By Deeba Ahmed
The attacks, according to Reuters' report, happened between August and September 2022. 
This is a post from HackRead.com Read the original post: Russian Hackers Targeted Three US Nuclear Research Labs

The Russian hackers from the Callisto group used fake login pages for each lab and sent emails to nuclear scientists to trick them into divulging their passwords.

In its latest report released this Friday, Reuters revealed surprising details of how a group of Russian hackers targeted three high-profile nuclear research laboratories.

As per Reuters research, the hacking group is known as Callisto (aka Cold River), and they managed to target the Argonne, Brookhaven, and Lawrence Livermore National Laboratories. On the other hand, at least five prominent cybersecurity experts second these findings.

It is worth noting that in December 2020, a group of Russian hackers were also blamed for targeting 40 agencies including US Nuclear Agency.

**When and How the Attacks Occurred?**

The attacks, according to Reuters’ report, happened between August and September 2022. That’s when Russian president Vladimir Putin claimed Russia intended to use nuclear weapons for its defence. So, it seems likely that the three labs were targeted to steal crucial information.

During their attack, the hackers used phishing techniques by creating fake login pages for each lab and sent emails to nuclear scientists to trick them into giving away their passwords. Researchers couldn’t determine why Callisto targeted these three labs and whether they succeeded in their attempts.

However, they did reveal that the attack occurred after United Nations (UN) experts entered Ukraine’s Russian-held territories to inspect the Russian-occupied Zaporizhzhia nuclear plant to assess the extent of fallout that could be caused by excessive shelling in its vicinity.

Malicious PDF files sent by Calisto (Image credit: Sekoia)

**About Callisto**

This hacking group first surfaced on the internet in 2016 when Britain’s Foreign Office was targeted. The group is known for targeting Western allies of Ukraine and has stepped up its hacks after the Russian invasion of Ukraine in February 2022.

The same group was also pointed out for targeting and leaking the emails of the former head of the British intelligence agency MI6. You can also read the group’s activities, analyzed by cyber security researchers at Sekoia, in their blog post.

Recently, Callisto has been involved in many prominent hacking incidents. Reuters connected the emails used by this group between 2015 and 2020 to Andrey Korinets, a Syktyvkar-based bodybuilder and IT expert.

However, when Reuters interviewed him, Korinets admitted using those emails but denied any connection with Callisto. Nonetheless, Billy Leonard from Google Threat Analysis Group claims they have verified Korinets as an active member of Callisto.

1.  Top US Federal Agencies Hacked by Russian Hackers
2.  Russian hackers hit Republican and Conservative leaders
3.  Russia Hackers Abusing BRc4 Red Team Penetration Tool
4.  Russian hackers hacked Department of Homeland Security
5.  SolarWinds Hack – US Blames Russian Intel Agency Hackers

Russian Hackers Targeted Three US Nuclear Research Labs

By Waqas
Hackers are using ChatGPT to develop powerful hacking tools and create new chatbots designed to mimic young girls to lure targets, claims Check Point.
This is a post from HackRead.com Read the original post: Hackers Exploiting OpenAI’s ChatGPT to Deploy Malware

In one instance, a hacker shared an Android malware code written by ChatGPT, which could steal desired files, compress them, and leak them online.

Cybercriminals have a new trick up their sleeve involving the abuse of an artificially intelligent (AI) chatbot from OpenAI called ChatGPT. ChatGPT app has become popular since its launching at the end of November 2022, so naturally, scammers are eyeing it for exploitation.

**ChatGPT Abused to Build Hacking Tools**

According to a new report from Israeli security firm Check Point, hackers are using ChatGPT to develop powerful hacking tools and create new chatbots designed to mimic young girls to lure targets.

ChatGPT can also code malicious software that can monitor users’ keyboard strokes and create ransomware. For your information, ChatGPT has been developed by OpenAI as an interface for its LLM (Large Language Model).

However, cybercriminals have somehow figured out a way to make it a threat to the cyber world since its code generation capability can easily help threat actors launch cyberattacks.

On the other hand, Hold Security’s founder Alex Holden stated that he has observed dating scammers exploiting ChatGPT to create convincing personas. Scammers are creating female personas to impersonate girls to gain trust and have lengthier conversations with their targets.

**Potential Dangers**

Check Point Research’s researchers explained in their blog post that an attacker could create an authentic-looking spear-phishing email to run a reverse shell that can accept commands in English.

