By Waqas
Dubbed "MCCrash" by Microsoft, the DDoS botnet is currently targeting private Minecraft servers globally.
This is a post from HackRead.com Read the original post: Microsoft Alert: DDoS Botnet Hit Private Minecraft Servers

According to Microsoft, this is an unusual DDoS botnet boasting a unique design that lets it infiltrate Linux systems despite the malware being downloaded from Windows devices.

Remember when, **earlier in January this year**, a massive DDoS attack targeted a Minecraft event, which took down the internet service of the entire country of Andora? Well, now, a new threat has surfaced, whose target is, yet again, Minecraft servers.

Microsoft has published a warning about a cross-platform botnet designed to launch **DDoS attacks** (distributed denial of service attacks) against private Minecraft servers.

MCCrash botnet targets users in Russia, Belarus, Czechia, Ukraine, Uzbekistan, Italy, Nigeria, India, Cameroon, Indonesia, Columbia, and Mexico. Microsoft is tracking the botnet’s activities under the moniker DEV-1028.

**MCCrash Capabilities**

According to Microsoft researchers David Atch, Maayan Shaul, Mae Dotan, Yuval Gordon, and Ross Bevington, this is an unusual botnet boasting a unique design that lets it **infiltrate Linux systems** despite the fact that the malware is downloaded from Windows devices.

When the malware is removed from the infected device, the MCCrash mechanism allows it remains persistent on the unmanaged IoT devices connected to the network and keep operating.

**How Does MCCrash Spread?**

MCCrash spread by numbering default credentials on internet-exposed SSH (secure shell) enabled devices. Since **IoT devices** are usually designed for remote configuration with insecure settings, these devices can be at risk of botnet attacks.

Microsoft didn’t disclose the exact scope of this campaign. The company noted that the botnet’s initial infection point is an array of compromised machines, which it infected using **cracking tools** that promise illegal Windows licenses. The software then executes a Python payload containing the core features of the botnet.

This includes scanning for SSH-enabled Linux devices to launch a dictionary attack. When the Linux host is breached through the propagation method, the same Python payload runs DDoS commands, one of which **attacks explicitly Minecraft servers** and crashes them. Microsoft claims it is highly effective and could be offered as a service on hacking forums.

Screenshot 1 shows cracking tools used to spread the DDoS botnet – Screenshot 2: The DDoS botnet attack flow (Credit: Microsoft)

“This type of threat stresses the importance of ensuring that organizations manage, keep up to date, and monitor not just traditional endpoints but also IoT devices that are often less secure,” Microsoft’s **blog post** noted.

1.  **Minecraft declared the most malware-infected game**
2.  **Malware-infected Minecraft modpacks hit Google Play Store**
3.  **RapperBot malware targets gaming servers with DDoS attacks**
4.  **50,000 Minecraft users infected with hard drive wiping malware**
5.  **Malicious Minecraft apps on Play Store scamming millions of users**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Microsoft Alert: DDoS Botnet Hit Private Minecraft Servers

By Habiba Rashid
Elon Musk's Twitter is on a suspension spree.
This is a post from HackRead.com Read the original post: Mastodon Account Suspended from Twitter Following Ban on Server Links

Twitter has also suspended the accounts of several journalists from organizations such as CNN, The Washington Post, Mashable, The New York Times, The Intercept, etc.

On Wednesday, @ElonJet, an account that tracks the movements of **Elon Musk**’s personal jet, was suspended from Twitter. This comes after Musk stated in November that the account was a “direct personal safety risk” but he would still not ban it due to his “commitment to free speech.” 

Twitter also introduced a new policy, following the @ElonJet account suspension, prohibiting sharing live location information that includes sharing “links to 3rd-party URL(s) of travel routes.” This was only the beginning of another long series of bans.

**Twitter Suspends Mastodon from Twitter**

Twitter has now suspended Mastodon’s **official Twitter account** and although the exact reason is not clear, it’s likely that Mastodon’s tweet about @ElonJet had something to do with it. 

Suspended Twitter account of Mastodon (left) – What happens now when someone tries to post Mastodon’s link (Screenshot source: Hackread.com)

**Mastodon** is a decentralised social network for people looking for a Twitter-like alternative and has recently gained overwhelming popularity in a very short amount of time. Before Mastodon’s Twitter account was suspended, its last tweet pointed to @ElonJet’s Mastodon account which appears to be a violation of the new policy against sharing live locations. 

