Tag Archive for: resets

Pokemon resets some users passwords after hacking attempts


The Pokemon Company said it detected hacking attempts against some of its users and reset those user account passwords.

Last week, an alert was visible on Pokemon’s official support website, which said that “following an attempt to compromise our account system, Pokemon proactively locked the accounts of fans who might have been affected.”

The alert about hacking attempts that The Pokemon Company posted on its official support website.The alert about hacking attempts that The Pokemon Company posted on its official support website.

The alert about hacking attempts that The Pokemon Company posted on its official support website.

The alert about hacking attempts that The Pokemon Company posted on its official support website.

As of Tuesday, the alert is gone. A spokesperson for the company said there was no breach, just a series of hacking attempts against some users.

“The account system was not compromised. What we did experience and catch was an attempt to log in to some accounts. To protect our customers we have reset some passwords which prompted the message,” said Daniel Benkwitt, a Pokemon Company spokesperson.

Pokemon is a wildly popular game franchise with hundreds of millions of players around the world.

Benkwitt said that only 0.1% of the accounts targeted by the hackers were actually compromised, and reiterated that the company already forced the impacted users to reset their passwords, so there isn’t anything to do for people who have not been forced to reset their passwords.

The description of the Pokemon account breaches sounds like credential stuffing, where malicious hackers use usernames and passwords stolen from other breaches and reuse them on other sites.

A recent example of a similar incident is what happened last year to the genetic testing company 23andMe. In that case, hackers used leaked passwords from other breaches to break into the accounts of around 14,000 accounts. By breaking into those accounts, the hackers were then able to access the sensitive genetic data on millions of other 23andMe account holders.

That prompted the company (and several other of its competitors) to roll out mandatory two-factor authentication, a security feature that prevents credential stuffing attacks.

For its part, the Pokemon Company does not allow its users to enable two-factor on their accounts, when TechCrunch checked.

Source…

Remote access giant AnyDesk resets passwords and revokes certificates after hack


Remote desktop software provider AnyDesk confirmed late Friday that a cyberattack allowed hackers to gain access to the company’s production systems, putting the company in lockdown for almost a week.

AnyDesk’s software is used by millions of IT professionals to quickly and remotely connect to their clients’ devices, often to help with technical issues. On its website, AnyDesk claims to have more than 170,000 customers, including Comcast, LG, Samsung and Thales.

The software is also a popular tool among threat actors and ransomware gangs, which have long used the software for gaining and maintaining access to a victim’s computer and data. U.S. cybersecurity agency CISA said in January that hackers had compromised federal agencies using legitimate remote desktop software, including AnyDesk.

News of the suspected breach began to spread last Monday when AnyDesk announced it had swapped its code-signing certificates, which companies use to prevent hackers from tampering with their code. Following a days-long outage, AnyDesk confirmed in a statement late on Friday that the company had “found evidence of compromised production systems.”

AnyDesk said that as part of its incident response, the company had revoked all security-related certificates, remediated or replaced systems where necessary and invalidated all passwords to AnyDesk’s customer web portal.

“We will be revoking the previous code signing certificate for our binaries shortly and have already started replacing it with a new one,” the company added Friday.

AnyDesk said the incident is not related to ransomware but did not disclose the specific nature of the cyberattack.

AnyDesk spokesperson Matthew Caldwell did not respond to an email from TechCrunch. CrowdStrike, which is working with AnyDesk to remediate the cyberattack, declined to answer TechCrunch’s questions when reached Monday.

AnyDesk did not respond to questions asking if any customer data was accessed, though the company said in its statement that there is “no evidence that any end-user systems have been affected.”

“We can confirm that the situation is under control and it is safe to use AnyDesk,” AnyDesk said. “Please ensure that you are using the…

Source…

How To Protect Password Resets Without Mobile Push or OTP Apps


There is no question: multi-factor authentication helps protect business-critical resources using password-based authentication. In addition, as businesses have transitioned to a hybrid-based workforce, many organizations have adopted self-service password reset solutions (SSPR). Also, many have added multi-factor authentication for helpdesk professionals to verify the identity of users calling in to resolve a password or account lockout issue.

However, how can organizations successfully implement multi-factor authentication for password resets when not every user has a mobile device to verify their identity?

Why enable multi-factor authentication on password resets?

We often think of multi-factor authentication, specifically two-factor authentication, used in conjunction with logging into business-critical systems with a password to add an additional layer of protection. However, it is also crucial to secure password resets with multi-factor authentication. Why is this?

Attackers have increasingly targeted password resets for gaining quick and easy access to network credentials. For example, suppose an attacker knows enough information about an employee gained through social media pages, LinkedIn, and other sites. In that case, they can call the helpdesk number and masquerade as a real user to have their password reset. It is especially dangerous in larger organizations where helpdesk staff may not personally know every user in the company.

Given enough personal information about the user in question, much of which can be harvested from social media pages, an attacker may be able to successfully go through the process with the helpdesk staff to reset the password. Once they have reset the password, the attacker can access the account in the same way as a legitimate user.

These dangers emphasize the need to enable multi-factor authentication for password reset operations. Requiring multi-factor authentication when a password reset is needed forces the attacker to present the legitimate “factors,” regardless of whether they have other legitimate information.

When not every user has a mobile phone

There is a challenge with many multi-factor Self-Service Password Reset (SSPR) solutions…

Source…

Malware resets Android devices after performing fraudulent wire transfers


If your Android phone initiates a factory reset out of the blue, there’s a chance it has been infected with the BRATA banking malware and you’ve just been ripped off.

Android malware reset

The unusual functionality serves as a kill switch for the trojan, Cleafy researchers have explained, while also making the victim lose time trying to find out what happened as crooks siphon money out of their account.

European users under attack

First documented by Kaspersky researchers in 2019, BRATA was a RAT targeting Android users in Brazil. It was able to capture and send user’s screen output in real-time, log keystrokes, retrieve device information, turn off the screen to give the impression that it has been turned off, and more.

Through the years, BRATA evolved primarily into banking malware and has lately been aimed against Android users in Europe and the rest of Latin America. (Cleafy researchers hypothesize that the group responsible for maintaining the BRATA codebase is probably located in the LATAM area and is reselling this malware to other local groups.)

The trojan has been spotted targeting customers of several Italian banks in H2 2021.

“The attack chain usually starts with a fake SMS containing a link to a website. The SMS seems to come from the bank (the so-called spoofing scam), and it tries to convince the victim to download an anti-spam app, with the promise to be contacted soon by a bank operator. In some cases, the link redirects the victim to a phishing page that looks like the bank’s, and it is used to steal credentials and other relevant information (e.g. fiscal code and security questions),” the researchers shared last December.

Victims are persuaded by the fraud operators to install the app, which gives the latter control of the device and access to the 2FA code sent by the bank, allowing them to perform fraudulent transactions.

Since then, several variants of the malware posing as a variety of security apps have been targeting users of banks and financial institutions in the UK, Poland, Italy, and LATAM.

BRATA’s new capabilities

These “European” variants have gained interesting capabilities such as establishing multiple communication channels (HTTP and…

Source…