Tag Archive for: SITE

Play Ransomware Lists A10 Networks on its Leak Site

/in


Fraud Management & Cybercrime
,
Ransomware

Group Says It Has Confidential Data, Tech Docs; A10 Says Operations Not Impacted

Prajeet Nair (@prajeetspeaks) •
February 11, 2023    

Play Ransomware Lists A10 Networks on its Leak Site

The Play ransomware group listed networking firm A10 Networks in its leak site, after briefly gaining access to its IT infrastructure, according to data breach notifications firm BetterCyber.

See Also: Live Webinar | Navigating the Difficulties of Patching OT

BetterCyber notes that the leak site claims the group has “private and personal confidential data, a lot of technical documentation, agreements, employee and client documents.”

The San Jose, Calif.-based networking hardware manufacturer earlier said it identified a cybersecurity incident on Jan. 23, in its corporate IT infrastructure and said the attack was not related to any of the products or solutions used by its customers.

“Upon detecting the incident, the company launched an investigation and engaged the services of cybersecurity experts and advisors, incident response professionals and external counsel to support the investigation,” the company said in a filing with the Securities and Exchange Commission.

A10 Networks specializes in the manufacturing of application delivery controllers and provides secure, scalable application solutions for on-premises, cloud and edge-cloud environments. Its offerings also include firewall and DDoS threat intelligence and mitigation services.

A10 Networks serves customers in 117 countries worldwide including Yahoo, Alibaba, Deutsche Telekom, Softbank, GE Healthcare, Twitter, LinkedIn, Samsung, Uber, Sony Pictures, Windows Azure, Xbox and others.

A spokesperson for A10 Networks was not immediately available to provide additional details. The company is yet to provide details on the…

Source…

Twitter Sued Over Data Breach After Hack Site Claims 200 Million Compromised Accounts

/in


A Twitter user has sued the company over a data breach, days after an internet hacker site posted information allegedly gleaned from more than 200 million accounts.

New York state resident Stephen Gerber claims in his lawsuit, filed Friday in federal court in San Francisco, that his personal information was among data collected by Twitter hackers from July 2021 to January 2022. He seeks class-action status for all those whose information may have been hacked, and asked the court for unspecified monetary damages as well as an order requiring Twitter to hire third-party security auditors.

Gerber’s lawsuit blames a “defect” in Twitter’s application programming interface that allowed “cybercriminals to ‘scrape’ data from Twitter.”

The “compromised information” included user names, emails and phone numbers that could be used in phishing scams, the lawsuit says.

Twitter admitted in August that some 5.4 million accounts had been breached when a “bad actor” obtained personal information through an unspecified “vulnerability in Twitter’s systems.”

“Affected users” and authorities were “promptly notified,” and the “vulnerability” was fixed, said Twitter.

Twitter insisted in a blog post last week that there was “no evidence that the data now being sold online was obtained by exploiting a vulnerability of Twitter systems.” The data is “likely a collection of data already publicly available online through different sources,” the company said. Twitter didn’t immediately respond to Gerber’s lawsuit.

An anonymous poster on the hacker site BreachForums early this month published a database claiming to contain basic information about hundreds of millions of Twitter users.

Gerber’s lawsuit says Twitter has “seemingly buried its head in the sand about the magnitude” of the hack.

Twitter is grappling with a number of other lawsuits. It was recently sued by one of its San Francisco landlords claiming nonpayment of rent, and by Canary Marketing and Imply Data Inc. for allegedly failing to pay for services.

Twitter workers fired by owner Elon Musk as part of a massive staff reduction after he bought the company for $44 billion last year failed to…

Source…

Bugs in Lego Resale Site Allowed Hackers to Hijack Accounts

/in


Security analysts have found bugs in Lego’s second-hand online marketplace that left its users at risk of account hijacking and data leakage.

In a blog post(Opens in a new window), Salt Labs said that the issues, now resolved, affected Lego-owned BrickLink.com, the world’s largest official marketplace for Lego bricks.

The security researchers said that two API security issues could have enabled an attacker to take over BrickLink accounts, and access and steal personally identifiable information stored on the site. The vulnerabilities could have also allowed attackers to gain access to internal production data and compromise internal servers, Bleeping Computer reports(Opens in a new window).

The BrickLink bugs were spotted when Salt Lab analysts were experimenting with user input fields on the marketplace site. 

The first flaw noted by the researchers included a cross-site scripting (XSS) deficiency in the “Find Username” dialog box of the coupon search section which allowed for the “injection and execution” of code that could target a target’s machine.

The flaw, if exploited correctly, means attackers could have access to personal details such as a targeted user’s email address, shipping address, order, and message history, Salt Lab said.

Researchers also exploited a flaw on the “Upload to Wanted List” page where a faulty endpoint parsing mechanism allowed them to launch an attack that could read internal production data. 

Recommended by Our Editors

The analysts said that they were unable to confirm or deny whether any of the vulnerabilities were exploited.

PCMag contacted Lego for comment on the BrickLink bugs but did not immediately receive a response.

The security analysts encourage any concerned Lego fan to directly contact the brand if they are concerned about the reported vulnerabilities. 

In October, Lego decided to discontinue its Mindstorms range of programmable robots, after 24 years of production. It means the end of Lego’s $359.99 Mindstorms Robot Inventor Kit, which lets Lego-fans build five different robot models out of 949 Lego bricks.

Like What You’re Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories…

Source…

He created a ‘RentaHitman’ website for class project as a joke. But then police got involved after the site got a slew of inquiries from people wanting to actually pay for a hitman

/in


Hands type on laptop

A stock image shows hands typing on a laptop.Getty Images

  • A California man, Bob Innes, said he accidentally created a hitman-for-hire website, per People Magazine.

  • Innes and his friends made the site to start a computer security business in 2005.

  • He later learned that people were reaching out inquiring about making a hit.

A California man said that at least 30 people have been arrested after inquiring about hiring a hitman on his parody website, according to PEOPLE. 

Bob Innes, along with his friends, created the website while participating in an IT program at a California business school in 2005, the outlet reported. They made the site with the intention of starting a computer security company — and chose the quippy domain “RentAHitman.com.”

“Rent as in hire us,” Innes told PEOPLE. “Hit as in network traffic, and men, because there were four of us. We thought it was funny.”

Although the website was live, the group did not officially start the company, according to the report. Three years later, Innes decided to log back in and discovered a slew of inquiries.

According to the report, some people were asking for the price, while others were seeking employment.

“There was even a female out of the UK who wanted to learn the business so that she could be a hitwoman,” the 54-year-old told the publication.

That’s when Innes realized that he had unintentionally set up a website for those seeking to hire a hitman, PEOPLE reported. Innes told the magazine that he decided up the humor by adding phony testimonials and awards.

When a potential customer reaches out for their “services,” he waits a day to reach back out to them. After they show interest in hiring a hitman, he connects them with an “operative,” which happens to be one of the thousands of police departments across the country, per the report.

The website has resulted in more than two dozen arrests and a number of convictions, including a woman who reached out in 2010 about murdering her family members, according to the outlet.

Read the original article on Insider

Source…