company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Bulk IP/Domain Lookup

Threatspy

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO/CTO

DevOps Engineer

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

Phishing

loading..
loading..
loading..

LA County Hit by Phishing Attack Impacting 23 Employees

Discover how a phishing attack on Los Angeles County Department of Health Services compromised sensitive data, impacting 23 employees.

26-Apr-2024
2 min read

Related Articles

loading..

OTP

One-Time Codes Hacked? Hackers use social engineering to steal your codes & raid...

Cybercriminals are constantly devising sophisticated techniques to exploit weaknesses in online security systems. One such method involves SIM swap attacks, where attackers manipulate victims into divulging one-time passcodes (OTPs), enabling them to access sensitive accounts. #### Methodology Using a combination of social engineering tactics and technological prowess, cybercriminals orchestrate SIM swap attacks to compromise victims' accounts. The process typically begins with a fraudulent phone call or phishing email, designed to deceive victims into revealing one-time passcodes. #### Exploiting Human Vulnerabilities Cybercriminals leverage human psychology, exploiting victims' trust and ignorance to extract sensitive information. By posing as legitimate entities such as financial institutions, attackers manipulate victims into disclosing one-time passcodes under false pretenses. #### Role of Estate Estate, an interception operation, facilitates SIM swap attacks by automating fraudulent phone calls to deceive victims. Despite ostensibly offering security testing services, Estate operates in a legal gray area, enabling members to execute malicious cyberattacks. #### Technical Insights Estate's database provides valuable insights into the mechanics of SIM swap attacks. It reveals the intricate process of orchestrating fraudulent phone calls, targeting a wide range of services including banking institutions, cryptocurrency platforms, and social media accounts. #### Vulnerabilities in Security Protocols SIM swap attacks exploit weaknesses in security protocols, bypassing multi-factor authentication mechanisms. Despite efforts to safeguard accounts with one-time passcodes, cybercriminals adeptly circumvent these defenses, highlighting the need for enhanced security measures. #### Code Analysis Examination of Estate's attack scripts elucidates the technical intricacies of SIM swap attacks. These scripts contain tailored instructions for manipulating victims into divulging sensitive information, demonstrating the sophistication of cybercriminal tactics. #### Implications for Security The prevalence of SIM swap attacks underscores the evolving threat landscape faced by individuals and organizations. Unfortunately, there is no readily available statistic on how prevalent these attacks are. However, Gartner predicts that by 2022, 80% of security breaches will involve compromised legitimate credentials, highlighting the need for a more holistic approach to security beyond OTPs https://www.gartner.com/reviews/market/user-authentication. #### Countermeasures While SIM swap attacks pose a significant threat, there are steps you can take to protect yourself: **Be Wary of Unsolicited Calls or Emails:** Never give out personal information, especially one-time passcodes, over the phone or in response to emails requesting such information. Legitimate institutions will not ask for this information through these channels. **Enable Stronger Authentication Methods:** Consider using security keys or biometrics (fingerprint or facial recognition) for login in addition to one-time passcodes. These methods add an extra layer of security that is more difficult for attackers to bypass. **Be Mindful of SIM Swap Requests:** If you are contacted by your mobile carrier about a SIM swap request that you did not initiate, contact them immediately to report the suspicious activity. **Monitor Your Accounts Regularly:** Regularly review your bank statements and account activity for any unauthorized transactions. Early detection can help minimize the damage caused by a SIM swap attack. SIM swap attacks represent a significant cybersecurity risk, posing a threat to individuals' financial security and privacy.

loading..   15-May-2024
loading..   3 min read
loading..

Scraping

API

Dell suffers data breach! Fake partner exploits API flaw to steal 49 million cus...

