By Waqas
Duolingo Investigates Data Leak as Hacker Shares Personal User Information on Hacker Forums and Telegram.
This is a post from HackRead.com Read the original post: API Misuse: Hacker Exposes 2.6M Duolingo Users’ Emails & Names

It is worth noting that Duolingo has not suffered a data breach; the data leak was a result of web scraping through public API abuse.

**KEY FINDINGS**

*   **Extensive User Impact:** The breach affects a substantial user base, with the personal data of over 2.6 million individuals exposed.

*   **Comprehensive Data Set:** The compromised information includes diverse details like usernames, full names, email addresses, countries, language course subscriptions, and account creation dates.

*   **Vulnerable API Exploitation:** The breach was executed through the exploitation of a public API, highlighting the potential risks posed by publicly accessible interfaces.

*   **Data Misuse Concerns:** The breadth of exposed data raises concerns about potential misuse, including identity theft, phishing, and cybercrime targeting affected users.

*   **Heightened Privacy Risks:** Users’ privacy is at stake due to the depth of sensitive data exposed, emphasizing the need for robust cybersecurity measures in safeguarding personal information.

A hacker has recently disclosed the personal information of approximately 2.6 million users of the popular language-learning platform, Duolingo. Contrary to a conventional data breach where hackers infiltrate an organization’s servers, this incident involved the exploitation of a public API.

The hacker, who also serves as a moderator on the Breach Forums, managed to scrape user data in January 2023, leading to the exposure of account-related details for a vast number of Duolingo users.

Duolingo, known for its accessible and engaging language courses, was caught off guard by the incident. The breach, while not originating from a direct assault on Duolingo’s servers or infrastructure, highlights the complex challenges organizations face in safeguarding user information in a hostile and uncertain environment created by threat actors.

**Leaked Data**

Hackread.com has examined and analyzed the exposed data, shedding light on its contents. The dataset encompasses the personal information of a staggering 2,658,787 users. This encompassing collection includes critical details such as:

*   Full names
*   Usernames
*   Email addresses
*   Countries of origin
*   The precise dates of account creation
*   The language courses to which users have subscribed

Notably, the gravity of the breach escalated when, prior to the public leak, another threat actor attempted to sell the same dataset for $1500. The revelation of the data on hacker forums and Telegram channels has only exacerbated concerns regarding user privacy and the potential misuse of exposed information.

Screenshot from the leaked Duolingo data (Image credit: Hackread.com)

Duolingo data leaked and sold on Breach Forums (Image credit: Hackread.com)

Duolingo, in response to the breach, is diligently investigating the situation and has intensified its efforts to secure user data. The incident has catalyzed discussions about the protection of user information in an era where APIs, often considered as open doors to data, require heightened vigilance.

**Impact**

While distinct from a conventional data breach, the exposure of email addresses and full names of 2.6 million Duolingo users still constitutes a significant privacy breach. This incident raises considerable concerns as it exposes individuals to potential risks such as targeted phishing attempts, identity theft, and cyberattacks.

Hackers armed with such specific personal information can craft convincing phishing emails, posing as legitimate entities, to deceive users into sharing further sensitive details or clicking on malicious links.

Moreover, the divulgence of full names can aid cybercriminals in constructing more credible and convincing social engineering schemes, increasing the likelihood of successfully breaching users’ accounts or even conducting scams. As such, even seemingly basic information leaks can lead to severe consequences for affected users.

In an environment where personal data is an invaluable currency, Duolingo data scraping stands as a testament to the ever-evolving methods of hackers and the pressing need for organizations to remain resilient against cyber threats.

As users await the outcome of Duolingo’s investigation, the incident underscores the collective responsibility to maintain digital security and protect user data from falling into the wrong hands.

1.  Hackers leak scraped data of 87,000 GETTR users
2.  A hacker is selling 700 million LinkedIn users accounts
3.  Facebook sues developer of data scraping extensions for Chrome
4.  Facebook sues Ukrainian for scraping and selling 178m users’ data
5.  Data scraping firm leaks 235m Insta, TikTok, YouTube user records

API Misuse: Hacker Exposes 2.6M Duolingo Users’ Emails & Names

By Habiba Rashid
The escort service under discussion is Fatal Model, Brazil's largest escort site.
This is a post from HackRead.com Read the original post: Brazil’s Top Escort Service Exposes Millions of Escort and Client Data

The leaked data encompassed a vast array of information from the logging database containing around 14.7 million records, totalling a size of approximately 19.17 GB, to the AWS cloud storage which held over 3.5 million files, collectively amounting to 700 GB.

****Key Findings****

*   **Security researcher Jeremiah Fowler uncovers major data breach in Brazilian escort service, Fatal Model.**

*   **Two unprotected databases revealed over 18 million records, containing personal details of clients and escorts, including email addresses and account info.**

*   **Access keys and AWS storage information for the Fatal Model were exposed in the breach.**

*   **Breach exposes vulnerabilities across different sectors of the company’s network; the logging database is secured promptly, AWS database is accessed until responsible disclosure.**

*   **Exposed data includes records from a logging database (14.7 million records) and AWS cloud storage (3.5 million files); poses privacy risks, and potential extortion, and exposes development files’ security implications.**

The cybersecurity Jeremiah Fowler has recently uncovered a major data breach affecting a prominent Brazilian escort service and application known as the Fatal Model. 