Many underground hacking forums have posted about incidents where cybercriminals used OpenAI to develop malicious tools, even those having no development skills. In one of the posts that Check Point reviewed, a hacker shared an Android malware code written by ChatGPT, which could steal desired files, compress them, and leak them on the web.

One user shared how they abused ChatGPT by using it to create code-up features of a marketplace on the Dark Web, like Silk Road and Alphabay.

Another tool was posted on the forum that could be used to install a backdoor on a device and upload more malware onto the compromised computer. Similarly, a user-shared Python code capable of file encryption using the OpenAI app.

Posting related to chatGPT on a popular hacker forum

Check Point researchers observed that this was the first tool this user had created. Such codes could be used for malicious purposes and modified to encrypt a device without involving user interaction, just like with ransomware. 

Moreover, scammers can also use ChatGPT to build bots and sites to trick users into sharing their information and launch highly targeted social engineering scams and phishing campaigns.

OpenAI is yet to respond to these findings.

1.  AI-based Model to Predict Extreme Wildfire Danger
2.  Website uses AI to create utterly realistic human faces
3.  Microsoft patent reveals chatbot to talk to dead people
4.  This AI Can Generate Unique and Free Bored Ape NFTs
5.  AI-Powered Smart Glasses Give Deafs Power of Speech
6.  ‘Fawkes’ privacy tool blocks images from facial recognition

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Hackers Exploiting OpenAI’s ChatGPT to Deploy Malware

By Waqas
The data was collected through web scraping techniques however some sites are reporting it as a "Twitter data breach," or " Twitter being hacked." 
This is a post from HackRead.com Read the original post: Twitter Scraping Breach: 209 Million Accounts Leaked on Hacker Forum

The leaked Twitter data is now circulating on several hacking forums, including prominent Russian-language ones.

Personal data, including email addresses, of nearly 209 million **Twitter** users were scraped, stolen, and posted on an online hacking forum. As seen by Hackread.com, the database posted online contains 209,000,000 records, all belonging to Twitter users.

The database comprises usernames, follower counts, creation dates, and email addresses of Twitter users. The good news is that no passwords, phone numbers, IP addresses, or physical addresses were leaked.

Leaked data – Screenshot: Hackread.com

Although some reports claim that the total number of leaked accounts is 235 million, Hackread.com’s analysis suggests that the exact number, after deleting duplicate accounts, is 209 million.

This should not come as a surprise, as just a couple of months ago, a hacker **leaked 5.4 million account details** of Twitter users. This was followed by another incident in which a threat actor was selling scraped data of **400 million Twitter users**.

The data leak is currently being regarded as one of the most impactful and significant leaks he has seen so far because leaking such a vast amount of email IDs can expose the victims to a range of attacks, including doxing, hacking, and targeted phishing.

The information can expose the users’ real identities since people use their real names to create email addresses.

It is worth noting that the threat actor leaked the data on a hacker forum that surfaced as an alternative to the popular and **now-seized Raidforums**. In their post, they stated that the leaked data was collected through web scraping techniques however some sites are reporting it as a “Twitter data breach,” or ” Twitter being hacked.”

However, some are of the opinion that the leaked data is at least two years old. Ron Scott-Adams, VMware’s product line marketing manager, examined the data and claimed that it is at least two years old, and except for email addresses, it mainly consists of publicly available data.

Conversely, Synopsys’ associate principal consultant, Jamie Boote, stated that the data was collected through web scraping via a now-fixed **Twitter bug**.

“In 2021, people discovered that the Twitter API could be used to disclose email addresses that were provided from other sources and also leak some other semi-public info like tying a Twitter handle with that email address,” the email dumps were then used by different groups as seed material to look for handles they could exploit, added Boote.

This issue was fixed one year back so it seems that someone collected the data, combined it with new accounts, and leaked it online. HaveIBeenPwned’s Troy Hunt also assessed the data and stated that it is pretty much what it has been described as.

It is still unclear who hacked and leaked the data online. But security experts are sure that the breach occurred in 2021. Nevertheless, the incident reveals the **dangers of unsecured API**. Users must change their Twitter password and ensure the same password isn’t used for other sites.

Twitter is yet to comment.

