By Waqas
The data breach occurred a few days before Christmas on December 21, 2023, but the details have only been revealed now.
This is a post from HackRead.com Read the original post: Jason’s Deli Data Breach Exposes 344,000 Users in Credential Stuffing Attack

As per the data breach notification filed by the company with Maine’s attorney general office, hackers gained access to customers’ usernames and passwords, along with other sensitive data.

Popular American fast-casual restaurant chain Jason’s Deli has been hit by a data breach, exposing the personal information of millions of customers. The incident, a credential stuffing attack, occurred in December 2023 and affected approximately 344,000 users.

It is worth noting that hackers employed the same attack technique during the 23andME data breach, a DNA testing service. The company, however, shifted the blame onto the victims, loosely arguing that the breach could have been prevented if the affected individuals had not used the same password on other accounts.

****Credential Stuffing Attack****

As per the data breach notification filed by the company with Maine’s attorney general office, the incident was identified and took place on 21 December 2023. During the attack, hackers gained unauthorized access to Deli Dollar and online account login credentials of approximately 344,000 users.

The attackers used a technique known as credential stuffing, which involves taking usernames and passwords stolen from other data breaches and trying them on different websites.

When it comes to login credentials, hackers were able to access customers’ usernames and passwords. Other potentially exposed data includes the following:

*   Names
*   date of birth
*   Contact Lists
*   Order history
*   phone numbers
*   email addresses
*   Deli Dollars points
*   House account number
*   Preferred Jason’s Deli location
*   Redeemable amounts and banked rewards
*   Truncated gift card and credit card numbers.

However, the company maintains that the attackers would likely have had limited access, unable to view your complete payment or gift card number—possibly only the last four digits.

Jason’s Deli has apologized for the data breach and assured customers that they are taking steps to improve their cybersecurity. The company has stated that they are conducting a review of its security protocols and implementing additional safeguards to prevent future attacks.

For insights into the data breach, we reached out to Lionel Litty, Chief Security Architect at Menlo Security who emphasised that companies must implement Multi-Factor Authentication on customers’ accounts.

“While Multi-Factor Authentication (MFA) is crucial for password reuse and credential stuffing, not all MFA solutions offer equal protection but to truly get the full value from MFA and ensure comprehensive protection, organizations must invest in phishing-resistant MFA,” Litty explained.

“By doing so, they not only mitigate the risks associated with password compromise but also elevate their overall cybersecurity posture. Remember, the technology you use matters and will produce better outcomes,” he said.

****Impact on Customers****

The data breaches at Jason’s Deli have raised concerns about the security of customer information and the potential for identity theft. Customers whose information was exposed in the credential stuffing attack are at risk of having their online accounts hacked.

Jason’s Deli has advised customers to monitor their financial statements for any unauthorized activity and to report any suspicious charges to their bank or credit card company. The company has also provided information on how to protect themselves from identity theft.

****Hackread.com’s Recommendations for Customers****

If you are a Jason’s Deli customer, it is important to take steps to protect your personal information. Here are a few recommendations:

*   Monitor your financial statements for any unauthorized activity.
*   Report any suspicious charges to your bank or credit card company.
*   Be cautious about clicking on links or opening attachments in emails from unknown senders.
*   Use strong passwords and enable two-factor authentication on your online accounts.
*   Change your password for your Jason’s Deli online account and any other accounts where you use the same password.

The data breaches at Jason’s Deli serve as a reminder of the importance of protecting our personal information. By taking steps to be more vigilant and security-conscious, we can help reduce the risk of becoming a victim of identity theft or other cybercrime.

****_RELATED ARTICLES_****

1.  DDoS Attacks Disrupted Russian Alcohol Supply Chain
2.  FBI warns of ransomware attacks against Food sectors
3.  Global Retailer BuyGoods.com Leaks 198GB of User Data
4.  LockBit Ransomware Gang Claims Subway as New Victim
5.  Iranian Food Delivery Giant Snappfood Hacked: 3TB of Data Stolen

Jason’s Deli Data Breach Exposes 344,000 Users in Credential Stuffing Attack

By Waqas
The dark side of the Artificial Intelligence (AI) - UK's NCSC Cyber Threat Assessment warns surge in AI-driven ransomware Surge.
This is a post from HackRead.com Read the original post: Artificial Intelligence Heightens Ransomware Threat, UK Cyber Security Center Warns

The report outlines that Artificial Intelligence (AI), currently utilized by cybercriminals, is lowering entry barriers for less experienced threat actors, including hackers-for-hire and hacktivists.

In its Risk Register 2023 report, the UK government designated AI as a “Chronic Risk.” Now, the National Cyber Security Centre (NCSC) has warned about the escalating global ransomware threat, attributing the rise to the increasing incorporation of Artificial Intelligence (AI) in malicious cyber activities.

The recently released AI-Cyber Threat Assessment by NCSC highlights the role of AI in amplifying both the volume and impact of cyber attacks. Amid the success of OpenAI’s ChatGPT, it is crucial to note that malicious threat actors have exploited the chatbot, giving rise to the creation of nefarious AI-powered counterparts such as WormGPT and FraudGPT.

The report outlines that AI, currently utilized by cybercriminals, is lowering entry barriers for less experienced threat actors, including hackers-for-hire and hacktivists. This empowerment enables more efficient access and information-gathering operations, thereby expanding the reach of cyber threats. The heightened accessibility and AI’s ability to refine victim targeting are anticipated to intensify the ransomware threat globally over the next two years.