Fowler, who brought the breach to the attention of cybersecurity resource WebsitePlanet, discovered two non-password protected databases containing a staggering total of over 18 million records. These records, belonging to the Fatal Model, included personal details of both clients and escorts, such as email addresses, account information, and device data. 

Unsurprisingly, Fowler also identified that access keys and storage information of Fatal Model’s Amazon Web Services (AWS) storage account were exposed in the breach.

The breach highlights the cascading impact of a single data exposure, as vulnerabilities were unveiled within different sectors of the company’s network. While the logging database was promptly secured upon discovery, the AWS database remained accessible until Fowler issued a responsible disclosure notice. Fatal Model’s team exhibited a swift response in securing the exposed data.

**The scale of the Data Leak**

The exposed data encompassed a vast array of information from the logging database containing around 14.7 million records, totalling a size of approximately 19.17 GB, to the AWS cloud storage which held over 3.5 million files, collectively amounting to 700 GB.

Within the “2022” folder of the AWS account, there were approximately 35,400 escort accounts accompanied by images and videos. A subsequent “2023” folder contained an estimated 33,900 escort accounts, each complete with verification media.

Additionally, the breach revealed application files, development materials, admin access tokens, user device data, email addresses, names, and user ID numbers.

Screenshot from the exposed database (Jeremiah Fowler)

According to Fowler’s report, the Fatal Model employs advanced technology to authenticate the identities of escorts and clients, indicating that the leaked data pertains to actual individuals. The exposed verification procedures employed biometric software to validate users through facial recognition technology.

**Privacy Risks and Future Implications**

The exposed information carries significant privacy risks for both escorts and clients of the service. Escorts and clients rely on the privacy afforded by such platforms, and the leakage of personal data and images could lead to harassment and reputation damage.

The breach raises the spectre of potential extortion or blackmail campaigns by cybercriminals seeking financial gain through public exposure of sensitive information.

The breach also shows the security implications of exposed development and installation files. The leaked JavaScript files may contain sensitive client-side code, including API keys and authentication tokens. If exploited, this data could grant unauthorized access to systems and resources, posing a considerable threat.

Additionally, the exposed software development kit (SDK) files could reveal proprietary algorithms and organizational strategies, potentially undermining both the business and its users.

**Mitigating the Impact**

For individuals impacted by data breaches, taking these steps can help mitigate potential fallout:

*   Monitor Key Accounts: Regularly review login details and IP locations, as well as monitor financial and social media accounts for unauthorized activity.

*   Update Passwords: Change leaked passwords and enable Two-Factor Authentication (2FA) for enhanced security.

*   Beware of Phishing: Exercise caution with unsolicited emails or messages requesting personal information, and avoid sharing such details via email or phone.

1.  Personal & banking data of 120 million Brazilians leaked online
2.  Ransomware attack on top Brazilian court encrypts files, backups
3.  Brazilian marketplace integrator Hariexpress exposed 1.75 billion records
4.  Brazil’s cosmetic giant Natura leaked 192 million records with payment data
5.  Brazilian Crypto exchange hacked; private data of over 264,000 users exposed

Brazil’s Top Escort Service Exposes Millions of Escort and Client Data

By Owais Sultan
Software escrow is an important tool for managing software as a service (SaaS) and on-premise applications. It helps…
This is a post from HackRead.com Read the original post: The Role of Software Escrow in Mitigating Business Risks

Software escrow is an important tool for managing software as a service (SaaS) and on-premise applications. It helps prevent disputes that arise when cloud providers exit the market or go bankrupt, and it ensures that organizations can access their data in the event of a disaster. In this blog post, we explore how software escrow works and why it’s important to your business.

**Understanding Business Risks**

Risks are a part of doing business. They’re not necessarily bad or good, but they always exist in some form. You can minimize your risk by taking precautions and being aware of what’s out there, or you can increase your risk by making decisions that put yourself or others at risk.

When it comes to software escrow services and mitigating business risks, we need to understand the types of risks that may affect our customers’ businesses: financial, operational, strategic, and even environmental (natural disasters).

These categories intersect with one another frequently, for example, one type of environmental risk might be flooding which could cause damage both financially (through lost equipment) and also operationally (downtime).

**Exploring Software Escrow Solutions**

Software escrow is a way to ensure that software is released as intended. It can be used in many different contexts, but its main purpose is to mitigate the risks associated with software development and delivery.

Utilizing software escrow services provides a reliable mechanism for storing the source code, documentation, and other critical assets so that in case of unforeseen circumstances or a vendor’s inability to fulfil their obligations, the software users can still access and continue using the software.

In the context of software escrow, the term “release” refers to any time one party gives another party access to some type of digital content or technology (e.g., source code). This could include things like:

*   Release of source code under an open-source license
*   Distribution of custom applications developed for specific clients
*   Delivery of proprietary software by purchase order or other agreement

**Advantages of Software Escrow**

*   Software escrow can help you avoid the risk of vendor lock-in.
*   It can also increase the likelihood of a successful software deployment, which is important for your business as it reduces costs and increases productivity.
*   Software escrow protects your investment in software by ensuring that if anything goes wrong with either party (the buyer or seller), then all parties have an agreed-upon way of resolving disputes without needing to go through litigation or arbitration processes. This means that there will be no additional legal costs associated with resolving issues that arise during this process, making it easier for everyone involved!