1.  **APT Groups Trapping Targets with Clever Twitter Scheme**
2.  **Researcher logs into Trump’s Twitter with password MAGA2020**
3.  **Twitter hacker charged in sim swapping, cryptocurrency scheme**
4.  **Twitter Goes on Tor with New Dark Web Domain to Evade Censorship**
5.  **Mastermind of 2020’s top celebrity Twitter hack sentenced to 3 years**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Twitter Scraping Breach: 209 Million Accounts Leaked on Hacker Forum

By Deeba Ahmed
In total 22 proprietary software vulnerabilities were identified in the firmware, which Qualcomm addressed in its January 2023…
This is a post from HackRead.com Read the original post: Chip Vulnerabilities Impacting Microsoft, Lenovo, and Samsung Devices

In total 22 proprietary software vulnerabilities were identified in the firmware, which Qualcomm addressed in its January 2023 security bulletin.

Firmware attacks are increasingly common nowadays as cybercriminals are focusing more on the lower-level embedded code, which supports hardware. **Qualcomm**’s hardware is the latest target in this regard.

Reportedly, the company was notified about the presence of nearly 2 dozen security vulnerabilities in its flagship chipset suite, Snapdragon.

**Vulnerabilities Details**

These vulnerabilities were discovered by Binarly AI-powered firmware protection company. In total 22 proprietary software issues were identified in the firmware, which Qualcomm addressed in its January 2023 security bulletin.

These include 2 bugs in automotive tracked as CVE-2022-33218 and CVE-2022-33219 and one bug in powerline communication firmware tracked as CVE-2022-33265. These bugs were rated critical or high severity and their patching was quite complex.

Additionally, five major vulnerabilities in UEFI firmware on ARM were identified and tracked as CVE-2022-40516 to CVE-2022-40520. These vulnerabilities impacted the whole infrastructure of ARM-based devices and laptops.

Binarly discovered two types of vulnerabilities, including out-of-bounds read issued and stack-based buffer overflows. Both were connected to the DXE driver and could be exploited by whoever gained elevated privileges.

The company has released patches for the vulnerabilities in its latest security advisory, including patches for five connectivity and boot issues.

**Which Devices are at Risk?**

Devices made by Lenovo, Microsoft, and Samsung are at risk due to using Snapdragon chipsets. However, the scope of impact is highly diverse as the vulnerabilities may affect vehicles to powerline communications. For your information, the Snapdragon CPU uses the ARM architecture.

Therefore, apart from Lenovo and other manufacturers, ARM-based Microsoft Surface and Windows Dev Kit 2023/Project Volterra computers were also affected by the vulnerabilities. Some vulnerabilities could lead to arbitrary code execution and be exploited for a Secure Boot bypass, allowing an attacker to gain persistence on a device by gaining privileges to write to the file system.

**How the Flaws Were Discovered?**

Binarly founder and CEO, Alex Matrosov revealed that they discovered around nine security vulnerabilities while examining the Lenovo Thinkpad X13s firmware powered by the Snapdragon system-on-a-chip.

Further probe revealed that some vulnerabilities were specific to Lenovo devices and five impacted Qualcomm reference codes. This means the vulnerabilities were impacting laptops and all other devices having Snapdragon chips installed.

Matrosov clarified that this was the first time UEFI firmware vulnerabilities connected to the ARM device architecture were disclosed at such a scale. The CEO also noted that the number of affected chipsets is “massive.”

The good news is that Lenovo has addressed the issue and its advisory is available here.

1.  Alert: New Bluetooth flaw lets attackers monitor traffic
2.  Source code of over 50 top organizations leaked online
3.  Hackers Exploiting MSI Afterburner to Deliver Coin Miner
4.  400 chip flaws turn 3 billion Android phones into spying tool
5.  Microsoft hopes Windows PCs protection with Pluton security chip

Chip Vulnerabilities Impacting Microsoft, Lenovo, and Samsung Devices

By Owais Sultan
An insider threat has emerged as one of the most significant threats to all types of businesses and organizations.
This is a post from HackRead.com Read the original post: Preventing Insider Attacks on Your HR System

Insider attacks can come from a variety of sources, including current and former employees, contractors, and third-party vendors.

Insider attacks on HR systems can be devastating for any organization. Not only can they lead to the loss of sensitive information, such as employee records and payroll data, but they can also erode trust and damage the company’s reputation.

Whether it be employee negligence, credential theft, or a criminal insider, the average cost of such a data breach is estimated at $484,931 per incident. That’s why it’s crucial to take steps to prevent these types of attacks from happening in the first place.

So, how do you do that? It all starts with identifying potential insider threats and implementing strong security measures to protect your HR systems.

**Identifying potential insider threats**

Insider attacks can come from a variety of sources, including current and former employees, contractors, and third-party vendors. This is why it is vital that you are aware of all individuals who have access to your HR systems and that you regularly review and update access permissions to ensure that only those who need access have it.