Ransomware remains a pervasive cyber threat for UK organizations and businesses, prompting cybercriminals to adapt their strategies for increased efficiency and profit. In response, the UK Government has committed £2.6 billion through its Cyber Security Strategy to strengthen the nation’s resilience.

James Babbage, Director General for Threats at the National Crime Agency, said:

> _“Ransomware continues to be a national security threat. As this report shows, the threat is likely to increase in the coming years due to advancements in AI and the exploitation of this technology by cybercriminals._
> 
> _“AI services lower barriers to entry, increasing the number of cybercriminals, and will boost their capability by improving the scale, speed and effectiveness of existing attack methods. Fraud and child sexual abuse are also particularly likely to be affected._
> 
> _“The NCA will continue to protect the public and reduce the serious crime threat to the UK, including by targeting criminal use of GenAI and ensuring we adopt the technology ourselves where safe and effective.”_
> 
> James Babbage – National Crime Agency (NCA)

According to the report, both the NCSC and private industry are actively incorporating AI into cybersecurity practices, focusing on advanced threat detection and security by design. “The dangers posed and damages caused by ransomware attacks are also acknowledged by the United States. Therefore, in November 2023, a 40-country alliance was announced to collectively combat the evolving threat.”

Suid Adeyanju, CEO of Riversafe, and a cybersecurity expert, emphasized the critical need for organizations to enhance their threat intelligence. Adeyanju urged a comprehensive strategy that combines advanced technologies with increased observability. Stressing the importance of thorough training for all staff, he emphasized the growing risk cyber threats pose to unprepared businesses.

The UK, hosting the AI Safety Summit at Bletchley Park in November 2023, endorsed The Bletchley Declaration. This initiative, a global effort, aims to address risks associated with AI’s cutting-edge developments and promote its secure and responsible advancement.

The thriving AI sector in the UK, currently employing 50,000 individuals and contributing £3.7 billion to the economy, aligns with the government’s commitment to advancing the national economy and job market in tandem with technological progress, as outlined in the Prime Minister’s five key priorities.

****_RELATED ARTICLES_****

1.  5 Biggest Ransomware Attacks of All Time
2.  Lessons from the Holy Ghost Ransomware Attacks
3.  FBI and CISA Issue Joint Advisory on Snatch Ransomware Threat
4.  Kaspersky Reveals Alarming IoT Threats and Dark Web DDoS Boom
5.  White House Cybersecurity Strategy: Software Firms Liable for Breaches

Artificial Intelligence Heightens Ransomware Threat, UK Cyber Security Center Warns

By Waqas
Hailing from Wilmington, Delaware BuyGoods.com boasts a user base of 3 million consumers spanning across 17 countries.
This is a post from HackRead.com Read the original post: Global Retailer BuyGoods.com Leaks 198GB of Internal and User PII, KYC data

The staggering 198.3 gigabytes of misconfigured database contained more than 260,000 records including customer selfies with unredacted credit cards.

Cybersecurity researcher Jeremiah Fowler recently uncovered a misconfigured cloud database that had left a wealth of sensitive data exposed. The affected database contained records attributed to customers of BuyGoods.com, alternatively recognized in the industry as Softwareproject.

For your information, in their own words, “BuyGoods.com is a global ecommerce marketplace and business management platform for product owners, marketers, and online shoppers.” Hailing from Wilmington, Delaware BuyGoods.com boasts a user base of 3 million consumers spanning across 17 countries.

****What data was leaked?****

The exposed database, totalling 198.3 gigabytes in size, lacked any form of security authentication, being openly accessible to the public. Within this unprotected database were more than 260,000 records, containing a comprehensive range of information. This included details regarding affiliate payouts, refund transactions, invoices, accounting records, and various other forms of data.

What’s worse, the exposed server also laid bare the personal records of customers and affiliates, containing highly sensitive Personally Identifiable Information (PII) and Know Your Customer (KYC) data.

This exposed information included customers’ selfies alongside their personal identification cards, licenses, passports, and even **_unredacted_** credit card details. The global impact of this privacy breach could have been substantial, as these records spanned individuals from various parts of the world.

In a blog post for WebsitePlanet, Fowler disclosed that he promptly notified BuyGoods.com about the security issue. Despite the company’s swift acknowledgement and assurance that the data had been secured, Fowler discovered that the server remained exposed days after his responsible disclosure.

_“_I immediately sent a responsible disclosure notice and received the following message via e-mail: _“Thank you for letting us know about this. The access issue to the directories list has now been resolved. We are moving all PII data away from those public buckets”_. Despite efforts to resolve the issue, it appeared that the database was still accessible for some time before being restricted,_”_ Fowler explained.

It is crucial to highlight that the screenshots were initially unredacted and only underwent redaction by Fowler before being published in their report to the public.

****Potential Threats****

Misconfigured servers carrying PII or KYC data pose a massive threat to the online privacy and physical security of unsuspected customers. What some may label as a simple data leak can become a nightmare.

In the wrong hands, this sensitive information can fuel identity theft, leading to financial fraud and unauthorized access to personal accounts. Moreover, criminals may exploit the stolen data for malicious activities, creating fake profiles, and jeopardizing security and public safety.

