Tag Archive for: leaking

Ransomware gang starts leaking data stolen from Quebec university

/in


The LockBit ransomware gang has started releasing data it says was stolen last month from a Quebec university.

The data is from the University of Sherbrooke, with a student body of about 31,000 and 8,200 faculty and staff. Sherbrooke is a city about a two-hour drive east of Montreal.

Asked in an email to comment on the action by LockBit, university Secretary General Jocelyne Faucher referred to the institution’s Dec. 7 statement that said, “certain data from one research laboratory has been compromised.” The incident has had no impact on the university’s activities, the statement added. An investigation continues.

According to a news report on the French language Radio Canada, the university said last month it had not been hit with ransomware.

The university hasn’t said if the compromised data included personal information or intellectual property.

Threat actors go after the education sector for several reasons: First, they believe public school boards can be pressured into paying to get access back to stolen data about children. Second, they believe post-secondary institutions will be subject to pressure from students to pay for the return of stolen personal and research data.

According to Sophos’ most recent annual ransomware report, the education sector was the most likely to have experienced a ransomware attack in 2022. Eight per cent of educational institutions surveyed said they had been hit. “Education traditionally struggles with lower levels of resourcing and technology than many other industries,” the report says, “and the data shows that adversaries are exploiting these weaknesses.”

In June, Ontario’s University of Waterloo interrupted a ransomware attack after being tipped off by the RCMP. The university’s on-premises email server was compromised, but “only a tiny number of users were impacted,” the institution said. All university IT users had to re-set their login passwords.

One of the most recent cyber attacks on a Canadian university happened in December, when Memorial University’s Grenfell campus in Corner Brook, NL, was hit. According to the CBC, IT services at the Marine Institute were temporarily shut down. The start of the new…

Source…

In Other News: Hacking Encrypted Linux Computers, Android Fuzzing, Skype Leaking IPs

/in


SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.

Here are this week’s stories

Quickly hitting Enter key to hack an encrypted Linux computer 

Researchers at Pulse Security discovered that an attacker who has physical access to an encrypted Linux system can gain local root access to the computer — bypassing full-disk encryption — by quickly hitting Enter on the keyboard or using a special device to simulate the process. These types of attacks are not new. 

High-severity vulnerability patched in Chrome 

Advertisement. Scroll to continue reading.

A new Chrome 116 update patches a high-severity use-after-free vulnerability. These types of flaws can typically be combined with other bugs for sandbox escapes and remote code execution. The bug bounty for the vulnerability has yet to be determined by Google. 

Google details Android fuzzing efforts

Google has published a blog post detailing its Android fuzzing efforts, including how it finds vulnerabilities, why it continues to invest in fuzzing, challenges, and how others can contribute. 

Top-level domains and DNS issues

Cisco Talos has conducted research into top-level domain (TLDs) and DNS issues, highlighting potential risks related to the .kids TLD, ‘zombified’ DNS name issues related to various country TLDs, as well as problems with second-level TLDs. 

Skype mobile app is leaking IP addresses

The Skype mobile application is leaking IP addresses, according to a report from 404 Media. A hacker can obtain a targeted user’s IP by sending them a link over Skype — the victim does not have to interact with the link. Microsoft has been notified, but the company is not rushing to patch it. 

Rackspace says cost of ransomware attack…

Source…

Spinneys dismisses claims that ransomware group is leaking its data

/in


Supermarket chain Spinneys dismissed claims on Twitter that a ransomware group had published data taken from its internal server.

A series of tweets by ransomware monitoring account Ransom Watcher on Tuesday said that the Clop ransomware group published Spinneys data.

“Spinneys is aware of unverified emails being sent out from unidentifiable email addresses stating that a ransomware group may have leaked data hacked from our internal server on July 16,” Tom Harvey, general manager of Spinneys Dubai, told The National.

“We continue to work closely with the e-crime department at Dubai Police to investigate the matter and keep our customers up-to-date.”

As more businesses adopt hybrid work models and undertake a rapid digital transformation to cope with coronavirus challenges, they are also more exposed to cyber threats.

Ransomware is malware that is designed to deny users or organisations access to their online data and files stored in computers or servers. All data is encrypted, and criminals demand payment for the decryption key.

More than 80 per cent of UAE organisations said they have the staff required to effectively manage a ransomware cyber attack, matching the global average, a June survey by Boston-based security company Cybereason found.

About 67 per cent of UAE respondents also said they have a plan in place to counter any potential ransomware attempt, compared with 72 per cent globally, the study revealed.

The main goal of Clop ransomware is to encrypt all files in an enterprise and demand a payment to receive a decryptor to re-access the affected files, according to a blog post by computer security software company McAfee.

Clop ransomware emerged in 2019, when it became a prevalent threat to organisations and businesses, according to cloud cyber security service company Mimecast. Clop ransomware also threatens to leak confidential information if no ransom is paid, it said.

To date, it is estimated that Clop ransomware has extorted more than $500 million from organisations, including multinational energy companies and at least two prominent US universities, according to Mimecast.

“Clop ransomware typically goes after assets like data backups, vouchers, email lists,…

Source…

Uganda Security Exchange Caught Leaking 32GB of Sensitive Data

/in


Apart from personal and financial records, the data also included plain-text login credentials including usernames and passwords of customers and businesses using the Easy Portal of the Uganda Security Exchange.

The Uganda Securities Exchange (USE) aka principal stock exchange in Uganda has been caught leaking highly sensitive financial and sensitive data of its customers and business entities across the globe.

This was revealed to Hackread.com by Anurag Sen, a prominent IT security researcher who has been known for identifying exposed servers and alerting relevant authorities before it’s too late. Anurag is the same researcher who discovered Australian trading giant ACY Securities to be exposing 60GB worth of data earlier this month.

What Happened

It all started with Anurag scanning for misconfigured databases on Shodan and noted a server exposing more than 32GB worth of data to public access. According to Anurag, the server belonged to the Uganda Security Exchange’s Easy Portal. For your information, Easy Portal is an online self-service portal that lets users and trading entities view stock performance, view statements, and monitor their account balance.

“There are other ports running on the server which opened the link to the bank of Baroda – which is Indian based company operating in Uganda. Also, it is registered under the Uganda security exchange.”

Anurag told Hackread.com

What Data was Leaked

Upon further digging into the humongous dataset Anurag concluded that the exposed records were of sensitive nature. The worse part of the data leak is the fact that the server was left exposed without any security authentication.

This means anyone with a slight bit of knowledge about finding unsecured databases on Shodan and other such platforms would have complete access to USE’s data including the following:

  • Full Name
  • Usernames
  • Full Address
  • Date of Birth
  • Access tokens
  • Phone Number
  • Email Address
  • Plaintext passwords
  • ID number of Users
  • Bank details including ID, and account number
  • Details on Foreign citizens and companies including citizens based in Uganda

The screenshot below shows the type of data exposed by the USE:

Image provided to…

Source…