It’s also important to be aware of any individuals who have access to sensitive HR information, even if they don’t have direct access to the systems themselves. For example, a receptionist with access to physical employee files could potentially steal sensitive information and pass it along to someone else.

 This is why you must have strict protocols in place for accessing and handling sensitive information, regardless of whether it is stored digitally or in physical form.

**Implementing security measures**

Once you’ve identified potential insider threats, it’s time to take action to protect your HR systems. Some key measures to consider include:

**Using strong, unique passwords for all HR system accounts.**

Avoid using the same password for multiple accounts and consider using a password manager to generate and store secure passwords. It’s also a good idea to regularly update passwords and encourage employees to do the same.

**Enabling two-factor authentication for HR system accounts.**

This adds an extra layer of security by requiring users to enter a code sent to their phone or email in addition to their password when logging in. Two-factor authentication can help prevent unauthorized access, even if an attacker manages to obtain an employee’s password.

**Regularly reviewing and updating access permissions for HR systems**

Make sure that only those who need access have it and remove access for anyone who no longer needs it, such as former employees. It’s also a good idea to periodically review access permissions to ensure that they are still appropriate for each individual.

**Monitoring HR system activity and flagging any suspicious behaviour**

Use tools such as intrusion detection systems and log monitoring to identify and alert you to any unusual activity. This can help you catch potential insider attacks early on and take action to prevent further damage. Different HRIS systems have different security features, so be sure to review the available options and choose one that offers the right level of protection for your organization.

**Implementing security training for all HR personnel**

Make sure that everyone who has access to HR systems and sensitive information is aware of proper security practices and knows how to identify and report potential threats. Training can help employees understand the importance of protecting sensitive information and give them the tools they need to do so.

**Responding to an insider attack**

Despite your best efforts, it’s still possible that an insider attack could occur. In the event of an attack, it’s important to act quickly to minimize the damage. Some steps to take include:

*   Disconnecting affected HR systems immediately to prevent further access can help prevent an attacker from doing further damage and give you time to assess the situation.

*   Conducting a thorough investigation to identify the source of the attack – This may involve working with cyber security experts and law enforcement to track down the perpetrator. It’s important to understand how the attack occurred and what information may have been accessed or compromised.

*   Implementing additional security measures to prevent future attacks – This may include strengthening passwords, enabling two-factor authentication, and conducting regular security assessments. It’s also a good idea to review your current security protocols and see if there are any areas that need improvement. This could include strengthening access controls, increasing monitoring of system activity, or implementing additional training for employees.

*   Communicating the incident to relevant parties, including employees and authorities if necessary – It’s important to be transparent about the situation and to take steps to restore trust and prevent similar attacks from happening. This may involve informing employees about the attack, explaining what steps are being taken to address it, and offering resources for any affected individuals. Depending on the severity of the attack, it may also be necessary to inform authorities and take legal action against the perpetrator.

**Final word**

Preventing insider attacks on HR systems is a continuous process that requires regular attention and updates. By being proactive and taking steps to identify and mitigate potential threats, you can protect your organization’s sensitive information and maintain the trust of your employees.

It’s also important to have a response plan in place in case an attack does occur so that you can act quickly and effectively to minimize the damage and prevent future attacks. By following these best practices, you can help ensure that your HR systems are secure and that your organization’s sensitive information is protected.

1.  Managing Insider Threats with Internal Monitoring
2.  SEC charges dark web user of insider trading, money laundering
3.  Some Meta Employees and Security Guards Hacked User Accounts
4.  SpaceX employee admits security fraud, insider trading on dark web
5.  Insider hacks Marriott hotel reservation system; slashes rate up to 95%

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Preventing Insider Attacks on Your HR System

By Owais Sultan
Do you run a Product as a Service business? Use the powerful advertising strategies in this article to…
This is a post from HackRead.com Read the original post: Advertising Strategies for PaaS services

**Do you run a Product as a Service business? Use the powerful advertising strategies in this article to succeed with your business & reach a wider audience.**

**Advertising Strategies For PaaS Services**

Businesses nowadays are increasingly turning to **PaaS services** to power their applications and services. They need an effective advertising plan to get the word out about their offer and attract new customers.

Have you ever considered using Platform-as-a-Service (PaaS) services to help promote your business? PaaS is a cloud computing platform that provides software tools, technologies, and resources needed to build applications.

It allows developers to quickly deploy applications and manage their infrastructure without worrying about the complexities of hardware or servers.

