What we know so far: A Ticketmaster AWS instance was penetrated by unknown perpetrators; “ShinyHunters” is selling stolen data on their behalf. Don’t forget to add the hidden 5% fee to the ransom.
The post Ticketmaster Hack Ticks Off 560M Customers in 1.3TB Breach appeared first on Security Boulevard.
Ticket to Hide: A threat group hacked 1.3 terabytes of Ticketmaster customer data, including payment information. It’s threatening to release the personal data unless a ransom is paid.
The post Ticketmaster Hacked, Personal Data of 560 Million Customers Leaked, ShinyHunters Claim appeared first on Security Boulevard.
Source: Dark Web[/caption]
The major concern for this BSNL data leak is the inclusion of sensitive customer information, which, if exploited, could lead to identity theft, financial fraud, and other malicious activities.
The urgency of the situation is further emphasized by kiberphant0m's warning to potential buyers and Indian authorities, suggesting that the data could be sold to other parties if not addressed promptly.
“India if you want to secure your data and do not want it to be sold you must buy it first, contact me BEFORE someone purchases this data. It could be 3 hours to 24 hours, who knows”, says the hacker.
Source: Dark Web[/caption]
The claims of this Shell data leak were shared on a popular hacking forum by the user Kingpin and shared glimpses into sample data allegedly related to the organization. The Cyber Express has reached out to the oil and gas company to learn more about this Shell data breach and the authenticity of the hackers over the claimed data.
However, at the time of writing this, no official statement or response has been received. This lack of confirmation leaves the claims regarding the Shell data breach unverified, although the potential implications are threatening for the customers and stakeholders associated with the organization.
Talking about the cyberattack on Shell, the hacker Kingpin states that the organization suffered a data breach in May 2024 and this data breach allegedly contained "Shopper Code, First Name, Last Name, Status, Shopper Email, Contact Mobile, Postcode, Nectar, Suburb, State, Site Address, Suburb 1, Country, Site Name, Last Login, Pay and Association Number".
As threats increase in sophistication—in many cases powered by GenAI itself—GenAI will play a growing role in combatting them.
The post The Rise of Generative AI is Transforming Threat Intelligence – Five Trends to Watch appeared first on Security Boulevard.
Source: X[/caption]
[caption id="attachment_71537" align="aligncenter" width="1169"] Source: X[/caption]
As of the time of this writing, Decathlon has not issued an official statement regarding the alleged data breach. The Cyber Express has contacted the retailer for verification of the breach and will provide updates as soon as a response is received.
Source: archive.org[/caption]
The breach also uncovered a simple webshell hidden since at least December 2011 in the spyware's backend code. This backdoor allowed for arbitrary PHP code execution through the use of cookies, raising questions about its origin—whether it was placed by pcTattletale itself as a backdoor or a threat actor.
The hacker later updated the defaced site to share a video, claiming it as footage of the pcTattletale's founder attempts to restore the site.
It took over 20 hours for the defaced website to be taken down, with the pcTattletale’s service continuing to send screenshots to the S3 bucket until Amazon officially locked down the spyware service's AWS account.
[caption id="attachment_70324" align="alignnone" width="1206"] Source: ericdaigle.ca[/caption]
Following the official lockdown of the site's AWS infrastucture, security researcher Eric Daigle, expanded his earlier limited disclosure with step-by-step exploit of the stated flaw. He noted that while the site's attacker exploited an unrelated flaw, it was about as equally trivial in it's complexity.
Source: maia.crimew.gay[/caption]
Given the wide range of affected companies and the significant security lapses, security researcher maia crimew noted that pcTattletale could face severe repercussions, possibly leading to a cessation of its operations as the Federal Trade Commission (FTC) had previously ordered other US stalkerware developers to cease operations following breaches, with pcTattletale’s case poised for similar consequences.
The widespread misuse and systemic security failures of pcTattletale highlight the dangers inherent in stalkerware software and services, as well as the urgent need for stringent regulatory oversight and robust security measures over these tools to protect the data and privacy of individuals and organizations.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
88% of participants in the Immersive “Prompt Injection Challenge” successfully tricked a GenAI bot into divulging sensitive information.
The post Prompt Injection Threats Highlight GenAI Risks appeared first on Security Boulevard.
Source: Dark Web[/caption]
As proof of their claims, the threat actor shared sample records showcasing live GPS vehicle information sorted by country and offered the compromised database for sale at a staggering price of USD 5,000.
“These days I have breached the company security, and I have dumped all information and got access to all internal systems of the company, more than 40 countries, more than 5,000 COMPANIES !”, stated the hacker.The Cyber Express has reached out to Frotcom for official confirmation and further details regarding the breach. However, as of the time of writing, no official statement or response has been received, leaving the claims surrounding the Frotcom data leak unverified.
