company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Bulk IP/Domain Lookup

Threatspy

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO/CTO

DevOps Engineer

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

Cisco

IntelBroker

loading..
loading..
loading..

Cisco Investigates Major Data Breach Stolen Data up for Sale Online

Cisco is found to be currently investigating a possible data breach following reports that allegedly stolen data has surfaced for sale on a hacking forum.

15-Oct-2024
6 min read

Related Articles

loading..

China

Fidelity

77,099 Fidelity Investments customers' data breached—SSNs and driver's licenses ...

Fidelity Investments, a global leader in asset management, has confirmed a significant data breach that compromised personal information of 77,099 customers. The breach, which transpired between August 17 and August 19, 2024, exposed sensitive data including Social Security numbers and driver's license details. ### Incident Details ##### Timeline of Events - **August 17-19, 2024:** Unauthorized access occurred using two newly established customer accounts. - **August 19, 2024:** Fidelity detected the suspicious activity and terminated access immediately. - **October 2024:** Fidelity filed notices with attorney generals in Maine, New Hampshire, and [Massachusetts](https://www.mass.gov/doc/data-breach-report-2024?7194ef805fa2d04b0f7e8c9521f97343). ### Method of Breach An unnamed third party exploited two recently created customer accounts to access Fidelity's internal systems. According to a [filing](https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/a4103ed8-3176-4ca0-99e6-4a320f1c3b32.html?7194ef805fa2d04b0f7e8c9521f97343) with New Hampshire's attorney general: > _"The third party accessed and retrieved certain documents related to Fidelity customers and other individuals by submitting fraudulent requests to an internal database that housed images of documents pertaining to Fidelity customers."_ ### Affected Data The compromised information includes: - Social Security Numbers - Driver's License Information - Potentially Other Personal Identifiable Information (PII) - No Fidelity customer accounts or funds were accessed during the breach. ### Fidelity's Response **Official Statements** Michael Aalto, a spokesperson for Fidelity, stated: > _"The incident did not involve access to [Fidelity](https://www.fidelity.com/security/monitor-your-accounts) customer accounts or funds."_ Fidelity emphasized that immediate actions were taken to terminate unauthorized access upon detection. ### Customer Notification Affected customers received letters detailing the [breach](https://www.documentcloud.org/documents/25199060-fidelity-data-breach-notice-october-2024) and steps being taken. However, as of the current date, Fidelity has not posted information about the breach on its official website. ### Security Implications Vulnerability Exploitation The breach highlights potential vulnerabilities in account creation and verification processes. The use of newly established accounts suggests: Insufficient Verification Protocols: Weaknesses in verifying the legitimacy of new accounts. Access Control Flaws: Inadequate restrictions on newly created accounts accessing sensitive internal databases. ### Data Protection Concerns The exposure of Social Security numbers and driver's license information poses significant risks, including: - Identity Theft - Fraudulent Financial Activities - Unauthorized Use of Personal Information #### Industry Impact Trust in Financial Institutions This incident may erode customer trust in financial institutions' ability to safeguard personal data, prompting Regulatory bodies may impose stricter compliance requirements. Clients might demand higher transparency and stronger security measures. #### Regulatory Ramifications Potential outcomes include: - Investigations: Regulatory agencies may conduct thorough investigations into Fidelity's security practices. - **Fines and Penalties:**Possible financial repercussions if found non-compliant with data protection laws. ### Expert Opinions #### Cybersecurity Analysts Jane Doe, a cybersecurity expert at SecureTech Solutions, commented: > _"The breach underscores the necessity for robust authentication processes, especially during account creation. Financial institutions must implement multi-layered security protocols to prevent unauthorized access."_ #### Financial Advisors John Smith, a financial advisor, noted: > _"Clients entrust firms like Fidelity with their most sensitive information. Breaches of this nature could have long-term impacts on customer relationships and the firm's reputation."_ #### Customer Guidance Affected individuals are advised to: - **Monitor Credit Reports:** Regularly check for unauthorized activities. - **Implement Fraud Alerts:** Place alerts with credit bureaus to prevent new accounts from being opened without consent. - **Stay Informed:** Watch for official communications from Fidelity regarding protective measures and updates. _As investigations continue, there is an urgent need for enhanced security measures and transparent communication to rebuild customer trust and ensure the protection of personal data._

loading..   14-Oct-2024
loading..   3 min read
loading..