**Key Considerations for Implementing Software Escrow**

1.  **Ease of use:** The software escrow process should be easy to implement and use so that you don’t have to spend time learning how to use it.
2.  **Cost:** The cost of a software escrow service should be reasonable considering the value that it provides your business.
3.  **Legal requirements:** Your business may have legal requirements that require you to keep copies of certain documents or files available at all times, in case they’re needed by regulators or law enforcement officials during an investigation. If so, then consider which types of data should be included in your software escrow agreement so as not to miss anything important for future compliance purposes (e.g., internal communications). You will also want to make sure any third-party providers agree with these terms before signing up for their services because otherwise there could be problems down the road when trying to access those files later on!

**Software Escrow Release Triggers**

Release triggers are the conditions that must be met for the software to be released from escrow. Release triggers can be based on time, events, or other factors. For example:

*   A company may want its software to be released when it is ready for production use (e.g., after testing).
*   Another company may want its software to be released only after certain events occur (e.g. when a competitor launches a similar product).

**Addressing Common Misconceptions**

As you can see, software escrow is not a replacement for any of these things. But it is an important element that helps to mitigate risk in each case. It’s probably best to think of software escrow as an additional layer on top of your existing processes and agreements not a replacement for them.

If you’re still unsure about how software escrow can help your business protect itself against risk and liability, please contact us today!

**The Future of Software Escrow**

Software escrow is a valuable tool for mitigating business risks in the modern world. It can be used to protect business investments and mitigate legal risk, as well as ensure that you get what you pay for. Software escrow is also cost-effective, with no upfront costs or monthly fees; it’s simply an additional charge on top of your software purchase price that pays off when disaster strikes and it will happen eventually!

In short: software escrow is something every smart business owner should consider adding to their arsenal of protective measures against unforeseen disasters like data loss or theft (or even just poor customer service).

**Conclusion**

With software escrow, companies can mitigate business risks and help protect their investments. The process is simple, with little to no impact on day-to-day operations. By using software escrow, businesses can ensure that they have access to their valuable data at all times while also limiting their exposure in case something goes wrong with the original software platform or vendor relationship.

The Role of Software Escrow in Mitigating Business Risks

By Owais Sultan
More and more businesses see the value of investing in knowledge management software, which benefits both the organization…
This is a post from HackRead.com Read the original post: Learning Management System: What is it and Why do you need it?

More and more businesses see the value of investing in knowledge management software, which benefits both the organization and its trainees. It’s clear why workers enjoy e-learning, corporate training, and other forms of training management software. 

Online training is advantageous because it allows workers to learn at their own pace, eliminates the need to attend tedious in-person sessions, and keeps workers interested through interactivity. 

This article will define a Learning Management System (LMS), highlight its essential features and advantages, and explain why it is essential for businesses to use an LMS to maximize their training and education programs.

**What Exactly Is an LMS?**

A learning management system (LMS) is a piece of software designed to facilitate the management and distribution of educational opportunities within an organization. Because of its web-based nature and lack of software installation, a learning management system (LMS) is ideal for today’s students.

Since LMSs are mobile-friendly, businesses can develop their solution by hiring an LMS development company and reach employees no matter where they are and provide them with the training resources they need. Scalability and customization are two critical features of a successful learning management system. Most significantly, it facilitates the integration of different instructional approaches.

**Why Do You Require a Learning Management System?**

**Efficiency in Education**

An LMS is a consolidated system that facilitates education for instructors and students alike. Students may study at their speed and on their own time thanks to the accessibility of online training resources. On the other side, administrators have a centralized location from which to administer and distribute training materials, monitor progress, and report on results.

**Cost-Effectiveness**

Businesses may save money on training by switching to an LMS since it eliminates the need for costly printed materials, rented classroom space, and paid teachers. As a bonus, training materials may be easily updated and revised, cutting down on maintenance expenditures.

**Efficient Administration and Management of Training**

A Learning Management System streamlines the paperwork involved in managing training. An LMS streamlines the administrative operations involved in teaching, from developing and arranging courses to registering students and monitoring their progress. There will be better results from training when administrators can readily track student progress, pinpoint areas of weakness, and implement individualized solutions.

**Interactive Learning**

A well-designed learning management system supports free speech in a digital classroom. They may network with classmates to learn from one another, exchange ideas, and work together on projects. In addition, they are always aware of what their teachers and classmates are up to. Additionally, connectivity with other technologies, such as live chat, can allow administrators and students to communicate without physically meeting.

**Personalized and Flexible Learning**

LMSs promote individualized education by letting businesses modify course materials for specific students. Students have the freedom to select their courses of study, read only those resources that are most pertinent to them, and take only those tests designed specifically for them. An LMS’s adaptive learning capabilities make use of data and analytics to make real-time changes to the learning environment, tailoring content suggestions and interventions to each student.

