Hackers Compromise Microsoft Support Agent to Access Outlook Email Accounts

By: Swati Khandelwal

If you have an account with Microsoft Outlook email service, there is a possibility that your account information has been compromised by an unknown hacker or group of hackers, Microsoft confirmed The Hacker News.

Earlier this year, hackers managed to breach Microsoft’s customer support portal and access information related to some email accounts registered with the company’s Outlook service.

Yesterday, a user on Reddit publicly posted a screenshot of an email which he received from Microsoft warning that unknown attackers were able to access some information of his OutLook account between 1 January 2019 and 28 March 2019.

 Another user on Reddit also confirmed that he/she too received the same email from Microsoft.

According to the incident notification email, as shown below, attackers were able to compromise credentials for one of Microsoft’s customer support agents and used it to unauthorisedly access some information related to the affected accounts, but not the content of the emails or attachments.

microsoft outlook email hacked

The information that a Microsoft’s customer support agent can view is limited to account email addresses, folder names, subject lines of emails, and the name of other email addresses you communicate with.

Hackers Could Turn Pre-Installed Antivirus App on Xiaomi Phones Into Malware

By: Swati Khandelwal

What could be worse than this, if the software that’s meant to protect your devices leave backdoors open for hackers or turn into malware?

Researchers today revealed that a security app that comes pre-installed on more than 150 million devices manufactured by Xiaomi, China’s biggest and world’s 4th largest smartphone company, was suffering from multiple issues that could have allowed remote hackers to compromise Xiaomi smartphones.

According to CheckPoint, the reported issues resided in one of the pre-installed application called, Guard Provider, a security app developed by Xiaomi that includes three different antivirus programs packed inside it, allowing users to choose between Avast, AVL, and Tencent.

Since Guard Provider has been designed to offer multiple 3rd-party programs within a single app, it uses several Software Development Kits (SDKs), which according to researchers is not a great idea because data of one SDK cannot be isolated and any issue in one of them could compromise the protection provided by others.

“The hidden disadvantages in using several SDKs within the same app lie in the fact that they all share the app context and permissions,” the security firm says.

“While minor bugs in each individual SDK can often be a standalone issue, when multiple SDKs are implemented within the same app it is likely that even more critical vulnerabilities will not be far off.”

 

xiaomi antivirus for android

It turns out that before receiving the latest patch, Guard Provider was downloading antivirus signature updates through an unsecured HTTP connection, allowing man-in-the-middle attackers sitting on open WiFi network to intercept your device’s network connection and push malicious updates.

More: https://thehackernews.com/2019/04/xiaomi-antivirus-app.html?fbclid=IwAR29C9Pesa–Tw72HK8rsvvSGtqKVFUdb2MOK1iZ4yO6dki1SQT7_j-9TLw&&m=1

THE WIRED GUIDE TO DATA BREACHES

By: Lily Hay Newman

Another week, another massive new corporate security breach that exposes your personal data. Names, email addresses, passwords, Social Security numbers, dates of birth, credit card numbers, banking data, passport numbers, phone numbers, home addresses, driver’s license numbers, medical records—they all get swept up by shadowy, amorphous hackers for fraud, identity theft, and worse. Sometimes the affected company will send you an email suggesting that you change a password or credit card number, but for the most part, these incidents are invisible—until they aren’t.

Think of data breaches as coming in two flavors: breaches of institutions that people choose to entrust with their data—like retailers and banks—and breaches of entities that acquired user data secondarily—like credit bureaus and marketing firms. Unfortunately, you can’t keep your information perfectly safe: It is often impossible to avoid sharing data, especially with organizations like governments and health insurers. Furthermore, in cases where a company or institution gives your information to an additional party, you’ve often agreed to sharing more data than you realize by clicking “I accept” on a dense user agreement.

Many of these incidents don’t necessarily even involve hackers. Data “exposures” occur when information that should have been locked down was accessible, but it’s unclear if anyone actually stole it.

Even after a data breach has occurred, though, and an unauthorized actor definitely has your data, you won’t necessarily see an immediate negative impact. Hackers who steal a trove of login credentials, for example, may quietly use them for under-the-radar crime sprees instead of selling or publishing the data. As a result, the repercussions of a breach can be very delayed, sometimes not fully manifesting for years.

