By Habiba Rashid
The 0-day vulnerability in WinRAR, which has been exploited, is targeting traders and has successfully stolen funds from 130 victims so far.
This is a post from HackRead.com Read the original post: WinRAR users update your software as 0-day vulnerability is found

**KEY FINDINGS**

*   **A zero-day vulnerability in WinRAR has been exploited by hackers to target traders.**

*   **The flaw lets hackers conceal malicious scripts within seemingly innocent archive files.**

*   **The hackers have targeted specialized trading forums to distribute the malicious files.**

*   **Once a victim opens the malicious file, the hackers can gain unauthorized access to their brokerage accounts.**

*   **Approximately 130 traders have fallen victim to this scheme, and the financial losses are still being calculated.**

Cybersecurity experts have unveiled a concerning situation involving a zero-day vulnerability in the widely-used archiving tool, WinRAR. This vulnerability, which was discovered by cybersecurity company Group-IB, has been skillfully exploited by cybercriminals to compromise the security of traders and potentially pilfer funds.

The vulnerability centers around the processing of ZIP file formats by WinRAR. Essentially, it allows hackers to conceal malicious scripts within seemingly innocent archive files, such as images or text documents, thus deceiving victims into unknowingly opening them. Group-IB first identified this 0-Day vulnerability in June, but its researchers suspect that hackers have been taking advantage of it since April.

The attackers’ modus operandi revolves around targeting specialized trading forums. These malicious ZIP archives, cleverly disguised, found their way onto at least eight public forums. Although Group-IB has refrained from disclosing the names of these forums, it has confirmed that they cover a spectrum of subjects, from trading and investments to cryptocurrency-related discussions.

One of these forums, after detecting the presence of malevolent files, issued a warning to its users and took measures to block the attackers’ accounts. Despite this, Group-IB noted that the hackers demonstrated the ability to reactivate disabled accounts, allowing them to continue spreading their damaging files either through threads or private messages.

The aftermath of an unwitting victim opening one of these files is dire. Hackers gain unauthorized access to the victim’s brokerage accounts, providing them with the means to execute illicit financial activities and potentially withdraw funds. At the time of Group-IB’s report, approximately 130 traders had fallen victim to this scheme. However, specific financial losses remain uncertain.

A trader discussing how they were targeted in this campaign (Group -IB)

Remarkably, Group-IB managed to interview a victim who recounted an attempted money withdrawal by the hackers, which fortunately did not succeed. The identities of these cybercriminals remain shrouded in mystery. Nevertheless, Group-IB has identified the use of a Visual Basic trojan called DarkMe, which has previously been associated with the notorious “Evilnum” threat group.

Evilnum, also known as “TA4563,” has a track record of financially motivated activities primarily directed towards financial organizations and online trading platforms. While Group-IB recognized the DarkMe trojan, it was cautious in directly linking this campaign to the Evilnum group.

Taking responsible action, Group-IB promptly reported the vulnerability, and assigned CVE-2023-38831, to the makers of WinRAR, Rarlab. As a result, an updated version of WinRAR (version 6.23) was released on August 2nd, aimed at addressing this critical security concern.

Infection Chain (Group -IB)

WinRAR has been affected by vulnerabilities several times in the past. In October 2021, a remote code execution vulnerability was found in WinRAR’s free trial version 5.70, allowing attackers to execute arbitrary code on vulnerable systems. By manipulating a dialogue box, attackers could exploit the bug, potentially launching various attacks. The issue was addressed in WinRAR v. 6.02 released on June 14, 2021.

Further back in March 2019, it was discovered that WinRar has a code execution vulnerability lasting for 19 years. Over 100 exploits emerged, targeting users in the USA. Attackers could plant undetectable malware when users opened ZIP files, affecting all WinRar versions for the past 19 years. The malware activated on system reboot, with only a few antivirus programs detecting it. One exploit was disguised as a bootleg Ariana Grande album. 

If you use WinRAR, update your software ASAP!

WinRAR users update your software as 0-day vulnerability is found

By Owais Sultan
Ringless voicemail (RVM) is a technology that allows businesses to deliver pre-recorded messages directly to a customer's voicemail inbox without their phone ringing.
This is a post from HackRead.com Read the original post: Beyond Cold Calls: Ringless Voicemail As A Personalized Customer Engagement Tool

In the world of sales and marketing, cold calling (PDF) has long been a staple technique for acquiring new customers and generating leads. However, as the market becomes more saturated and sales teams try to reach customers across multiple channels, traditional cold calling has become less effective and frustrating for businesses and potential clients. For many, it’s time to move beyond cold calls and explore other options.

One such alternative that has gained popularity in recent years is ringless voicemail (RVM). This technology allows businesses to leave a message directly in a customer’s voicemail box without the phone ever ringing. With RVM, businesses can overcome some of the challenges and limitations of traditional cold calling, including time constraints, gatekeepers, and customer resistance. 

In this article, we’ll explore the benefits and use cases of RVM as a personalized customer engagement tool and examine why it’s becoming a standard practice in the sales and marketing landscape.

****What Is Ringless Voicemail (RVM)?****

Ringless voicemail (RVM) is a technology that allows businesses to deliver pre-recorded messages directly to a customer’s voicemail inbox without their phone ringing. Unlike traditional cold calls, RVM bypasses the need for a live conversation with the customer and instead delivers a personalized message that can be listened to at the customer’s convenience.

From a technical standpoint, when a business wants to send an RVM, a service provider calls the customer’s phone carrier and transfers the message payload directly into the voicemail system without causing the phone to ring. This technology leverages the voicemail infrastructure of cellular networks and serves as an efficient and effective means of reaching customers.

However, it’s important to note that the legality and regulations surrounding RVM vary by country and jurisdiction. In some regions, explicit consent from the recipient may be required, and there are specific guidelines on who can be contacted and for what purposes. Businesses utilizing RVM must familiarize themselves with the laws and regulations in their target markets to ensure compliance and maintain a positive reputation.