Source: Dark Web[/caption]
The discrepancies didn't end there. The Cyber Express further analyzed the claims and found inconsistencies within the data itself. Specifically, discrepancies between names and associated phone numbers raised red flags. Given qpwomsx's brief tenure on the platform and apparent credibility issues, discerning the authenticity of the Meesho data breach becomes a daunting task.
However, examining the stolen data paints a perplexing situation as the majority of the email addresses are valid and deliverable. Along with the emails, the data appears to be a compilation of personal information belonging to individuals, predominantly based in India.
Alongside names, email addresses, and phone numbers, additional details such as location and workplace affiliations were also included. However, the presence of "null" values suggests potential gaps or inaccuracies within the dataset.
“Additionally, the perpetrator has also gained access to content on network drives belonging to the Education Division,” Heikkinen said.“This is a very serious data breach, with possible, unfortunate consequences for our customers and personnel,” said City Manager Jukka-Pekka Ujula. “We regret this situation deeply.”
“The server had a vulnerability which the culprit was able to exploit to connect to the Education Division network.”The city authorities did not reveal the name of the remote access server but said a hotfix patch was available at the time of exploitation, but why it was not installed on the server is currently unknown.
“Our security update and device maintenance controls and procedures have been insufficient,” said Heikkinen.The breach targeted an extensive group, with most of the network drive data – comprising of tens of millions of files - containing non-identifying information or ordinary personal data, minimizing potential abuse, according to the city authorities. However, some files include confidential or sensitive personal data such as fees for early childhood education customers, children's status information like information requests by student welfare or information about the need of special support and medical certificates regarding the suspension of studies for upper secondary students, and sick leave records of Education Division personnel. The data breach also includes historical customer and personnel data. Meaning, even if an individual is not currently a customer or a member of staff at the Education Division, the hacker may still have accessed their data.
“Considering the number of users in the city’s services now and in previous years, in the worst case, this data breach affects over 80,000 students and their guardians,” Ujula said.Satu Järvenkallas, executive director of the Education Division, said the authorities are currently unable to provide an accurate assessment of what data the hacker may have accessed as “the volume of data under investigation is significant.”
“Severe and easy-to-exploit vulnerabilities have been detected in the network edge devices of many major device manufacturers, such as VPN gateways, in the past six months,” said Samuli Bergström, the director of the cybersecurity center. “That is why it is important that special attention is paid to resources and expertise in organizations.”A very recent example of one such VPN appliance abuse is the zero-day exploitation in Ivanti VPN products, Ivanti Connect Secure (formerly Pulse Secure) and Ivanti Policy Secure gateways. Chinese state-backed hackers used two zero-day vulnerabilities in these products: an authentication bypass (CVE-2023-46805) and a command injection (CVE-2024-21887) bug to compromise several organizations including MITRE. “Reaction to the data breach has been quick and all the necessary resources are being and will be used on protective measures. This is the highest priority for the city’s senior management,” Ujula said. “After the breach, we have taken measures to ensure that a similar breach is no longer possible,” Heikkinen added.
“We have not discovered evidence that the perpetrator would have accessed the networks or data of other divisions. However, we are monitoring all City of Helsinki networks closely.”Information for affected individuals is available via the Traficom’s Cybersecurity Centre website, data breach customer service, crisis emergency services and MIELI Mental Health Finland. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
Dell data breach notification[/caption]
Dell Technologies is a publicly traded company that operates in 180 countries and is headquartered in Round Rock, Texas. Dell is the third-largest personal computer vendor in the world by unit sales, behind Lenovo and HP and serves more than 10 million small and medium-sized businesses and receives 500 million annual eCommerce visits.
The tech giant generated a revenue of $102.3 billion in 2023 and has over 500,000 commercial customers and 2,500 enterprise accounts.
The threat actor claimed this data set contained an up-to-date details of registered Dell servers including vital personal and company information such as full names, addresses, cities, provinces, postal codes, countries, unique 7-digit service tags of systems, system shipment dates (warranty start), warranty plans, serial numbers (for monitors), Dell customer numbers and Dell order numbers.
The threat actor asserted that he was the sole possessor of this data that entailed approximately 7 million records of individual/personal purchases, while 11 million belong to consumer segment companies. The remaining data pertained to enterprise, partners, schools or unidentified entities.
The threat actor also highlighted the top five countries with the most systems represented in the database, which included the United States, China, India, Australia and Canada.
The data, claimed to be sourced from Dell and containing 49 million customers and other systems details between 2017 and 2024, aligned with the details outlined in Dell's breach notification.
However, The Cyber Express could not confirm if the two data sets are the same as Dell did not immediately respond to our request for confirmation.
Although the sale of the database appears to have ceased, the possibility of further exploitation remains. Although Dell refrained from disclosing the specific impact of the breach, it remains vigilant about potential risks associated with the stolen information. While the compromised data lacks email addresses, threat actors could exploit it for targeted phishing and smishing attacks against Dell customers.
They could contact Dell customers as fake customer service executives and lead them into downloading malware or infostealers as is seen in many previous campaigns.
