Tag: hacked | Page 5

Microsoft hacked: Tech company reveals hack by Russia-backed group, Midnight Blizzard, or Nobelium

January 24, 2024/in Internet Security

CHICAGO — Microsoft revealed Friday that some of its corporate email accounts were hacked by a Russian-backed group.

The tech company said in a blog post that its security team detected the attack on Jan. 12 and quickly identified the group responsible: Midnight Blizzard, “the Russian state-sponsored actor also known as Nobelium.”

In late November, the group allegedly used a “password spray attack,” where a user uses a single common password against multiple accounts on the same application, to “compromise a legacy non-production test tenant account and gain a foothold,” according to Microsoft.

The group then “used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents,” the company said.

The hackers allegedly were targeting email accounts for information related to Midnight Blizzard, Microsoft said.

Microsoft was able to remove the hacker’s access to the email accounts on Jan. 13, according to a company filing with the SEC.

“To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems. We will notify customers if any action is required,” the company said.

The company said it is in the process of informing its affected users.

The investigation is ongoing.

Source…

How to Stop Your X Account From Getting Hacked Like the SEC’s

January 14, 2024/in Computer Security

This week, the United States Securities and Exchange Commission (SEC) suffered an embarrassing—and market-moving—breach in which a hacker gained access to its X social media account and published fake information about a highly anticipated SEC announcement related to bitcoin. The agency regained control of its account and deleted the post in under an hour, but the situation is troubling, especially given that the prominent and well-respected security firm Mandiant, which is owned by Google, had its X account compromised in a similar incident last week.

Details are still emerging about exactly what happened in each case, but there are common threads that made the account takeovers possible—and there are ways to protect yourself.

Crucially, both accounts had the digital protection known as “two-factor authentication” disabled at the time of the takeovers. Also known as 2FA, the defense requires a rotating numeric code or physical dongle in addition to a person’s login credentials, so everything isn’t resting on just a username and password. The SEC has not yet said whether it had two-factor turned off accidentally as a result of X’s February 2023 policy change, which made it so only accounts paying for a Blue subscription would have access to two-factor codes sent via text message. Mandiant implied on Wednesday that this change was the reason it did not have the protection turned on for its X account, saying, “Normally, 2FA would have mitigated this, but due to some team transitions and a change in X’s 2FA policy, we were not adequately protected.”

Mandiant said hackers were able to guess the password protecting its X account in “a brute force” attack. X itself said on Tuesday that the SEC account hack was the result of “an unidentified individual obtaining control over a phone number associated with the @SECGov account through a third party.”

The two incidents lay out a punch list of the most important steps you can take to lock down your X account. First, ensure that your account is protected by a strong, unique password. Second, turn on two-factor for your account or, if you think you already have it on, check to make sure. X’s move to make people pay for a…

Source…

Security firm Mandiant says it didn’t have 2FA enabled on its hacked Twitter account • Graham Cluley

January 11, 2024/in Computer Security

Security firm Mandiant says it didn't have 2FA enabled on its hacked Twitter account

Anyone who works in computer security knows that they should have two-factor authentication (2FA) enabled on their accounts.

2FA provides an additional layer of security. A hacker might be able to guess, steal, or brute force the password on your accounts – but they won’t be able to gain access unless they also have a time-based one-time password.

So, how come Mandiant didn’t have 2FA protecting its Twitter account, which was hacked last week to promote a cryptocurrency scam?

Mandiant promised in the wake of the hack that it would share details of what had happened, and – true to its word – it’s done just that.

Mandiant explanation

But Mandiant’s explanation of how it was hacked raises some more questions.

We have finished our investigation into last week’s Mandiant X account
takeover and determined it was likely a brute force password attack,
limited to this single account.

What they seem to be saying is that someone tried over-and-over-and-over-and-over again again to break into Mandiant’s Twitter account, or rather used a computer to do it for them… and eventually they got lucky.

You have to wonder just how long and complicated Mandiant’s Twitter password was if that really was the case.

Presumably Mandiant has now changed the password, so why don’t they tell us what it was? Maybe we could all learn something if we knew just how much effort the hackers had to go to to bruteforce Mandiant’s password, and how long it might have taken them.

PS. “likely”? Sounds like Mandiant isn’t really sure.

My guess had been that perhaps Mandiant’s Twitter account was compromised in a similar way to that of another firm hacked around the same time – CertiK.

In that case the hackers contacted CertiK posing as a Forbes journalist, and tricked an employee into clicking on a link that posed as a calendar scheduling link for an interview.

Anyway, lets look further at what Mandiant has to say about its security breach:

Normally, 2FA would have mitigated this, but due to some team transitions and a change in X’s 2FA policy, we were not adequately protected. We’ve made changes to our process to ensure this doesn’t happen again.

Well, there’s a carefully worded sentence!…

Source…

Ransomware attackers threaten to send SWAT teams to patients of hacked hospitals

January 7, 2024/in Internet Security

Losing important work documents or albums with photographs of your family because you have unsuspectingly clicked on a malicious e-mail attachment can be very damaging and stressful. Now imagine that you have lost not only your data but also the very sensitive data of thousands of other people.

This is a threat that hospitals around the world are facing each day, with some of them ultimately falling victim.

Cybercriminals employing ransomware as part of their hacking campaigns are extorting users, demanding a hefty ransom in the form of cryptocurrency. They promise to give you a decryption key to recover your data, but you can never be certain whether the criminal will keep this promise. While some user may get lucky, others will not only lose their data but also their money.

Experts usually recommend not paying the ransom, as this also encourages the hackers to continue targeting more potential victims. The decryption keys for some ransomware variants are later made public, for example, thanks to authorities and their investigation. So even if you don’t pay the ransom, your chances of getting the data back are not completely over.

But in the case of hospitals or businesses, making the right decision can be much more difficult. Especially when the ransom is much higher and on top of that, the hackers are trying to improve their odds by other malicious activities.

Some hackers are threatening the hospitals with swatting, as The Register reports. A specific example is Seattle’s Fred Hutchinson Cancer Center which was hacked in November. The hospital confirmed for The Register that it “was aware of cyber criminals issuing swatting threats”, and that FBI and local police started an investigation.

Swatting is the tactic of contacting police with a false report, ultimately triggering a SWAT team to come to the targeted location, for example, the house of an innocent victim.

In a different case at Oklahoma’s Integris Health, the patients were targeted and threatened with having their data sold on the dark web.

These are just some of the extreme…

Source…

Tag Archive for: hacked