Tag Archive for: Reportedly

‘Anonymous’ reportedly leaks more stolen Epik data • The Register

/in


Entities using the name and iconography of Anonymous (EUTNAIOA) claim to have leaked server disk images extracted from Epik – the controversial US outfit that has provided services to far-right orgs such as the Oath Keepers and Gab, provided a home to social-network-for-internet-outcasts Parler, and hosted hate-hole 8chan.

Epik made a virtue of providing such services. In a blog post defending its decision to operate Gab’s domain name after GoDaddy declined to do so, Epik CEO Rob Monster argued it was a free speech issue, and said deplatforming companies is both censorship and a violation of inalienable rights.

EUTNAIOA earlier leaked 180GB of data it said it siphoned from Epik servers, plenty of it detailing the activities of far-right groups such as The Proud Boys and the ridiculous QAnon mob. This included personally identifiable information, domain ownership records, account credentials and SSH keys, internal Git repos, payment histories, and more.

The hacktivist collective justified the release of stolen data on the grounds it exposed racists, and dubbed the operation: Epik Fail.

That document dump was shared around the internet and was widely assessed as authentic. At least one Epik customer identified in the leaked files – a Florida estate agent – was fired as a result of the leak; it emerged he had tried to register domains such as theholocaustisfake.com via the web biz.

This latest super-dump of stolen Epik data was first reported by the Daily Dot on Wednesday after EUTNAIOA shared the information as a torrent.

One of the publication’s reporters tweeted a partial screen shot of the collective’s announcement of the leak, and detailed some of its contents:

Source…

Accenture reportedly faced $50M ransomware demand

/in


The consulting firm Accenture is reported to have faced $50 million in ransom following an attack this past month, according to cyber risk intelligence companies.

Researchers from the cyber intelligence firm Cyble said on Twitter that the threat actors claimed to have accessed more than six terabytes of data.

“Through our security controls and protocols, we identified irregular activity in one of our environments,” said Accenture in a statement to Healthcare IT News.   

“We immediately contained the matter and isolated the affected servers. We fully restored our affected systems from backup. There was no impact on Accenture’s operations, or on our clients’ systems.”

Confusion has swirled around the Accenture security incident over the past week, with the company largely remaining mum about the details.

But a few pieces of information have begun to trickle to the surface.   

For instance, CyberScoop’s Tim Starks reported on Thursday that the attackers, LockBit 2.0, had begun to leak some of their stolen data. Hudson Rock, a cybercrime intelligence data firm, said that 2,500 employee and partner computers had been compromised.  

Starks also quoted from an Accenture internal memo that said the company had noticed the security incident on July 30.  

“While the perpetrators were able to acquire certain documents that reference a small number of clients and certain work materials we had prepared for clients, none of the information is of a highly sensitive nature,” the memo reportedly read.  

Accenture isn’t alone; Cyble tweeted on Monday of this week that five other organizations had been targeted by LockBit in the past 24 hours.  

“LockBit attacks are known for their ability to encrypt Windows domains by using Active Directory group policies,” explained Eleanor Barlow, content manager at SecurityHQ, in a statement to Healthcare IT News

“Once a domain is infected, new group policies are generated by the malware and sent to devices linked to the network. Here, the policies disable the antivirus security and implement the malware.”

Lockbit’s slow release of data suggests that Accenture didn’t pay the $50 million price tag – consistent with federal agencies’ official stance…

Source…

T-Mobile reportedly hit with another security breach, data of 100 million users exposed

/in


A new data breach may have exposed the personal data of more than 100 million T-Mobile customers, according to Motherboard. T-Mobile, which has one the best 5G networks in the US, confirmed to the publication that it is currently investigating the claim made on an underground forum.

The data, which is is said to contain highly sensitive information such as the users’ phone numbers, social security numbers, names, unique IMEI numbers, physical addresses, as well as driver licenses information. Motherboard says it has seen samples of the breached data and that they appear to contain “accurate information on T-Mobile customers.”

The seller on the underground forum is asking for 6 bitcoins (around $270,000) for a subset of the data with 30 million social security numbers and driver licenses. The rest of the data is apparently being sold privately at the moment. Although it looks like T-Mobile has kicked the hackers out of its servers, the sellers say they have already downloaded the data locally, and it is now “backed up in multiple places.”

VPN Deals: Lifetime license for $16, monthly plans at $1 & more

At this point, it isn’t clear when the hackers managed to access the data from T-Mobile’s servers. However, this isn’t the first time that hackers have managed to access users’ personal information from T-Mobile’s servers. In December last year, a security breach had exposed phone numbers and call-related details of around 200,000 T-Mobile customers.

In March 2020, a similar breach ended up exposing the personal information of some T-Mobile customers — including social security numbers, financial account information, social security numbers, as well as billing and account information. And in 2018, nearly 2 million T-Mobile customers were affected by a data breach that exposed their names, physical addresses, and account numbers.

Android Central has reached out to T-Mobile for a comment.

Android 12 beta 4 is here — here's what it has (and what it doesn't)
Android 2021

Android 12 beta 4 is here — here’s what it has (and what it doesn’t)

The fourth Android 12 beta has officially arrived with “Platform stability,” leaving just one more minor beta release before the final version in September. From much better customization to privacy and…

Source…

Hackers reportedly demand $50m from Saudi Aramco over data leak

/in


A worker rides a bicycle by oil tanks at an oil processing facility of Saudi Aramco.

A worker rides a bicycle by oil tanks at an oil processing facility of Saudi Aramco.

The world’s most valuable oil producer Saudi Aramco has confirmed to the BBC that company data has leaked from one of its contractors.

The files are now reportedly being used in an attempt to extort $50m (£36.5m) from the company.

The global oil and gas industry has long been criticised for failing to invest in cyber security.

In May, the Colonial Pipeline in the US was hit by a ransomware cyber-attack.

In an emailed statement, Aramco told the BBC that it “recently became aware of the indirect release of a limited amount of company data which was held by third-party contractors.”

The Saudi Arabian energy giant did not say which contractor was affected nor whether the contractor had been hacked or if the files was leaked in some other way.

“We confirm that the release of data was not due to a breach of our systems, has no impact on our operations and the company continues to maintain a robust cybersecurity posture,” the firm said.

According the Associated Press (AP), one terabyte, or 1,000 gigabytes, of Aramco’s data was being held by extortionists, citing a page on the darknet – a part of the internet within an encrypted network which is accessible only through specialised anonymity-providing tools.

The AP report said the page offered to delete the data in exchange for $50m in cryptocurrency, although it is unclear who is behind the ransom plot.

Aramco did not immediately respond to a BBC request for clarification over the AP report that the company was the target of a $50m extortion attempt.

The oil and gas industry, which includes the companies that own wells, pipelines and refineries, has failed to invest in cyber-security over the years, according to experts.

This is not the first time Aramco has been the target of a data-related attack. In 2012, the company’s computer network was hit by the so-called Shamoon virus.

The cyber-attack this year on the Colonial Pipeline in the US further highlighted the vulnerabilities of the energy industry’s computer systems.

You may also be interested in:

Source…