Tag: Thousands | Page 2

Thousands Of Roku Accounts Were Compromised By Hackers

March 16, 2024/in Computer Security

Roku City used to be a safe and welcoming place filled with picturesque purple sunsets and nostalgia-fueled movie references. Now it’s just a glorified commercial. But this is how most cities evolve, so we shouldn’t be surprised. What is surprising is that the company is not very good at discouraging hackers from taking a quick vacation to Roku City, where they subsequently compromised nearly 15,000 accounts. Gotham sure looks like the preferred fictional city right about now.

The Hollywood Reporter revealed that 15,363 Roku accounts were compromised between December 28, 2023 and February 21, 2024. Filings in California and Maine indicate that hackers obtained login data from another source to try and purchase streaming subscriptions.

A company spokesperson told The Hollywood Reporter:

Roku’s security team recently detected suspicious activity that indicated a limited number of Roku accounts were accessed by unauthorized actors using login credentials obtained from third-party sources (e.g., through data breaches of third-party services that are not related to Roku). In response, we took immediate steps to secure these accounts and are notifying affected customers. Roku is committed to maintaining our customers’ privacy and security, and we take this incident very seriously.

Bleeping Computer also reported that the stolen accounts were being sold for as little as $0.50 per account.

While it sounds scary, the company assured customers that the hackers did not gain access to “social security numbers, full payment account numbers, dates of birth, or other similar sensitive personal information requiring notification.” It seems like they really just wanted to log in to Hulu and see what Shogun is all about.

(Via The Hollywood Reporter)

Source…

Attack wrangles thousands of web users into a password-cracking botnet

March 8, 2024/in Internet Security

Attackers have transformed hundreds of hacked sites running WordPress software into command-and-control servers that force visitors’ browsers to perform password-cracking attacks.

A web search for the JavaScript that performs the attack showed it was hosted on 708 sites at the time this post went live on Ars, up from 500 two days ago. Denis Sinegubko, the researcher who spotted the campaign, said at the time that he had seen thousands of visitor computers running the script, which caused them to reach out to thousands of domains in an attempt to guess the passwords of usernames with accounts on them.

Visitors unwittingly recruited

“This is how thousands of visitors across hundreds of infected websites unknowingly and simultaneously try to bruteforce thousands of other third-party WordPress sites,” Sinegubko wrote. “And since the requests come from the browsers of real visitors, you can imagine this is a challenge to filter and block such requests.”

Like the hacked websites hosting the malicious JavaScript, all the targeted domains are running the WordPress content management system. The script—just 3 kilobits in size—reaches out to an attacker-controlled getTaskURL, which in turn provides the name of a specific user on a specific WordPress site, along with 100 common passwords. When this data is fed into the browser visiting the hacked site, it attempts to log into the targeted user account using the candidate passwords. The JavaScript operates in a loop, requesting tasks from the getTaskURL reporting the results to the completeTaskURL, and then performing the steps again and again.

A snippet of the hosted JavaScript appears below, and below that, the resulting task:

const getTaskUrl = 'hxxps://dynamic-linx[.]com/getTask.php';
const completeTaskUrl = 'hxxps://dynamic-linx[.]com/completeTask.php';
…

[871,"https://REDACTED","redacted","60","junkyard","johncena","jewish","jakejake","invincible","intern","indira","hawthorn","hawaiian","Source…

FTC slams Blackbaud for “shoddy security” after hacker stole data belonging to thousands of non-profits and millions of people

February 2, 2024/in Computer Security

Data and software services firm Blackbaud’s cybersecurity was criticised as “lax” and “shoddy” by the United States Federal Trade Commission (FTC) in a damning post-mortem of the business’s February 2020 data breach.

According to the FTC, Blackbaud’s poor security breach in February 2020 led to a hacker accessing the company’s customer databases and stealing personal information of millions of consumers in the United States, Canada, the UK, and the Netherlands.

Blackbaud’s affected customers are mainly non-profits, such as healthcare agencies, charities, and educational organizations.

Data stolen by the hacker included unencrypted personal information, such as consumers’ and donors’ full names, ages, dates of birth, social security numbers, addresses, phone numbers, email addresses, financial details (bank account information, estimated wealth, and identified assets), medical and health insurance information, gender, religious beliefs, marital status, spouse names, spouses’ donation history, employment details, salaries, education, and account credentials.

The security failure was exacerbated by Blackbaud not enforcing its own data retention policies, causing customer data to be kept for years longer than necessary. Blackbaud also retained data of former and potential customers for years longer than required.

All of which was a treasure trove for the attacker, who demanded a ransom from Blackbaud or threatened to expose the stolen data. The company paid 24 Bitcoin (worth US $235,000) to the hacker, but was not able to verify if the deleted the data.

The poor data retention practices were not the FTC’s only complaints about Blackbaud’s handling of the incident.

The FTC criticized the company for not notifying customers of the breach for two months after detection, saying Blackbaud had “misrepresented the scope and severity of the breach after an exceedingly inaccurate investigation.”

According to Blackbaud’s customer breach notification of July 16, 2020, “The cybercriminal did not access credit card information, bank account information, or social security numbers… No action is required on your end because no personal information about your constituents was…

Source…

Thousands of Android TV boxes hit by dangerous new malware-dropping botnet

January 18, 2024/in Computer Security

A group of hackers has been secretly building a botnet of Android TV and eCos set-top boxes, and then monetizing the access to earn masses of wealth, researchers have warned.

Cybersecurity experts from Qianxin Xlabs dubbed the operation “Bigpanzi”, and claim there are some 170,000 daily active bots.

Given that not all endpoints are active at the same time, the botnet is expected to be much larger, with researchers claiming to have seen 1.3 million unique IP addresses since August 2023.

Tip of the iceberg

To infect the devices with malware, the criminals trick the victims into downloading malicious apps themselves, a separate report from Dr. Web says. The apps, which haven’t been named, drop two malware variants: pandoraspear, and pcdn. While one acts as a trojan and allows the attackers to hijack DNS settings and run commands, the other helps build a peer-to-peer (P2P) Content Distribution Network (CDN) and can mount Distributed Denial of Service (DDoS) attacks.

The campaign is active since 2015, the researchers claim, with most victims apparently being located in Brazil. “Over the past eight years, Bigpanzi has been operating covertly, silently amassing wealth from the shadows,” Xlabs said in its report. “With the progression of their operations, there has been a significant proliferation of samples, domain names, and IP addresses.”

“In the face of such a large and intricate network, our findings represent just the tip of the iceberg in terms of what Bigpanzi encompasses.”

There are a number of things Bigpanzi’s operators can do with infected devices. Most notably, they can turn the compromised set-top boxes into nodes and offer them as part of an illegal media streaming service. Furthermore, they can offer traffic proxy networks for hire, and mount DDoS attacks to whoever is happy to pay. Finally, they can use the botnet for OTT content provision.

Via BleepingComputer

More from TechRadar Pro

Source…

Tag Archive for: Thousands

Visitors unwittingly recruited