Tag: Suffers | Page 3

Econsult suffers ransomware attack, exposing personal data

June 30, 2023/in Internet Security

Econsult Solutions, an economic analysis and consulting company whose clients include the City of Philadelphia, Pew Charitable Trusts, and other major institutions in the region, has reportedly suffered a data breach that exposed employees’ financial information to hackers.

According to internal messages shared with Billy Penn, the company’s data is being held for ransom.

Current Econsult employees appear to have received an email from management about an “IT incident” that exposed the company’s data, including some workers’ 2022 W-2, with their social security number included, per the email.

It’s currently unclear whether data generated through the company’s many partnerships — including with city and state government — has been exposed in the ransomware attack.

Wendy Gabriele, Econsult’s chief administrative officer and treasurer, said she couldn’t get into specifics due to the company’s ongoing investigation, but shared the following statement:

“Earlier this month, ESI discovered a cybersecurity incident that temporarily impacted some of our network systems. We launched an investigation and are working diligently with the assistance of external experts to identify the nature and scope of information that may have been involved.

ESI takes data security and the protection of all data in our possession very seriously. We are in the process of providing appropriate notice to all clients and potentially affected individuals as we learn additional information.”

The City of Philadelphia is one of Econsult’s clients and was advised of the breach, according to city spokesperson Sarah Peterson, who noted that the information used to generate reports for the city is all publicly available.

“Econsult notified the city on June 27, 2023, regarding potential exposure,” Peterson said. “Econsult plans to keep the city posted as progress continues to fully resolve this matter.”

Source…

Brazil is the second country that suffers the most cyber attacks in Latin America

August 18, 2022/in Internet Security

This is a machine translation of Fortinet‘s press release

São Paulo, August 18, 2022 – Fortinet (NASDAQ: FTNT), a global leader in comprehensive, integrated and automated cybersecurity solutions, released data collected in the first half of 2022 by its threat intelligence lab, FortiGuard Labs .

Brazil suffered 31.5 billion attempted cyber attacks from January to June this year – a 94% increase over the same period last year (with 16.2 billion) – being the second most targeted country in Latin America, behind Mexico, with 85 billion, and followed by Colombia (with 6.3 billion) and Peru (with 5.2 billion). In total, the Latin America and Caribbean region has suffered 137 billion attempted cyber attacks.

In addition to the extremely high numbers, the data reveals an increase in the use of more sophisticated and targeted strategies such as ransomware. During the first six months of 2022, approximately 384,000 ransomware distribution attempts were detected globally. Of these, 52,000 were destined for Latin America.

Mexico was the country with the highest ransomware distribution activity in the period, with more than 18,000 detections, followed by Colombia (17,000) and Costa Rica (14,000). Peru, Argentina and Brazil appear next.

Furthermore, according to FortiGuard Labs, the number of ransomware signatures has nearly doubled in six months. In the first half of 2022, 10,666 ransomware signatures were found in Latin America, with only 5,400 seen in the last half of 2021.

“Ransomware attacks are affecting companies across industries, governments and even entire economies, with new variants constantly emerging from the hands of diverse international cybercriminal groups. This is due to the profitability and attention that this type of attack brings to criminals, making them more dangerous and causing great financial and image losses to their victims”, says Alexandre Bonatti, Director of Engineering at Fortinet Brasil.

The most active ransomware campaigns in the region during the first half of 2022 were Revil, LockBit and Hive. Conti ransomware, in turn, has been one of the most popular in the media due to the high impact it has had recently in Costa Rica.

Most active…

Source…

Travel portal Cleartrip suffers data breach, hackers post stolen data for sale on the dark web

July 18, 2022/in Computer Security

Once again, Flipkart-owned online travel aggregator Cleartrip has been the victim of a data breach. However, this time is unlike the hack in 2017, when the hacker group Turtle Squad hacked and defaced its website for a few minutes.

This time, Cleartrip has been hit with a massive data breach in its internal servers, and the hacker(s) seem to have made with a decent amount of data, which has been claimed to be posted on the dark web on a private, invite-only forum.

“This is to inform you that there has been a security anomaly that entailed illegal and unauthorised access to a part of Cleartrip’s internal systems,” the 16-year-old company informed its customers in an email.

It maintained that while some personal details of its consumers were vulnerable and part of customer profiles had been exposed due to the “anomaly” in its systems, no sensitive information had been compromised. Nonetheless, it is better to be safe than sorry, and Cleartrip clearly feels the same. It suggested its customers to reset their passwords as a precautionary measure.

The exact nature of the stolen data has not been revealed, not has the company shared further details about the “security anomaly” it detected in several of its internal systems.

However, security researcher Sunny Nehra shared a screenshot of hackers on Twitter that depicted the sale of Cleartrip data by hackers on the dark web. “The screenshot as was posted by the threat actor (on private forum) to sell the data. As can be seen: the breach is new, customer entries info as well as internal company files are there,” his tweet read.

The data in question seemed to contain not only revenue and sensitive information of customers, but also “GST on advance working” and suggested that an insider was involved in the massive data breach.

For its part, the online travel aggregator’s information security team has joined forces with an external forensics partner in order to tackle the issue. It has also reached out to the proper authorities and will be taking further legal action against the hackers.

Cleartrip has also informed CERT-In (the Indian Computer Emergency Response Team) about the breach within six hours, in…

Source…

Microsoft suffers data breach by hacking group LAPSUS$

March 22, 2022/in Internet Security

Last Updated: March 22nd, 2022

South-American Hacking group LAPSUS$, the same group behind the Nvidia hack a few weeks ago is back with another victim, Microsoft. As reported by Motherboard, the group alleges to have gained access to Azure DevOps source code, in addition to stealing data from the company. Instead of wanting to target consumer data, or installing ransomware onto the devices of employees at the business, LAPSUS$ is in the business of leaking source code and data that they then want to sell back to the company. But, it’s unclear if they’ve attempted to sell the data back to Microsoft.

But, one thing that they have done is leaked a screenshot from a Microsoft Azure DevOps account, which includes the source code repositories for countless projects such as Bing, Cortana, and more. But, the screenshot was quickly deleted after it was posted on their Telegram channel, an administrator commented ‘Deleted for now will repost later’. That’s exactly what they did, but this time, the group put it all back up as a torrent file, for anyone to download.

LAPSUS$ list torrent up for download

From the post listed by LAPSUS$, we can see that the group has begun to release some files they managed to obtain from the hack itself, seemingly in a move to intimidate Microsoft into bowing to whatever demands that they may be making for the information. In addition to this, having a public file release like this is bad news for Microsoft, as their competitors can easily read and reverse-engineer their technology, in a similar vein to what they did to Nvidia’s DLSS source code leaks.

According to Motherboard, the group was looking for employees inside Microsoft to work with them, in addition to a list of other companies such as Apple and IBM. A quote posted on the group’s Telegram channel states the following: ‘TO NOTE: WE ARE NOT LOOKING FOR DATA, WE ARE LOOKING FOR THE EMPLOYEE TO PROVIDE US A VPN OR CITRIX TO THE NETWORK, or some anydesk,’

They were explicitly looking into a backdoor into Microsoft’s network, disguised as a legitimate user, and they have clearly since been successful after the attack in reaching the information that they were looking for,…

Source…

Tag Archive for: Suffers

LAPSUS$ list torrent up for download