Dell advises customers to exercise caution regarding any communications purportedly from Dell, especially those urging software installations, password changes or other risky actions and encourages customers to verify the legitimacy of such communications directly with Dell.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.Tech giant notifies millions of customers that full names and physical mailing addresses were stolen during a security incident.
The post Dell Says Customer Names, Addresses Stolen in Database Breach appeared first on SecurityWeek.
Source: Dark Web[/caption]
The announcement of the SigningHub data breach paints a grim picture of the intrusion and its alleged impact. The post, titled "SigningHub - File Signing SRC Leaked, Download!", was shared by the threat actor while other users commended the hacker for this intrusion, stating the SigningHub code leak was “another great hit”, “top release” and other words of praise.
The Cyber Express has reached out to Ascertia to learn more about this SigningHub data leak. However, at the time of writing this, no official statement or response has been shared apart from the blog post by the parent company Ascertia.
In an attempt to shed light on the operation associated with the hacker, The Cyber Express reached out to IntelBroker for insights into their motivations and methods. In a recent interview, IntelBroker shared details of their hacking journey, affiliations, and previous exploits, highlighting the scale and sophistication of their operations.
“I want to assure our entire community, from security researchers and industry partners to individual users, that VirusTotal's core mission remains unchanged. We remain deeply dedicated to collective intelligence and collaboration, fostering a platform where everyone can come together to share knowledge, access valuable threat information, and contribute to the fight against cyber threats,” Quintero said.“VirusTotal remains committed to a level playing field, ensuring all partners, including Google Threat Intelligence, have equal access to the crowdsourced data VirusTotal collects. We also want to assure you that the core features and functionalities of VirusTotal will remain free and accessible to everyone, as always,” he added, clearing the air around VirusTotal’s future. “The strength of VirusTotal lies in its network of contributors and the vast amount of data they provide. This data serves as a valuable resource for the entire security industry, empowering our partners and others to enhance their products and contribute to a more secure digital world. This collaborative approach, based on transparency and equal access, strengthens the industry as a whole, ultimately leading to better protection for everyone.”
Source: Chase[/caption]
According to documents filed in the U.S. District Court for the Southern District of New York on May 3, Valentine's case is detailed in a Class Action Complaint (Case 1:24-cv-03438-JLR). The lawsuit contends that J.P. Morgan, a significant player in the financial industry offering a wide array of services to millions of customers, failed to adequately safeguard the personal information of its clients' employees, resulting in substantial harm.
Valentine's complaint outlines how J.P. Morgan collected and maintained sensitive personally identifiable information (PII) of its clients' employees, including names, addresses, payment details, and Social Security numbers. This information, crucial for financial transactions and security, was compromised in the J P Morgan data breach and fell into the hands of cybercriminals.
The lawsuit asserts that as a consequence of the breach, Valentine and approximately 451,000 other affected individuals suffered tangible damages, including invasion of privacy, identity theft, and the loss of trust and value in their personal information. Moreover, the breach exposed them to ongoing risks of fraud and further misuse of their data.
Health insurance giant Kaiser has announced it will notify millions of patients about a data breach after sharing patients’ data with advertisers.
Kaiser said that an investigation led to the discovery that “certain online technologies, previously installed on its websites and mobile applications, may have transmitted personal information to third-party vendors.”
In the required notice with the US government, Kaiser lists 13.4 million affected individuals. Among these third-party ad vendors are Google, Microsoft, and X. Kaiser said it subsequently removed the tracking code from its websites and mobile apps.
A tracking pixel is a piece of code that website owners can place on their website. The pixel collects data that helps businesses track people and target adverts at them. That’s nice for the advertisers, but the information gathered by these pixels tells them a lot about your browsing behavior, and a lot about you.
This kind of data leak normally happens when a website includes sensitive information in its URLs (web addresses). The URLs you visit are shared with the company that provides the tracking pixel, so if the URL contains sensitive information it will end up in the hands of the tracking company. The good news is that while it’s easy for websites to leak information like this, there is no suggestion that tracking pixel operators are aware of it, or acting on it, and it would probably be hugely impractical for them to do so.
The leaked data includes member names and IP addresses, as well as information that could indicate if members were signed into a Kaiser Permanente account or service, how they interacted with it, how they navigated through the website and mobile applications, and what search terms they used in the health encyclopedia.
A spokesperson said that Kaiser intends to begin notifying the affected current and former members and patients who accessed its websites and mobile apps in May.
Not so long ago, we reported how mental health company Cerebral failed to protect sensitive personal data, and ended up having to pay $7 million. Also due to tracking pixels, so this is a recurring problem we are likely to see lots more of. Research done by TheMarkup in June of 2022 showed that Meta’s pixel could be found on the websites of 33 of the top 100 hospitals in America.
Malwarebytes has a new free tool for you to check how much of your personal data has been exposed online. Submit your email address (it’s best to give the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report and recommendations.
Login