When comparing RVM to traditional voicemail drops, there is a clear distinction. Traditional voicemail drops involve manually dialling a phone number and leaving a live voice message when the call goes to voicemail. This method can be time-consuming and prone to errors. RVM, on the other hand, automates the process, allowing businesses to reach more customers quickly and efficiently.

Additionally, RVM provides the option to deliver a pre-recorded, polished message that can be carefully crafted and personalized for each recipient, maximizing the impact of the engagement. 

To know more about this, watch this brief video about RVMs:

**Advantages Of RVM Over Cold Calling**

In customer engagement, ringless voicemail (RVM) offers many advantages over traditional cold calling techniques. By leveraging RVM as a personalized customer engagement tool, businesses can reap the following benefits:

**Higher Engagement**: One of the key advantages of RVM is that it allows potential customers to listen to the message at their convenience. Unlike cold calling, which often interrupts busy schedules, meals, or important meetings, RVM allows customers to engage with the message when they have the time and inclination. This higher level of engagement increases the likelihood that the recipient will hear and consider the message.

**Less Intrusive**: Another advantage of RVM is that it is less intrusive than cold calling. Instead of interrupting people’s lives and demanding immediate attention, RVM respects their time. By delivering a voicemail directly to their inbox without their phone ever ringing, RVM allows customers to engage with the message on their terms, creating a more positive and less intrusive experience.

**Flexibility**: RVM allows businesses to tailor messages for specific demographics or target markets. Through RVM, businesses can create personalized and customized messages that resonate with their audience. Whether it’s adapting the tone, language, or content of the voicemail, RVM allows for a more targeted approach, increasing the effectiveness of the engagement and the chances of a positive response.

**Cost-effective**: Besides its convenience and effectiveness, RVM is also a cost-effective customer engagement tool. It often proves cheaper than traditional calling methods since it streamlines the process and eliminates the need for live customer conversations. With RVM, businesses can reach more potential customers in less time, thus maximizing their resources and ensuring a higher return on investment.

By capitalizing on the advantages of RVM over cold calling, businesses can enhance their customer engagement strategies and achieve higher levels of success in their sales and marketing efforts.

**Personalization With RVM**

Personalization is crucial in customer interactions in today’s competitive business landscape. It goes beyond the generic approach of mass communication. It aims to create tailored experiences that resonate with individuals more deeply. Ringless voicemail (RVM) offers businesses a unique opportunity to personalize customer engagement more meaningfully. Here are some tips for creating personalized RVMs:

**Segmenting your audience**: To effectively personalize your RVMs, start by segmenting your audience based on specific criteria such as demographics, behaviour, or preferences. By understanding your audience’s unique needs and interests, you can craft messages tailored to resonate with each segment. This segmentation allows you to deliver more targeted and relevant messages, increasing the likelihood of customer engagement.

**Crafting a compelling story or offer**: To capture your audience’s attention and create a personalized experience, crafting a compelling story or offer within your RVM is essential. Use storytelling techniques to make an emotional connection, address customer pain points, and demonstrate how your product or service can provide a solution. Focusing on the customer’s perspective and presenting a compelling value proposition can make your RVMs more engaging and persuasive.

**Including a clear call-to-action**: A clear and concise call-to-action is critical in any customer engagement strategy, including RVM. Communicate the next steps you want your customers to take, whether visiting a website, calling a specific number, or replying to the voicemail. Ensure the call-to-action is easy to understand and straightforward, guiding the recipient toward the desired outcome. This personalized prompt encourages immediate action and enhances the effectiveness of your RVM campaign.

**A/B testing different messages**: A/B testing is valuable for optimizing your RVM campaigns. Create variations of your messages, testing different approaches, content, and offers to see which performs best. You can identify what resonates most with your audience by comparing different messages’ responses and conversion rates. A/B testing allows you to refine and improve your RVMs continuously, resulting in more personalized and effective customer engagements.

You can create engaging and impactful customer interactions by prioritizing personalization in your RVM campaigns and implementing these tips. Personalization with RVM enhances customer experiences and increases the likelihood of achieving your marketing and sales goals.

**Best Practices For Using RVM As A Customer Engagement Tool**

As with any marketing or sales strategy, it’s important to follow best practices to ensure effective customer engagement and avoid potential issues. Here are some best practices for using RVM as a customer engagement tool:

**Respect Regulations**: Adhere to local and national telemarketing rules, including the National Do Not Call Registry in the United States and similar regulations in other countries. Failure to comply with these regulations can result in legal issues and damage your reputation.

**Be Brief and Clear**: Keep your RVM messages concise, clear, and concise. Respect the listener’s time by getting to the message quickly and delivering it articulately and engagingly. Avoid rambling or repeating your message, leading to disengagement and opt-outs.

**Offer Value**: Ensure that your RVM messages clearly benefit your recipients. Make it obvious that you’re providing something of value to them, whether it’s a special offer, exclusive content, or important information. Show your recipients that you care about their needs and that the RVM messaging is designed to help them.

**Opt-out Option**: Always provide a way for recipients to opt out of future messages. This demonstrates your respect for your customers’ privacy and preferences and helps reduce the likelihood of negative reviews or complaints. This can be as simple as including an option for recipients to unsubscribe from future messages or providing clear instructions for opting out.

**Frequency**: Be mindful of how often you reach out to your recipients through RVMs. Bombarding them with too many messages too frequently can be overwhelming and off-putting. Strike a balance between communicating consistently enough to stay top of mind but not so frequently as to become spammy. Always consider the value you deliver with each message, and ensure it’s worth the contact.

By following these best practices, businesses can use RVM as an effective and valuable customer engagement tool, enhancing customer relationships and driving growth in their operations.

**Potential Pitfalls And Concerns**

While ringless voicemail (RVM) can be a powerful tool for personalized customer engagement, it is important to know the potential pitfalls and concerns associated with its use. Here are some key considerations to keep in mind:

**Privacy concerns and public perception**: RVM operates within direct marketing, which can raise privacy concerns among consumers. Some individuals may view unsolicited voicemails as an intrusion into their personal space. Handling personal information responsibly and with the utmost respect for privacy is crucial. Be transparent about how you obtained recipient information and ensure that your messaging aligns with their expectations.