PaaS services are becoming increasingly popular for smaller and larger organizations looking for secure, reliable, cost-effective ways to manage their infrastructure. PaaS provides a range of features that can be used to create web applications quickly and efficiently without worrying about maintenance or server configuration.

However, **top PaaS providers** are also looking for some strategies that can help to attract more customers and stand out from the competition. This blog post will look at some of the best advertising strategies for PaaS services. Let’s dive in. 

**Set The Right Goals**

Setting goals for developing an advertising strategy for a Platform-as-a-Service (PaaS) company is essential to success. Every PaaS app will have different goals; the more your team can find out about the desired result, the more effective your plan can be. 

Whether you want to build brand awareness or directly increase conversions and revenue, define those objectives, so you know where to focus your efforts. Once you’ve done this, create a comprehensive, creative advertising plan that meets your goals and budget. 

Support it with data and analytics so you’re always aware of what strategies are succeeding, where you need improvement and any changes in consumer attitudes or behaviours. 

Advertising your PaaS product effectively means constantly adapting and refining processes, but with strong objectives in place, this should never feel intimidating.

**Improve Your Customer Experience**

When it comes to your PaaS services, the customer experience should always take priority. Therefore, crafting ads, and highlighting your services’ quality and convenience is critical. Your goal should be to convince customers that making the switch to you is worth it. 

To do so, an advertising strategy needs to focus on showcasing how customers will benefit from using your service, think of fast delivery times, improved efficiency, and access to exclusive features. It also helps if your visuals are attractive and upbeat; after all, creating ads with a touch of wit is guaranteed to draw attention. 

**Explain The Benefits, Not The Features**

When advertising PaaS services, a surefire way to get your audience interested is to focus on the benefits of the services instead of the features. Put simply; you want to explain why these services are unique and valuable for your target audience. 

Narrate a story that speaks directly to each member of your customer base, so they understand how the service fits into their needs and lifestyle. Boldly communicate what can be accomplished thanks to this PaaS offering and highlight the difference it makes or can make.

Speak in an attractive, knowledgeable way and sprinkle creative content throughout your advertising strategy, don’t underestimate the power of visuals and videos. Keep it brief but convincing, showcasing plenty of use cases and powerful testimonials devoted customers have shared about using the services.

**Don’t Underestimate Your Marketing Efforts**

Every business has to market itself to be successful, which goes for Platform-as-a-Service (PaaS) services. Many organizations need to pay more attention to their need to market themselves, not realizing its impact on their success. To build a foundation of promotion and recognition among the wider public, it’s important to develop a comprehensive advertising strategy. 

This would include carefully selecting appropriate channels, such as **search engine optimization** and content marketing, in addition to paid ads or promotions. Finding the right combination will work wonders in helping your PaaS services gain more visibility while creating trust and loyalty with potential customers. 

Remember to consider how far good marketing can take you. Investing in your advertising efforts will help you see a great return on investment in no time. Just like a prototype in **Figma** aids developers in bringing their ideas to life, well-crafted advertising strategies can similarly jump-start your PaaS services and get them off the ground.

**Ensure Customers Don’t Leave**

Optimizing your advertising strategy for PaaS Services is important to ensure customers stay. This can be achieved by bringing in new customers and emphasizing keeping existing ones. 

You should focus on developing tailored experiences that cater to the needs of existing customers and include provisions for feedback to iron out any issues or flaws that arise quickly. 

Furthermore, discount or loyalty initiatives such as offering coupons, exclusive loyalty cards, or referral programs could help you retain users. Also, ensure your advertising strategies constantly evolve with the markets, so your services remain competitive and interesting for customers.

**Offer Free Trial Period**

Businesses can benefit from offering a free trial period for their PaaS services. Free trials allow potential customers to test the services for a certain time and can be limited or unrestricted depending on the company’s advertising strategy. This is an effective way to get people on board with no obligations, as people are likelier to take advantage of something offered for free. 

Furthermore, providing free trials makes it easier for customers to decide whether or not they would like to commit to a specific service, as it allows them to experience what your company offers. 

In addition, a free trial encourages word-of-mouth marketing since satisfied customers will likely recommend the service, increasing brand awareness and lead generation significantly.

1.  **Crucial Cybersecurity Software Features (2022)**
2.  **5 Best Learning Management System (LMS) Software**
3.  **Why You Need to Amp Up Your Onboarding Experience**
4.  **Understanding Software Supply Chain and How to Secure It**

Advertising Strategies for PaaS services

By Waqas
Apparently, the server belongs to a company based in the US with offices around the globe including India.
This is a post from HackRead.com Read the original post: Top ERP Firm Exposing Half a Million Indian Job Seekers Data

At the time of writing, a misconfigured server belonging to an Enterprise Resource Planning (ERP) Software provider based in California, United States was still exposing data to public without any security authentication or password.