The aftermath of such a breach could result in widespread chaos, compromising the trust individuals place in digital systems and the protection of their most private information.

****Securing a Misconfigured Database****

Admins can take several measures to address the issue of misconfigured databases or servers. Here are some of the key steps that should be vital in database security and protection:

1.  **Regular Audits and Assessments:**  
    Conduct regular audits and assessments of database configurations to identify vulnerabilities and misconfigurations. This proactive approach helps in detecting issues before they can be exploited by malicious actors.
2.  **Implement Least Privilege Principle:**  
    Limit user access rights to the minimum necessary for their roles. Applying the principle of least privilege reduces the potential impact of a security breach by restricting unauthorized access to sensitive data.
3.  **Use Strong Authentication and Access Controls:**  
    Enforce strong authentication mechanisms, such as multi-factor authentication, to enhance the security of access credentials. Additionally, implement robust access controls to ensure that only authorized individuals can make changes to the database configurations.
4.  **Encrypt Sensitive Data:**  
    Encrypt sensitive data both at rest and in transit. This adds an extra layer of protection, making it harder for unauthorized users to extract meaningful information even if they gain access to the database.
5.  **Regularly Update and Patch Systems:**  
    Keep database systems and server software up to date with the latest security patches. Regular updates help to address known vulnerabilities and enhance the overall security posture of the system.
6.  **Monitor and Log Activities:**  
    Implement comprehensive monitoring and logging mechanisms to detect unusual activities or unauthorized access promptly. Monitoring tools can help admins identify potential security incidents and respond swiftly.
7.  **Educate Personnel:**  
    Train and educate administrators and other personnel about the importance of proper configuration practices and the potential risks associated with misconfigurations. Creating awareness can contribute to a culture of security within the organization.
8.  **Automated Configuration Management:**  
    Utilize automated configuration management tools to ensure consistency and accuracy in server configurations. Automation reduces the likelihood of human error and helps maintain a secure and standardized environment.
9.  **Incident Response Plan:**  
    Develop and regularly update an incident response plan to guide admins in the event of a security incident. This plan should include steps to investigate, contain, eradicate, and recover from a misconfiguration-related breach.
10.  **Engage External Security Auditors:**  
    Periodically engage external security experts to conduct thorough assessments and penetration testing. External audits provide an unbiased perspective and can uncover vulnerabilities that may be overlooked internally.

****_RELATED ARTICLES_****

1.  Call Center Provider Experiences Major Data Leak
2.  FOX News Exposed 13 Million Sensitive Records Online
3.  Cosmetic giant Estée Lauder exposed 440 million records online
4.  Z2U Market Leak Exposes Access to Illicit Services and Malware
5.  Texas School Safety Software Data Leak Endangers Student Safety
6.  “Biggest webmaster forum” Digital Point exposes trove of user data

Global Retailer BuyGoods.com Leaks 198GB of Internal and User PII, KYC data

By Deeba Ahmed
From Footlongs to Stolen Bytes: Subway Faces Potential Ransomware Nightmare.
This is a post from HackRead.com Read the original post: LockBit Ransomware Gang Claims Subway as New Victim

The LockBit ransomware gang has given Subway a deadline of February 2, 2024, to pay the ransom, or their data will be leaked.

International fast-food restaurant chain Subway is facing a potential PR nightmare due to an alleged ransomware attack carried out by the notorious LockBit ransomware gang. Reports suggest Subway’s systems were compromised by the LockBit gang, known for its aggressive tactics.

Subway has launched an investigation after the LockBit ransomware group claimed to have hacked the company’s SUBS internal systems and stole a trove of data. The ransomware-as-a-service provider added the company to its data leak site, stating that one of its affiliates stole gigabytes of sensitive data.

LockBit stated that they are giving some time for the group to protect the data “which includes hundreds of gigabytes of data and all financial of the franchise, including employee salaries, franchise royalty payments, master franchise commission payments, restaurant turnovers, etc.” If they do not, the group will sell it to competitors. The company has added the company to its data leak site.

The message was posted on January 21, and the attackers have given Subway time until February 2 to pay a ransom. However, Subway’s spokesperson claims the company is still validating the hackers’ claims.

LockBit’s message on its dark web site (Screenshot credit: Hackread.com)

For your information, LockBit is one of the most active ransomware groups, victimizing thousands of organizations. In June 2023, the US government reported that the LockBit gang has targeted 1,700 entities in the US since 2020, making over $90 million in ransom payments.

What’s surprising for many in this incident is that Subway was unaware of the ransomware attack. However, this isn’t strange because, lately, hackers are skipping the ransomware attacks’ encryption part and focusing on stealing data since designing, developing, maintaining, and deploying ransomware has become too difficult. Companies have substantially improved their data backup and defence; therefore, threat actors steal data and demand payment for not disclosing it publicly.

It is worth noting that Subway has 20,000 locations worldwide and over 400,000 employees, so the data leak could have lasting implications for its customers if it happened. To protect yourself from online threats, be cautious when clicking links or opening attachments, use strong passwords, enable two-factor authentication, keep software and operating systems updated, and invest in reputable antivirus and anti-malware software. Practice good cyber hygiene for the best defence against cybercrime.