Moreover, Twitter seems to be blocking tweets that link to a lot of major Mastodon servers. If you tweet too many Mastodon links, an error message appears stating, “We can’t complete this request because this link has been identified by Twitter or our partners as being potentially harmful.” 

This follows after Twitter suspended the accounts of quite a few notable journalists on Thursday despite Elon Musk’s constant proclamations of free speech. 

New York Times reporter **Ryan Mac**, The Washington Post’s **Drew Harwell**, Mashable’s **Matt Binder**, CNN reporter **Donie O’Sullivan**, The Intercept’s **Micah Lee**, political commentator **Keith Olbermann**, independent journalist **Aaron Rupar**, and freelance journalist Tony Webster were removed from the platform.

Suspended accounts of journalists

Musk **declared** that the suspensions were a result of “doxxing,” in a reply to Breitbart’s Rebecca Mansour’s concern over the suspensions. Although Musk claimed that his family was endangered, **stating** in a separate tweet that,

“They posted my exact real-time location, basically assassination coordinates, in (obvious) direct violation of Twitter terms of service,” there is no evidence of the journalists endangering Musk or his family in any way. 

“I was banned on Thursday night immediately after sharing a screenshot from CNN’s Donie O’Sullivan moments after he was suspended,” Binder told Rolling Stone. “The screenshot was an official LAPD statement regarding the incident Elon Musk was tweeting out about last night which led him to suspend ElonJet and its creator Jack Sweeney. I did not share any location data, as per Twitter’s new terms. Nor did I share any links to ElonJet or other location-tracking accounts. I have been highly critical of Musk but never broke any of Twitter’s listed policies.”

Musk’s reign over Twitter has spiralled into a frenzy of account suspensions despite him advocating for “free speech” and tweeting catchphrases like “Sunlight is the best disinfectant” and “Transparency is the key to trust.” In April, he memorably posted, “I hope that even my worst critics remain on Twitter because that is what free speech means.”

Although this news simply adds to the pile of controversies ever since **Musk’s $ 44 billion takeover of Twitter**, it is yet another reminder that Twitter is working towards its own demise. 

1.  **Twitter suspends 125,000 accounts for promoting terrorist acts**
2.  **Twitter suspends ‘Pharma bro’ Martin Shkreli’ account for harassment**
3.  **Twitter suspended 377,000 accounts for promoting terror and extremism**

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Mastodon Account Suspended from Twitter Following Ban on Server Links

By Habiba Rashid
The TGP telecom giant based in North Ryde, Australia revealed that up to 15,000 iiNet and Westnet business customers have been impacted by the breach.
This is a post from HackRead.com Read the original post: Hackers Breach TPG Telecoms’ Email Host to Steal Client Data

TPG Telecom claims that the hackers seemed to be searching for the customers’ cryptocurrency and financial information.

On 14th December, 2022, Australia’s second-largest telecommunications company, TPG Telecom, announced that an email-hosting service used by 15,000 iiNet and Westnet business customers was compromised.

It is worth noting that iiNet is an Australian internet service provider (ISP) acquired by TPG in September 2015 for $1.56 billion, while Westnet is a telecom company also owned by TPG.

TPG’s cybersecurity adviser, **Google-owned Mandiant**, informed the company that they found evidence suggesting unauthorized access to a Hosted Exchange Service during a forensic review. 

The company reported that the hackers seemed to be searching for the customers’ cryptocurrency and financial information. Further details were not given but an investigation into the attack continues. 

In a **notification** (PDF), TPG Telecom said that, “We apologize unreservedly to the affected iiNet and Westnet Hosted Exchange business customers. We continue to investigate the incident and any potential impact on customers and are advising customers to take necessary precautions.”

TPG stated that it has taken steps to cut off the access for the hacker. They also confirmed that no home or personal iiNet or Westnet products were impacted in the incident. 

This news comes just days after TPG’s biggest rival Telstra **published** details of 130,000 customers due to a “misalignment of databases”. 

