Tag: hundreds | SpinSafe

Carpetright is latest British business to be hit by cyber attack as hackers target company HQ to affect hundreds of customer orders

April 20, 2024/in Computer Security

Hackers targeted the company HQ in Purfleet, Essex on Tuesday

Flooring chain Carpetright is the latest British business to be hit by a cyber attack affecting hundreds of customer orders.

Hackers targeted the company HQ in Purfleet, Essex on Tuesday, sending malware to gain unauthorised access.

Carpetright’s network was taken offline due to the cyber attack but bosses insist that the virus was isolated before any data was swiped.

However phone lines are still down with callers met with the automated message ‘Thank you for your patience while we work on a solution’.

Staff and hundreds of customers were affected by the malicious virus with employees reportedly unable access their payroll information.

Flooring chain Carpetright is the latest British business to be hit by a cyber attack affecting hundreds of customer orders (file pic)

Hackers targeted the company HQ in Purfleet, Essex on Tuesday, sending malware to gain unauthorised access (stock photo)

A source told The Sun: ‘Some staff networks were taken down including the portals that workers use to book time off and look at payslips.

‘It happened abruptly and was worrying because customers couldn’t get through to helplines.

READ MORE: Hackers publish NHS patients’ data after cyber attack including names, addresses and medical conditions – as they vow to post thousands more unless ransom is paid

‘Everything at HQ was taken offline as that was the best way to stop the attack spreading to customer data.’

A spokesperson for Carpetright said: ‘We would like to apologise for any inconvenience caused.

‘We are not aware of any customer or colleague data being impacted by this incident and are testing and resetting systems, with investigations ongoing.’

The cyber attack at the flooring chain comes after hackers managed to access a ‘small number’ of patients’ data last month.

Ransomware group – INC Ransom – targeted NHS Dumfries and Galloway and claimed it was in possession of three terabytes of data from NHS Scotland.

A post on its dark web blog included a ‘proof pack’ of some of the data, which was…

Source…

A sneaky new steganography malware is exploiting Microsoft Word — hundreds of firms around the world hit by attack

April 16, 2024/in Computer Security

Hackers have been observed using steganography to target hundreds of organizations in Latin America with infostealers, remote access trojans (RAT), and more.

The campaign, dubbed SteganoArmor, was discovered by researchers from Positive Technologies.

For those unfamiliar with steganography, it’s a technique of hiding data inside benign files. Hackers use it to hide malware in JPG and similar files, and thus bypass email security solutions.

Infostealers and other malware

As per the researchers, a threat actor dubbed TA558 sent out hundreds of phishing emails, through which they shared Microsoft Word and Excel files.

These files exploit a seven-year-old flaw tracked as CVE-2017-1182. To minimize the chances of the emails being picked up by email security solutions, they were sent from compromised SMTP servers.

If the victim runs the files, they will download a Visual Basic Script (VBS) from the legitimate “paste upon opening the file.ee” service. This script will download a JPG file holding a base-64 encoded payload. This payload will, ultimately, result in the download and installation of one of these malware variants:

AgentTesla, FormBook, Remcos, LokiBot, Guloader, Snake Keylogger, and XWorm. The majority of these are infostealers, with a few RATs and stage-two downloaders. While the attackers do seem to have cast a wide, global net, the majority of the victims are located in Latin America, the researchers added. So far, more than 320 attacks were discovered.

Defending against this attack is relatively easy. First, users should be wary of incoming emails, especially those carrying files and links, as that’s the usual modus operandi of cybercriminal groups. Also, they could patch their Office suite to prevent the malware from exploiting CVE-2017-1182. The patch for this vulnerability has been around for more than half a decade.

TA558 has been around for almost a decade, mostly targeting organizations in the hospitality and tourism industries.

Via BleepingComputer

More from TechRadar Pro

Source…

Roku Suffers Data Breach, Hackers Sell Credentials of Hundreds of 15,000 Stolen Accounts

March 13, 2024/in Computer Security

Streaming platform Roku officially discloses hackers have successfully breached its systems to steal more than 15,000 customer accounts containing sensitive information. Hundreds of the accounts are reportedly being sold online as the breach has given hackers access to the owner’s stored credit card information to make illegal purchases.

With over 80 million active users, the firm reportedly disclosed the hack on Friday in documents it filed with the attorneys general of Maine and California. Fifteen thousand three hundred sixty-three accounts were compromised between December 28, 2023, and February 21, 2024, according to the papers.

The documents show that hackers gained access to the accounts by obtaining login credentials from other sources, instead of getting into Roku’s system. Using a hacking technique called a credential stuffing assault, threat actors gather credentials that have been made public in past data breaches and then try to use them to access other websites.

DNA Testing Companies Adopt Two-Factor Authentication in Response to 23andMe Data Breach

(Photo : THOMAS SAMSON/AFP via Getty Images)

An agent of the operational center of the French National Cybersecurity Agency (ANSSI) checks datas on a computer in Paris on November 24, 2022.

According to the firm, once an account was compromised, threat actors were able to alter all of the user’s data, including passwords, email addresses, and shipping addresses.

Roku clarified, however, that the unauthorized actors who gained access to the impacted Roku accounts did not have dates of birth, social security numbers, complete payment account numbers, or any other kind of sensitive personal information that needed to be disclosed.

This essentially locked the user out of the account, enabling threat actors to utilize the saved credit card information to make transactions without sending order confirmation emails to the actual account holder.

According to BleepingComputer, several threat actors are employing the Open Bullet 2 or SilverBullet cracking tools to carry out credential-stuffing assaults. With the help of these apps, hackers can import custom configuration files made specifically to carry out credential-stuffing attacks against particular…

Source…

A Russian-controlled botnet of hundreds of routers has now been shut down by the US DOJ

February 16, 2024/in Internet Security

Hundreds of routers used in homes and small offices were unknowingly used to spread malware via a Russian-made botnet. This week, the US Department of Justice announced that this botnet has now been shut down in an operation that took place in January 2024 but has now been revealed publicly.

In its press release, the Justice Department stated the botnet itself was created by a known cybercriminal group that infected routers that still used “publicly known default administrator passwords” with the Moobot malware. After that, the Russian GRU agency installed its own scripts by using the Moobot malware.

The press release described how the GRU used the botnet to committee various cybercrimes:

These crimes included vast spearphishing and similar credential harvesting campaigns against targets of intelligence interest to the Russian government, such as U.S. and foreign governments and military, security, and corporate organizations.

However, after the botnet was discovered, the Justice Department turned around and used the Moobot malware to copy the stolen files, and then delete them from those routers. It also changed the firewalls of those routers to make sure they could block any attempts at remote entry.

The Justice Department will inform the owners of those routers about what happened to them and request that those devices get a full reset. They will also be asked to install the latest version of their router”s firmware, and of course, they will highly recommend that the routers get new passwords.

This is actually the second time in 2024 that the Justice Department has disrupted a criminal botnet. In a statement, US Attorney General Merrick B. Garland said:

In this case, Russian intelligence services turned to criminal groups to help them target home and office routers, but the Justice Department disabled their scheme. We will continue to disrupt and dismantle the Russian government’s malicious cyber tools that endanger the security of the United States and our allies.

There”s no specific information on the information that was gathered by the…

Source…

Tag Archive for: hundreds

(Photo : THOMAS SAMSON/AFP via Getty Images)

An agent of the operational center of the French National Cybersecurity Agency (ANSSI) checks datas on a computer in Paris on November 24, 2022.