More: https://www.wired.com/story/wired-guide-to-data-breaches/amp

Vale é hackeada e documentos mostram como empresa lida com acidentes

By: Felipe Payão

A mineradora multinacional brasileira Vale foi invadida e documentos internos supostamente confidenciais foram retirados e vazados por invasores. Hackers teriam se aproveitado de uma porta aberta no Microsoft SharePoint, ferramenta de software para colaboração em equipe, para resgatar atas, para extrair ocorrências e incidentes de segurança pelo mundo.

TecMundo recebeu os documentos na terça-feira (29) por uma fonte anônima. São cerca de 40 mil arquivos em uma pasta de 500 MB. Por lá, é possível encontrar incidentes de segurança que aconteceram entre 2017 e 2019 em áreas da Vale no Brasil, Canadá, Moçambique, Nova Caledônia e Indonésia.

“Um dos documentos relata assalto a mão armada em um duto, e não houve registro de ocorrência policial posterior”, afirmou a fonte no email em que enviou os documentos. O TecMundoencontrou o documento citado em específico, mas não a questão da ocorrência policial citada.

A Vale foi contatada sobre o incidente, contudo, não ofereceu qualquer resposta até o momento da publicação desta matéria — atualização: após a publicação, a companhia enviou uma nota que você confere abaixo. Do outro lado, os hackers não detalharam como a companhia foi invadida, apenas notaram que os documentos foram extraídos por meio de uma brecha na URL oculta que estava aberta ao público — “Indexação de documentos secretos em um subdomínio oculto, por meio de motores de busca”, notaram.

Mais: https://www.tecmundo.com.br/seguranca/138314-vale-hackeada-documentos-mostram-empresa-lida-acidentes.htm?f&utm_source=facebook.com&utm_medium=referral&utm_campaign=thumb

Hundreds of German Lawmakers Targeted in Mass Cyber Attack

By: David Gilbert

REUTERS/Wolfgang Rattay

A stolen cache of personal information belonging to nearly 1,000 German politicians — including outgoing Chancellor Angela Merkel — has been leaked, according to a report published Thursday.

The information includes everything from phone numbers and credit card details to private messages with family members, German media said.

The hack has impacted national, regional and EU politicians from all major parties except for members of the far-right Alternative for Germany (Alternative für Deutschland, or AfD) party. Journalists, musicians, comedians and activists were also targeted.

There is currently no indication of who was behind the attack, but the hacker or hackers leaked information for more than a month on Twitter before the media picked it up.

The scale of the hack was first reported by RBB, leading Justice Minister Katarina Barley to call it a “serious attack” Friday morning.

“The people behind this want to damage confidence in our democracy and institutions,” Barley said.

The federal office for information security (BSI) said Friday it was investigating, adding that government networks had not been affected.

 

Private messages from 81,000 hacked Facebook accounts for sale

By: Andrei Zakharov

Hackers appear to have compromised and published private messages from at least 81,000 Facebook users’ accounts.

The perpetrators told the BBC Russian Service that they had details from a total of 120 million accounts, which they were attempting to sell, although there are reasons to be sceptical about that figure.

Facebook said its security had not been compromised.

And the data had probably been obtained through malicious browser extensions.

Facebook added it had taken steps to prevent further accounts being affected.

The BBC understands many of the users whose details have been compromised are based in Ukraine and Russia. However, some are from the UK, US, Brazil and elsewhere.

The hackers offered to sell access for 10 cents (8p) per account. However, their advert has since been taken offline.

“We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores,” said Facebook executive Guy Rosen.

“We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts.”

Intimate correspondence

The breach first came to light in September, when a post from a user nicknamed FBSaler appeared on an English-language internet forum.

“We sell personal information of Facebook users. Our database includes 120 million accounts,” the user wrote.

The cyber-security company Digital Shadows examined the claim on behalf of the BBC and confirmed that more than 81,000 of the profiles posted online as a sample contained private messages.

Data from a further 176,000 accounts was also made available, although some of the information – including email addresses and phone numbers – could have been scraped from members who had not hidden it.

The BBC Russian Service contacted five Russian Facebook users whose private messages had been uploaded and confirmed the posts were theirs.