An **Elasticsearch server** belonging to a major international IT recruitment and software solution provider is currently exposing the personal data of more than half a million Indian candidates looking for jobs.

However, the data is not limited to jobseeker as the server is also exposing the company’s employees’ data. Another important aspect of this data exposure is the fact that it also contains the company’s client records from different companies, including Apple and Samsung.

This was confirmed to Hackread.com by **Anurag Sen**, a prominent independent security researcher. What is worse, the server is still exposed and publicly accessible without any security authentication or password. Originally, the server was being exposed since late December 2022.

It all started when Anurag scanned for **misconfigured databases on Shodan** and noted a server exposing more than 6GB worth of data to public access. Anurag said that the server belongs to a company originally based in the United States with offices around the globe  
including India. Whilst the database contains details of job seekers in **India**.

Hackread.com would not share the name of the company in this article because the server is still exposed.

**Exposed Data**

Anurag’s analysis of the server revealed that the exposed records contain personal data of over 575,000 individuals, while the size of the data is over 6.3GB and increasing with new data with each day passing. This data includes the following:

*   Full Name
*   Date of birth
*   Email address
*   Phone number
*   Resume details
*   Employer details

The screenshot below shows the candidate details and client data that are currently being exposed:

Image credit: Anurag Sen – Hackread.com

The screenshot below was taken from the live server that shows the company’s client details. Some of these are top companies Apple, Samsung, Sandisk, Unilog, Moody, Intuit, NEC Corporation, Falabella and many more.

The company’s client list also indicates that its a high-profile business with a presence all over the globe.

Screenshot credit: Anurag Sen – Hackread.com

**Indian CERT Alerted**

Since the server is still live at the time of writing; Anurag alerted the Indian Computer Emergency Response Team over the weekend. However, there has been no response from the authorities yet.

**India and server misconfiguration**

India is home to almost 1.4 billion people. This makes the country a lucrative target for businesses as well as cybercriminals. The more the investment, the more widespread and vulnerable the IT infrastructure becomes.

Last year, several top data exposure-related incidents involving tens of millions of victims were reported from India. These included **Indian Federal Police and banking records**, **Covid antigen test results**, **MyEasyDocs**, online packaging marketplace **Bizongo**, etc.

**Impact**

It is yet unclear whether a third party accessed the database **with malicious intent**, such as ransomware gangs or threat actors. However, if it did, it would be devastating for the victim and the healthcare firm responsible for the server.

Furthermore, considering the extent and nature of the exposed data, the incident can have far-reaching implications, such as bad actors downloading the data, carrying out phishing scams, or identity theft-related fraud.

Hackers can hold the company’s server or **data for ransom** and leak it on cybercrime forums if their demands are not met. Nevertheless, the victims in this situation are the job hunters who trusted authorities with their personal information.

**Misconfigured Databases – Threat to Privacy**

Misconfigured or unsecured databases, as we know it, have become a major privacy threat to companies and unsuspected users. **In 2020**, researchers identified over 10,000 unsecured databases that exposed more than ten billion (10,463,315,645) records to public access without any security authentication. 

**In 2021**, the number increased to 399,200 exposed databases. The top 10 countries with top database leaks due to misconfiguration in 2021 included the following:

*   USA – 93,685 databases
*   China – 54,764 databases
*   Germany – 11,177 databases
*   France – 9,723 databases
*   India – 6,545 databases
*   Singapore – 5,882 databases
*   Hong Kong – 5,563 databases
*   Russia – 5,493 databases
*   Japan – 4,427 databases
*   Italy – 4,242 databases

1.  **Hackers claim to be selling 13TB of Domino’s India data**
2.  **Hackers leak data of 29 million Indian job seekers for download**
3.  **India’s COVID-19 surveillance tool exposed millions of user data**
4.  **Hackers leak millions of Airtel India user data with Aadhaar numbers**
5.  **9,517 unsecured databases identified with 10 billion records globally**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Top ERP Firm Exposing Half a Million Indian Job Seekers Data

By Deeba Ahmed
The issue was caused by the software architecture used in Google Home devices.
This is a post from HackRead.com Read the original post: Google Home Vulnerability: Eavesdropping on Conversations

Matt Kunze, an ethical hacker, reported wiretapping bugs in Google Home Smart Speakers, for which he received a bug bounty worth $107,500.