****_RELATED ARTICLES_****

1.  Bangkok Airways hit by Lockbit ransomware; leaks 103GB of data
2.  Accenture claims to fight off LockBit ransomware gang with backup
3.  LockBit ransomware gang blames victim for DDoS attack on its website
4.  LockBit 3.0 Posts Dubious Claims of Breaching Darktrace Cybersecurity Firm
5.  Cyber Security Giant Mandiant Denies Hacking Claims By LockBit Ransomware

LockBit Ransomware Gang Claims Subway as New Victim

By Uzair Amir
In today’s ever-evolving cyberspace, organizations face an ever-increasing number of cyber threats. Malicious actors are constantly seeking to…
This is a post from HackRead.com Read the original post: Data Security: Leveraging AI for Enhanced Threat Detection and Prevention

In today’s ever-evolving cyberspace, organizations face an ever-increasing number of cyber threats. Malicious actors are constantly seeking to exploit vulnerabilities to gain advantage or engage in harmful activities. As businesses continue to adopt digital transformation, it becomes crucial to implement data security measures.

One promising solution gaining popularity is the use of artificial intelligence (AI) technologies to enhance threat detection and prevention. By leveraging AI alongside stringent security protocols, organizations can better safeguard their data assets and protect their intellectual property.

****The Role of AI in Data Security****

Artificial intelligence encompasses a range of technologies, including machine learning and natural language processing, that allow systems to mimic human behaviour when processing large amounts of data. In the domain of data management security, AI proves invaluable by identifying patterns, detecting anomalies, and swiftly recognizing threats faster than any human could.

Many cyber attacks leave behind signatures or patterns that can be identified by algorithms. For example, AI-powered systems can analyze real-time network traffic to promptly identify suspicious behaviour or detect known malware signatures. Additionally, AI algorithms continuously learn from the threats encountered over time, continually improving their accuracy in detecting threats.

****Utilizing Machine Learning Algorithms****

Machine learning algorithms play a role in using AI to improve threat detection and prevention. These algorithms analyze real-time data to train models that can identify patterns and detect anomalies on a large scale automatically.

By examining vast amounts of data from multiple sources, machine learning algorithms gain insights into user behaviour patterns related to unauthorized activities and security breaches. They establish baselines by analyzing data, making them effective in accurately detecting deviations from expected behaviour.

Additionally, machine learning algorithms help automate incident response procedures by centralizing alerts based on predefined rulesets tied to risk thresholds. This proactive approach enables IT teams to address threats promptly instead of waiting for end-user reports.

****Threat Intelligence with Natural Language Processing****

Natural language processing (NLP) adds another dimension to the AI-powered data security landscape. One application of NLP involves extracting insights from cybersecurity reports and quickly breaking down complex information.

Using sentiment analysis algorithms, NLP can evaluate the impact of newly disclosed vulnerabilities on public forums and social media networks. This consolidated intelligence streamlines the identification process for emerging threats or vulnerabilities to be exploited by cybercriminals.

****Improving User Behavioral Analytics****

Gaining insights into security risks within an organization’s network infrastructure relies on understanding user behaviour patterns. By leveraging AI-driven user behavioural analytics, organizations can create profiles of what constitutes user behaviours. This is achieved by considering factors such as the time spent on applications, destinations of network traffic, and the history of file access.

Once the system establishes patterns, it can promptly raise alerts whenever deviations or anomalies occur. This proactive approach significantly reduces response time in addressing incidents that might be overlooked using security methodologies.

****Addressing Uncertainty with Explainable AI****

Explainable AI plays a role in inspiring confidence in AI-powered detection systems. Explainability ensures that humans can understand the patterns identified by machine learning models and provides clarity on how decisions are made.

Organizations should prioritize adopting AI solutions that offer transparency in decision-making processes through clear model outputs supported by audit trails. Having explanations behind flagged activities assures stakeholders that these detections were based on reasoning rather than mere computational guesswork.

****Conclusion****

The landscape of data security is continuously evolving due to increasing sophistication in cyber threats. By integrating artificial intelligence technologies with established security measures, organizations can gain a considerable edge in mitigating risks and protecting their invaluable data assets. The capacity of AI to efficiently analyze large volumes of data and identify patterns enables faster detection and prevention of potential breaches.

Through learning and adaptation, AI fortifies the security stance of organizations, enhancing their resilience against emerging cyber threats. Embracing AI for data security is increasingly becoming imperative for businesses aiming to maintain an edge in the ever-evolving digital era.

1.  Volkswagen Goes AI, Integrates ChatGPT into its Vehicles
2.  Evolution of AI Assistants: Breakthroughs in Software Development
3.  Poisoned Data, Malicious Manipulation: NIST Study Reveals AI Vulnerabilities
4.  12 Best AI-powered Customer Communication Platforms for Contact Centers
5.  Reflectiz Introduces AI-powered Insights on Top of Its Smart Alerting System

Data Security: Leveraging AI for Enhanced Threat Detection and Prevention

By Uzair Amir
In today’s evolving trends, businesses are constantly searching for ways to streamline their operations and enhance efficiency. One…
This is a post from HackRead.com Read the original post: Barcode Scanning Solutions: Enhancing Accuracy in Asset Tracking Systems

In today’s evolving trends, businesses are constantly searching for ways to streamline their operations and enhance efficiency. One area where this becomes particularly important is in asset tracking systems.