It is worth mentioning that **in May 2021**, Telstra was also a victim of the Avaddon ransomware gang, who gained access to tens of thousands of the company’s SIM cards.

Sample data leaked by Avaddon hackers on their website (Image credit: Hackread.com)

Australian companies have recently become a hotspot for threat actors to target due to some initial attacks on companies such as Singtel-owned **Optus**, **Medibank** and a second Singtel subsidiary which made it apparent that Australian firms had no adequate security system in place. 

Seeing an onslaught of cyber attacks targeting Australian entities, the country proposed tougher penalties for companies that failed to properly protect their customers’ data.

**MORE TELECOM SECURITY NEWS**

1.  **Hacker extracts Canadian Telecom Firm’s data after rebuttal**
2.  **Spanish telecom firm MasMovil hit by Revil ransomware gang**
3.  **Telecom giant behind routing SMS discloses years-long breach**
4.  **Police arrest minor over A1 Telecom data breach, ransom demand**

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Hackers Breach TPG Telecoms’ Email Host to Steal Client Data

By Owais Sultan
2022 has been a tumultuous one for cybersecurity professionals. Breaches, hacks, and ransomware attacks have become commonplace in…
This is a post from HackRead.com Read the original post: The State of Cybersecurity: Why Industry Experts Are Optimistic

2022 has been a tumultuous one for cybersecurity professionals. Breaches, hacks, and ransomware attacks have become commonplace in the news cycle, leaving many feeling vulnerable and uncertain about their digital safety. 

But despite the headlines, there is good news on the horizon. According to industry experts, the state of cybersecurity is actually looking brighter than ever before. Let’s take a look at what is driving this growing optimism and what it could mean for the future of cybersecurity. 

**The Increasing Adoption of Security Best Practices **

One major factor that is driving optimism in the cybersecurity field is the increasing adoption of security best practices by businesses and organizations around the world. As more companies become aware of the importance of protecting their data, they are taking steps to ensure that their systems are secure. 

This includes investing in security tools such as firewalls, antivirus software, and encryption solutions to protect against cyber threats. Additionally, many organizations have implemented policies and procedures to ensure that their staff members adhere to security protocols when handling sensitive information. All these measures help reduce the risk posed by cybercriminals and make businesses less attractive targets for attackers. 

**Improved Security Awareness Among Consumers **

Another key factor that has contributed to increased optimism about cybersecurity is improved security awareness among consumers. Thanks to increased public education campaigns from governments and tech companies, consumers now have a better understanding of how to protect themselves from online threats. 

For example, most people now know not to click on suspicious links or open emails from unknown senders in order to avoid falling victim to phishing scams or malware infections. This increased level of security awareness helps reduce the number of potential victims for cybercriminals and makes it harder for them to launch successful attacks against unsuspecting users. 

**The Growing Role of Artificial Intelligence in Cybersecurity **

Finally, another reason why many industry experts are feeling more optimistic about cybersecurity is due to the growing role artificial intelligence (AI) is playing in helping detect and prevent cybercrime. AI-based systems can analyze vast amounts of data quickly and accurately in order to identify patterns that may indicate malicious activity on a network or website. 

This allows organizations to be proactive rather than reactive when it comes to preventing cyberattacks, which significantly reduces their risk exposure. Additionally, AI can detect sophisticated attacks earlier than traditional security solutions, which gives IT teams time to act before any harm is done.  

**The Role of Cybersecurity SEO Agency **

According to cybersecurity SEO agency AWISEE, they have seen a heightened demand for their services in recent years. Investing more in growth is an opportunity that can help companies protect their digital infrastructure from staying competitive. 

In today’s market. By taking the time to analyze both internal and external business processes, Cybersecurity SEO Agencies are able to provide sound advice to reduce the risk for those looking for cybersecurity services. With industry applications growing more complex and cyber threats increasing, SEO Agencies provide a valuable solution that companies cannot afford to ignore.

**Conclusion**

Overall, there are several reasons why industry experts are feeling more optimistic about cybersecurity these days – from increased adoption of security best practices by businesses, improved security awareness among consumers, and the growing role AI plays in detecting potential threats – all these factors have contributed towards a brighter outlook for the future of cybersecurity worldwide. 