**Risks of spammy or excessive messaging**: One of the main challenges with RVM is avoiding the perception of spam or excessive messaging. Bombarding customers with too many voicemails without providing value can lead to frustration and negative brand perception. Strive for a balanced approach that delivers meaningful, personalized messages without overwhelming your audience. Optimize your RVM campaign by considering your communications’ appropriate frequency and relevance.

**Importance of targeting the right audience**: Targeting the right audience is crucial for the success of any customer engagement strategy, including RVM. Sending irrelevant messages to the wrong audience wastes resources and damages your campaign’s effectiveness. Take the time to segment your audience based on relevant criteria and tailor your RVMs to speak directly to their needs and interests. Increasing the relevancy of your communications enhances the likelihood of positive customer responses.

**Ensuring compliance with telemarketing laws**: Compliance with telemarketing laws and regulations is essential when using RVM. Different regions and countries may have specific rules and regulations for unsolicited communication. Familiarize yourself with and adhere to these laws, such as obtaining the necessary permissions or honouring do-not-call lists. Non-compliance can lead to legal issues, financial penalties, and detriment to your brand reputation.

By being mindful of these potential pitfalls and concerns, businesses can proactively mitigate risks and ensure a positive customer and brand experience. Adopting ethical practices, respecting privacy, and complying with relevant regulations are key to maintaining trust in your customer engagement efforts with RVM.

**The Future Of RVM And Customer Engagement**

Ringless voicemail (RVM) has proven to be a valuable tool for personalized customer engagement, and its potential continues to expand as technology advances. Here are some potential developments and predictions on the future of RVM and its role in customer engagement:

**Integration with other marketing strategies (e.g., SMS, email)**: RVM can be integrated with other marketing strategies such as SMS and email to create a multi-channel approach. By using RVM alongside other channels, businesses can maximize their reach and improve the effectiveness of their campaigns. Using an omnichannel strategy enables businesses to provide a seamless and consistent experience that customers increasingly expect.

**The role of AI and machine learning in automating and optimizing RVM**: With artificial intelligence (AI) and machine learning (ML), businesses can automate and optimize their RVM campaigns. Using data analysis to identify customer patterns and preferences, AI can help personalize RVM messages according to specific audiences and interests. Integration with other marketing channels can also enhance automation, making processes more efficient and effective.

**Predictions on the evolution of RVM as a communication tool**: As RVM evolves, it will likely become even more intelligent and interactive. There could be an increasing emphasis on the customization of RVMs, bringing customers even more relevance and personalization. Another possibility is that RVMs would allow direct engagement beyond just voicemail, with the ability to respond to customer feedback or inquiries via voice commands. Also, expansion into new territories may lead to new legal challenges and compliance considerations, especially as global data privacy laws become increasingly stringent.

With various advancements and changes on the horizon, RVM remains an exciting area for businesses to explore to engage their audience. Leveraging cutting-edge technologies alongside the best customer engagement and communication practices can lead to highly effective and innovative campaigns.

**Conclusion**

In the evolving customer engagement landscape, Ringless Voicemail (RVM) emerges as a potent tool, transcending the boundaries set by traditional cold calls. Its ability to offer a personalized touch while respecting the recipient’s time and space makes it an invaluable asset in the marketer’s toolkit.

As businesses strive to stay ahead of the curve, integrating RVM into one’s marketing arsenal could be the game-changing move they need. To all our readers, it’s time to reflect on your current strategies and ponder how RVM can be woven into your tapestry of customer outreach. The future of engagement beckons, and it might be ringless.

Beyond Cold Calls: Ringless Voicemail As A Personalized Customer Engagement Tool

By Habiba Rashid
Discord acknowledged the data breach in May 2023.
This is a post from HackRead.com Read the original post: Discord Notifies Users of Data Breach Impacting 180 Accounts

**Key Findings**

*   **Discord Notifies Users of March Data Breach Impacting 180 Accounts.**

*   **Contrast Between Discord’s March Breach and Discord.io’s Recent Attack.**

*   **Discord.io Breach Affects 760,000 Users; Company Suspends Services.**

*   **Discord.io Exploits Vulnerability, Auctions Stolen Data Including Hashed Passwords.**

*   **Discord Responds: Comprehensive Overhaul to Strengthen Security Measures.**

Discord, the popular communications server with approximately 150 million monthly users, has recently started notifying a subset of its user base about a data breach that occurred in March.

The breach, which was publicly acknowledged by Discord in May 2023, impacted a total of 180 accounts, according to a data breach notification filed with the Office of the Maine Attorney General.

The incident stands in contrast to the recent breach of the third-party service Discord.io, which affected a staggering 760,000 users and led to the temporary shutdown of the website.

Discord.io, a platform enabling Discord users to generate customized links for their channels, suffered a major breach on August 14. The attacker exploited a vulnerability within the website’s code, subsequently auctioning off stolen data, including hashed passwords, billing information, and Discord IDs.

As a response to the breach, Discord.io announced the suspension of its services. The company is now committed to a comprehensive overhaul of its website’s code and security practices to bolster its defence mechanisms against future breaches.

While the Discord.io incident primarily impacts users’ personal information, the breach in March involved the compromise of a customer support agent’s account. This breach allowed malicious actors to access user email addresses, support tickets, and communications exchanged with Discord’s support team.

Discord’s disclosure to the state of Maine’s attorney general office included a thorough investigation into the compromised support tickets. The findings revealed that the personal information of at least one Maine resident, encompassing their name and driver’s license or state identification card number, had been exposed. This information was subsequently used to inform and notify the affected individuals.

Discord’s disclosure to the state of Maine’s attorney general office

Discord is taking proactive measures to bolster its security infrastructure. Alongside enhancing the security of its platform to protect its user base, Discord is also providing credit monitoring and identity theft protection services to the impacted users to mitigate potential further damage.