Google Assistant is currently more popular among smart homeowners than Amazon Alexa and Apple Siri, given its superior intuitiveness and capability to conduct lengthy conversations. However, according to the latest research, a vulnerability in **Google Home Smart speakers** could allow attackers to control the smart device and eavesdrop on user conversations indoors.

**Findings Details**

The vulnerability was identified by Matt Kunze, a security researcher using the moniker DownrightNifty Matt. The researchers revealed that if exploited, the vulnerability could allow the installation of backdoors and convert Google Home Smart speakers into wiretapping devices. Moreover, Google fixed the issue in April 2021 following responsible disclosure on 8 January 2021 and developing a Proof-of-Concept for the company.

**Possible Dangers**

The vulnerability could let an adversary present within the device’s wireless proximity install a backdoor account on the device and start sending remote commands, access the microphone feed, and initiate arbitrary HTTP requests. All of this could be possible if the attacker is within the user’s LAN range because making malicious requests **exposes the Wi-Fi password** of the device and provides the attacker direct access to all devices connected to the network.

**What Caused the Issue?**

Matt discovered that the problem was caused by the software architecture used in Google Home devices as it let an adversary add a rogue Google user account to their target’s smart home devices.

A threat actor would trick the individual into installing a malicious Android application to make the attack work. It will detect a Google Home automation device connected to the network and stealthily start issuing HTTP requests to link the threat actor’s account to the victim’s device.

In addition, the attacker could stage a Wi-Fi de-authentication attack to disconnect the Google Home device from the network and force the appliance to initiate a setup mode and create an open Wi-Fi network. Subsequently, the attacker can connect to this network and request additional details such as device name, certificate, and cloud\_device\_id. They could use the information and connect their account to the victim’s device.

According to Matt’s **blog post**, the attacker could perform a range of functions, such as turning the speaker’s volume down to zero and making calls to any phone number apart from spying on the victim via the microphone. The victim won’t suspect anything because just the device’s LED turns blue when the exploitation happens, and the user would think the firmware is being updated.

Matt successfully connected an unknown user account to a Google Home speaker. He created a **backdoor account** on the targeted device and obtained unprecedented privileges that let him send remote commands to the Home mini smart speaker, access its microphone feed, etc. Watch the demo shared by the researcher:

It is worth noting that there’s no evidence this security loophole was misused since its detection in 2021. Being an ethical hacker, the researcher notified Google about the issue, and it was patched. Matt received a **bug bounty** worth $107,500 for detecting this security flaw.

1.  **Google Home Mini Secretly Recorded Conversations**
2.  **Voice assistant devices manipulated with ultrasonic waves**
3.  **Comcast voice remote control could be turned into a spying tool**
4.  **Using laser on Alexa and Google home to unlock your front door**
5.  **DolphinAttack: Voice Assistant Apps Siri and Alexa Can Be Hacked**

Google Home Vulnerability: Eavesdropping on Conversations

By Deeba Ahmed
3Commas' CEO, Yuriy Sorokin, has acknowledged the breach.
This is a post from HackRead.com Read the original post: 3Commas API Database Leaked by Anonymous Hacker

The Federal Bureau of Investigation (FBI) has launched an investigation into the hacking incident targeted against an Estonian crypto trading platform, 3Commas.

**Incident Details**

The hack occurred in early December 2022, during which the hacker gained access to the trading service’s system via the Application Programming Interface (**API**). How they compromised and accessed the platform’s systems is still a mystery.

Reportedly, 3Commas discovered the hacking on December 10th 2022 and an investigation was launched to determine the scale of damage and perpetrators. The FBI was duly notified. Two service users were contacted by the bureau’s Cincinnati Field Office on Thursday in connection to the incident. 

**A Case of Misses Alarm?**

In a **blog post** published December 11th, 2022, 3Commas CEO rubbished the claims from hackers and labelled them as “Bad faith actors” who are “making accusations using falsified evidence.”

Additionally, within the past few months, many 3Commas users discovered their funds were traded on different crypto exchanges they had linked to their accounts without their consent.

**According to** Coin Desk, One of the affected groups comprising sixty members contacted the US Secret Service and other agencies to report their missing funds. As per this group’s leader Edmundo Pena, the losses amounted to over $20 million. However, the platform **claimed** these users became targets of a phishing attack and there wasn’t anything wrong with the service.

**Leaked Data**

3Commas’ API data was the key target in this breach. An initial probe suggested that an anonymous entity leaked around 100,000 Binance and KuCoin API keys belonging to 3Commas. 

