, always look for features like the following:

*   Regular security audits and vulnerability assessments.
*   Automatic malware scanning and removal.
*   Firewalls and intrusion detection systems.
*   Secure data centres with physical and digital access control.

1.  Fake Lockdown Mode Exposes iOS Users to Malware Attacks
2.  Fake Skype, Zoom, Google Meet Sites Infect Devices with RATs
3.  The Fake Fix: New Chae$ 4.1 Malware Hides in Driver Downloads
4.  Hackers on WordPress Websites Hacking Spree with Balada Malware
5.  Fake Resumes, Real Malware: TA4557 Exploits Recruiters for Backdoor

Source

HackRead