Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 20

No, the 16 billion credentials leak is not a new data breach

News broke today about “one of the largest data breaches in history,” sparking wide media coverage filled with warnings and fear-mongering. However, it appears to just be a compilation of previously leaked credentials stolen by infostealers, exposed in data breaches, and via credential stuffing attacks.

To be clear, this is not a new data breach, or a breach at all, and the websites involved were not recently compromised to steal these credentials.

Instead, these stolen credentials were likely circulating for some time, if not for years. It was then collected by a cybersecurity firm, researchers, or threat actors and repackaged into a database that was exposed on the Internet.

Hackers could use smartwatches to eavesdrop on air-gapped computers via ultrasonic signals

A security specialist at Ben-Gurion University of the Negev has found evidence that it might be possible to infiltrate an air-gap computing system using a smartwatch. Mordechai Guri has published a paper outlining his ideas on the arXiv preprint server.

Air-gap computers or computing systems are those that have been physically removed from other networks, such as the internet, as a way to make them remotely hack-proof. The only way such a computer or system could be hacked would be to gain direct or to have someone do it for them. In his paper, Guri suggests there may be another way—by using features of smartwatches.

Smartwatches, Guri notes, have all the features needed to listen for ultrasonic signals from an air-gapped computer, starting with a microphone. They also could be used for processing signals or for routing them to a speaker or a Wi-Fi device, which could broadcast them to a more sophisticated device.

Zoomcar discloses security breach impacting 8.4 million users

Zoomcar Holdings (Zoomcar) has disclosed that unauthorized accessed its system led to a data breach impacting 8.4 million users.

The incident was detected on June 9, after a threat actor emailed company employees alerting them of a cyberattack.

Although there has been no material disruption to services, the company’s internal investigation confirmed that sensitive data belonging to a subset of its customers has been compromised.

Discord Invite Link Hijacking Delivers AsyncRAT and Skuld Stealer Targeting Crypto Wallets

A new malware campaign is exploiting a weakness in Discord’s invitation system to deliver an information stealer called Skuld and the AsyncRAT remote access trojan.

“Attackers hijacked the links through vanity link registration, allowing them to silently redirect users from trusted sources to malicious servers,” Check Point said in a technical report. “The attackers combined the ClickFix phishing technique, multi-stage loaders, and time-based evasions to stealthily deliver AsyncRAT, and a customized Skuld Stealer targeting crypto wallets.”

The issue with Discord’s invite mechanism is that it allows attackers to hijack expired or deleted invite links and secretly redirect unsuspecting users to malicious servers under their control. This also means that a Discord invite link that was once trusted and shared on forums or social media platforms could unwittingly lead users to malicious sites.

Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool

Cybersecurity researchers have uncovered a new account takeover (ATO) campaign that leverages an open-source penetration testing framework called TeamFiltration to breach Microsoft Entra ID (formerly Azure Active Directory) user accounts.

The activity, codenamed UNK_SneakyStrike by Proofpoint, has targeted over 80,000 user accounts across hundreds of organizations’ cloud tenants since a surge in login attempts was observed in December 2024, leading to successful account takeovers.

“Attackers leverage Microsoft Teams API and Amazon Web Services (AWS) servers located in various geographical regions to launch user-enumeration and password-spraying attempts,” the enterprise security company said. “Attackers exploited access to specific resources and native applications, such as Microsoft Teams, OneDrive, Outlook, and others.”

/* */