1.  PayPal Notifies 35,000 Users of Data Breach
2.  New malware targets Discord users to steal personal data
3.  PayPal Sued Over Data Breach that Impacted 35,000 users
4.  Whistleblower Leak Reveals Tesla Data Breach, Affects 75,000
5.  Adobe Reset User Passwords as Precaution Against Data Breach Risks

Discord Notifies Users of Data Breach Impacting 180 Accounts

By Deeba Ahmed
The new Whiffy Recon Malware was identified by cybersecurity researchers at Secureworks.
This is a post from HackRead.com Read the original post: Smoke Loader Botnet Drops Location Tracker Whiffy Recon Malware

**KEY FINDINGS**

*   A new custom, Wi-Fi scanning payload called Whiffy Recon has been detected.

*   Whiffy Recon is used by the Smoke Loader botnet to infect compromised devices.

*   Whiffy Recon triangulates the positions of infected devices using nearby Wi-Fi access points.

*   Whiffy Recon then uses the Google Geolocation API to get the device’s coordinates.

*   Whiffy Recon creates a wlan.Ink shortcut in the Startup folder to maintain persistence on the device.

*   The purpose of obtaining this information is unclear, but researchers suspect that it could be used to intimidate victims or pressure them to comply with demands.

The cybersecurity researchers at Secureworks have detected a new custom, Wi-Fi scanning payload that they have named Whiffy Recon. The malicious executable hunts for the geolocation of compromised systems – In the case of Whiffy Recon malware, the targeted devices are Windows based.

Secureworks’ Counter Threat Unit has shared details of a brand-new Smoke Loader botnet that infects compromised devices with a custom Wi-Fi scanning executable. They observed this malicious activity on 8th August 2023.

For your information, Smoke Loader, also known as Dofoil, is a type of botnet malware that is often used to deliver various payloads to compromised computers. It’s categorized as a downloader and is commonly associated with the distribution of other types of malware, such as banking Trojans, ransomware, and cryptocurrency miners.

Previously, in April 2019, the Smoke Loader botnet was found spreading a banking trojan to steal $4.6 million from victims. Another campaign exposed in July 2018, saw the use of the botnet to drop the Kronos banking trojan against unsuspecting victims.

As for the latest campaign; Whiffy Recon malware triangulates the positions of infected devices using any nearby Wi-Fi access points as its data point to access Google geolocation API. For your information, the Google Geolocation service triangulates a system’s location and returns coordinates using the mobile network and Wi-Fi access points data.

JSON-structured scan results in HTTPS POST request sent to Google Geolocation API. (Source: Secureworks)

According to Secureworks’ blog post, the payload starts its operation by scanning for the WLANSVC service on the compromised device. This is performed to confirm the Windows-based device has a wireless capability and exits if it isn’t present. It must be noted that Whiffy Recon only scans for the feature’s presence and not whether it is working or not.

It maintains persistence on the device by creating the wlan.Ink shortcut in the Startup folder that points to the Whiffy Recon malware’s exact location on the system. The malware’s main code has two loops- one of these registers the bot with the attacker’s C2 server and the other scans for Wi-Fi capability using the Windows WLAN API.

The second loop runs repeatedly with 60-second intervals to keep obtaining geolocation data. The scanning results are mapped to a JSON structure, which is transmitted to the Google Geolocation API through an HTTP Post request.

This information is then mapped to another JSON structure that contains information about every wireless access point present in that area, and the encryption methods these use.

What’s the purpose behind obtaining this information is still unclear to researchers. However, they suspect that attackers might want to “intimidate victims or pressure them to comply with demands.” Secureworks researchers urge organizations to use available controls and restrict access to Wi-Fi.

1.  Generation Z least likely to share their location data with Govt
2.  Researcher exposes how a US firm collected his location data
3.  Wikileaks Exposes CIA’s Linux Hacking, Geolocation Tracker Malware

Smoke Loader Botnet Drops Location Tracker Whiffy Recon Malware

By Deeba Ahmed
Meet Telekopye, a new phishing toolkit that uses a Telegram bot to carry out its operations.
This is a post from HackRead.com Read the original post: Russian Hackers Employ Telekopye Toolkit in Broad Phishing Attacks

*   **Telekopye Toolkit Unveiled:** ESET research exposes a potent phishing toolkit named Telekopye, designed by Russian hackers, enabling even inexperienced scammers to carry out phishing attacks without technical expertise.

*   **E-commerce Under Siege:** Scammers leverage Telekopye to target popular Russian and non-Russian online marketplaces like OLX, Yula, JOFOGAS, BlaBlaCarm Sbazar, and eBay, causing concerns for both platforms and users.

*   **Neanderthal Scammers:** ESET researchers have named the scammers utilizing Telekopye as Neanderthals, who employ deceptive tactics and social engineering to persuade victims into sharing sensitive information.

*   **Cryptocurrency Laundering:** Once scammers acquire sensitive data, they employ it to launder cryptocurrency through cryptomixers, masking their stolen gains and complicating the tracking of funds.

*   **Hierarchical Scammer System:** Telekopye’s unique shared account structure assigns different roles like administrators, moderators, and workers, each with distinct commission fees, creating a layered payment ecosystem for scammers.

According to the latest research from ESET, Russian hackers have come up with a new toolkit dubbed Telekopye allowing even novice scammers to conduct phishing attacks without any technical expertise.

Telekopye toolkit allows scammers to create phishing websites, send fraudulent SMS messages and emails, and target popular Russian and non-Russian online marketplaces, including OLX, Yula, JOFOGAS, BlaBlaCarm Sbazar, and eBay.

An SMSishing link and an eBay phishing page made out of Teleopye (ESET)

E-commerce platforms and users of these services have long been the targets of scammers and fraudsters. Radek Jizba, security researcher and the author of ESET’s blog post on Telekopye, wrote that the toolkit is named after its targeted platform Telegram, and Kopye is a Russian term for spear. Victims of Telekopye are referred to as Mammoths by the scammers, therefore, ESET researchers named the scammers as Neanderthals.