**What Is the Typical Cost of LMS Development?**

Several variables affect how much it will cost to create a learning management system, such as the size and scope of the project, the features prioritized, the degree of customization required, the degree of integration required, and the method of development chosen (from scratch or by adapting an existing platform).

A fair estimate would put the price tag in the tens or hundreds of thousands of dollars. You could talk to professional developers or development firms to receive a more precise estimate tailored to your needs. A customized cost estimate that fits your budget and goals may be derived after they evaluate the project’s complexity and learn about any customizations you require.

**Conclusion**

A Learning Management System (LMS) is software that facilitates the development, administration, and distribution of educational content. Organizations can unlock the full potential of their workforce and achieve sustainable growth in the digital era of learning by utilizing an LMS for employee onboarding, compliance training, and continual professional development.

**RELATED ARTICLES**

1.  Top learning management system (LMS) software for small businesses
2.  How is mLearning the Future of On-The-Go Dynamic Training Programs?
3.  Global cybersecurity market is poised to reach nearly $420 billion by 2028

Learning Management System: What is it and Why do you need it?

By Habiba Rashid
The campaign, which began at the start of August 2023, revolves around malicious packages impersonating the legitimate noblox.js,…
This is a post from HackRead.com Read the original post: Luna Grabber Malware Hits Roblox Devs Through npm Packages

The campaign, which began at the start of August 2023, revolves around malicious packages impersonating the legitimate noblox.js, a popular Node.js Roblox API wrapper.

*   **Roblox developers are being targeted by a new malware called Luna Grabber**

*   **The malware is being distributed through malicious npm packages that impersonate legitimate software.**

*   **Luna Grabber is capable of stealing sensitive data from victims’ web browsers, Discord applications, and local system configurations.**

*   **The malware was downloaded approximately 1000 times, but its impact was relatively low due to the security measures in place to protect developers on the npm repository.**

*   **The incident highlights the growing trend of malicious actors employing typo squatting to exploit developers’ trust in legitimate software packages.**

Cybersecurity firm ReversingLabs has uncovered a sophisticated cyber attack targeting developers on the Roblox gaming platform. Malicious actors have been distributing malicious packages through the npm public repository, attempting to exploit users by mimicking legitimate software while incorporating malicious payloads that steal sensitive information from victims’ systems.

**Malware Campaign Overview**

The campaign, which began at the start of August 2023, revolves around malicious packages impersonating the legitimate noblox.js, a popular Node.js Roblox API wrapper. By infiltrating the npm public repository, attackers capitalized on unsuspecting developers seeking to interact with the Roblox gaming platform using scripts.

ReversingLabs researchers identified several malicious packages during the campaign, including noblox.js-vps, noblox.js-ssh, and noblox.js-secure. These packages were engineered to deliver multi-stage malicious payloads that targeted victims’ local web browsers and Discord applications. The most notable payload identified was Luna Grabber, an open-source malware designed to extract sensitive data.

**Malware Execution and Strategy**

Attackers meticulously designed the malicious packages to closely resemble the legitimate noblox.js package. By mirroring the original code and adopting similar naming conventions, the attackers aimed to deceive developers into downloading and using the compromised software.

The malicious packages leveraged a variety of techniques to compromise victims’ systems, including the incorporation of a separate file named postinstall.js. This post-installation script triggered the execution of a malicious payload after the package installation was completed. The malware then determined whether the victim was operating a Windows machine and proceeded to download and execute the Luna Grabber malware from Discord’s Content Delivery Network (CDN).

**Luna Grabber: Information Stealing Malware**

The research revealed that the primary payload of the malicious packages was Luna Grabber, a highly customizable malware capable of stealing information from victims’ web browsers, Discord applications, and local system configurations. The malware was also equipped with features that enabled it to detect virtual environments and initiate a self-destruct mechanism if necessary.

Interestingly, the attackers behind the campaign took advantage of the user-friendly nature of Luna Grabber’s builder application, simplifying the process of creating and configuring the malicious executable.

Screenshot shared by ReversingLabs shows Luna Grabber builder

While Luna Grabber’s open-source nature allowed attackers to tailor the malware to their needs, the choice of targeting developers on the Roblox platform suggests a focus on a specific user group.

**Limited Impact and Lessons Learned**

Despite the campaign’s sophistication, its impact remained relatively low. The malicious packages were downloaded approximately 1000 times, signalling that the security measures in place to protect developers on the npm repository were successful in limiting the reach of the attack.

The incident sheds light on the growing trend of malicious actors employing typo squatting to exploit developers’ trust in legitimate software packages. This approach has been previously observed in other campaigns, such as the IconBurst and Brainleeches campaigns.

Fake noblox.js-ssh’s npm website page (ReversingLabs)

While multi-stage malicious packages are common on certain open-source platforms, such as PyPI, their presence on npm—where this campaign took place—represents the ongoing challenge of maintaining secure open-source repositories and the importance of cautiousness in choosing software packages for development purposes.

1.  CISA warns of trojanized JavaScript library’s NPM package
2.  Discord.io Admits Data Breach: Info of 760K Users Sold Online
3.  6 official Python repositories plagued with cryptomining malware

Luna Grabber Malware Hits Roblox Devs Through npm Packages

By Habiba Rashid
TP-Link Tapo L530E Smart Bulb found vulnerable, putting user WiFi credentials at risk.
This is a post from HackRead.com Read the original post: TP-Link Smart Bulb Users at Risk of WiFi Password Theft

The vulnerabilities of the smart bulb were identified by cybersecurity researchers from Italy and the United Kingdom.

