company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Bulk IP/Domain Lookup

Threatspy

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO/CTO

DevOps Engineer

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

HAProxy

HTTP

Vulnerability

loading..
loading..
loading..

HAProxy detected vulnerable to critical HTTP Request Trafficking Attack

HAProxy recently detected vulnerable to critical HTTP Request Smuggling flaw tracked as CVE-2021-40346, enabling attackers to access data and execute arbitrary ...

09-Sep-2021
2 min read

Related Articles

loading..

Ethereum

LEGO

Hackers breached LEGO's website, promoting a fake crypto coin scam. Learn how th...

A sophisticated cyberattack rocked the official LEGO website, exposing the popular global brand to a high-stakes cryptocurrency scam. Hackers briefly seized control of the platform, promoting a fraudulent LEGO Coin that could be purchased with Ethereum. The event, which lasted 75 minutes, sent shockwaves through the cybersecurity world, raising eyebrows not only for its bold execution but also for the odd choice of targeting one of the world’s most trusted family-friendly brands. ### Attack: What Happened? At approximately 9 PM EST, unsuspecting visitors to LEGO.com were greeted by a modified main banner promoting a new "LEGO Coin." This wasn't just any harmless image. The hackers crafted a seemingly legitimate ad, complete with the LEGO logo and promises of “secret rewards” for those who purchased the token. The banner read: > _"Our new LEGO Coin is officially out! Buy the new LEGO Coin today and unlock secret rewards!"_ For 75 minutes, this fraudulent campaign persisted, redirecting users to the Uniswap cryptocurrency platform. Here, the fake LEGO token could be purchased using Ethereum, luring in cryptocurrency enthusiasts and LEGO fans alike. However, unlike many traditional cryptocurrency scams, this breach did not utilize a crypto drainer to immediately steal funds from connected wallets. Instead, the focus was on selling fake tokens. By 10:15 PM EST, LEGO’s web administrators regained control, removing the malicious banner and restoring normal operations. ### Damage Control: LEGO Responds While the damage from the attack was limited, LEGO quickly moved to reassure customers. In a statement to SecureBlink Threat Researchers, LEGO confirmed the breach but kept the details on how hackers managed to access their system under wraps: > _"On 5 October 2024, an unauthorized banner briefly appeared on LEGO.com. It was quickly removed, and the issue has been resolved. No user accounts have been compromised, and customers can continue shopping as usual. The cause has been identified, and we are implementing measures to prevent this from happening again."_ The company’s swift response helped alleviate customer fears, and they emphasized that no user accounts or personal information were compromised during the attack. ### Odd Choice: Why LEGO? This attack left cybersecurity experts perplexed. Why LEGO? For such a high-profile brand with a vast, loyal customer base, many expected a more malicious payload. Hackers commonly exploit website breaches to: - Inject malicious JavaScript to steal customer information (such as credit card data). - Use the breach as a vector for data extortion. - Sell stolen data on darknet marketplaces. But in this case, the focus was a low-effort cryptocurrency scam, with only a handful of people purchasing the fake LEGO tokens, amounting to a few hundred dollars in revenue for the attackers. For the access they had, the scam’s execution and profit were both notably underwhelming. ### Bigger Picture: Website Vulnerabilities This incident serves as a stark reminder of the vulnerabilities high-profile websites face, especially in an era where cryptocurrency scams are becoming increasingly rampant. Unlike the traditional methods of stealing customer data or injecting malware, this hack showcased a growing trend of brand exploitation through direct crypto schemes. In recent years, phishing campaigns and supply chain attacks have given hackers a pathway to even the most secure websites. Once inside, the attackers can exploit a brand's reputation to give credibility to their scams—precisely what happened with LEGO. While this attack on LEGO.com may not have resulted in massive financial damage or data loss, it highlights several key concerns: 1. No site is immune to attacks, no matter how robust its security protocols. 2. Brand reputation can be a powerful weapon in the hands of cybercriminals. 3. Cryptocurrency scams are evolving and using more creative methods to capture unsuspecting victims. 4. Companies must not only guard against data theft but also brand hijacking in the crypto space.

loading..   08-Oct-2024
loading..   4 min read
loading..