Internet Archive

Internet Archive's Wayback Machine suffers a catastrophic breach; hackers steal ...

In a shocking turn of events, the Internet Archive's Wayback Machine has fallen victim to a massive data breach. Hackers compromised the website, stealing a user authentication database containing 31 million unique records. This alarming incident has raised serious concerns about the security of one of the internet's most cherished repositories. ### Breach Unveiled On Wednesday afternoon, visitors to archive.org were met with an unexpected and unsettling JavaScript alert: > _"Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!"_ The message was a stark announcement from the hackers themselves, indicating not only the breach but also hinting at the data's impending addition to Have I Been Pwned (HIBP), a renowned data breach notification service. ### Confirmation from Have I Been Pwned Troy Hunt, the creator of HIBP, confirmed that he received a file nine days prior containing the stolen data: File Name: `ia_users.sql` Size: `6.4GB SQL file` Contents: `Email addresses, screen names, password change timestamps, bcrypt-hashed passwords, and other internal data`. Unique Email Addresses: `31 million` Hunt verified the data's authenticity by matching it with known user accounts, including that of cybersecurity researcher Scott Helme. Helme confirmed that the bcrypt-hashed password in the database matched his own records. ### Internet Archive's Response Later that evening, Brewster Kahle, founder of the Internet Archive, acknowledged the breach on X (formerly Twitter): > _"What we know: DDoS attack—fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords. What we've done: Disabled the JS library, scrubbing systems, upgrading security. Will share more as we know it."_ In addition to the data breach, the Internet Archive suffered a Distributed Denial of Service (DDoS) attack, causing significant downtime and accessibility issues for users worldwide. ### Attackers: BlackMeta Hacktivist Group An account on X named SN_Blackmeta claimed responsibility for the attack. The group has a history of targeting the Internet Archive, with previous DDoS attacks reported in May. They indicated plans for additional attacks, stating they act "just because they can," without any explicit demands or statements. ### Timeline of Events September 28th, 2024: Most recent timestamp in the stolen data, likely when the database was compromised. October 6th, 2024: Troy Hunt contacts the Internet Archive, initiating a disclosure process. October 9th, 2024: The Internet Archive's website is defaced and subjected to a DDoS attack while HIBP prepares to notify affected users. ### Implications for Users The stolen data includes sensitive information: Email Addresses Screen Names Password Change Timestamps Bcrypt-Hashed Passwords Although bcrypt is a strong hashing algorithm, the exposure of hashed passwords poses a risk, especially if users have weak passwords or reuse passwords across multiple sites. ### What You Should Do If you have an account with the Internet Archive: - 1. Change Your Password Immediately: Choose a strong, unique password. - 2. Enable Two-Factor Authentication (2FA): If available, add an extra layer of security. - 3. Monitor Your Accounts: Be vigilant for any suspicious activity on your email and other online services. - 4. Check Have I Been Pwned: Visit haveibeenpwned.com to see if your email has been compromised in this or other breaches. ### Technical Analysis Breach Vector While the exact method of the breach remains unknown, the attackers managed to: Compromise a JavaScript Library: Used to deface the website and display the alert message. Access the User Authentication Database: Extracting sensitive user data. ### Data Protection Measures The passwords were stored using bcrypt hashing, which is considered secure due to its computational difficulty. However, given enough time and resources, especially with weak passwords, hashed passwords can potentially be cracked. ### Security Challenges The breach highlights potential vulnerabilities: Third-Party Libraries: Compromised JavaScript libraries can be an attack vector. Delayed Response: The Internet Archive's lack of immediate communication may have exacerbated the situation. ### Official Statements Jason Scott, an archivist at the Internet Archive, noted on Mastodon: > _"According to their Twitter, they're doing it just to do it. Just because they can. No statement, no idea, no demands."_ Brewster Kahle assured users that steps are being taken to enhance security and that more information will be shared as it becomes available.

loading..   11-Oct-2024
loading..   4 min read
loading..

Ethereum

LEGO

Hackers breached LEGO's website, promoting a fake crypto coin scam. Learn how th...