**Summary**

*   Security researchers have found vulnerabilities in the TP-Link Tapo L530E smart bulb and the corresponding Tapo app.

*   These vulnerabilities could allow attackers to steal users’ WiFi passwords and gain unauthorized access to their networks.

*   The vulnerabilities are rated as high and medium severity, and affect both the hardware and software of the smart bulb.

*   TP-Link has acknowledged the vulnerabilities and is working on a fix.

*   In the meantime, users are advised to update the firmware of their smart bulbs and use strong passwords.

In the era of expanding home automation, the convenience of controlling devices remotely and optimizing energy consumption is met with an emerging concern: the security of interconnected smart devices.

A recent investigation by security researchers from Italy and the UK has illuminated potential vulnerabilities in the popular TP-Link Tapo L530E smart bulb and the corresponding Tapo app, exposing users to the risk of having their WiFi passwords stolen by malicious actors.

The TP-Link Tapo L530E smart bulb, a common sight in homes and available on major marketplaces such as Amazon, has become a focal point for researchers due to its extensive adoption. The study (PDF), conducted by experts from the Universita di Catania and the University of London, talks about broader security risks prevalent in the expansive world of Internet of Things (IoT) devices, many of which exhibit subpar authentication safeguards and insecure data transmission practices.

The following four distinct vulnerabilities have been identified within the TP-Link Tapo L530E smart bulb and the Tapo app, each presenting its unique security implications:

**Improper Authentication: **

The primary vulnerability is rooted in improper authentication during the session key exchange process. This flaw permits attackers in close proximity to the device to impersonate it, resulting in the compromise of Tapo user passwords and control over Tapo devices. With a high-severity CVSS v3.1 score of 8.8, this exploit represents a substantial risk.

**Hard-coded Weakness:**

The second vulnerability, also high-severity with a CVSS v3.1 score of 7.6, is a result of a hardcoded short checksum shared secret. Malicious actors can exploit this flaw by engaging in brute-forcing techniques or by decompiling the Tapo app. 

**Predictable encryption_:_**

The third flaw, rated with a medium severity, pertains to the predictable nature of symmetric encryption due to a lack of randomness in its application. 

**Replay Attacks:**

Lastly, the fourth vulnerability allows attackers to conduct replay attacks, effectively replicating previously intercepted messages to manipulate device functions.

Keeping in mind the vulnerabilities above, the researchers showcased several scenarios which a malicious actor may be inclined to employ. In the first scenario, an attacker exploits the first and second vulnerabilities to impersonate the smart bulb and compromise a user’s Tapo account.

By infiltrating the Tapo app, the attacker can extract critical WiFi information, including the SSID and password, enabling unauthorized access to all devices linked to the same network. Though this attack requires the device to be in setup mode, attackers can easily disrupt the bulb’s functionality and prompt a reset, thus enabling the execution of the attack.

For the second scenario, the researchers delved into Man-in-the-Middle (MITM) attacks, showcasing the potential for attackers to intercept and manipulate communications between the Tapo app and the bulb.

By exploiting the first vulnerability, attackers can capture RSA encryption keys, which are then exploited to decode further data exchanges. Moreover, unconfigured Tapo devices can be utilized in MITM attacks to extract sensitive information during the setup process.

TP-Link Tapo L530E smart bulb on Amazon – The data extracted by researchers

In a comment to Hackread.com, Andrew Bolster, Senior R&D Manager for Data Science at Synopsys Software Integrity Group told Hackread.com that, “These new vulnerability notices demonstrate again that while consumers want to believe that the smart devices that we bring into our homes and make part of our lives are somehow completely isolated and secure, security is not that simple.”

Andrew warned that “As Synopsys previously demonstrated with last year’s Vulnerability Advisory on IKEA smart bulbs, these assistive and clever devices can be the weak-link into the trusted home environment; A beachhead for malicious actors to then gain horizontal access to other devices behind the ‘secure’ firewall. And as we add increasingly smart devices, be it fridges, voice assistants, heating controllers, vacuum cleaners, etc, opportunity for security failures to spread expands exponentially.”

“As with any modern security threat model, defence-in-depth and trust-but-verify stand; smart devices should be kept on separate WiFi networks from personal devices where possible, and the inbound/outbound connections into this network should be heavily restricted,” he emphasised.

The findings of this investigation have been responsibly disclosed to TP-Link, prompting acknowledgement from the vendor. Assurances have been made that fixes for the vulnerabilities will be implemented in both the app and the bulb’s firmware. However, specific details about the availability of these fixes and the versions still susceptible remain undisclosed.

Here are some additional safety guidelines that users should follow:

*   Only connect your smart bulbs to trusted networks.
*   Keep your smart bulbs up to date with the latest firmware.
*   Be careful about what information you share with smart bulb apps.
*   Use strong passwords and enable multi-factor authentication for your smart bulb accounts.
*   If you think your smart bulb has been compromised, change your passwords and reset your devices.