Whether it’s keeping track of inventory in a store, monitoring equipment in a hospital, or managing assets in a warehouse, accurate and efficient asset tracking is crucial for businesses of all sizes and industries. In the pursuit of improving accuracy within asset tracking systems, barcode scanning solutions have emerged as a game changer.

Barcode scanning solutions are hardware and software that enable the precise reading of barcodes. These barcodes consist of lines or patterns that represent information, such as product details or unique identifiers. Asset tags with barcodes are widely used in many industries due to the various benefits they provide.

****Benefits of Barcode Scanning Solutions********Accuracy****

Barcode scanning solutions offer precision when it comes to asset tracking systems. By eliminating errors associated with data entry, businesses can significantly reduce discrepancies in inventory counts and enhance overall operational efficiency.

****Speed****

With barcode scanning solutions, the time-consuming task of inputting each item’s information is eliminated. Instead, employees can simply scan items using devices or integrated scanners, significantly expediting the process.

****Real-time Updates****

Barcode scanning solutions offer the advantage of providing updates by transferring data to integrated software systems. This ensures that vital information regarding inventory levels, locations, maintenance schedules, and other crucial data is constantly updated and easily accessible.

****Improved Inventory Management****

Efficient and accurate inventory management is essential for businesses aiming to optimize their operations. Barcode asset tags and scanning solutions simplify this process by allowing businesses to monitor stock levels across locations precisely, automatically generating reorder requests when necessary.

****Types of Barcode Scanning Solutions********Handheld Scanners****

Handheld scanners are devices commonly used by employees for direct barcode scanning. These scanners can be wired or wireless and are known for their ease of use and reliability. With advancements, many handheld devices now include integrated touch screens and user-friendly interfaces for efficiency.

****Mobile Devices with Integrated Scanning****

In recent years, there has been a growing popularity in using mobile devices such as smartphones and tablets equipped with built-in barcode scanning capabilities. This approach allows businesses to leverage their existing hardware, reducing costs while maximizing convenience.

****Stationary Scanners****

Designed for large-volume scanning environments, stationary scanners are fixed machines that capture multiple barcodes simultaneously. Such barcode scanners are commonly used in warehouse settings or at store checkout counters. These scanners provide identification of multiple items at once.

****Integration with Asset Tracking Software********Seamless Integration****

The best barcode scanning solutions smoothly integrate with asset tracking software systems, making it easier to handle data. This ensures that there are no errors when transmitting and synchronizing data between the scanner and software, ultimately boosting accuracy and productivity.

****Tracking Capabilities****

By integrating barcode scanning solutions with asset tracking software, businesses can effectively monitor aspects of their assets’ lifecycles. From acquisition to disposal, companies can easily track the location of items, their maintenance history, warranty information, and more through a system.

****Customization Options****

Each industry has its tracking requirements. Barcode scanning solutions that offer customization options allow businesses to tailor their asset tracking systems to meet needs. Whether adding custom fields or developing features within the software interface, customization empowers users to maximize their system’s capabilities.

****Conclusion****

Barcode scanning solutions have improved accuracy in asset tracking systems by enhancing efficiency and reducing errors associated with data entry. Whether you’re using scanners or incorporating devices with scanning capabilities, implementing these solutions brings about advantages like precise inventory management and instant updates.

By integrating these solutions with software systems for tracking assets, businesses can optimize their operations further by monitoring multiple aspects of an asset’s lifecycle and tailoring the system to meet specific requirements.

Choosing to embrace barcode scanning solutions is a choice for any business aiming to boost accuracy in their asset tracking systems, streamline operations, and ultimately enhance their performance.

****_RELATED ARTICLES_****

1.  The Role of Software Escrow in Mitigating Business Risks
2.  Data Security Threats for Businesses: Strengthen Your Defense
3.  Using GenAI in Your Business? Here Is What You Need To Know
4.  Finclusive, Verida, and cheqd Launch Reusable KYC/KYB Solution
5.  2024 Trends for Securing Business Premises: Essential Technologies

Barcode Scanning Solutions: Enhancing Accuracy in Asset Tracking Systems

By Deeba Ahmed
TeamViewer has been identified as the access point in two separate ransomware attacks targeting different companies.
This is a post from HackRead.com Read the original post: TeamViewer Exploited to Obtain Remote Access, Deploy Ransomware

The cybersecurity researchers at Huntress have issued a warning about a recent surge in cyber attacks, highlighting a new strategy employed by cybercriminals who are exploiting TeamViewer to deploy LockBit ransomware.

TeamViewer has a history of being exploited in large-scale cyber attacks. Recently, once again, cybersecurity experts have observed a surprising surge in cybercriminals’ attempts to exploit TeamViewer, a trusted remote access tool, to deploy LockBit ransomware, potentially exposing users to data encryption and extortion demands.

Researchers claim attackers exploit vulnerabilities in TeamViewer to gain initial access to victim devices and then deploy the aggressive LockBit ransomware, which encrypts critical files and demands substantial ransom payments for decryption.

Although infections were either contained or averted, no ransomware operation has been officially associated with the intrusions. The payload resembled LockBit ransomware encryptors. It is worth noting that in 2022, the ransomware builder for LockBit 3.0 was leaked, allowing the Bl00dy and Buhti gangs to launch their campaigns.