That said, it’s important for businesses and individuals alike to remain vigilant when it comes to staying safe online so they can continue reaping the benefits of this positive trend going forward into 2023 and beyond!

**More Cybersecurity Topics**

1.  The Human Factor in Cybersecurity
2.  Brand Protection is Essential for Cybersecurity
3.  How to use AI (Artificial Intelligence) in cybersecurity?
4.  CISA Publishes List of Free Cybersecurity Tools and Services
5.  Cybersecurity Has Never Been More Unstable Than It Is Now

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

The State of Cybersecurity: Why Industry Experts Are Optimistic

By Waqas
Authorities have also arrested six individuals accused of running DDoS-for-hire services.
This is a post from HackRead.com Read the original post: 48 DDoS-hiring Services Busted by FBI in Major Sweep

The seizure is a part of a coordinated operation dubbed Operation PowerOFF conducted in collaboration with the UK, Europol, and the Netherlands.

On Wednesday, December 14th, the US Department of Justice (DoJ) announced seizing 48 domains and charging six suspects for being involved in Stresser, aka **Booter services**.

These services offered malicious actors a platform to carry out DDoS attacks (distributed denial of service attacks).

The seizure is a part of a coordinated operation dubbed Operation PowerOFF conducted in collaboration with the UK, Europol, and the Netherlands. The operation is targeted against globally active DDoS-for-hire infrastructure.

**Seized Domains Details**

According to the DoJ, the Federal Bureau of Investigation (FBI) seized 48 domains offering to conduct **DDoS for hire services** on behalf of other cybercriminals in exchange for payment in cryptocurrency.

The seized websites reportedly claimed to offer the service of testing the resilience of web infrastructure but actually offered DDoS for hire services. The platforms had targeted victims worldwide, including in the USA. Their key targets were government agencies, educational institutions, and gaming platforms.

*   Bootersx
*   IPStressercom
*   SecurityTeamio
*   Astrostresscom
*   RoyalStressercom
*   TrueSecurityServicesio

According to the DoJ’s **press release**, millions of users were targeted via these platforms. Just on one platform (IPStressercom), over a million registered users carried out at least 30 million **DDoS attacks** between 2014-2022.

Seizure notice on the sites taken over by authorities (Image: Hackread.com)

**What are Booter Platforms?**

Booters are digital platforms that threat actors can carry out **DDoS attacks against IoT devices** and websites after paying a fee to boot off their target from the internet.

Further, users of these platforms can seek help in launching **powerful DDoS attacks** and flooding the targeted networks/computers with information so that the system stops functioning and has to go offline.

**According to** the FBI, “established booter/stresser services” provide an easy platform to threat actors for conducting DDoS attacks and “obscure attribution of DDoS activity.”

**Who are the Suspects?**

Along with seizing the domains, the FBI has charged six individuals suspected of involvement in operating the seized platforms. The charged suspects include the following:

*   Joshua Laing (32)
*   John M. Dobbs (32)
*   Shamar Shattock (19)
*   Cory Anthony Palmer (22)
*   Angel Manuel Colon Jr. (37)
*   Jeremiah Sam Evans Miller (23)

The defendants are charged with running stresser services and violating the computer fraud and abuse act.

**DDoS attacks – A Growing Concern**

DDoS attacks are a growing concern among businesses and organizations around the world. These malicious cyber attacks involve flooding an organization’s network with large amounts of traffic, making it difficult or impossible for legitimate users to access the services they need.

While DDoS attacks can be difficult to prevent, there are several steps organizations can take to protect themselves against such threats. The first step is to ensure that all software and applications used by the organization are updated regularly with the latest security patches.

Organizations should also consider investing in firewalls and other security solutions that can detect and **block DDoS attacks** before they have a chance to affect operations. Additionally, having security protocols in place for authenticating user accounts is important in order to ensure that malicious actors cannot gain unauthorized access.