In light of these vulnerabilities and the expanding realm of IoT devices, isolating such devices from critical networks, updating firmware and app versions, and bolstering account protection through strong passwords and multi-factor authentication remains the recommended practices.

**RELATED ARTICLES**

1.  IoT devices could help authorities solve criminal cases
2.  Hackers can use flaw in Philips smart light bulbs to spread malware
3.  Hackers can clone your lock keys by recording clicks from smartphone
4.  Whitehat hacker shows how to detect hidden cameras in Airbnb, hotels
5.  Lamphone attack recovers secretive conversations via hanging light bulb

TP-Link Smart Bulb Users at Risk of WiFi Password Theft

By Deeba Ahmed
Hundreds of impacted retailers could not process payments, complete orders, or trade online due to the attack on Swan Retail.
This is a post from HackRead.com Read the original post: Cyberattack on UK IT Firm Swan Retail Affects 300 Retailers

1.  **Swan Retail IT Outage:** On August 13, 2023, UK’s Swan Retail faced major technical glitches due to a cyberattack by an unauthorized third party, causing significant disruptions across 300 retailers.
2.  **Response and Investigation:** Swan Retail swiftly alerted internal IT, retailers, and authorities. The UK NCSC, Action Fraud, and others are investigating the incident.
3.  **Retailer Impact:** Diverse independent retailers, from fashion to sports equipment, suffered financial losses due to suspended services and disrupted launches.
4.  **Growing Cyberattack Trend:** Eduard Doroskevic from Adarma noted the rising trend of coordinated cyberattacks across industries, emphasizing the need for collaborative defense.
5.  **Securing the Digital Chain:** Doroskevic stressed securing the digital supply chain, suggesting constant vigilance, risk mitigation, and resource prioritization to protect against evolving threats.

On Sunday, 13 August, 2023, a UK-based Retail Management and EPOS Solutions provider called Swan Retail observed ‘technical difficulties,’ in several back-office systems causing ‘significant’ service disruptions.

According to a statement from the company’s representative, its systems were targeted by an unauthorized third party to which the company responded quickly by alerting its internal IT team, affiliated retailers, and law enforcement authorities.

However, around 300 retailers have been affected by this attack. The company didn’t disclose what kind of attack took place that resulted in such an extensive outage of services.

For your information, Swan Retail is part of Swan Group, acquired by ClearCourse in November 2020. The company supplies stock control and account systems, payment gateways, online ordering, and other IT solutions to retailers all across the UK. ClearCourse is a conglomerate of numerous tech brands offering integrated software solutions and payment platforms.

The cyberattack on Swan Retail has impacted a wide range of independent retailers from almost all sectors, such as fashion, homewares, furniture, departmental stores, sports/pets/outdoor equipment dealers, stadiums, and garden centers.

Many vendors failed to bring in new collections and suffered heavy financial losses. Their services have remained suspended since Sunday with no clarity over when the services will be back online.

The company claims that the issue will be resolved soon. The incident is under investigation by the UK National Cyber Security Center (NCSC), Action Fraud, and other agencies.

About this incident, Eduard Doroskevic, Principal Consultant at Adarma told Hackread.com that the industry is experiencing a systematic wave of cyberattacks, to address which well-coordinated efforts are mandatory.

“Businesses can no longer operate in isolation. Cyber risks are systemic and can extend beyond a business’s perimeter, allowing adversaries to infiltrate partnering organizations. Addressing this challenge requires a coordinated effort,” said Doroskevic.

Doroskevic warned that “Incidents like this are rising in frequency, highlighting the importance of securing the digital supply chain. Employing an ongoing strategy of discovery, assessment, and validation is essential to ensure organizations maintain constant vigilance and uphold their risk tolerance thresholds within acceptable boundaries.”

Through a comprehensive approach encompassing risk mitigation, resource prioritization, and continuous surveillance, enterprises can reinforce their supply chains and protect their vital assets in response to evolving threats,” he advised.

1.  Retail giant Claire’s online store hacked after closing 3000 stores
2.  Electronics retail giant CeX hacked; data of 2 million customers stolen
3.  Gun Retailer Airsoft GI’s Forum Hacked; 65,000 User Accounts Leaked
4.  Fashion retailer BrandBQ exposes 1 TB of customers, contractors data
5.  South Korean Retail Giant Lotte’s Website Hacked After US Military Deal

Cyberattack on UK IT Firm Swan Retail Affects 300 Retailers

By Waqas
Bronze Starlight hackers have been cleverly utilizing a valid Ivacy VPN code-signing certificate to target the Southeast Asian gambling industry.
This is a post from HackRead.com Read the original post: Chinese Hackers Using Stolen Ivacy VPN Certificate To Sign Malware

*   **Chinese APT group Bronze Starlight uses stolen Ivacy VPN certificate to sign malware for the Southeast Asian gambling sector**.

*   **Stolen certificate makes malware appear legitimate, bypassing security and blending in with regular software.**

*   **Attacks began in March 2023, linked to earlier Operation ChattyGoblin discovered in 2022.**

*   **Bronze Starlight, known for political campaigns, deploys malware via chat apps and fake software versions.**

*   **Malware targets vulnerable software, and avoids execution in some Western countries; DigiCert revoked certificate; no statements from PMG PTE LTD or Ivacy VPN.**

SentinelLabs researchers have discovered that a Chinese APT group known as Bronze Starlight has been signing off malware with a valid certificate. This certificate is used by Ivacy VPN, and the hackers’ target is the gambling industry in Southeast Asia.

