Tag Archive for: Details

Hong Kong Cyberport defends move to not reveal hacking attack, says stolen data includes details on staff and ex-workers, credit card records

/in


It added: “We were subsequently made aware that some information available on the dark web could potentially be related to the incident and we immediately made a public announcement on [September 6] and contacted persons who may have been affected.”

Cyberport is a base for 1,900 start-ups and tech companies. Photo: Shutterstock

Police said an investigation by the force’s cybersecurity and technology crime bureau was under way.

The Office of Privacy Commissioner for Personal Data on Tuesday said it had since received one inquiry from an affected individual. The privacy watchdog said it had launched a compliance investigation, but declined to go into further details.

The stolen data was available on the dark web, a hidden corner of the internet, but the tech hub did not mention the scale of the breach.

A ransomware group reportedly blackmailed Cyberport after hacking its computer system and stealing and encrypting the data. It demanded that a ransom of US$300,000 be paid by Tuesday to get back access to the data.

‘No system is invincible’: technology-related crimes in Hong Kong surge 47.3%

According to Cyberport, a sizeable amount of personal data was limited to individuals’ names and contact details, including phone numbers or email addresses.

Human resources-related data included identity card number, date of birth, social media accounts, and academic and bank account details, as well as health information.

Cyberport said it had engaged independent cybersecurity experts to investigate the incident and provide a remedy. The investigation and remediation were continuing.

The business park has 140 employees and is a base for 1,900 start-ups and tech companies.

The data breach was first disclosed earlier this month by cybersecurity information platform FalconFeedsio, which said on social media that ransomware group Trigona had added Cyberport to its victim list.

Hong Kong records sixfold rise in technology-based crimes in a decade

According to Palo Alto-based cyber-risk consultancy Unit 42, Trigona ransomware is relatively new and was first discovered by security researchers in late October 2022, with organisations involved in manufacturing, finance, construction, agriculture,…

Source…

Microsoft Details How Chinese Hackers Acquired Signing Key for Outlook Breach

/in


Microsoft says it’s uncovered the mystery to how suspected Chinese hackers acquired a digital signing key to pull off July’s Outlook breach that ensnared several US government agencies. 

According to Microsoft, the key was accidentally leaked when the company computer holding it crashed in April 2021. During the error, the machine generated a crash dump report, which failed to redact the key from the file due to a software bug. 

Microsoft added that company computers that hold such signing keys are “highly isolated,” and have been stripped of various internet services, such as email and video conferencing. However, the crash dump report ended up opening a hole in the security. The unredacted file was automatically passed to a Microsoft computer devoted to debugging, which also happened to be connected to the internet. 

This paved a way for the Chinese hackers to loot the digital key when they compromised a Microsoft engineer’s corporate account, although it remains unclear how this occurred.

“This account had access to the debugging environment containing the crash dump which incorrectly contained the key,” the company said in Wednesday’s report. “Due to log retention policies, we don’t have logs with specific evidence of this exfiltration by this actor, but this was the most probable mechanism by which the actor acquired the key.”

Stealing the key then allowed the suspected Chinese hackers to forge the authentication tokens to access customer emails on Microsoft’s Outlook service. That said, the signing key was originally designed for consumer Microsoft accounts—not the enterprise Outlook accounts that the hackers targeted. 

The problem is that Microsoft neglected to update a software library to automatically validate key signing signatures between consumer and enterprise accounts. “Developers in the mail system incorrectly assumed libraries performed complete validation and did not add the required issuer/scope validation,” Microsoft said. “Thus, the mail system would accept a request for enterprise email using a security token signed with the consumer key.” 

Microsoft issued the report as the company has come under criticism for failing to…

Source…

Intel insiders go undercover revealing fresh details into NoName hacktivist operations

/in


In a Black Hat exclusive interview with Cybernews, two Radware threat researchers turned ‘undercover hacktivists’ pose as pro-Russian sympathizers, revealing new insights into the inner workings of the cyberterrorist gang NoName057(16).