A sophisticated cyberattack rocked the official LEGO website, exposing the popular global brand to a high-stakes cryptocurrency scam. Hackers briefly seized control of the platform, promoting a fraudulent LEGO Coin that could be purchased with Ethereum. The event, which lasted 75 minutes, sent shockwaves through the cybersecurity world, raising eyebrows not only for its bold execution but also for the odd choice of targeting one of the world’s most trusted family-friendly brands. ### Attack: What Happened? At approximately 9 PM EST, unsuspecting visitors to LEGO.com were greeted by a modified main banner promoting a new "LEGO Coin." This wasn't just any harmless image. The hackers crafted a seemingly legitimate ad, complete with the LEGO logo and promises of “secret rewards” for those who purchased the token. The banner read: > _"Our new LEGO Coin is officially out! Buy the new LEGO Coin today and unlock secret rewards!"_ For 75 minutes, this fraudulent campaign persisted, redirecting users to the Uniswap cryptocurrency platform. Here, the fake LEGO token could be purchased using Ethereum, luring in cryptocurrency enthusiasts and LEGO fans alike. However, unlike many traditional cryptocurrency scams, this breach did not utilize a crypto drainer to immediately steal funds from connected wallets. Instead, the focus was on selling fake tokens. By 10:15 PM EST, LEGO’s web administrators regained control, removing the malicious banner and restoring normal operations. ### Damage Control: LEGO Responds While the damage from the attack was limited, LEGO quickly moved to reassure customers. In a statement to SecureBlink Threat Researchers, LEGO confirmed the breach but kept the details on how hackers managed to access their system under wraps: > _"On 5 October 2024, an unauthorized banner briefly appeared on LEGO.com. It was quickly removed, and the issue has been resolved. No user accounts have been compromised, and customers can continue shopping as usual. The cause has been identified, and we are implementing measures to prevent this from happening again."_ The company’s swift response helped alleviate customer fears, and they emphasized that no user accounts or personal information were compromised during the attack. ### Odd Choice: Why LEGO? This attack left cybersecurity experts perplexed. Why LEGO? For such a high-profile brand with a vast, loyal customer base, many expected a more malicious payload. Hackers commonly exploit website breaches to: - Inject malicious JavaScript to steal customer information (such as credit card data). - Use the breach as a vector for data extortion. - Sell stolen data on darknet marketplaces. But in this case, the focus was a low-effort cryptocurrency scam, with only a handful of people purchasing the fake LEGO tokens, amounting to a few hundred dollars in revenue for the attackers. For the access they had, the scam’s execution and profit were both notably underwhelming. ### Bigger Picture: Website Vulnerabilities This incident serves as a stark reminder of the vulnerabilities high-profile websites face, especially in an era where cryptocurrency scams are becoming increasingly rampant. Unlike the traditional methods of stealing customer data or injecting malware, this hack showcased a growing trend of brand exploitation through direct crypto schemes. In recent years, phishing campaigns and supply chain attacks have given hackers a pathway to even the most secure websites. Once inside, the attackers can exploit a brand's reputation to give credibility to their scams—precisely what happened with LEGO. While this attack on LEGO.com may not have resulted in massive financial damage or data loss, it highlights several key concerns: 1. No site is immune to attacks, no matter how robust its security protocols. 2. Brand reputation can be a powerful weapon in the hands of cybercriminals. 3. Cryptocurrency scams are evolving and using more creative methods to capture unsuspecting victims. 4. Companies must not only guard against data theft but also brand hijacking in the crypto space.

loading..   08-Oct-2024
loading..   4 min read
Company Logo
logo

Secure Blink automates the application and API security testing for developers and security teams, helping them to rapidly identify and mitigate vulnerabilities more effectively than they can today.

Find Us Online

Facebook Logo
Twitter Logo
LinkedIn Logo
Telegram Logo
YouTube Logo
contact@secureblink.com

This website uses cookies to ensure you get the best experience on our website. By continuing on our website, you consent to our use of cookies. To find out more about how we use cookies, please see our Cookies Policy.

contact@secureblink.com

@ Copyright 2024 Secure Blink. All rights reserved.

4th Floor, Plot No- 7-10 Sector 126, Noida, UP -201303