One example included photographs of a recent holiday, another was a chat about a recent Depeche Mode concert, and a third included complaints about a son-in-law.

More: https://www.bbc.co.uk/news/amp/technology-46065796

FIFA admits hack and braces for new leaks

By: Catalin Cimpanu

 

March 2018 phishing incident pegged as possible origin of latest hack and subsequent data theft.

FIFA officials are bracing for new damaging leaks to be published this week after soccer’s governing body fell victim to a phishing attack.

FIFA President Gianni Infantino admitted to the new hack while talking to the press after a FIFA Council meeting last week in Kigali, Rwanda.

He said that both FIFA, soccer’s global governing entity, but also UEFA, Europe’s soccer body, had received hundreds of questions from journalists about subjects only recorded in FIFA confidential documents.

Officials believe that someone at FIFA fell victim to a phishing attack this March, the New York Times reported on Tuesday.

Hackers are believed to have used this entry point to gain access to confidential data, which they have now leaked to Football Leaks, a website that became famous in late 2015 after it started publishing internal FIFA documents revealing the dirty dealings of the soccer player market. The 2015 leak, believed to have been caused by insiders, led to the firing of many FIFA officials and the prosecution of soccer superstars such as footballer Cristiano Ronaldo and coach Jose Mourinho.

The Football Leaks organization has already shared some of the files obtained from the recent hack with news agencies part of the European Investigative Collaborations (EIC), which said it plans to publish the new revelations starting this Friday, November 2.

More: https://www.zdnet.com/google-amp/article/fifa-admits-hack-and-braces-for-new-leaks/

Phishing attacks: Why is email still such an easy target for hackers?

By: Danny Palmer

The majority of cyber attacks begin with one simple phishing email. So will it ever be possible to close this door to hackers, once and for all?

Email is incredibly useful, which is why we all still use it. But chief among its downsides (along with getting caught in a group-cc’d message hell) is that email remains one of the most common routes for hackers to attack businesses.

Around one in every hundred messages sent is a malicious hacking attempt. That might not seem like a large figure, but when millions of messages are sent every day, it adds up — especially when it just takes one employee to fall victim to a phishing message and potentially lead to a whole organisation being compromised.

For example, the cyber attack against the Democratic National Committee that led to thousands of private emails being exposed in the run up to the US Presidential election started with just one successful phishing email, while countless espionage and malware campaigns have also gained entry to organisations via an email-based attack.

But if email leaves us so vulnerable to attempts at hacking, why do we stick with it?

“Email is still the main way that two entities who may not have a relationship get together and communicate. Whether it’s a law firm communicating with a business or a candidate applying for a job, email is still the bridge to getting these entities communicating. It’s not going away,” says Aaron Higbee, co-founder and CTO at anti-phishing company Cofense.

As long as email is here, phishing will also remain a problem — and while some phishing campaigns are really sophisticated and based around cyber criminals performing deep reconnaissance on targets, other email-based attacks aren’t so sophisticated — and yet are still worryingly successful.

More:  https://www.zdnet.com/article/phishing-attacks-why-is-email-still-such-an-easy-target-for-hackers/

 

Hackers breached into system that interacts with HealthCare.gov

By: Pierluigi Paganini

Centers for Medicare and Medicaid Services announced hackers breached into a computer system that interacts with HealthCare.gov.

Hackers breached into a computer system that interacts with HealthCare.gov, according to Centers for Medicare and Medicaid Services, attackers accessed to the sensitive personal data of some 75,000 people.

After experts discovered the intrusion, the system was shut down and the IT staff is working to restore the operation.

“Officials said the hacked system was shut down and technicians are working to restore it before sign-upseason starts Nov. 1 for health care coverage under the Affordable Care Act.” reported the Associated Press.

“The system that was hacked is used by insurance agents and brokers to directly enroll customers. All other sign-up systems are working.”

In the US, Barack Obama’s health care law ensured the private coverage for about 10 million people that in order to access the public service have to provide extensive personal information, including Social Security numbers, income, and citizenship or legal immigration status.

Starting November 1, people can log in to HealthCare.gov, fill out an application, and enroll in a 2019 Marketplace health plan.

More: https://securityaffairs.co/wordpress/77273/data-breach/system-interacting-healthcare-gov-hack.html