Tag: downplays | SpinSafe

Vans, North Face parent downplays cyberattack

March 26, 2024/in Internet Security

U.S. global apparel and footwear company VF Corporation, which owns Vans, The North Face, and Supreme, emphasized that the December cyberattack that impacted data from 35.5 million customers did not include any bank information or credit card details, The Register reports.

In an email sent to impacted individuals, VF Corp. insisted that it never collected or retained financial or payment information outside the payment method used for customer purchases while reassuring that the incident did not result in any password exposure. Attackers were able to compromise individuals’ full names, phone numbers, email addresses, and billing and shipping addresses, as well as order histories, payment methods, and total order values but there has been no evidence suggesting any misuse of such exfiltrated information, said VF Corp., which still urged affected customers to be wary of potential phishing, identity theft, and fraud incidents.

Immediate password changes for VF Corp. accounts and other accounts sharing similar credentials have also been advised.

Source…

Google Downplays Undocumented Chrome API Exploited by Malware to Extend Account Theft: Report

January 8, 2024/in Computer Security

Updated Jan 8, 2024, 07:45 AM IST

While Google downplays the severity, security experts raise alarms about the implications of this undocumented Chrome API vulnerability.

A simmering cyberwarfare saga just took a concerning turn, with researchers uncovering a novel technique employed by malware to prolong access to stolen Google accounts. While Google downplays the severity, security experts raise alarms about the implications of this undocumented Chrome API vulnerability.

Malware’s New Trick: In late November, reports emerged of malware like Lumma and Rhadamanthys reviving expired Google authentication cookies, essentially granting attackers persistent access to victims’ accounts. Now, this tactic has gained traction, with four more malware families including Stealc, Medusa, RisePro, and Whitesnake adopting the same method.

The Undocumented Weapon: The key to this extended breach lies in an obscure Google OAuth “MultiLogin” API endpoint, discovered by cybersecurity firm CloudSEK. This API, initially believed to sync accounts across Google services, seems vulnerable to manipulation.

Exploiting the Loophole: Researchers suspect malware abuses this API by stealing two crucial tokens from Chrome: regular authentication cookies and a special “Refresh” token. With the Refresh token, even after stolen cookies expire, the malware can generate new ones, perpetuating unauthorized access. This essentially extends the malware’s lifespan within targeted accounts.

Google’s Murky Response: BleepingComputer’s attempts to understand the MultiLogin API have been met with silence from Google. The only documentation exists within Chrome’s source code, leaving security experts and users in the dark about its intended purpose and potential vulnerabilities.

Concerns on the Rise: Security researchers like Pavan Karthick of CloudSEK are sounding the alarm. They highlight the ease with which malware exploits this undocumented API, granting attackers extended access to sensitive user data, including emails, documents, and contacts. Furthermore, the lack of transparency from Google regarding the purpose and security of this API only amplifies the concerns.

Beyond Technicalities: The…

Source…

Verizon downplays database hacked and held for ransom, security risk could remain

May 27, 2022/in Computer Security

A Verizon employee database was recently compromised with the hacker holding it for a $250,000 ransom. Verizon says it doesn’t believe it contains “any sensitive information” and stopped communication with the hacker. However, the list of details including employee email addresses, phone numbers, and more could present a risk for future attacks.

Reported by Motherboard (via The Verge) an anonymous hacker recently obtained a database containing Verizon employee information including full names, company ID numbers, email addresses, and phone numbers.

It’s uncertain how current the information is, but Motherboard called multiple people on the list and confirmed that four they got in touch with work at Verizon. “Around a dozen other numbers returned voicemails that included the names in the database, suggesting those are also accurate.”

The anonymous hacker told Motherboard they “obtained the data by convincing a Verizon employee to give them remote access to their corporate computer.”

That allowed the hacker to access Verizon’s internal systems and obtain the employee database. Then they told Verizon they wanted $250,000 to not leak the information.

Verizon officially responded to Motherboard about the incident:

“A fraudster recently contacted us threatening to release readily available employee directory information in exchange for payment from Verizon. We do not believe the fraudster has any sensitive information and we do not plan to engage with the individual further,” the spokesperson told Motherboard in an email. “As always, we take the security of Verizon data very seriously and we have strong measures in place to protect our people and systems.”

As noted by Motherboard, even though the information may not be deemed sensitive, the list of Verizon employee phone numbers, email addresses, and company ID numbers could be used to impersonate employees to attempt social engineering and SIM swap attacks.

Recently, T-Mobile saw a security breach that came through compromised employee accounts.

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

Tag Archive for: downplays

While Google downplays the severity, security experts raise alarms about the implications of this undocumented Chrome API vulnerability.