Using this technique, hackers can ensure that malware bypasses all security measures without raising suspicion and invades target devices. It can also easily blend into legitimate software traffic.

It is worth noting that the issue was first reported by MalwareHunterTeam on X (previously known as Twitter) on 29 May 2023 and later analyzed by SentinelLabs. According to researchers, this stolen certificate belongs to Singapore-based VPN vendor PMG PTE LTD, the developer of Ivacy VPN.

In SentinelLabs’ blog post authored by Aleksandar Milenkoski, the first wave of attacks was observed in March 2023; however, it could be a continuation of an already ongoing hacking campaign dubbed Operation ChattyGoblin (discovered by ESET in late 2022).

Bronze Starlight (aka DEV-0401 and SLIME34) is a Chinese ransomware group that mostly runs espionage and politically motivated campaigns instead of financially motivated ones. The group’s primary weapon is ransomware, including LockFile, LockBit 2.0, NightSky, AtomSilo, Pandora etc, as reported previously by SecureWorks and Microsoft.

The attack starts with delivering .NET executables such as AdventuresQuest.exe onto the targeted device through compromised chat applications. This particular file was first observed by MalwareHunterTeam’s cybersecurity expert, and they later reported it on X.

Per MalwareHunterTeam’s observation, the certificate used in this attack was similar to the one used in authentic Ivacy VPN installations.

> "PMG PTE. LTD." signed "AdventureQuest.exe": 43fb2d2e7596bed395bba6e012d0ee13ed61856cd63db47bf94160881d3e3ac7  
> www.100helpchat\[.\]com  
> 🤔 pic.twitter.com/OqLfTPwdGX
> 
> — MalwareHunterTeam (@malwrhunterteam) May 29, 2023

The executables then retrieve password-protected ZIP archives from Alibaba storage repositories through fake or infected versions of popular programs vulnerable to DLL hijacking, such as Microsoft Edge, Adobe Creative Cloud, and McAfee VirusScan.

Further research from SentinelLabs revealed that the executables used geo-restrictions for preventing malware from getting executed in certain, pre-defined Western countries, e.g., the USA, France, Germany, Russia, India, Canada, and the UK. This could be because the hackers are either not interested in targeting these regions or are deliberately avoiding them to raise the chances of this campaign’s success.

Researchers believe that the VPN vendor doesn’t seem involved in this hack even though Ivacy VPN’s certificate has been used, also available on the PMG PTE LTD website.

> _“It is likely that at some point the PMG PTE LTD signing key has been stolen – a familiar technique of known Chinese threat actors to enable malware signing.”_
> 
> Aleksandar Milenkoski – Senior Threat Researcher at SentinelLabs

This is a common practice as VPNs frequently become targets of APT groups because of the trove of sensitive data and communications these may offer. It is unclear what kind of data Chinese hackers could be obtained through Ivacy VPN. For your information, the certificate has now been revoked by DigiCert.

Surprisingly, neither PMG PTE LTD nor Ivacy VPN has issued any official statement regarding this issue.

1.  TeamViewer was Targeted by Chinese Hackers in 2016
2.  Chinese VPN app Quickfox caught exposing 1 million users’ data
3.  Chinese APT group spying on Vietnam military with FoundCore RAT

Chinese Hackers Using Stolen Ivacy VPN Certificate To Sign Malware

By Waqas
Contrary to the typical cyberattack narrative, this breach stems from a whistleblower leak, revealing sensitive information to the German media outlet Handelsblatt.
This is a post from HackRead.com Read the original post: Whistleblower Leak Reveals Tesla Data Breach, Affects 75,000

*   **– Tesla discloses data breach affecting 75,000 individuals.**

*   **– Whistleblower leak exposes personal info to German media outlet.**

*   **– Former employees violate data protection policies, sharing data.**

*   **– Leaked ‘Tesla Files’ contain employee details and production secrets.**

*   **– Legal actions initiated, highlighting data protection challenges.**

Electric vehicle giant, Tesla has recently revealed a data breach that has affected approximately 75,000 individuals. Contrary to the typical cyberattack narrative, this breach stems from a whistleblower leak, revealing sensitive information to the German media outlet Handelsblatt.

**Unveiling the Breach:**

Tesla’s disclosure to the state of Maine’s attorney general office has shed light on a data breach that occurred in May 2023. The breach led to the exposure of personal information, including social security numbers, of over 75,700 individuals. The compromised data encompasses names, contact information, and employment records of both current and former employees.

**Whistleblower Revelation:**

The breach’s origins trace back to two former Tesla employees who allegedly shared confidential company information with Handelsblatt.

The automaker stated that these ex-workers had “misappropriated the information in violation of Tesla’s IT security and data protection policies.” This breach incident highlights the challenge companies face in maintaining data security even after employees leave their roles.