ComCast

Over 230,000 Comcast customers' personal data exposed in a massive ransomware at...

In early 2024, U.S. telecom giant Comcast confirmed that over 230,000 customers had their sensitive personal data stolen during a ransomware attack on Financial Business and Consumer Solutions (FBCS), a third-party debt collection agency based in Pennsylvania. This breach underscores the critical risks posed by outsourcing sensitive operations to external vendors and the pervasive threat of ransomware in the modern digital landscape. ### Incident Overview The breach traces back to a cyberattack between February 14 and February 26, 2024, targeting FBCS’s systems. Initially, FBCS assured Comcast that no Comcast customer data had been compromised in the attack. However, in July 2024, FBCS revealed that the breach had, in fact, exposed data related to 237,703 Comcast customers. The stolen information includes: - Names - Addresses - Social Security numbers - Dates of birth - Comcast account numbers - Comcast ID numbers These customers were primarily registered with Comcast around 2021, though Comcast had already stopped using FBCS for debt collection services by 2020. ### Attack Nature: Ransomware The ransomware attack on FBCS involved unauthorized access to its computer network, during which time hackers downloaded sensitive data and encrypted several of FBCS’s systems. The perpetrators have not been identified, and no major ransomware group has claimed responsibility for the attack. FBCS’s own public statement only refers to the attacker as an “unauthorized actor.” The exact method of infiltration remains unknown, though typical vectors for ransomware attacks include phishing, malware, and exploiting known software vulnerabilities. ### Third-Party Vendor Vulnerability This breach is a textbook example of the vulnerabilities introduced when organizations rely on third-party vendors to handle sensitive data. In this case, although Comcast’s internal systems were not directly compromised, the company became collateral damage through its association with FBCS. The incident reveals a significant flaw in many organizations' cybersecurity strategies: while internal systems may be well-protected, outsourced services—often considered secondary—may be more vulnerable. FBCS’s failure to promptly disclose the involvement of Comcast’s data in the breach further highlights the communication breakdown that often occurs in vendor relationships. Comcast learned in March 2024 that there had been a ransomware attack on FBCS but was not informed about the exposure of its customers' data until several months later. This delay in notification likely exacerbated the potential damage to Comcast’s customers. ### Broader Impact and Related Breaches The FBCS breach is part of a broader cyberattack that affected millions of individuals and several large organizations, demonstrating the wide-reaching impacts of such incidents. In total, FBCS reported that over 4 million people had their personal information compromised during the February 2024 ransomware attack. CF Medical (Capio): A medical debt-purchasing company, CF Medical confirmed in September 2024 that more than 620,000 individuals had their health information, including medical claims, stolen in the breach. Health information is particularly sensitive, and the theft of such data heightens the risk of fraud and privacy violations. Truist Bank: One of the largest banks in the U.S., Truist Bank confirmed that its customer data was also exposed during the attack, including names, addresses, account numbers, dates of birth, and Social Security numbers. Truist Bank, which has over 10 million customers, has yet to reveal how many of its customers were impacted, but the exposure of account and financial data raises concerns about potential identity theft and financial fraud. ### Regulatory and Legal Implications The Comcast-FBCS breach has significant legal and regulatory consequences. Due to the type of data exposed—especially Social Security numbers and personal identification details—Comcast and FBCS are likely to face legal claims from affected customers. Both companies may also encounter regulatory scrutiny for their handling of the breach and the delayed notification of affected parties. In the U.S., data breaches involving sensitive personal information often lead to class-action lawsuits, as seen in previous high-profile incidents. Comcast may be required to provide credit monitoring services and identity protection measures for affected individuals to mitigate the potential risks of identity theft. Additionally, as the incident involved multiple states, state attorneys general may investigate the breach, potentially leading to fines or sanctions for non-compliance with data protection laws, such as the California Consumer Privacy Act (CCPA) or the Maine Data Protection Act. ### Role of FBCS in the Breach FBCS's role as the third-party vendor at the center of this breach cannot be overlooked. Despite their responsibility for protecting customer data, FBCS failed to secure critical information from its clients, including Comcast. Moreover, their delayed response and incomplete disclosure of the breach’s impact added to the potential damage for affected companies and individuals. The situation calls for stricter regulatory oversight of third-party service providers, particularly those handling sensitive financial and medical data. Organizations like Comcast must ensure that their vendors adhere to robust cybersecurity frameworks and employ rigorous risk management practices. ### Comcast’s Response and Future Actions Comcast’s decision to cease using FBCS for debt collection services in 2020 does not exempt it from responsibility for this breach. As the affected data dates back to 2021, Comcast will need to provide a clear explanation of how this older data was still in FBCS’s possession and what measures were in place to protect it. In the wake of the breach, Comcast will likely implement additional measures to secure its data when working with third-party vendors. This includes: Vendor Audits: Routine cybersecurity audits of all third-party vendors to ensure they comply with the company's data protection standards. Data Encryption: Ensuring that all sensitive data—both at rest and in transit—is encrypted, even when stored by external service providers. Stricter Contract Provisions: Future contracts with vendors may include stronger security requirements and financial penalties for breaches. ### Lessons for the Industry The Comcast-FBCS ransomware incident serves as a crucial reminder to industries relying on third-party services for sensitive operations. The breach highlights the importance of: - 1. Comprehensive Vendor Risk Management: Organizations must adopt a proactive approach to managing vendor risks. This includes regular assessments of third-party cybersecurity capabilities and imposing strict data protection requirements. - 2. Faster Incident Response and Transparency: Companies should demand timely breach notifications and transparent communication from their vendors to mitigate the risks of delayed responses and greater customer harm. - 3. Holistic Cybersecurity Strategies: Organizations must consider the full spectrum of their cybersecurity defenses, including vendor-related risks. Ensuring that external partners meet the same security standards as internal systems can significantly reduce exposure.