> “We discovered the source code of a toolkit that helps scammers so much in their endeavours that they don’t need to be particularly well-versed in IT. Instead, they only need a silver tongue to persuade their victims.”
> 
> Radek Jizba -ESET

It is worth noting that researchers have detected various versions of this toolkit, the latest one seen in April 2023. Researchers believe that this toolkit has been available since 2015 and the language used in the comments in the code hints that its primary user base is in Russia, Uzbekistan, and Ukraine. Some of its versions can store sensitive user data such as payment card details or email addresses stored on the targeted system’s disk.

It is designed as a Telegram bot, which is added to a Telegram group chat and features several “easy to navigate” menus as clickable buttons to facilitate multiple Neanderthals. The information obtained from Telekopye is uploaded to VirusTotal. The toolkit comes with predesigned templates to create phishing pages, which further makes the job easier for the scammers.

Regarding how Mammoths are hunted by Telekopye operators, in their blog post, ESET researchers noted that the Neanderthals first gained the victim’s trust by claiming to be a legitimate entity and compelling them to visit a genuine-looking phishing web page sent to them via SMS or email. Victims are then tricked into entering sensitive data such as credentials or credit card details.

Scam Overview (ESET)

Once the information is obtained, the scammers can use it to launder cryptocurrency through cryptomixers to hide stolen money. However, researchers couldn’t determine how the scammers find their victims. They did note that stolen funds aren’t directly transferred to the scammers’ accounts because they use a shared Telekopye account, which is owned by the Telekopye administrator.

They also noted that Telekopye tracks every scammer’s success by featuring their individual contributions to the shared account and they are paid by the administrator accordingly. Interestingly, the shared account serves as a payment system for the scammers and there’s a hierarchical system in place where scammers are divided into different classes (administrators, moderators, good workers/support bots, workers, and blocked) with varying commission fees and perks.

The only way to prevent financial loss is to stay vigilant and avoid spending money to buy goods from online marketplaces unless fully confident about their legitimacy.

1.  RIG Exploit Toolkit Distributing CeidPageLock Malware
2.  New credit card skimmers channel funds through Telegram
3.  New Phishing Attack Spoofs Microsoft 365 Authentication System

Russian Hackers Employ Telekopye Toolkit in Broad Phishing Attacks

By Deeba Ahmed
While facing a total loss of internal infrastructure and customer data, CloudNordic has declined to pay the ransom.
This is a post from HackRead.com Read the original post: CloudNordic Faces Severe Data Loss After Ransomware Attack

CloudNordic, a prominent Danish cloud provider, has suffered a severe ransomware attack that struck on August 18. This attack resulted in a complete shutdown of the company’s servers and infrastructure, leading to operational chaos.

*   **Ransomware Hit CloudNordic:** Danish cloud provider CloudNordic fell victim to a ransomware attack on August 18, causing a complete shutdown of its systems and affecting customer data.

*   **Data Loss Warning:** CloudNordic informed clients of likely data loss after the attack. Customer websites and email systems were compromised, intensifying the impact.

*   **No Ransom Payment:** CloudNordic refuses to pay ransom to hackers, even as data loss affects many customers.

*   **System Transition Flaw:** Vulnerabilities in system transfer let ransomware infiltrate CloudNordic’s servers, allowing attackers access to admin and backup systems.

*   **Recovery Challenges:** CloudNordic struggles to restore services and data. Customers are advised to seek alternatives to minimize downtime. Hope remains that data wasn’t stolen.

CloudNordic, a well-known Danish cloud provider, is grappling with a major setback after falling victim to a crippling ransomware attack. The company has informed its clientele that they should brace for a complete data loss, as their systems remain paralyzed in the aftermath of the attack.

The cyber assault struck CloudNordic in the early hours of August 18, causing a catastrophic shutdown of the company’s servers and wiping out not only their internal infrastructure but also compromising their customers’ websites and email systems. The incident has left CloudNordic in a state of chaos, struggling to recover from the damage inflicted by the ransomware attack.

In a translated statement, CloudNordic conveyed, “We cannot and do not want to meet the financial demands of the criminal hackers for ransom.” The company expressed its commitment to not capitulating to the attackers’ monetary demands. However, it’s a grim reality that the majority of customers have already lost their data due to the attack.

The cyberattack has exposed the vulnerabilities in CloudNordic’s system transition. Suspecting that the ransomware infiltrated during the process of transferring servers from one data center to another, the company acknowledges that certain servers might have been compromised even before the migration. This oversight inadvertently connected servers from separate networks, providing the attackers with an entry point to CloudNordic’s administrative systems, backup systems, and more.

The attackers swiftly capitalized on this access, encrypting crucial systems and data for extortion purposes. As a result, CloudNordic has been grappling to restore services, albeit without the original data, in a bid to alleviate the disruption caused to their customers. The company has taken the initiative to restore name servers, web servers, and mail servers while acknowledging that the road to full recovery will be long and demanding.

Though CloudNordic is working tirelessly to recover from this breach, they are also encouraging their severely impacted customers to seek alternative service providers to minimize downtime. The company has expressed its gratitude to its loyal customers for their unwavering support over the years. In the midst of this chaos, CloudNordic maintains a glimmer of hope. They have no evidence to suggest that any data was stolen or exfiltrated by the attackers, offering a silver lining amidst the data loss and operational disruption.

CloudNordic has reported the cyberattack to the appropriate authorities, and investigations are currently underway to identify the perpetrators behind this devastating breach.

**RELATED ARTICLES**

1.  Dark web hosting firm quits after hackers delete its database
2.  Ransomware attack cripples SmarterASP.NET hosting’s network
3.  DreamHost hosting firm exposed almost a billion sensitive records
4.  6500 sites down after hackers wipe out database of dark web hosting firm
5.  Cloud hosting firm Blackbaud pays ransom after thwarting ransomware attack

CloudNordic Faces Severe Data Loss After Ransomware Attack

By Deeba Ahmed
Akira ransomware operators specialize in targeting corporate endpoints for stealing sensitive data.
This is a post from HackRead.com Read the original post: New Akira Ransomware Targets Businesses via Exploited CISCO VPNs

The Akira ransomware has been repeatedly spotted since mid-2023 by several security firms, but this time it has made headlines for targeting big fish: CISCO VPNs.

