Tag Archive for: Details

Hackers steal 10 million customer details from JD Sports

/in


If you’ve purchased trainers from sports fashion retailer JD Sports in the past, your personal details could now be in the hands of hackers.

Customers of the UK high street retailer (as well as sister firms Millets, Blacks, Size?, Scotts, and Millets Sports) are being contacted with a warning that cybercriminals have accessed details of orders made between November 2018 and October 2020.

10 million people are thought to have been impacted by the security breach, which has put at risk customers’ names, addresses, email addresses, phone numbers, order details, and the final four digits of their payment cards.

An email sent by the firm to affected shoppers describes the exposed data as “limited” and underlines that full payment card details and passwords have not fallen into the hands of hackers.

However, it is clear that the information which has been stolen by hackers is enough for JD Sports customers to be targeted with bogus communications that could attempt to steal more information from shoppers.

Accordingly, the email goes on to warn of the risk that fraudsters might exploit the exposed data to send phishing emails, or send scam calls or text messages pretending to be JD Sports or the other affected brands:

While you do not need to take any specific action, please remain vigilant to fraud attempts and be alert for any suspicious emails, calls or texts which say they are from JD Sports or any of our Group brands. Avoid clicking on links in any unexpected emails or texts.

Bizarrely, some affected customers say that the warning email they have received from JD Sports is written in Portuguese or Spanish – which would be an admirable step by JD Sports if those customers actually spoke Portuguese or Spanish, but apparently, they do not.

Neil Greenhalgh, chief financial officer of JD Sports, extended an apology to customers saying that “protecting the data of our customers is an absolute priority for JD.”

The retailer says that it has contacted the Information Commissioner’s Office (ICO) about the security breach, and is working with external experts to conduct a review of its IT security.

Source…

MHA issues cyber alert for G20 Summit, shares threat, target details with ministries

/in


In an effort to prevent any cyber network exploitation related with the G20 Summit, which India will host in 2023, the Union Ministry of Home Affairs (MHA) has shared a list of “potential (cyber) attackers” and “reported historically targeted G20 Summits” with all ministries and departments, it is learnt.

The ministry is also learnt to have informed the ministries that the Indian Computer Emergency Response Team (CERT-In), the country’s premier cybersecurity agency, has found that spear phishing will be the “primary vector” used to target individuals and organisations associated with the G20 Summit with email contexts, Covid-19 pandemic funds, and digital transformation.

Spear phishing is an attempt to trick a particular person or group into giving private information over the internet or by email, especially by sending emails that seem to be from someone they know, according to the dictionary.

Sources said the directions were issued by MHA’s Cyber & Information Security (C&IS) division a few days ago. It asks all ministries/departments to look for attempted distributed denial of services (DDOS) activities on G20 websites by mercenary or hacktivist groups, and to closely monitor all G20-related social media handles. “The C&IS division has informed that CERT-In has been actively tracking specific threats to G20 Summits both in Bali (hosts of the 2022 edition of the summit) and the forthcoming Summit activities in Delhi,” a source said.

The suspected “cyber adversaries” are operating on behalf of North Korea, PRC and Russia, “directly targeting G20-related materials through cyber espionage campaigns since 2013”, this source, with knowledge of the development, said.

The C&IS division of MHA deals with matters relating to cybersecurity, cybercrime, national information security policy and guidelines (NISPG) and its implementation, and the national intelligence grid.

“CERT-In has informed that, according to their assessment, espionage actors from various countries will have an interest in targeting government- and conference-related entities in the host country, attenders and individuals interested in the G20 Summit,” another source said.

Last month,…

Source…

Microsoft reveals details about how it discovered a security flaw in macOS Gatekeeper

/in


Microsoft has revealed how it discovered a security flaw in macOS Gatekeeper. The vulnerability has been termed as Achilles.

Microsoft reveals details about how it discovered a security flaw in macOS Gatekeeper

For those unaware, Gatekeeper is a security feature that protects your Mac, it does so by only allowing trusted software to run on it, it’s sort of like an antivirus. The security issue has been referenced as CVE-2022-42821. It has a severity rating of 5.5, which means it is a medium level threat.

Microsoft says that it analyzed the threat, and shared its findings with Apple in July through Microsoft Security Vulnerability Research, in order to help protect macOS users from potential attacks.

Apple patched the Achilles heel security flaw in macOS Ventura that was released on October 24th, and later in macOS Monterey 12.6.2 and macOS Big Sur 11.7.2, which were rolled out on December 13th. In its security notes, the Cupertino company had mentioned that the vulnerability could allow an app to bypass Gatekeeper checks, and that it a logic issue had been addressed with improved checks.

Achilles vulnerability in macOS Gatekeeper

 

How Microsoft discovered the Achilles vulnerability in macOS

That doesn’t explain much, but an article on Microsoft’s security blog goes into the details. It is a bit on the technical side, so I’ll try to simplify it here. Microsoft says that macOS devices usually get infected as a result of users running fake apps that they may have downloaded from third-party sources, i.e. outside the App Store.

When a user downloads a file through their web browser, macOS assigns an extended attribute to it called com.apple.quarantine. The browser saves the metadata of a downloaded file in the above-mentioned attribute, and it contains some information such as flag;date;agent_name;UUID.

This is used by Gatekeeper to enforce some security policies. macOS usually warns you when you are trying to install something downloaded from the internet, that’s because Gatekeeper read its extended attribute, and recognized it as an app from an unknown source. After analyzing past security vulnerabilities that were present in macOS, Microsoft security researchers identified a specific one, referenced as CVE-2021-1810. The loophole, which was patched a year ago, would create a symbolic link to an app…

Source…

AIIMS server down: Chinese hackers suspected; services moved to manual mode and other details

/in


All India Institute of Medical Sciences (AIIMS) has been hit by a massive ransomware attack. The digital services at the country’s premier healthcare institution have been down since 7am on Wednesday (November 23). Delhi Police has filed an FIR for cyber terrorism and extortion.The FIR has been registered under 66F (cyber terrorism) and 66 (computer related fraud) of the Information Technology Act and section 385 (extortion) at IFSO, special cell.
‘Chinese connection’ likely
“Prima facie, it appears that a weak firewall and outdated systems apart from lack of cloud-based servers made the bid, most probably by Chinese hackers possible,” say officials. Information on whether any significant research or health data has been stolen is not yet available.
AIIMS officials have confirmed that this was a ransomware attack – a type of cyber hacking in which a cyberattacker deployed ransomware or malicious software in the victim’s systems that encrypts the data. The attacker then asks for a “ransom” to restore access for the victim.
Citing sources, a media report said that the extortion amount has not been disclosed by the hackers yet. Furthemore, the cyberattackers have reportedly given a protonmail address for the authorities to connect with them to recover system data and decrypt files. They have reportedly modified the extensions of infected files.
NIC, Cert-In helping to restore services
AIIMS reported the massive cyber attack on Wednesday (November 23) and said that all patient care services have been badly impacted since 7 am. The hospital authorities confirmed that the server for National Informatics Centre‘s eHospital being used is down. National Information Centre (NIC), along with CERT-In, are helping in the restoration of services.
Also Read: AIIMS hit by ransomware attack: What does ransomware mean, how dangerous it is and other details
Basic services hit
The cyberattack has affected basic daily operations such as appointments, patient registrations and admissions and billing systems, at one of the biggest state-owned hospitals. “With the server being down, the outpatient and inpatient digital hospital services, including smart lab, billing, report generation and…

Source…