“The importance of NoName for us, if you look at the number of attacks that their doing, it’s much bigger than, for example, Anonymous Sudan or even Killnet,” said the Radware researchers, who asked to remain anonymous for security reasons.

Calling Killnet media savvy, the researchers pointed out that “Killnet makes it a lot into the news, but actually, in terms of attacks and targeting, they don’t do that much anymore.”

Anonymous Sudan and Killnet, whose self-proclaimed leader is known as Killmilk, are just two of the well-known pro-Russian hacktivist groups that have been actively targeting Ukraine and the West since the Russian invasion last spring

but more on that later.

The two unnamed insiders sat down with me to tell their tale on the last day of the Black Hat USA convention, settling in at a random table on the floor of the swag-filled Business Hall, away from the commotion.

Cybernews readers will get to see the visuals accompanying their research – For Intel and Profit: Exploring the Russian Hacktivist Community – here for the first time.

From insights into the ever-evolving Russian hacktivist landscape to documenting NoName’s steady stream of persistent attacks, these security gurus have proven firsthand that the gang’s crowdsourced “DDoSia” platform is providing a steady stream of crypto payouts to otherwise ordinary citizens whose only commonality is that they despise Ukraine and any of its Western supporters.

Furthermore, according to the duo, it’s not going to stop anytime soon.

NoName nation heat map:
Image by Radware

Who is NoName057(16)?

Before we dive right into the gang’s newly discovered operations, let’s briefly profile this steadfast group of attackers and find out what they’ve been up to since they first entered the scene back in March of 2022, and more recently.

To begin with, Radware’s research shows that NoName dominated the pro-Russian hacktivist landscape in the first half of 2023, carrying out a whopping 1174…

Source…

Senators Want Details on China’s Latest Hack of Microsoft email

/in


Senators want answers from the State Department’s IT chief about how hackers, said to be from China, broke into diplomats’ Microsoft email accounts earlier this year, as officials were planning high stakes visits to Beijing for Secretary of State Anthony Blinken and other cabinet officials.

In a letter sent Wednesday to State Department Chief Information Officer Kelly Fletcher, and exclusively obtained by Newsweek, 14 senators of both parties are asking for details of the extent of the breach, and the timeline on which it was fixed.

Microsoft revealed on July 11 that hackers had “acquired” a master cryptographic key, which allowed them to impersonate almost any user of the company’s cloud-based Outlook email and calendar services, meaning they could log on as that person and copy all their email traffic and calendar appointments.

The letter, originally drafted by Sen. Eric Schmitt, R-Mo., was signed by GOP colleagues including Tim Scott of Florida and Bill Hagerty of Tennessee; and by the Democratic Chairman of the Senate Foreign Relations Commitee Ben Cardin of Maryland and several of his colleagues including Tim Kaine of Virginia. It asks for a “closed, unclassified briefing” for members and staff by September 6.

The intrusion, which started mid-May and was discovered a month later, would have allowed Beijing to see into diplomats’ planning for a succession of high stakes visits to China in June and July by U.S. cabinet members, including Blinken, Commerce Secretary Gina Raimondi and Treasury Secretary Janet Yellen, according to former officials.

The hack has led to questions about Microsoft’s relationship with China and whether that creates risks for the U.S. government, which relies heavily on the Redmond, Wash.-based tech giant’s services and products.

Bill Gates and Xi Jinping
A China Central Television news broadcast shows Microsoft co-founder Bill Gates, left, meeting with Chinese President Xi Jinping, on a giant screen outside a shopping mall in Beijing in June. Xi called Gates “a dear old friend of ours,” highlighting the close relations Microsoft has maintained with China.
AFP via Getty/Greg Baker/AFP/Getty

The senators’ letter also asks Fletcher to explain how she plans to “ensure a more robust,…

Source…