**Key Findings**

*   Cisco VPN products are being exploited by the newly identified ransomware group Akira, which focuses on targeted attacks against corporate entities.

*   Akira gang leverages vulnerabilities in Cisco VPNs to gain unauthorized access, enabling them to launch ransomware attacks and demand ransom for sensitive information.

*   The Akira gang’s primary goal is to infiltrate and compromise corporate networks, particularly those lacking multi-factor authentication (MFA) for VPN access.

*   Researchers suspect the hackers might have exploited a zero-day vulnerability, mainly affecting VPN accounts without MFA, to gain unauthorized access.

*   Akira ransomware has been observed targeting various sectors, including education, real estate, healthcare, manufacturing, and corporations, indicating a broad and persistent threat to diverse industries.

Multiple cybersecurity firms have confirmed that Cisco VPN products are being targeted with ransomware, and the perpetrators are members of a relatively new gang identified as Akira.

Corporate entities are the primary target of this ransomware campaign, solely aimed at obtaining sensitive information and making money through ransom. All that Akira members need is to log into the accounts from the VPN service.

However, researchers couldn’t determine how the hackers gained access to Cisco VPN’s accounts’ login credentials in the first place, considering that Cisco ASA doesn’t feature a logging function.

Akira ransomware has been repeatedly spotted since mid-2023 by several security firms. For instance, Sophos detected it in May and reported that the gang utilized VPN access to target their desired networks through Single-factor authentication.

In another report, an incident responder using the alias SecurityAura stated that Akira could only compromise those VPN accounts that didn’t feature (multi-factor authentication).

> I'm just gonna go ahead and say it. If you have:
> 
> Cisco VPN  
> No MFA for it
> 
> You may get a surprise knock from #Akira #Ransomware soon.
> 
> So yeah, go look at your AD auth logs for 4624/4625 from a WIN-\* machine in your user VPN range.
> 
> If you have a hit, may the IR Gods help you.
> 
> — Aura (@SecurityAura) August 5, 2023

Some researchers believe that attackers may have used brute force to compromise these accounts or bought access from a third party via a dark web marketplace. SentinelOne’s research published on 23 August highlighted that the hackers might have used a zero-day vulnerability that mainly impacted accounts without having MFA. 

SentinelOne researchers also noted that threat actors have become increasingly interested in inserting ransomware into the codebases of popular products, especially VPNs. Their most preferred ransomware families include Conti, LockBit, and Babuk.  

Regarding Akira, SentinelOne researchers wrote that the malware’s Linux variant was discovered in June 2023 but the operations have been active since April 2023. Attackers deliver Akira by exploiting vulnerable public services and applications. Per SentinelOne researchers, they are more inclined to target MFA-based vulnerabilities. 

Akira’s attack scope is vast as it targets educational institutions, real estate, healthcare, and manufacturing sectors apart from corporations. Linux versions of Akira ransomware are based on the Crypto++ library for enabling encryption on targeted devices. Akira’s brief command set doesn’t contain options to shut down VMs before encryption.

However, the attacker can control encryption speed and the possibility of data recovery by the victim through the -n parameter. This means if the encryption speed is fast, there is a dim chance that the victim will recover the data using decryption tools. If the speed is slow, there is a good chance the victim can recover data.

Akira’s activities were first detected by a US-based cybersecurity firm Arctic Wolf in March 2023. Per their research, attackers’ main targets were small to medium-sized businesses worldwide, with a considerable focus on the US and Canada. Researchers also found links between Akira and Conti operators.

Akira decryptor was released by Avast in late June 2023 but the ransomware operators updated the encryptor so decryption may only work on older versions.

Cisco VPN products are popular among businesses. Organizations rely on it for the secure transmission of data between networks/users. It is considered mandatory for hybrid and remote workers. This explains why threat actors might be interested in exploiting it. Organizations must remain vigilant and ensure foolproof digital security to prevent data loss and extortion attempts from ransomware operators.

In this regard, My1Login CEO Mike Newman has shared some tips with Hackread.com for organizations to stay protected. “With VPNs providing a direct tunnel, deep into an enterprise’s network, this is not the type of access you ever want to fall into the hands of malicious actors.”

“The best way to protect this access is by implementing two-factor authentication, so any organisation using Cisco VPNs must do this as a priority. But it’s also a practice that should be applied to any business using a VPN,” Mike added.

“VPNs are a direct route into the enterprise network, and they open the organisation’s networks up to the outside world, Securing this with multiple layers of authentication is a standard best practice and one of the best ways to avoid getting caught up in incidents like these.”

“Furthermore, it is also critical to implement policies against password reuse as this reduces the risk of one set of breached credentials on the dark web enabling access to other applications and services,” said Mike.

1.  NSA, CISA Release Guidelines to Secure VPNs
2.  Hackers Leak i2VPN Admin Credentials on Telegram
3.  Popular Swing VPN Android App Identified as DDoS Botnet
4.  Hackers dump login credentials of Fortinet VPN users in plain-text
5.  Chinese Hackers Using Stolen Ivacy VPN Certificate To Sign Malware

New Akira Ransomware Targets Businesses via Exploited CISCO VPNs

By Waqas
Duolingo Investigates Data Leak as Hacker Shares Personal User Information on Hacker Forums and Telegram.
This is a post from HackRead.com Read the original post: API Misuse: Hacker Exposes 2.6M Duolingo Users’ Emails & Names

It is worth noting that Duolingo has not suffered a data breach; the data leak was a result of web scraping through public API abuse.

**KEY FINDINGS**

*   **Extensive User Impact:** The breach affects a substantial user base, with the personal data of over 2.6 million individuals exposed.

*   **Comprehensive Data Set:** The compromised information includes diverse details like usernames, full names, email addresses, countries, language course subscriptions, and account creation dates.

