Tag Archive for: compromised

Hackers uncover new TheTruthSpy stalkerware victims: Is your Android device compromised?

/in


eyes on a blue background with a phone featured prominently with location markers falling out of it, suggestive of a leak

Image Credits: Bryce Durbin / TechCrunch

A consumer-grade spyware operation called TheTruthSpy poses an ongoing security and privacy risk to thousands of people whose Android devices are unknowingly compromised with its mobile surveillance apps, not least due to a simple security flaw that its operators never fixed.

Now, two hacking groups have independently found the flaw that allows the mass access of victims’ stolen mobile device data directly from TheTruthSpy’s servers.

Switzerland-based hacker maia arson crimew said in a blog post that the hacking groups SiegedSec and ByteMeCrew identified and exploited the flaw in December 2023. Crimew, who was given a cache of TheTruthSpy’s victim data from ByteMeCrew, also described finding several new security vulnerabilities in TheTruthSpy’s software stack.

SPYWARE LOOKUP TOOL

You can check to see if your Android phone or tablet was compromised here.

In a post on Telegram, SiegedSec and ByteMeCrew said they are not publicly releasing the breached data, given its highly sensitive nature.

Crimew provided TechCrunch with some of the breached TheTruthSpy data for verification and analysis, which included the unique device IMEI numbers and advertising IDs of tens of thousands of Android phones recently compromised by TheTruthSpy.

TechCrunch verified the new data is authentic by matching some of the IMEI numbers and advertising IDs against a list of previous devices known to be compromised by TheTruthSpy as discovered during an earlier TechCrunch investigation.

The latest batch of data includes the Android device identifiers of every phone and tablet compromised by TheTruthSpy up to and including December 2023. The data shows TheTruthSpy continues to actively spy on large clusters of victims across Europe, India, Indonesia, the United States, the United Kingdom and elsewhere.

TechCrunch has added the latest unique identifiers — about 50,000 new Android devices — to our free spyware lookup tool that lets you check if your Android device was compromised by TheTruthSpy.

Security bug in TheTruthSpy exposed victims’ device data

For a time, TheTruthSpy was one of the most prolific apps for facilitating…

Source…

Google Accounts Compromised Through Ingenious Malware Exploit

/in


In October 2023, security researchers at CloudSEK discovered a cyber threat that could compromise Google accounts through a sophisticated exploit.

The threat came to light when a hacker shared details about the exploit on a Telegram channel. The hacker’s post noted how cookies’ vulnerability could aid in breaching accounts. 

Third-Party Cookies and the Vulnerability

These cookies, fundamental to website and browser functionality, were targeted by hackers seeking unauthorized access to private data. The exploit targeted Google authentication cookies, allowing perpetrators to bypass two-factor authentication.

The malware, discovered by CloudSEK, capitalizes on using third-party cookies to gain illicit access to users’ sensitive information. Google authentication cookies, designed to streamline user access without repetitive logins, became the focal point of the exploit.

By circumventing two-factor authentication, hackers could acquire these cookies, enabling continuous access to Google services even after users reset their passwords. The vulnerability highlights the intricacy and stealth of contemporary cyber-attacks, posing a significant challenge to digital security.

Being at the forefront of internet services, Google responded promptly to the threat. In an official statement, the tech giant reassured users that they routinely upgrade their defenses against such techniques to secure those who may fall victim to malware. 

Additionally, Google emphasized the importance of users taking proactive steps, such as removing malware from their computers and enabling Enhanced Safe Browsing in Chrome. The latter is a feature designed to protect users against phishing attempts and malicious downloads.

As part of its commitment to user security, Google assured that any compromised accounts detected would be secured through appropriate actions.

The Complex Industry of Modern Cyber Threats

The CloudSEK researchers who uncovered this threat highlighted the complexity and stealth inherent in modern cyber-attacks. 

In a blog post detailing the issue, Pavan Karthick M, a threat intelligence researcher at CloudSEK, emphasized how the exploit provided continuous access to Google…

Source…

ECHN cyberattack compromised Social Security numbers, medical records

/in


The cyberattack against the Eastern Connecticut Health Network in August resulted in the theft of employee and patient names and Social Security numbers, as well as patients’ confidential health and financial information, according to an attorney representing Prospect Medical Holdings — ECHN’s parent company.

In a letter to the Connecticut attorney general’s office on Friday, Sarah Goldstein, an attorney representing the California-based Prospect, provided an update on the attack.

In the letter, which was obtained by CT Insider, she wrote that Prospect’s computer network was infiltrated and the hackers “accessed and/or acquired files that contain information to certain current and former employees and dependants” of Waterbury Hospital, Rockville General, and Manchester Memorial hospitals.

“For Prospect Medical employees and dependents, the information involved may have included their names and Social Security numbers,” Goldstein wrote.

Patients’ compromised information varied, she wrote, but it includes names, addresses, dates of birth, diagnosis, lab results, medication, and other treatment information, along with insurance information, doctors and facilities visited, dates of treatment, and financial information.

“For some patients, the information may have included their Social Security and/or driver’s license numbers,” Goldstein wrote.

Elizabeth Benton, spokeswoman for the attorney general’s office, said that the state was verbally told that Social Security numbers were compromised.

Prospect first admitted in August that confidential information was compromised, but had not publicly detailed what information had been potentially stolen until Friday’s letter to the attorney general’s office.

Prospect mailed notification letters through the U.S. Postal Service’s first-class mail to people whose information may have been compromised, including 24,130 Connecticut residents, she wrote.

The hack also resulted in patient information from Prospect’s hospitals in California.

Of the 63 Connecticut residents that were patients at Prospect’s California…

Source…

LockBit Ransomware Gang in Decline, May Be Compromised, Report

/in


  • LockBit’s leadership vanished for two weeks in August 2023. This suggests that the gang may have been compromised or that there was internal conflict.
  • LockBit has been unable to consistently publish victim data. This has led to victims refusing to pay ransoms and affiliates leaving the program.
  • LockBit’s updated infrastructure is not as effective as it claims to be. This is evidenced by the fact that LockBit is still struggling to publish victim data.
  • LockBit’s affiliates are leaving for its competitors. This is because LockBit is not providing the support and resources that affiliates need.
  • LockBit ransomware gang missed its most recent release date. This suggests that the gang is struggling to develop new ransomware variants.
  • LockBit wants to steal ransomware from its rivals. This is a sign that LockBit is desperate and is willing to resort to unethical tactics to stay ahead of the competition.

LockBit, a prominent but infamous ransomware gang that has wreaked havoc across numerous industries, recently vanished from the cybercriminal scene, leaving affiliates and partners in a state of uncertainty. However, their reemergence after a brief hiatus has raised questions about their operational integrity.

A new report from Jon DiMaggio, Chief Security Strategist at Analyst1, “Ransomware Diaries: Volume 3 – LockBit’s Secrets” exposes LockBit’s activities, their targets, and the challenges they’ve been facing.

Dimaggio delved deep into LockBit’s operations and uncovered critical shortcomings within the gang’s modus operandi. In his extensive report, the researcher has highlighted LockBit’s struggles with data publication, deteriorating affiliate partnerships, and a lack of timely support responses. DiMaggio believes LockBit may have been compromised.

In 2022, LockBit reigned as the foremost ransomware group and Ransomware-as-a-Service (RaaS) provider globally. In a shift from traditional ransomware groups, LockBit’s unique approach involves maintaining the ransomware’s functionality, leasing access to it, and assisting affiliates in deploying attacks.

The model has enabled LockBit to foster a wide network of attackers, resulting in…

Source…