The crux of the breach lies in Dell's partner portal API, designed for authorized resellers and partners to access customer order data. Menelik exploited a critical vulnerability within this API – a lack of stringent access controls and robust rate limiting mechanisms. Menelik established numerous accounts using fabricated company names. The registration process evidently lacked proper verification, granting immediate access upon submission. The vulnerable API allowed Menelik to develop a program that bombarded the system with requests, generating sequential service tags. This brute-force approach, unhindered by rate limiting, enabled the scraping of a staggering 49 million customer records. The following code snippet exemplifies a simple Python script that could potentially generate sequential service tags: `Python` `def generate_service_tags(start, end): for i in range(start, end + 1): yield f"DELL-{i:07d}"` `# Example usage for tag in generate_service_tags(1000000, 2000000): # Send API request to Dell portal with generated tag # Process response data (assuming successful response)` This is a hypothetical illustration, and the actual exploit might be even more sophisticated. Dell has not publicly disclosed the specifics of the vulnerability. #### Menelik's Claims and Dell's Response Menelik asserts that they contacted Dell security on two occasions, highlighting the API flaw. However, Dell contends they were already investigating the incident before receiving these emails. Dell's tight-lipped approach due to the ongoing investigation leaves unanswered questions regarding the specific timeframe of their awareness and the exact nature of their response prior to Menelik's communication. While Menelik's data harvesting is undoubtedly malicious, the delayed response from Dell raises concerns about their proactive security posture. #### API Security Threat Landscape This incident underscores the escalating risk posed by unsecured APIs. Easy accessibility and lax security measures make them prime targets for exploitation. The report cites similar breaches involving Facebook, Twitter, and Trello, all stemming from API vulnerabilities and inadequate rate limiting. Organizations must prioritize robust API security measures. Implementing stringent access controls, multi-factor authentication, and rigorous rate limiting are crucial safeguards.

loading..   14-May-2024
loading..   2 min read
loading..

Hack

Polish officials lured by a "sexy spy" email? This APT28 attack exposes social e...

## Highly Targeted Phishing Campaign by APT28 Targets Polish Government Networks Recent events reveal a meticulously crafted phishing campaign targeting Polish government institutions. Attributed to APT28, a notorious Russian state-backed threat group, this attack highlights the evolving tactics and techniques employed by nation-state actors in cyberspace. ### **Dissecting the Attack Flow** The attack leveraged social engineering tactics, luring victims with a salacious email narrative involving a "mysterious Ukrainian woman." Clicking the embedded link initiated a series of redirects, ultimately downloading a malicious archive disguised as a JPG image. ### Deconstructing the Malicious Payload** This archive contained a weaponized executable file masquerading as a JPG. Upon execution, it employed DLL side-loading to launch a hidden script. This script, designed to be a distraction, displayed an image in the browser while simultaneously downloading and modifying a malicious CMD file. ### Unveiling the Malicious Intent** The downloaded CMD file, disguised as another JPG, aimed to gather sensitive information from the infected machine, including IP addresses and file listings from specific folders. This intel gathering suggests potential reconnaissance for further exploitation attempts. ### Echoes of Past Campaigns** The attack bears striking similarities to APT28's past operations. Notably, the group used Israel-Hamas themed lures to compromise devices with Headlace malware in a previous campaign. ### A Well-Established Threat Actor** APT28, linked to Russia's GRU military intelligence unit, has a history of high-profile attacks. They stand accused of compromising the DNC servers during the 2016 US elections and breaching the German Bundestag in 2015. ### International Condemnation and Repercussions** This recent Polish incident follows condemnations by NATO, the EU, and the US regarding APT28's cyber espionage activities across Europe. The US Department of State urged Russia to cease such malicious operations. ### Persistent Threat Landscape** The Polish incident underscores the persistent threat posed by state-backed actors. Their sophisticated social engineering tactics and ever-evolving attack methods necessitate robust cybersecurity measures to safeguard critical infrastructure. ### Code Snippet Example (Illustrative Purposes Only)** While the specific code used in this attack is not publicly available, a simplified illustration of a DLL side-loading technique might resemble: ```python def load_dll(dll_path): """Loads a DLL from the specified path.""" try: return ctypes.WinDLL(dll_path) except WindowsError as e: print(f"Error loading DLL: {e}") return None # Example usage (assuming a malicious DLL named "malicious.dll" exists) malicious_dll = load_dll("malicious.dll") if malicious_dll: # Call functions from the loaded DLL (assuming malicious functionality) malicious_dll.run_malicious_function() ``` The Polish incident turns out to be critical in this ever-evolving cyber threat landscape. By meticulously dissecting the attack flow, understanding APT28's tactics, and implementing robust cybersecurity practices, nations can bolster their defenses against such malicious campaigns.

loading..   11-May-2024
loading..   3 min read
Company Logo
logo

Secure Blink automates the application and API security testing for developers and security teams, helping them to rapidly identify and mitigate vulnerabilities more effectively than they can today.

Find Us Online

Facebook Logo
Twitter Logo
LinkedIn Logo
Telegram Logo
YouTube Logo
contact@secureblink.com

This website uses cookies to ensure you get the best experience on our website. By continuing on our website, you consent to our use of cookies. To find out more about how we use cookies, please see our Cookies Policy.

contact@secureblink.com

@ Copyright 2024 Secure Blink. All rights reserved.

4th Floor, Plot No- 7-10 Sector 126, Noida, UP -201303