*   **Vulnerable API Exploitation:** The breach was executed through the exploitation of a public API, highlighting the potential risks posed by publicly accessible interfaces.

*   **Data Misuse Concerns:** The breadth of exposed data raises concerns about potential misuse, including identity theft, phishing, and cybercrime targeting affected users.

*   **Heightened Privacy Risks:** Users’ privacy is at stake due to the depth of sensitive data exposed, emphasizing the need for robust cybersecurity measures in safeguarding personal information.

A hacker has recently disclosed the personal information of approximately 2.6 million users of the popular language-learning platform, Duolingo. Contrary to a conventional data breach where hackers infiltrate an organization’s servers, this incident involved the exploitation of a public API.

The hacker, who also serves as a moderator on the Breach Forums, managed to scrape user data in January 2023, leading to the exposure of account-related details for a vast number of Duolingo users.

Duolingo, known for its accessible and engaging language courses, was caught off guard by the incident. The breach, while not originating from a direct assault on Duolingo’s servers or infrastructure, highlights the complex challenges organizations face in safeguarding user information in a hostile and uncertain environment created by threat actors.

**Leaked Data**

Hackread.com has examined and analyzed the exposed data, shedding light on its contents. The dataset encompasses the personal information of a staggering 2,658,787 users. This encompassing collection includes critical details such as:

*   Full names
*   Usernames
*   Email addresses
*   Countries of origin
*   The precise dates of account creation
*   The language courses to which users have subscribed

Notably, the gravity of the breach escalated when, prior to the public leak, another threat actor attempted to sell the same dataset for $1500. The revelation of the data on hacker forums and Telegram channels has only exacerbated concerns regarding user privacy and the potential misuse of exposed information.

Screenshot from the leaked Duolingo data (Image credit: Hackread.com)

Duolingo data leaked and sold on Breach Forums (Image credit: Hackread.com)

Duolingo, in response to the breach, is diligently investigating the situation and has intensified its efforts to secure user data. The incident has catalyzed discussions about the protection of user information in an era where APIs, often considered as open doors to data, require heightened vigilance.

**Impact**

While distinct from a conventional data breach, the exposure of email addresses and full names of 2.6 million Duolingo users still constitutes a significant privacy breach. This incident raises considerable concerns as it exposes individuals to potential risks such as targeted phishing attempts, identity theft, and cyberattacks.

Hackers armed with such specific personal information can craft convincing phishing emails, posing as legitimate entities, to deceive users into sharing further sensitive details or clicking on malicious links.

Moreover, the divulgence of full names can aid cybercriminals in constructing more credible and convincing social engineering schemes, increasing the likelihood of successfully breaching users’ accounts or even conducting scams. As such, even seemingly basic information leaks can lead to severe consequences for affected users.

In an environment where personal data is an invaluable currency, Duolingo data scraping stands as a testament to the ever-evolving methods of hackers and the pressing need for organizations to remain resilient against cyber threats.

As users await the outcome of Duolingo’s investigation, the incident underscores the collective responsibility to maintain digital security and protect user data from falling into the wrong hands.

1.  Hackers leak scraped data of 87,000 GETTR users
2.  A hacker is selling 700 million LinkedIn users accounts
3.  Facebook sues developer of data scraping extensions for Chrome
4.  Facebook sues Ukrainian for scraping and selling 178m users’ data
5.  Data scraping firm leaks 235m Insta, TikTok, YouTube user records

API Misuse: Hacker Exposes 2.6M Duolingo Users’ Emails & Names

By Habiba Rashid
The escort service under discussion is Fatal Model, Brazil's largest escort site.
This is a post from HackRead.com Read the original post: Brazil’s Top Escort Service Exposes Millions of Escort and Client Data

The leaked data encompassed a vast array of information from the logging database containing around 14.7 million records, totalling a size of approximately 19.17 GB, to the AWS cloud storage which held over 3.5 million files, collectively amounting to 700 GB.

****Key Findings****

*   **Security researcher Jeremiah Fowler uncovers major data breach in Brazilian escort service, Fatal Model.**

*   **Two unprotected databases revealed over 18 million records, containing personal details of clients and escorts, including email addresses and account info.**

*   **Access keys and AWS storage information for the Fatal Model were exposed in the breach.**

*   **Breach exposes vulnerabilities across different sectors of the company’s network; the logging database is secured promptly, AWS database is accessed until responsible disclosure.**

*   **Exposed data includes records from a logging database (14.7 million records) and AWS cloud storage (3.5 million files); poses privacy risks, and potential extortion, and exposes development files’ security implications.**

The cybersecurity Jeremiah Fowler has recently uncovered a major data breach affecting a prominent Brazilian escort service and application known as the Fatal Model. 

Fowler, who brought the breach to the attention of cybersecurity resource WebsitePlanet, discovered two non-password protected databases containing a staggering total of over 18 million records. These records, belonging to the Fatal Model, included personal details of both clients and escorts, such as email addresses, account information, and device data. 

Unsurprisingly, Fowler also identified that access keys and storage information of Fatal Model’s Amazon Web Services (AWS) storage account were exposed in the breach.

The breach highlights the cascading impact of a single data exposure, as vulnerabilities were unveiled within different sectors of the company’s network. While the logging database was promptly secured upon discovery, the AWS database remained accessible until Fowler issued a responsible disclosure notice. Fatal Model’s team exhibited a swift response in securing the exposed data.

**The scale of the Data Leak**

The exposed data encompassed a vast array of information from the logging database containing around 14.7 million records, totalling a size of approximately 19.17 GB, to the AWS cloud storage which held over 3.5 million files, collectively amounting to 700 GB.

Within the “2022” folder of the AWS account, there were approximately 35,400 escort accounts accompanied by images and videos. A subsequent “2023” folder contained an estimated 33,900 escort accounts, each complete with verification media.

Additionally, the breach revealed application files, development materials, admin access tokens, user device data, email addresses, names, and user ID numbers.

Screenshot from the exposed database (Jeremiah Fowler)

According to Fowler’s report, the Fatal Model employs advanced technology to authenticate the identities of escorts and clients, indicating that the leaked data pertains to actual individuals. The exposed verification procedures employed biometric software to validate users through facial recognition technology.