1.  **Teen hires attacker to DDoS his school district**
2.  **Authorities seize 15 popular DDoS-for-hire websites**
3.  **World’s largest DDoS-for-hire service & seize its domain**
4.  **Dutch Police Seizes 15 DDoS-for-hire services in one week**
5.  **No prison for the crook duo behind vDOS DDoS for hire service**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

48 DDoS-hiring Services Busted by FBI in Major Sweep

By Habiba Rashid
According to the SEC, the accused used Twitter and Discord to carry out a securities fraud scheme, garnering approximately $114 million from it.
This is a post from HackRead.com Read the original post: SEC Charges 8 Social Media Influencers Over Securities Fraud

It is alleged that since at least January 2020, the accused social media influencers “promoted themselves as successful traders,” to encourage their followers to buy stocks that they had purchased.

On December, 14th, 2022, US Prosecutors charged seven **social media influencers** with using Twitter and Discord to carry out a securities fraud scheme, garnering approximately $114 million from it.

These social media influencers are alleged to promote themselves as successful traders and cultivate hundreds of thousands of followers on Twitter and in stock trading chat rooms on Discord. 

The eighth defendant, Daniel Knight, was charged with aiding and abetting the alleged scheme in the US Securities And Exchange Commission (SEC)’s civil complaint.

Knight, through his podcast, promoted the other defendants as expert traders, directing followers towards their forums. He also had arrangements with others to trade and regularly generate profits from manipulation. 

“Securities fraud victimizes innocent investors and undermines the integrity of our public markets,” said Assistant Attorney General Kenneth Polite of the Justice Department’s Criminal Division.

The DOJ charged all eight defendants with conspiracy to commit security fraud. According to SEC’s **press release**, the following social media influencers were charged:

**Name**

**State of Residence**

**Twitter Handle**

Perry Matlock    

Texas

@PJ\_Matlock

Edward Constantin

Texas

@MrZackMorris

Thomas Cooperman

California

@ohheytommy

Gary Deel

California

@notoriousalerts

Mitchell Hennessey

New Jersey

@Hugh\_Henne

Stefan Hrvatin 

Florida

@LadeBackk

John Rybarczyk

Texas

@Ultra\_Calls

Daniel Knight

Texas

@DipDeity

It is also alleged that since at least January 2020, these so-called **social media influencers** “promoted themselves as successful traders,” to encourage their followers to buy stocks that they had purchased.

Further, after the stock prices and/or trading volumes artificially rose, they regularly sold their shares without informing their followers about their plans to dump the securities.

The criminal complaint and civil lawsuit both were filed in the US District Court for the Southern District of Texas. 

**What Is Securities Fraud?**

Securities fraud, also known as stock fraud and investment fraud, is a type of white-collar crime that happens in the stock and commodity markets. It’s a form of deception used to create fraudulent trades through manipulation or deception.

The goal is to benefit the person committing the fraud while impacting innocent investors and damaging financial markets.

Securities fraud can come in many forms such as insider trading, front-running, pump-and-dump schemes, false advertising, accounting scams and Ponzi schemes. Insider trading occurs when someone with access to important non-public information uses it for their own gain before it becomes public knowledge. Front running involves using information that has not been publicly disseminated to buy or sell securities at an advantage over other investors.

**Protect Against Securities Fraud**

The first step towards protecting yourself is to do research and make sure you understand the terms associated with any investments you’re considering. Ask questions, look at independent sources of information such as financial magazines and websites, and check the credentials of any financial professionals you’re working with. Be wary if anything seems too good to be true and never invest in something based solely on a salesperson’s promises or claims.

1.  **Scammers Made Deepfake AI Hologram of Binance Executive**
2.  **FBI arrests Instagrammer Ray Hushpuppi over $125m BEC scam**
3.  **Why Uploading Your Personal Data on Social Media is a Bad Idea**
4.  **Scammers bought Twitter ads to run verified badge phishing scam**
5.  **Sultry Sextortion Sisters Meet Their Match In Nigerian Oil Billionaire**

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

SEC Charges 8 Social Media Influencers Over Securities Fraud

By Habiba Rashid
Researchers at Sophos X-Ops Rapid Response (RR), Mandiant, and SentinelOne have confirmed Microsoft's blunder.
This is a post from HackRead.com Read the original post: Microsoft-Signed Drivers Helped Hackers Breach System Defenses

Evidence suggests that the Cuba ransomware gang used malicious hardware drivers certified by Microsoft’s Windows Hardware Developer Program in an attempted ransomware attack.