loading..   07-Oct-2024
loading..   6 min read
loading..

Scattered Spider

MoneyGram

MoneyGram’s global operations were paralyzed for five days in a shocking cyberat...

The MoneyGram cyberattack in September has highlighted a glaring reality: even the most established financial giants are not immune to advanced cyber intrusions. This wasn’t just a minor hiccup—MoneyGram’s extensive global operations, spanning over 200 countries with 350,000 physical locations, were paralyzed for five days. Customers found themselves locked out, unable to access or transfer funds, igniting widespread concern. Initially, many speculated ransomware as the likely culprit—a standard conclusion given the surge of such attacks in recent years. However, after working closely with cybersecurity experts and law enforcement, MoneyGram firmly denied any connection to ransomware. While this might offer temporary relief, the lack of transparency and concrete details raises an unsettling question: if it wasn’t ransomware, what kind of threat are we dealing with? The absence of clear answers leaves the door open to even more complex and potentially dangerous vulnerabilities that remain concealed beneath the surface. ### September Breach: Disruption & Chaos On September 20, MoneyGram's services were abruptly halted, with customers unable to transfer funds or access vital services for five days. The company acted quickly, taking systems offline to contain the breach, and it wasn't until September 25 that operations resumed. Despite whispers of a ransomware attack, MoneyGram vehemently denied this, stating, “At this time, we have no evidence that this issue involves ransomware.” Yet, behind this reassurance lies a deeper, more disturbing narrative involving a hacker collective known as Scattered Spider. ### Rise of Scattered Spider To understand the gravity of this situation, we must travel back to a series of attacks in recent history. Scattered Spider, a hacker group with a reputation for its sophisticated social engineering attacks, made headlines in September 2023 after its audacious breach of MGM Resorts. With a cunning impersonation tactic, they called the resort's IT help desk, posing as employees to reset a password, eventually gaining access to the entire network. In the blink of an eye, Scattered Spider deployed BlackCat ransomware, encrypting hundreds of critical servers, causing a digital blackout that reverberated through the casino and resort giant. This attack, while devastating, was not isolated. In fact, Scattered Spider's modus operandi is to target organizations using similar social engineering methods. Their precision and deep understanding of corporate systems have left a trail of chaos across various industries. What’s most troubling is that the tactics used against MGM appear eerily similar to those seen in MoneyGram’s breach. ### Social Engineering: Silent Killer MoneyGram’s breach, while not linked directly to ransomware, shares a disturbing parallel with previous Scattered Spider attacks. According to insiders, the attackers gained access through a social engineering attack on the company’s internal help desk. An employee’s credentials were compromised, allowing the intruders to access critical employee information in MoneyGram's Windows Active Directory Services. Although swift action prevented further damage, this breach could easily have spiraled into something far more catastrophic. This is the signature of Scattered Spider. Their hallmark is not brute force or sophisticated malware but rather the subtle manipulation of human trust—a vulnerability far harder to patch. By exploiting human error, they bypass even the most stringent cybersecurity defenses, gaining access to systems that would otherwise be