For your information, TeamViewer is a popular remote access tool in the enterprise world. Unfortunately, it has been exploited by scammers and ransomware actors to access remote desktops and execute malicious files for years. In March 2016, numerous victims reported their devices being breached via TeamViewer and attempts made to encrypt files with the Surprise ransomware.

Back then, TeamViewer’s unauthorized access was attributed to credential stuffing, where attackers used users’ leaked credentials instead of exploiting a zero-day vulnerability.

The software vendor explained that online criminals often log on with compromised accounts to find corresponding accounts with the same credentials, potentially allowing them to access all assigned devices for malware or ransomware installation.

The latest analysis from Huntress SOC analysts reveals that cybercriminals continue to use old techniques, abusing TeamViewer to take over devices and deploy ransomware. In one of the instances, as observed by Huntress, a single threat actor used TeamViewer to compromise two endpoints by deploying a DOS batch file on the desktop, and executing a DLL payload.

In both cases, Huntress researchers observed similarities, hinting that a common attacker could be responsible. Huntress observed multiple employee accesses to the first compromised endpoint, indicating that it was used for legitimate administrative tasks. The second endpoint, running since 2018, had no activity in logs for three months, indicating that it is less monitored and potentially more attractive to attackers.

> “An investigation into each endpoint illustrated that initial access to each endpoint was achieved via TeamViewer. The final entry from the TeamViewer connections\_incoming.txt log file showed the threat actor’s access to each endpoint.”
> 
> Huntress

TeamViewer attributes unauthorized access cases to issues in the tool’s default security settings. The attacks appear to be using the password-protected LockBit 3 DLL. However, Bleeping Computer identified a different sample uploaded to VirusTotal that was detected as LockBit Black but it wasn’t using the standard LockBit 3.0 ransomware note, suggesting another ransomware gang’s involvement in creating the builder.

Reports suggest attackers have not launched a widespread campaign yet, which means there is potential for expansion. To protect yourself, update TeamViewer software, enable two-factor authentication, be wary of suspicious connections, and invest in vital cybersecurity solutions like antivirus, anti-malware, and endpoint detection and response (EDR) tools to detect and prevent potential threats.

For insight into the latest development, we reached out to Xage Security’s CEO Geoffrey Mattson who shared the following statement regarding the exploitation of TeamViewer:

“This attack underscores a growing trend in cyber threats, wherein cyber adversaries exploit vulnerabilities in legacy security and virtualization software and steer away from traditional targets like browsers and endpoints. Notably, VPNs, Firewalls, VDIs, and Remote Access Tools have become prime vectors for multi-stage attacks, prompting the Cybersecurity and Infrastructure Security Agency (CISA) to issue new advisories, such as “Protecting Against Malicious Use of Remote Monitoring and Management Software.”

“The vulnerability is compounded by another challenge – TeamViewer is often installed as “shadow IT” by employees looking for easier access solutions than the official option at their company,” said Geoffrey. “That means the security and IT teams may not even know about the existence of TeamViewer in their environment, and thus won’t know that they’re exposed to this attack vector. The complexity of existing enterprise remote access solutions leads employees to create security risks. Ease-of-use is a security issue,” he warned.

****_RELATED ARTICLES_****

1.  **TeamViewer was Targeted by Chinese Hackers in 2016**
2.  **Employee PC hacked via TeamViewer in water supply poisoning**
3.  **TeamViewer Vulnerability Lets Attackers Take Full Control of PCs**
4.  **Fake TeamViewer download ads distributing new ZLoader variant**
5.  **Hackers targeting embassies with trojanized version of TeamViewer**

TeamViewer Exploited to Obtain Remote Access, Deploy Ransomware

By Waqas
The latest Trezor data breach places users at risk of phishing scams, potentially leading to the theft of additional login credentials.
This is a post from HackRead.com Read the original post: Trezor Data Breach Exposes Email and Names of 66,000 Users

Trezor, the hardware wallet manufacturer, has disclosed a data breach involving unauthorized access to a third-party support portal used by the company.

In a worrying development for cryptocurrency enthusiasts, hardware wallet manufacturer Trezor disclosed a data breach on January 20, 2024, that potentially exposed the contact information of nearly 66,000 users.

While the company assures that no user funds were compromised, the incident highlights the importance of cybersecurity even for hardware wallets, which are often touted as the most secure way to store digital assets.

****What Happened?****

The breach involved unauthorized access to a third-party support portal used by Trezor. The incident occurred on January 17, 2024, and potentially affected users who interacted with the support team since December 2021. The exposed information included email addresses and usernames, however, Trezor confirmed that the attacker did not access the phone numbers or postal addresses of victims.

> _We are making every effort to work with the third-party service provider to comprehensively investigate the incident. However, our internal audit of the incident suggests potential access to contact details, limited to email and name/nickname._
> 
> Trezor

**Why is This Concerning?**

Even though user funds and addresses remain safe, the exposed contact information puts users at risk of phishing attacks. Hackers could use this information to send targeted emails impersonating Trezor and attempt to steal users’ login credentials or private keys. These keys are essential for accessing and managing cryptocurrency holdings, and if compromised, could lead to significant financial losses.