Remember when, in 2021, **a report surfaced** that revealed Microsoft had signed a driver called Netfilter, and later it turned out it contained malware? Well, it has happened again, but on a larger scale.

Sophos X-Ops Rapid Response (RR) recently discovered evidence which proves that threat actors potentially belonging to the Cuba ransomware gang used malicious hardware drivers certified by Microsoft’s Windows Hardware Developer Program in an attempted ransomware attack. 

Drivers — the software that allows operating systems and apps to access and communicate with hardware devices — require highly privileged access to the operating system and its data, which is why Windows requires drivers to bear an approved cryptographic signature before allowing the driver to load.

However, cybercriminals have long since found approaches to **exploit vulnerabilities** found in existing Windows drivers from legitimate software publishers. These hackers make an effort to progressively move up the trust pyramid, using increasingly well-trusted cryptographic keys to digitally sign their drivers. 

**Sophos** along with researchers from **Google-owned Mandiant** and SentinelOne warned Microsoft about these signed malicious drivers which were being planted into targeted machines using a variant of the BurntCigar loader utility. These two then worked in tandem to kill processes associated with **antivirus (AV)** and endpoint detection and response (EDR) products. 

“Ongoing Microsoft Threat Intelligence Center analysis indicates the signed malicious drivers were likely used to facilitate post-exploitation intrusion activity such as the deployment of ransomware,” Microsoft **said in an advisory** published as part of its monthly scheduled release of security patches, known as Patch Tuesday.

On left is a valid signature identified by Mandiant – On the right is a valid signature identified by Sophos

Microsoft concluded its investigation by stating that “no compromise has been identified,” and proceeded to suspend the partners’ seller accounts. Moreover, they released Windows security updates to revoke the abused certificates. 

Mandiant’s report is available **here**. In SentinelOne’s **blog post**, the security firm reported that it had seen several attacks where a threat actor used malicious signed drivers to evade security products which usually trust components signed by Microsoft.

The threat actors were observed to be targeting organisations in the business process outsourcing (BPO), telecommunications, entertainment, transportation, MSSP, financial and cryptocurrency sectors and in some instances, **SIM swapping was the end goal**.

Code signing overview

Cuba Ransomware group was identified to be involved in gaining $60 million from attacks against 100 organisations globally, according to **a joint advisory** earlier this month from the US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI.

The advisory also included warnings regarding the ransomware group which has been active since 2019 and continues to attack US entities in critical infrastructure, including financial services, government facilities, healthcare and public health, and critical manufacturing and information technology.

This is not the first time threat actors have used drivers signed by Microsoft in their operations, as we know it, and it seems that putting a stop to this practice has **not been an easy task for Microsoft**.

1.  **Microsoft Office Most Exploited Software in Malware Attacks**
2.  **BlueBleed Breach Microsoft Exposed 2.4 TB of Customer Data**
3.  **Microsoft security patch bypassed to drop Formbook malware**
4.  **Retired Software Boa Exploited To Target Power Grids, Microsoft**
5.  **Malware Apps Signed with Hacked Android Platform Certificates**

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Microsoft-Signed Drivers Helped Hackers Breach System Defenses

By Waqas
As seen by Hackread.com, the hacker is selling the stolen InfraGard database which contains the personal data of its members for $50,000.
This is a post from HackRead.com Read the original post: FBI’s Security Platform InfraGard Hacked; 87k Members’ Data Sold Online

In 1996, the U.S. Federal Bureau of Investigation (**FBI**) launched a program named InfraGard to develop physical and cyber threat information-sharing collaborations with the private sector. Recently, a database containing contact details of over 87,000 members of InfraGard was posted on BreachedForums, a cybercrime and hacking forum which surfaced as an alternative to the now-defunct **now-seized Raidforums**.

Here are the details of the incident.

**What Happened?**

As seen by Hackread.com, the hacker is selling the stolen InfraGard database for $50,000. In a post published on the forum on 10th December 2022, the hacker also provided sample data to verify their claim which contained a variety of personal information of **InfraGard** members including the following:

1.  Full names
2.  Email addresses
3.  Employment details
4.  Industry of employment
5.  Social media USERIDs and more.

The seller uses the nick “USDoD” and has the U.S. Department of Defense seal as the avatar. Further probe revealed the hacker infiltrated the network after registering an account in the name of the CEO of a financial organization CEO, vetted by the FBI, without their knowledge or consent.