**Compromised Information:**

The data leaked to Handelsblatt, colloquially referred to as the ‘Tesla Files,’ contained an extensive array of information. The leaked data reportedly encompassed details about more than 100,000 current and former employees, including customer banking information, production trade secrets, and customer complaints related to driver assistance systems.

**Legal Ramifications and Protective Measures:**

Tesla swiftly responded to the breach by initiating legal action against the responsible employees. Court orders were secured to prevent further dissemination and use of the stolen data, under threat of criminal penalties.

The leaked data is not intended for publication by Handelsblatt, reducing the immediate risk of data misuse. However, Tesla is taking additional measures to safeguard affected individuals by offering credit monitoring and identity protection services. A template letter written by Tesla’s Data Privacy Officer, Steven Elentuk, revealed the following information:

A foreign media outlet (named Handelsblatt) informed Tesla on May 10, 2023 that it had obtained Tesla confidential information. The investigation revealed that two former Tesla employees misappropriated the information in violation of Tesla’s IT security and data protection policies and shared it with the media outlet. The outlet has stated that it does not intend to publish the personal information, and in any event, is legally prohibited from using it inappropriately.

Tesla immediately took steps to contain the incident, understand the scope, and protect your information. Among other things, we identified and filed lawsuits against the two former employees. These lawsuits resulted in the seizure of the former employees’ electronic devices that were believed to have contained the Tesla information. Tesla also obtained court orders that prohibit the former employees from further use, access, or dissemination of the data, subject to criminal penalties. Tesla cooperated with law enforcement and external forensics experts and will continue to take appropriate steps as necessary.

**Future Implications:**

Although not a malicious cyberattack, the breach has raised concerns about data protection and the security of confidential data within the company. The breach underscores the critical importance of data protection and cybersecurity within organizations.

Even without the traditional hallmarks of a cyberattack, the vulnerability posed by insider threats and data leaks remains significant. Companies, especially those dealing with sensitive and confidential information, must strengthen their data protection policies and employee exit protocols to mitigate the risk of such incidents.

1.  Sensitive user data found in Tesla car parts sold on eBay
2.  Bug bounty: Hack Tesla Model 3 to win your own Model 3
3.  Musk: Russian hacker tried hiring Tesla worker for malware attack
4.  Russian hacker pleads guilty to planting malware in Tesla Gigafactory

Whistleblower Leak Reveals Tesla Data Breach, Affects 75,000

By Habiba Rashid
Foreign cyber spies are targeting the US space industry for secrets and technology, warns the FBI, NCSC, and AFOSI.
This is a post from HackRead.com Read the original post: FBI and NCSC Warn of Foreign Cyberattacks on US Space Sector

*   **Authorities warn of foreign cyber spies targeting the US space industry.**

*   **Beijing and Moscow are major sources of cyber threats, according to the US.**

*   **Tactics include cyberattacks, investments, and recruitment, says the FBI.**

*   **The US space sector’s significance increases vulnerability.**

*   **Advisory stresses safeguarding data and reporting suspicions.**

In a joint advisory published on Friday, the Federal Bureau of Investigation (FBI), the National Counterintelligence and Security Center (NCSC), and the Air Force Office of Special Investigations (AFOSI) issued a warning about the escalating threat of nation-state-sponsored cyber espionage targeting companies within the US space industry.

The report underscores the heightened risks posed by cyberattacks and other covert methods employed by foreign intelligence entities to pilfer research, trade secrets, and sensitive information related to the burgeoning sector.

Beijing and Moscow, the advisory points out, loom large as the main sources of these threats, with the FBI and other intelligence agencies identifying these capitals as prime actors in these ongoing campaigns. 

“We anticipate growing threats to this burgeoning sector of the US economy,” a counterintelligence official emphasized in a statement to Reuters.

As the global space economy is predicted to surge from $469 billion in 2021 to over $1 trillion by 2030, with the United States driving this growth, the vulnerability of the US space industry to foreign espionage has intensified, the report stated. 

Foreign intelligence entities are employing a multifaceted approach to access sensitive information crucial to their respective space programs. Techniques include cyberattacks, strategic investments, supply chain node targeting, and manipulation of joint business ventures and acquisitions.

The advisory also sheds light on espionage agents attending industry conferences and even requesting visits to industry facilities in pursuit of confidential data.

The report also highlights a tactic involving the recruitment of individual employees through offers of overseas work or consulting positions, along with direct offers of payment in exchange for intellectual property. The agencies underscore the importance of vigilance among US space companies and recommend immediate contact with the FBI or AFOSI in case of suspicious activities.

“Foreign intelligence entities recognize the importance of the commercial space industry to the US economy and national security,” the advisory states. It highlights that not only does the industry contribute significantly to emergency services, energy, financial services, telecommunications, transportation, food, and agriculture, but its role is also pivotal in supporting critical infrastructure that underpins these domains.

US authorities, while not naming any specific countries, highlight the persistent and well-documented threats from Chinese hackers in the aviation, space, and satellite technology sectors. Chinese ambitions to challenge the United States space supremacy have been evident for years, with the Chinese government openly outlining its intention to lead the world in space exploration and technology by 2045.

In light of these intensifying espionage campaigns, the joint advisory urges safeguarding sensitive information and proprietary technologies within the US space industry.

Source

HackRead