Cyber Bites

A medical Q&A service provider is facing criticism about its security processes after a cloud misconfiguration appeared to leak sensitive images of thousands of patients. A team at Safety Detectives reportedly discovered the Amazon S3 bucket, before tracing it to a Japanese firm called Doctors Me. There was reportedly no authentication controls in place, leaving the bucket wide open. Doctors Me offers a service enabling users to upload images of medical conditions to receive anonymous,...

The hacktivist and activist group known as Anonymous has released Nestle's database. The move comes days after the Ukrainian President Zelensky called out the world's largest food company for its continued relationship with Russia. Anonymous announced the breach in a tweet on Tuesday: “Hacker group Anonymous has released 10 GB of data from Swiss company Nestlé. This is the collective's retaliation for continuing the company's business in Russia." The group then posted an additional tweet...

Okta has confirmed that they were hacked by LAPSUS$ ransomware group. LAPSUS$ ransomware posted screenshots which they claimed were of Okta's internal company environment yesterday. Today, the authentication services provider has updated a blog post confirming the breach: "After a thorough analysis of these claims, we have concluded that a small percentage of customers -- approximately 2.5% -- have potentially been impacted and whose data may have been viewed or acted upon. We have identified...

A new phishing technique dubbed browser-in-the-browser (BitB) attack allows threat actors to simulate a browser window within a browser, spoofing a legitimate domain and initiating a convincing phishing attack. A penetration tester and security researcher, known as mrd0x on Twitter, explained how the method takes advantage of third-party single sign-on (SSO) options on websites such as "Sign in with Google" (or Facebook, Apple, or Microsoft). The default behaviour sign in methods such as these is to...

Several US authorities issued an alert warning of the threat to critical national infrastructure (CNI) providers from the AvosLocker ransomware group. The group is a ransomware-as-a-service affiliate operation known for targeting financial services, manufacturing and government entities, as well as other sectors, the report indicated. AvosLocker seems to be geographically indiscriminate, with some victims hailing from the US, Syria, Saudi Arabia, Germany, Spain, Belgium, Turkey, the United Arab Emirates, the UK, Canada, China and Taiwan....

The ultra-prolific ransomware group LAPSUS$ are now claiming to have breached Okta, an authentication services provider. The report comes after the hackers posted what they claim to be screenshots of Okta's internal company environment. Thousands of companies rely on Okta to manage access to their networks and applications, making the possibility of a breach especially concerning. The company was aware of the reports and was investigating, Okta official Chris Hollis said in a brief statement....

Luxury hotels in Macau were the target of malicious spear-phishing campaigns for nearly 3 months, according to research from security researchers at Trellix. The cybersecurity firm has attributed the campaign to the aptly named DarkHotel group, building on research published by Zscaler in December 2021.  DarkHotel is believed to have been access since 2007, with a history of striking  "senior business executives by uploading malicious code to their computers through infiltrated hotel Wi-Fi networks, as...

Hubspot, a widely used Customer Relationship Management (CRM) platform, was hacked on Friday by a threat actor accessing an employee account.  The hacker then used the account to target 30 as yet unnamed cryptocurrency stakeholders, with BlockFi and Swan Bitcoin confirming that they suffered a breach. As Hubspot is a third party vendor, the hacker did not gain access to any of the targeted organisation's internal systems. While user information was leaked, both BlockFi and...

A Ukrainian security researcher has released further source code from the Conti ransomware group in retaliation for their siding with Russia over the ongoing Russia-Ukraine conflict. Conti is a prolific ransomware operation run by Russia-based threat actors. The group has been involved in developing numerous malware families, and is considered one of the most active cybercrime operations on the planet. This isn't the first time the Ukrainian security researcher, named 'Conti Leaks', has sought revenge...

The National Cyber Security Centres's (NCSC) Suspicious Email Reporting Service is proving successful. Over 10 million emails have been reported to the service, leading to 76,000 online scams being taken down. The service has been operating for almost two years, enabling members of the public to alert the authorities regarding potential cyberattacks and scams. Scams that have been taken down include those relating to NHS, fake notifications from delivery companies, phony cryptocurrency investments. The service was launched...