Here is an image capturing the email sent to users by the malicious actor during the security breach. (Screenshot via Trezor’s blog post)

****What Trezor is Doing****

Trezor has taken several steps in response to the breach:

*   **Notified all 66,000 potentially affected users via email.**
*   **Emphasized that user funds were not compromised.**
*   **Investigated the incident and took steps to prevent future breaches.**
*   **Advised users to be wary of phishing attempts and to take steps to protect their online accounts.**

****What Users Can Do****

If you are a Trezor user and received an email about the breach, here are some steps you can take to protect yourself:

1.  **Be cautious of any emails claiming to be from Trezor.** 
2.  **Do not click on any links or open any attachments in suspicious emails.**
3.  **Change your Trezor PIN and password immediately.**
4.  **Enable two-factor authentication for your Trezor account.**
5.  **Regularly update your software and operating system.**
6.  **Report any suspicious activity to Trezor support.**

****Impact of the Breach****

The Trezor data breach is a reminder that no system is foolproof, even for hardware wallets. While user funds were not compromised in this incident, it serves as a wake-up call for the cryptocurrency community to be vigilant about cybersecurity. Users should be aware of the risks associated with **phishing attacks** and take steps to protect themselves.

****_RELATED ARTICLES_****

1.  **6 of the Best Crypto Bug Bounty Programs**
2.  **Outdated Wallets Threatening Billions in Crypto Assets**
3.  **Crypto Scammers Exploit Gaza Crisis in Donation Scam**
4.  **We Need Smarter Smart Contracts To Prevent DeFi Hacks**
5.  **Scammers Use Fake Ledger App on Microsoft Store to Steal $800K**
6.  **Inferno Drainer Phishing Nets Scammers $80M from Crypto Wallets**
7.  **“Get Paid to Like Videos”? This YouTube Scam Leads to Empty Wallets**

Trezor Data Breach Exposes Email and Names of 66,000 Users

By Owais Sultan
One of the most needed functions in the CS console has always been a command that allows you…
This is a post from HackRead.com Read the original post: Bind For Cleaning Blood And Bullet Marks In Counter-Strike 2

One of the most needed functions in the CS console has always been a command that allows you to instantly remove all traces of blood and bullet marks on the walls. This bind is useful not only for aesthetic reasons — traces of blood have been proven to slightly reduce FPS in Counter-Strike 2.

If you want an effective game that will allow you to achieve success on par with the best pro players, this article from eZstah is for you. You can also further explore grim, KSCERATO from FURIA Esports, or twistzz CS2 settings on the Profilerr platform.

****Binds In CS2: What Is It?****

Many people know that CS2 has a fairly impressive set of commands. The classic version of their use involves activating the console and entering a certain set of characters manually.

It’s long and inconvenient. Another option is that some commands can be attached or changed in the game settings. But not everything is there. Plus, it’s not always convenient.

However, binds solve this problem! It is enough to configure everything once, and then everything will work by pressing a certain button!

The fact is that binds in KS2 are a special system that allows you to bind one or another command existing in the game to a specific button.

It turns out the following:

*   The gamer sets up the bind once – it should be linked via the console to a specific command to a specific button.
*   During the game or during pauses between battles, a person presses a button to execute a command.
*   The result is a quick response to commands. Control is carried out with maximum comfort and speed for the user.

****How to Set Up Binds in CS2****

Setting up binds as usual is not difficult. To configure a specific bind in KS2, you must follow the following instructions:

Activate the console in the game. Initially, this function is bound to the “~” key.

Enter bind: “button” “command”. The first quotes indicate the key to which a specific command will be bound, and the second quotes indicate the command itself.

****The Most Popular Binds in KS2****

CS2 has just a huge number of different commands. Naturally, there are more or less popular binds. Below is a list of those that are in greatest demand:

bind “button” “+cl\_show\_team\_equipment”

This bind provides highlighting of allies, showing their health and the type of weapon they are using. A useful command for players who take into account all the little things in their strategy.

bind “button” “toggle cl\_righthand”

This bind changes the game character’s right-handedness to left-handedness and back.

bind “button” “use weapon\_c4; drop”

With this bind, the player quickly throws the bomb out of his inventory, saving time in searching for it.

bind “button” “toggle voice\_enable”

This bind mutes the sound in the general chat.

bind “button” “buy m4a1; buy AK47”

This bind allows you to quickly buy an AK47, the type of which changes depending on who the person is playing as. Similarly, you can link the purchase of any game item. To do this, instead of the name AK47, the desired option is used – the list is easy to find on the Internet.

****How to Remove Blood in CS 2****

To activate the command you will need to launch the console. Usually, it opens with the ~ key. A window will open in which you can use various functions.

It is worth noting that the command that activates the disappearance of blood and traces of weapons only works for the person who launched it. For other players on the server, the picture will not change; they need to register the command themselves.

****Console Command to Remove Blood And Bullet Marks in CS 2****

Unlike CS:GO, in Counter-Strike 2 this feature does not work on all servers, since you need to enable cheat mode to use it. After pressing ~ and opening the console, you need to write:

sv\_cheats 1

Then press Enter. After activating the cheats, directly enter the command to clear the blood and bullets, and then press Enter again.

cl\_removedecals

After this, all traces of blood and the use of weapons should disappear from the map.

Bind to erase blood in CS 2

If you don’t want to write a command every time you want to clean the blood, use a bind. To use the Shift key on your keyboard instead of the console, enter this text into the console:

bind “SHIFT” “cl\_removedecals”

Instead of Shift, you can use any other button on the keyboard – F or G.