Screenshot credit: Hackread.com

**How did the Hack Occur?**

On the other hand, independent security researcher Brian Krebs also **reported** the breach. Krebs contacted the hacker who informed him how they obtained the data. The seller revealed that they gained access to the InfraGard network by applying for a new account, using personal details, including name, date of birth, and Social Security Number, of a CEO of a company who was a promising candidate for InfraGard membership.

This CEO is the head of a major US financial corporation that directly impacts Americans’ creditworthiness. The hacker applied on behalf of this CEO in November, including their personal email I.D., and they added the CEO’s real cellphone number.

It is worth noting that approval on InfraGard usually takes around 3 months, but the hacker’s application was approved earlier than usual. Since InfraGard’s system allows members to choose between one-time code activation through email or SMS and **MFA**, the hacker’s job became easier as they could access the program’s user data through an Application Programming Interface/API.

Further, they requested a friend to write **Python** code to retrieve all the data from the API. The hacker claims to have access to their account on InfraGard still and is in direct contact with its members via the program’s online portal.

Screenshot credit: Hackread.com

**Scale of Breach**

It is worth mentioning that the InfraGard program has details of high-profile personalities in the private sector, involving administrative heads from physical and cyber security firms. These organizations manage critical national security and welfare infrastructure, such as power and drinking water plants, financial services, transportation, manufacturing, healthcare, nuclear energy, and communication firms.

Per the FBI InfraGard fact sheet, the program connects owners, stakeholders, and operators of critical infrastructures with the bureau, offering them information sharing, education, and networking services to mitigate looming threats and risks collectively.

Moreover, when assessed, it turned out that almost half of the user accounts didn’t contain email addresses, and crucial fields like date of birth and Social Security Number were empty in most records.

KrebsOnSecurity has shared the screenshots and related data of the communication with the hacker so that they could be removed from the InfraGard forum.

**History of InfraGard**

InfraGard was established in 1996 as a joint initiative of the FBI’s National Infrastructure Protection Center (NIPC) and the Information Systems Security Association (ISSA). InfraGard provides access to secure email systems, secure data storage platforms, web-based vulnerability assessment tools, password management solutions and other security services.

Additionally, InfraGard offers educational seminars on topics such as cybersecurity best practices and emerging threats. These seminars are open to members of all sectors and help them stay informed about current security trends.

Furthermore, InfraGard also provides resources for identifying potential cybercrime victims or suspicious activities before they become major issues.

1.  **Software in FBI’s biometric database contains Russian code**
2.  **Hacker dumps Guns.com database with customers, admin data**
3.  **1 out of 2 American Adults Part of FBI’s Facial Recognition Database**
4.  **New Uber Data Breach – Hacker Leaks Employee and Sensitive Data**
5.  **Database with 1.2 billion people’s data leaked online without password**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

FBI’s Security Platform InfraGard Hacked; 87k Members’ Data Sold Online

By Habiba Rashid
The trove of sensitive data belonging to California-based Cornerstone Payment Systems was left exposed on a misconfigured server without any security authentication.
This is a post from HackRead.com Read the original post: Payment Giant Exposed 9 Million Credit Card Transaction Records

In a recent find, security researcher Jeremiah Fowler and the Website Planet research team discovered an open and unprotected database that contained 9,098,506 records of credit card transactions. 

What’s worse, the trove of personal and financial was left exposed on a misconfigured server without any password or security authentication.

The owner of the database was identified as Cornerstone Payment Systems, a credit card processing company based in California. Upon being informed, they took swift action to restrict public access the very same day, thanking the researchers for reporting the exposure. 

Cybercrimes related to credit and financial data are especially dangerous because access to data such as partial credit card numbers, account or transaction information, names, contacts, and donation comments **allow threat actors to establish a target profile**.

These criminals are then able to launch highly targeted phishing campaigns or social engineering attacks. It is estimated that 98% of cyber attacks involve some form of social engineering.

**The Exposed Data**

In this data leak, the **Personally Identifiable Information (PII)** included merchants, users, and customer names, partial credit card numbers, type of card, expiration date, physical addresses, and email addresses, security or access tokens, phone numbers, and more.

