Tag Archive for: discloses

Microsoft discloses new customer hack linked to SolarWinds cyberattackers

/in


Microsoft Corp. said hackers, linked by U.S. authorities to Russia’s Foreign Intelligence Service, installed malicious information-stealing software on one of its systems and used information gleaned there to attack its customers.

The hackers compromised a computer used by a Microsoft customer support employee that could have provided access to different types of information, including “metadata” of accounts and billing contact information for the organization, a Microsoft spokesman said.

Microsoft is aware of three customers that were affected by the recent activity, the company said in a blog post.

“The actor used this information in some cases to launch highly-targeted attacks as part of their broader campaign,” Microsoft said. “We responded quickly, removed the access and secured the device.”

The incident was part of a broader campaign—which involved other hacking techniques beyond leveraging the information taken from its support system—that primarily targeted technology companies and government agencies in 36 countries.

Most of the attacks were unsuccessful, but three of Microsoft’s customers were compromised during the campaign, the company said. “We have confirmed that two of the compromises were unrelated to the support agent issue, and are continuing to investigate the third instance,” a Microsoft spokesman said.

Microsoft identified the hackers behind the break-in as Nobelium, the same group associated with the sophisticated hack at Austin, Texas-based software maker SolarWinds Corp. U.S. authorities have said this group is part of Russia’s Foreign Intelligence Service, known as the SVR. Russia has denied involvement in the SolarWinds hack. A Russian embassy representative didn’t immediately return a message seeking comment on Microsoft’s blog post.

“This should concern all of us,” said Sherri Davidoff, chief executive of the security consulting firm LMG Security LLC. “Hackers made it past the defenses of one of the world’s most sophisticated technology suppliers, whose software underlies our entire economy.”

The incident marks…

Source…

San Diego Family Care Center Discloses Possible Data Breach

/in


San Diego Family Care’s Linda Vista Health Center. Photo by Doug Gates

San Diego Family Care announced Friday it has alerted current and former patients and employees about a computer security breach that may have involved their personal information.

Though there is no evidence that anyone’s personal information was misused, the health services provider said it was advising potentially impacted people about the issue, and steps they can take to protect themselves, as a precaution.

The potentially affected data includes names; dates of birth; Social Security numbers or other government identifiers; financial account numbers; medical diagnosis or treatment information; health-insurance information; and client identification numbers, according to SDFC officials.

The issue came to light in December, when officials with SDFC and its business associate, Health Center Partners of Southern California, became aware that their information-technology hosting provider had experienced a data-security irregularity that resulted in the encryption of certain data.

In response, the technology company took steps to secure and restore its systems and launched an investigation with the assistance of computer forensics experts, who determined that some data may have been accessed by an unauthorized party.

Source…

T-Mobile discloses data breach after SIM swapping attacks

/in


T-Mobile discloses data breach after SIM hijacking attacks

Image: Mika Baumeister

American telecommunications provider T-Mobile has disclosed a data breach after an unknown number of customers were apparently affected by SIM swap attacks.

SIM swap fraud (or SIM hijacking) allows scammers to take control of targets’ phone numbers after porting them using social engineering or after bribing mobile operator employees to a SIM controlled by the fraudsters.

Subsequently, they receive the victims’ messages and calls which allows for easily bypassing SMS-based multi-factor authentication (MFA), stealing user credentials, as well taking over the victims’ online service accounts.

The criminals can then log into the victims’ bank accounts to steal money, change account passwords, and even locking the victims out of their own accounts.

The FBI shared guidance on how to defend against SIM swapping following an increase in the number of SIM hijacking attacks targeting cryptocurrency adopters and investors.

Undisclosed number of SIM swap attacks

In a data breach notice sent to impacted customers on February 9, 2021, and filed with US attorney generals’ offices, T-Mobile revealed that an unknown attacker gained access to customers’ account information, including personal info and personal identification numbers (PINs).

As the attackers were able to port numbers, it is not clear if they gained access to an employee’s account or did it through the compromised users’ accounts.

A T-Mobile spokesperson was not available for comment when contacted by BleepingComputer earlier today.

“[A]n unknown actor gained access to certain account information. It appears the actor may then have used this information to port your line to a different carrier without your authorization,” T-Mobile said.

“T-Mobile identified this activity—terminated the unauthorized access, and implemented measures to protect against reoccurrence.”

The information accessed by the hackers might have included customers’ full names, addresses, email addresses, account numbers, social security numbers (SSNs), account personal identification numbers (PIN), account security questions and answers, date of birth, plan information, and the number of lines subscribed to their accounts.

“T-Mobile…

Source…

Koei Tecmo discloses data breach after hacker leaks stolen data

/in


Atelier Ryza
Source: Atelier Ryza screenshot

Japanese game developer Koei Tecmo has disclosed a data breach and taken their European and American websites offline after stolen data was posted to a hacker forum.

Koei Tecmo is known for its popular PC and console games, including Nioh 2, Hyrule Warriors, Atelier Ryza, Dead or Alive, etc.

On December 20th, a threat actor claimed to have hacked into the koeitecmoeurope.com website on December 18th through a spear-phishing campaign sent to an employee. As part of this attack, a forum database with 65,000 users was stolen, and the actor claims to have planted a web shell on the site for continued access.

“There are FTP credentials on the shell I found and I would be happy to share those with you if you bought the shell as well as multiple twitter secrets for their twitter accounts that they have,” the threat actor stated as part of their sales pitch.

In a post on a hacker forum, the threat actor was attempting to sell a forum database for 0.05 bitcoins, or approximately $1,300, and web shell access for 0.25, or approximately $6,500.

On December 23rd, the same threat actor leaked the database for free on the same hacker forum.

Koei Tecmo database leaked for free
Koei Tecmo database leaked for free

The samples of the database seen by BleepingComputer include forum members’ email addresses, IP addresses, hashed passwords and salts, usernames, date of births, and country.

Koei Tecmo takes websites offline 

After learning of the leaked data, Koei Tecmo took the American (https://www.koeitecmoamerica.com/) and European (koeitecmoeurope.com) websites offline with the following message:

“Due to the possibility of an external cyberattack on this website, it is temporarily closed as we investigate the issue.”

Koei Tecmo America's website was taken offline
Koei Tecmo America’s website was taken offline

Since learning of the attack, Koei Tecmo released a data breach advisory stating that a forum on a UK subsidiary’s website was compromised and the stolen data was leaked online.

“Within the website operated by KTE, the “Forum” page and the registered user information (approximately 65,000 entries) has been determined to the data that may have been breached. The user data that may have been leaked through hacking is perceived…

Source…