impregnable. ### Unanswered Questions While MoneyGram has downplayed the event, stating that "no further damage" was done and that "the majority of our systems are now operational," there remain lingering concerns. The company’s assurance that the breach wasn’t tied to ransomware is comforting, but the very fact that such a significant platform fell prey to a social engineering attack sends a ripple of fear through the financial industry. MoneyGram has yet to publicly name the attackers, but the similarity in attack strategies to those employed by Scattered Spider leaves little room for doubt. This hacker collective has evolved, moving from resort giants like MGM to financial behemoths like MoneyGram. Are they sending a message? Are they honing their skills, biding their time until they can strike again with even greater ferocity? ### A History of Chaos Scattered Spider has been a thorn in the side of cybersecurity for years. Their attacks, dating back to their earlier incarnation as UNC3944, have been marked by meticulous planning and a deep understanding of the corporate systems they breach. They move silently, often remaining undetected until it’s too late. The MGM attack was a defining moment, one that brought Scattered Spider into the limelight. With Microsoft, the FBI, CISA, and cybersecurity firm Mandiant issuing warnings about the group’s tactics, the world took notice. Yet, despite these advisories, the group continues to wreak havoc. Their ability to adapt and evolve, to learn from their past attacks and refine their techniques, makes them one of the most dangerous hacker collectives in the world today. ### A Warning to All The attack on MoneyGram serves as a stark reminder that no company, no matter how large or how secure they may seem, is immune to the threat of cybercrime. The financial industry, in particular, stands at a precipice. With vast amounts of sensitive data and billions of dollars at stake, the risk of another breach—potentially more damaging than this one—looms large. For now, MoneyGram can breathe a sigh of relief. Their systems are back online, and their customers can once again transfer funds. But the damage has been done. Trust has been shaken, and the specter of Scattered Spider continues to hover over the financial world like a shadowy figure waiting for its next victim. As we move into an era where digital transactions become the lifeblood of the global economy, companies must remain vigilant. The tactics of groups like Scattered Spider will only grow more sophisticated. Today, it's MoneyGram. Tomorrow, it could be anyone. And in this ever-evolving game of cat and mouse, it’s clear that the hackers are always one step ahead. The intersection of MoneyGram and Scattered Spider is not just to be cautious—it’s a rather a rock bottom hit. We are at war with cybercriminals who do not need guns or bombs to cause devastation. All they need is a phone call, a little bit of deception, and a world of havoc follows. The question now shouldn't be who will be next?

loading..   05-Oct-2024
loading..   6 min read
Company Logo
logo

Secure Blink automates the application and API security testing for developers and security teams, helping them to rapidly identify and mitigate vulnerabilities more effectively than they can today.

Find Us Online

Facebook Logo
Twitter Logo
LinkedIn Logo
Telegram Logo
YouTube Logo
contact@secureblink.com

This website uses cookies to ensure you get the best experience on our website. By continuing on our website, you consent to our use of cookies. To find out more about how we use cookies, please see our Cookies Policy.

contact@secureblink.com

@ Copyright 2024 Secure Blink. All rights reserved.

4th Floor, Plot No- 7-10 Sector 126, Noida, UP -201303