Leaked data includes usernames, hashed passwords, and email IDs, but it is unclear if cryptocurrency assets were stolen or financial information was accessed during the breach. According to the API database leaker, the 3Commas keys were sold by an insider. 

> — db (@tier10k) December 28, 2022

However, 3Commas CEO Yuriy Sorokin stated that there was no evidence to believe that any of their employees were involved in the attack. While the investigation is underway, 3Commas has urged users to protect their private and financial data and change their passwords.

Furthermore, they must enable 2FA authentication and monitor their accounts for any unusual activity. Binance CEO Changpeng Zhao aka CZ suggests that users may disable 3Commas API keys because of the leaks.

> I am reasonably sure there are wide spread API key leaks from 3Commas. If you have ever put an API key in 3Commas (from any exchange), please disable it immediately.
> 
> Stay #SAFU.
> 
> — CZ 🔶 Binance (@cz\_binance) December 28, 2022

1.  **The Most Common API Vulnerabilities**
2.  **Cloud Hacking – Why API Remains the Biggest Threat?**
3.  **Urlscan.io API Inadvertently Leaked Sensitive Data and URLs**
4.  **Google reveals unpatched 0day vulnerability in Microsoft’s API**
5.  **Millions impacted as payment API flaws exposing transaction keys**

3Commas API Database Leaked by Anonymous Hacker

By Deeba Ahmed
An EarSpy attack is a proof of concept of a new type of attack on Android devices that exposes users to eavesdropping.
This is a post from HackRead.com Read the original post: EarSpy Attack Can Use Motion Sensors Data to Pry on Android Devices

A technical paper titled “EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers” has revealed how snoopers can exploit motion sensors installed inside **Android** cellphones can help adversaries eavesdrop on the user’s conversations.

**Startling Facts About Motion Sensors**

A team of researchers from different universities, including Rutgers University, Texas A&M University, Temple University, New Jersey Institute of Technology, and the University of Dayton, conducted the research.

The research team comprised Ahmed Tanvir Mahdad, Cong Shi, Zhengkun Ye, Tianming Zhao, Yan Wang, Yingying Chen, and Nitesh Saxena.

Dubbing this side-channel attack EarSpy, researchers noted that motion sensors could be used for registering ear speaker reverberations so that the attacker can determine caller identity and gender and listen to their private conversations.

This research has substantiated the assumption that eavesdropping through capturing motion sensor data is possible.

**How does EarSpy Attack help in Snooping?**

Researchers wrote that the **study** (PDF) was based on the belief that smartphones’ built-in motion sensors can let attackers collect data on indoor locations and touchscreen inputs along with listening to audio conversations without needing explicit permissions before collecting raw data.

Initially, they thought generating powerful vibrations through ear speakers to eavesdrop on user conversations wasn’t possible. But during their research, the team realized that modern smartphones have high-quality stereo speakers and highly sensitive sensors that can detect finer vibrations.

Hence, they finally determined the ideal environment for successful eavesdropping using various devices and techniques. They used multiple pre-recorded audio files, a 3rd party application for capturing sensor data as they simulated calls, and a machine learning algorithm for results interpretation.

**Research Findings**

The team found that gender detection was 98.6%, and speaker detection was up to 92.6% accurate. Moreover, they found speech detection up to 56.42% accurate. This proved the existence of differentiating between speech features in the accelerometer data that attackers can exploit for spying. EarSpy focused on gender recognition using data collected at 20 Hz, which indicates a lower sampling rate can allow attackers to determine the user’s gender.

Overview of ear speaker eavesdropping

**How to Prevent Eavesdropping?**

Researchers recommended limiting permissions to counter eavesdropping via sensor data so that 3rd party applications cannot record sensor data without the user’s permission. It is worth noting that Android 13 doesn’t allow sensor data collection at 200 Hz without the user’s permission to prevent accidental data leaks.

Furthermore, experts suggested that mobile device manufacturers must be cautious about designing more powerful speakers and instead focus on maintaining a similar sound pressure during audio conversations as was maintained by old-generation phones ear speakers.

Lastly, positioning motion sensors as far from the ear speaker as possible could minimize the phone speaker’s vibrations and diminish spying chances.

1.  **5 Tips for Protecting Your Phone from Malware**
2.  **10 Android Educational Apps That Collect Most User Data**
3.  **SSID Stripping flaw lets hackers mimic real wireless access points**
4.  **Hackers could access photos, videos without unlocking your phone**