****Bind to Remove Blood And Bullet Marks When Moving in Counter-Strike 2****

You can make life even easier: enter the following text into the console and the blood will disappear every time you press the WASD movement keys:

*   bind “W” “cl\_removedecals”
*   bind “A” “cl\_removedecals”
*   bind “S” “cl\_removedecals”
*   bind “D” “cl\_removedecals”

****Bind to Erase Traces of Bullets And Blood in CS2 With The Left Mouse Button****

You can make the command work after each shot – instead of the name of the key, use MOUSE 1 (left mouse button). This bind can be used in conjunction with the bind above.

bind “MOUSE1” “cl\_removedecals”

****Command to Completely Remove Blood And Shots in CS 2****

Finally, here’s new command for the console in Counter-Strike 2. It allows you to completely get rid of all traces of blood and bullets – they simply will not appear until you enter the opposite command – you need to replace 0 with 1.

r\_csgo\_render\_decals 0

****Final Thoughts****

The average number of players in CS2 is over 750,000. The competition is high and only the most trained and fastest will win. To quickly react to events in CS2, you can use binds. This will make the process more enjoyable and will bring you closer to participating in USD reward matches.

****_RELATED ARTICLES_****

1.  **4 Best War Games You Should Play**
2.  **GAM3S.GG Raises $2M to Grow Web3 Gaming Superapp**
3.  **The Best FPS Games on Android In 2023: Popular by Demand**
4.  **Setting Strong Passwords: First Line of Defense for PS5 Security**
5.  **Gamers Warned of Potential CS2 Exploit That Can Reveal IP Addresses**

Bind For Cleaning Blood And Bullet Marks In Counter-Strike 2

By Deeba Ahmed
The latest Chae$ 4.1 sends a direct message to the cybersecurity researchers at Morphisec within the source code.
This is a post from HackRead.com Read the original post: The Fake Fix: New Chae$ 4.1 Malware Hides in Driver Downloads

The original Chae$ malware was identified in September 2023, and its latest version, dubbed Chae$ 4.1, employs advanced code polymorphism to bypass antivirus detection.

Morphisec Threat Labs has documented its findings on Chae$ 4.1, an update to the Chae malware Infostealer series, as part of its investigation of emerging cyber threats. The report explores the new Chae$ variant, highlighting its mechanics, implications, and safeguarding measures.

Back in September 2023, Morphisec shared its analysis on a new variant of Chae$ malware, dubbed Chae$4 with Hackread.com. The malware targeted login credentials, financial data, and other sensitive information of e-commerce customers particularly in Brazil. 

Chae$4 was quickly evolving, and in its latest research blog, Morphisec provided details on the updates in Chae$ 4.1, which includes an improved Chronod module and surprisingly, a direct message to the Morphisec team within the source code. Version 4.1 is a significant improvement over previous brute force and basic obfuscation methods.

The authors of the Chae$ 4.1 malware send a message to Morphisec researchers.

The infection chain begins with an email in the Portuguese language, claiming to be an urgent request from a lawyer concerning a legal case. The victim is then redirected to a deceptive website, (totalavprotectionshop/abrirProcesso.php?email=), where they are prompted to download a ZIP file. This website also functions as a deceptive website for TotalAV, directly delivering the MSI installer without the intermediary step of a ZIP file.

Another website, (webcamcheckonline), allegedly scans the machine for risks and updates the driver after scanning. After the victim clicks the BLOCK button, JavaScript gets executed in the background, mimicking a legitimate system scan, which presents a hardcoded list of files, creating the illusion of a comprehensive computer analysis of the device.

Once the scanning is complete, the attacker sends a message stating “Security Risk Detected” and prompts the victim to download an updated driver to eliminate the risk. The unsuspecting victim clicks on the button, which triggers a script named download.js to run the malicious installer.

With the installer activated, Chae$ 4.1 also gets triggered, and from this point, the attack chain follows a similar path as Morphisec discovered in previous analyses except for some advancements in the Chae$ framework, such as modifications in the Chronod module. After successful activation, exfiltrated data is delivered to the threat actor’s C2 and the Chae$ team panel login page.

The Chronod module intercepts user activity to steal information like login credentials and banking information. It spans over 2,000 lines of code and has been adjusted to steal credentials from specific services like WhatsApp, AWS, and WordPress. In version 4.1, the Chae$ team rewrote the module to be more generic and modular, dividing the logic into several classes instead of one class responsible for all functionality.

Chae$ 4.1 also employs advanced code polymorphism to bypass antivirus detection, and detect sandbox environments, raising concerns about its potential impact on users. 

Chae$ 4.1 malware’s infection chain

To stay safe, regularly update your operating system and software, use a layered security solution with advanced malware detection, be cautious when clicking on suspicious links or opening attachments, and regularly back up critical data. Staying informed and adopting robust security practices can help protect against cyberattacks.

****_RELATED ARTICLES_****

1.  **Fake Symantec Blog Caught Spreading Proton macOS Malware**
2.  **Hackers send explicit messages to riders on hacked e-scooters**
3.  **Scammers Distribute Malware to Drivers in Speeding Ticket Scam**
4.  **iPhone Spyware Exploits Obscure Chip Feature, Targets Researchers**
5.  **Fake PoC Script Used to Trick Researchers into Downloading VenomRAT**

Source

HackRead