Tag Archive for: Company

Security firm now says toothbrush DDOS attack didn’t happen, but source publication says company presented it as real


Update 2 — 2/9/2024 6:30am PT: The security company at the nexus of the original report that three million toothbrushes were used in a DDOS attack has now retracted the story and claimed it was a result of a mistranslation — but according to the news outlet that published the initial report, that statement isn’t true. The reports of this story are not based on a mistranslation by the media. The publication claims Fortinet presented the story as having actually happened and approved the text of the article, which had been submitted to Fortinet prior to publication.

Here’s the Aargauer Zeitung’s (the source of the story) statement on the matter (via Google Translate):

Source…

Cloudflare Okta Breach Doesn’t Have A Big Impact, Company Says


According to the company, the recent Cloudflare Okta breach has not caused any harm to any of the customers or users. However, the incident brought more questions about the Okta breach, which affects many different services and companies.

In today’s digital world, online data security is constantly under threat, making news of cyberattacks almost routine. However, when a company like Cloudflare—a leader in internet security—reports a breach, it grabs everyone’s attention, particularly when a nation-state is believed to be behind the attack. The Cloudflare Okta breach serves as a vivid reminder of the cyber dangers that loom in the shadows.

Cloudflare Okta breach explained

On November 14, Cloudflare found itself under attack. The intruders, suspected to be supported by a nation-state, targeted Cloudflare’s internal Atlassian server, aiming for critical systems, including the Confluence wiki, Jira bug database, and Bitbucket source code management.

This initial intrusion set the stage for a more aggressive attack on November 22, where the attackers established a strong presence on Cloudflare’s server, accessed the source code, and even attempted to infiltrate a console server tied to an undeveloped data center in São Paulo, Brazil.

cloudflare okta breach
Company executives explained the Cloudflare Okta breach incident on the official blog page (Image Credit)

The method of entry for the attackers was particularly concerning. They used credentials that were previously compromised during an Okta breach in October 2023, highlighting a critical oversight by Cloudflare in not rotating these credentials among the thousands affected, says Bleeping Computer.

Cloudflare CEO Matthew Prince, CTO John Graham-Cumming, and CISO Grant Bourzikas, said: “They then returned on November 22 and established persistent access to our Atlassian server using ScriptRunner for Jira, gained access to our source code management system (which uses Atlassian Bitbucket), and tried, unsuccessfully, to access a console server that had access to the data center that Cloudflare had not yet put into production in São Paulo, Brazil.” You can take a look at the full statement here.


1Password Okta breach unveiled by…

Source…

Microsoft hacked: Tech company reveals hack by Russia-backed group, Midnight Blizzard, or Nobelium


CHICAGO — Microsoft revealed Friday that some of its corporate email accounts were hacked by a Russian-backed group.

The tech company said in a blog post that its security team detected the attack on Jan. 12 and quickly identified the group responsible: Midnight Blizzard, “the Russian state-sponsored actor also known as Nobelium.”

In late November, the group allegedly used a “password spray attack,” where a user uses a single common password against multiple accounts on the same application, to “compromise a legacy non-production test tenant account and gain a foothold,” according to Microsoft.

The group then “used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents,” the company said.

The hackers allegedly were targeting email accounts for information related to Midnight Blizzard, Microsoft said.

RELATED: Man says fraudulent accounts opened, home purchased in his name after city ransomware hack

Microsoft was able to remove the hacker’s access to the email accounts on Jan. 13, according to a company filing with the SEC.

“To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems. We will notify customers if any action is required,” the company said.

The company said it is in the process of informing its affected users.

The investigation is ongoing.

Copyright © 2024 ABC News Internet Ventures.

Source…

How this Ukrainian telecom company was hit by Russian hackers in one of the biggest cyberattack of war


Russian hackers have hacked the system of Ukraine’s leading telecoms operator, Kyivstar, in a cyberattack that lasted for several days. The attack, which took place in December last year, affected approximately 24 million users and caused significant disruption to services. According to Reuters, the head of Ukraine’s cybersecurity department, Illia Vitiuk, revealed exclusive details about the attack, describing it as “disastrous” and aimed at causing psychological damage and gathering intelligence.

Vitiuk emphasized the importance of this attack as a warning to both Ukraine and the Western world, highlighting that no one is exempt from cyber threats. He noted that Kyivstar, being a wealthy and private company that heavily invested in cybersecurity, was targeted to send a strong message. The attack resulted in the destruction of numerous virtual servers and PCs, making it the first known instance of a cyberattack completely crippling a telecoms operator.

The Security Service of Ukraine (SBU) conducted an investigation and found evidence suggesting that the hackers had been inside Kyivstar’s system since at least May 2023, with full access likely gained in November. Vitiuk stated that the hackers could have potentially stolen personal information, intercepted SMS messages, and gained access to Telegram accounts. However, Kyivstar denied any leakage of personal or subscriber data, stating that they were collaborating with the SBU to investigate the attack and mitigate future risks.

Vitiuk further revealed that the SBU’s prompt response helped Kyivstar restore its systems and fend off subsequent cyberattacks. He acknowledged that the attack had a limited impact on Ukraine’s military, as they relied on different algorithms and protocols for drone and missile detection.

The investigation into the attack is challenging due to the extensive wiping of Kyivstar’s infrastructure. Vitiuk strongly suspected that the Russian military intelligence cyberwarfare unit known as Sandworm was responsible for the attack, citing their previous involvement in cyberattacks in Ukraine. He also mentioned a previous hack by Sandworm on another Ukrainian telecoms operator, detected by the SBU. Vitiuk highlighted…

Source…