**Privacy Risks and Future Implications**

The exposed information carries significant privacy risks for both escorts and clients of the service. Escorts and clients rely on the privacy afforded by such platforms, and the leakage of personal data and images could lead to harassment and reputation damage.

The breach raises the spectre of potential extortion or blackmail campaigns by cybercriminals seeking financial gain through public exposure of sensitive information.

The breach also shows the security implications of exposed development and installation files. The leaked JavaScript files may contain sensitive client-side code, including API keys and authentication tokens. If exploited, this data could grant unauthorized access to systems and resources, posing a considerable threat.

Additionally, the exposed software development kit (SDK) files could reveal proprietary algorithms and organizational strategies, potentially undermining both the business and its users.

**Mitigating the Impact**

For individuals impacted by data breaches, taking these steps can help mitigate potential fallout:

*   Monitor Key Accounts: Regularly review login details and IP locations, as well as monitor financial and social media accounts for unauthorized activity.

*   Update Passwords: Change leaked passwords and enable Two-Factor Authentication (2FA) for enhanced security.

*   Beware of Phishing: Exercise caution with unsolicited emails or messages requesting personal information, and avoid sharing such details via email or phone.

1.  Personal & banking data of 120 million Brazilians leaked online
2.  Ransomware attack on top Brazilian court encrypts files, backups
3.  Brazilian marketplace integrator Hariexpress exposed 1.75 billion records
4.  Brazil’s cosmetic giant Natura leaked 192 million records with payment data
5.  Brazilian Crypto exchange hacked; private data of over 264,000 users exposed

Brazil’s Top Escort Service Exposes Millions of Escort and Client Data

By Owais Sultan
Software escrow is an important tool for managing software as a service (SaaS) and on-premise applications. It helps…
This is a post from HackRead.com Read the original post: The Role of Software Escrow in Mitigating Business Risks

Software escrow is an important tool for managing software as a service (SaaS) and on-premise applications. It helps prevent disputes that arise when cloud providers exit the market or go bankrupt, and it ensures that organizations can access their data in the event of a disaster. In this blog post, we explore how software escrow works and why it’s important to your business.

**Understanding Business Risks**

Risks are a part of doing business. They’re not necessarily bad or good, but they always exist in some form. You can minimize your risk by taking precautions and being aware of what’s out there, or you can increase your risk by making decisions that put yourself or others at risk.

When it comes to software escrow services and mitigating business risks, we need to understand the types of risks that may affect our customers’ businesses: financial, operational, strategic, and even environmental (natural disasters).

These categories intersect with one another frequently, for example, one type of environmental risk might be flooding which could cause damage both financially (through lost equipment) and also operationally (downtime).

**Exploring Software Escrow Solutions**

Software escrow is a way to ensure that software is released as intended. It can be used in many different contexts, but its main purpose is to mitigate the risks associated with software development and delivery.

Utilizing software escrow services provides a reliable mechanism for storing the source code, documentation, and other critical assets so that in case of unforeseen circumstances or a vendor’s inability to fulfil their obligations, the software users can still access and continue using the software.

In the context of software escrow, the term “release” refers to any time one party gives another party access to some type of digital content or technology (e.g., source code). This could include things like:

*   Release of source code under an open-source license
*   Distribution of custom applications developed for specific clients
*   Delivery of proprietary software by purchase order or other agreement

**Advantages of Software Escrow**

*   Software escrow can help you avoid the risk of vendor lock-in.
*   It can also increase the likelihood of a successful software deployment, which is important for your business as it reduces costs and increases productivity.
*   Software escrow protects your investment in software by ensuring that if anything goes wrong with either party (the buyer or seller), then all parties have an agreed-upon way of resolving disputes without needing to go through litigation or arbitration processes. This means that there will be no additional legal costs associated with resolving issues that arise during this process, making it easier for everyone involved!

**Key Considerations for Implementing Software Escrow**

1.  **Ease of use:** The software escrow process should be easy to implement and use so that you don’t have to spend time learning how to use it.
2.  **Cost:** The cost of a software escrow service should be reasonable considering the value that it provides your business.
3.  **Legal requirements:** Your business may have legal requirements that require you to keep copies of certain documents or files available at all times, in case they’re needed by regulators or law enforcement officials during an investigation. If so, then consider which types of data should be included in your software escrow agreement so as not to miss anything important for future compliance purposes (e.g., internal communications). You will also want to make sure any third-party providers agree with these terms before signing up for their services because otherwise there could be problems down the road when trying to access those files later on!

**Software Escrow Release Triggers**

Release triggers are the conditions that must be met for the software to be released from escrow. Release triggers can be based on time, events, or other factors. For example:

*   A company may want its software to be released when it is ready for production use (e.g., after testing).
*   Another company may want its software to be released only after certain events occur (e.g. when a competitor launches a similar product).

**Addressing Common Misconceptions**

As you can see, software escrow is not a replacement for any of these things. But it is an important element that helps to mitigate risk in each case. It’s probably best to think of software escrow as an additional layer on top of your existing processes and agreements not a replacement for them.

If you’re still unsure about how software escrow can help your business protect itself against risk and liability, please contact us today!

**The Future of Software Escrow**

Software escrow is a valuable tool for mitigating business risks in the modern world. It can be used to protect business investments and mitigate legal risk, as well as ensure that you get what you pay for. Software escrow is also cost-effective, with no upfront costs or monthly fees; it’s simply an additional charge on top of your software purchase price that pays off when disaster strikes and it will happen eventually!

In short: software escrow is something every smart business owner should consider adding to their arsenal of protective measures against unforeseen disasters like data loss or theft (or even just poor customer service).

**Conclusion**

With software escrow, companies can mitigate business risks and help protect their investments. The process is simple, with little to no impact on day-to-day operations. By using software escrow, businesses can ensure that they have access to their valuable data at all times while also limiting their exposure in case something goes wrong with the original software platform or vendor relationship.