Furthermore, information regarding the transaction was also included such as donation details, recurring payments, and comments. The donation details had the dollar amount and what the donation was for such as payments for goods or services, and any other transaction.

Additionally, electronic check payment data included bank names and check numbers. The notes also had authorization tokens and if the payment was declined, or accepted, and reasons for the decision.

Cybercriminals would be able to use such information to reach out to customers while pretending to be legitimate merchants or organizations. This sensitive information warrants that criminals can build a relationship of trust with their victims to obtain additional payment information or a **Social Security Number (SSN)** or other information for nefarious purposes. 

Screenshot 1 shows transaction records from an anonymous donor – Screenshot 2 shows transaction records including personal data (Provided to Hackread.com by Website Planet)

Moreover, according to Website Planet’s blog post, since many of the transactions in this database were made for donations or recurring payments to religious organizations, charity campaigns, or nonprofit groups, the criminals could target victims based on their beliefs or the causes that they support.

Many of the transaction comments the researchers saw were for religious, **pro-life/anti-abortion, anti-COVID mandates**, and other conservative or religious causes. It is not uncommon for hacktivists to take a vigilante stance and attack targeted individuals.

Therefore, it is essential for organizations that collect and store PII to use encryption and take other security measures to protect their sensitive data online. It is also just as necessary for the potentially affected individuals to be notified and advised to practice extra caution in all their online interactions.  

1.  **Identity Theft Statistics You Need to Know in 2022**
2.  **Unprotected Servers Exposed 579 GB of Website Activity**
3.  **Anonymous hacked 90% of Russian unprotected databases**
4.  **Misconfigured baby monitors expose video streaming online**
5.  **350m email addresses exposed on unprotected AWS S3 bucket**

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Payment Giant Exposed 9 Million Credit Card Transaction Records

By Waqas
Another day, another data breach at Uber - This time around, a hacker has leaked stolen data on a prominent cybercrime and hacking forum.
This is a post from HackRead.com Read the original post: New Uber Data Breach – Hacker Leaks Employee and Other Sensitive Data

Another day, **another data breach at Uber**. This time, one of the world’s leading ride-sharing platforms has suffered yet another security incident, after which hackers posted sensitive employee information and internal corporate data.

It is worth noting that the data has been leaked on BreachForums, which surfaced as an alternative to the now-defunct **now-sized Raidforums**.

**Incident Details**

The cyberattack targeting Uber and Uber Eats occurred over the weekend. The news was first broken by RestorePrivacy on Saturday morning when a hacker with the username UberLeaks started leaking data stolen from the company on a popular data leak platform.

The hacker created four different topics to post the data. This includes Uber MDM at uberhub.uberinternal.com, Uber Eats MDM, and third-party platforms Teqtivity MDM and TripActions MDM.

Image source: Waqas – Hackread.com

**What Data Was Leaked?**

Hackread.com has seen the data and it can be confirmed that it contains several archives, including the source code linked with mobile device management platforms that Uber Eats and Uber both use, along with third-party vendor services.

The leaked data also includes data destruction reports, IT asset management reports, Windows domain login names, and email IDs, apart from corporate info. The Windows Active Director information and email IDs category contained over 77,000 records of Uber employees.

It is possible that this data doesn’t belong to the September breach because the files are unrelated to that incident, and Uber doesn’t own the code. Though Uber users don’t need to feel scared by this data breach, the company’s employees should be worried as they could become a **target of phishing attacks**.

Screengrab source: Waqas – Hackread.com

**Who Could be the Perpetrator?**

Each of the four data leak category titles refers to a **Lapsus$ hacking group** member, also known for high-profile cyberattacks on Samsung, Nvidia, Microsoft, and Ubisoft. It is suspected that the same hacking group has targeted Uber because Lapsus$ had already **attacked Uber in September** and managed to access its internal network and Slack server.

1.  **Hundreds of Uber Eats User records leaked on Dark Web**
2.  **Uber Hacker Targets Rockstar Games, Leaks Trove of GTA 6 Data**
3.  **Uber Rival Careem Hacked, 14 million customer & driver data stolen**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Source

HackRead