FISA

  South Korea's largest online retailer, Coupang, has apologised for a massive data breach potentially involving nearly 34 million local customer accounts. The country's internet authority said that it is investigating the breach and that details from the millions of accounts have likely been exposed. The e-commerce platform is often described as South Korea's equivalent of Amazon.com. The breach marks the latest in a series of data leaks at major firms in the country, including its telecommunications giant, SK Telecom. Coupang told the BBC it became aware of the unauthorised access of personal data of about 4,500 customer accounts on 18 November and immediately reported it to the authorities. But later checks found that some 33.7 million customer accounts - all in South Korea - were likely exposed, said Coupang, adding that the breach is believed to have begun as early as June   through a server based overseas. The exposed data is limited to name, email address, phone numb...

  Millions of Instagram users panicked over sudden password reset emails and claims that 17.5 million user data records had been stolen, while Meta denied any breach allegations. Millions of Instagram users received emails urging them to reset passwords. Many instantly linked the requests to the reported Instagram data breach by Malwarebytes last week. The claims originated from a post on the notorious hacker forum Breach Forums, which advertised a dump titled “INSTAGRAM.COM 17M GLOBAL USERS – 2024 API LEAK.” The seller claimed the dataset contained data on 17.5 million Instagram users, packaged in JSON and TXT files. According to the post, the stolen data included full names, email addresses, phone numbers, and partial location data. However, on Saturday, Meta issued a denial, explaining that the reset emails are related to an issue with a third-party service that allowed users to generate password reset emails. The company claimed that it had fixed the problem, but denied that th...

Source: The Hacker News A new wave of malicious Chrome extensions is putting millions of users at risk by masquerading as trusted tools like Fortinet VPN, YouTube utilities, and productivity boosters. Despite their appearance, these add-ons are anything but helpful. Once installed, they silently exfiltrate browser cookies, act as proxies for remote servers, and give attackers direct control over a user’s online traffic. Researchers at DomainTools uncovered that many of these extensions—some of which remained available on the Chrome Web Store until recently—were built to appear benign while executing advanced data theft operations behind the scenes. The fake “fortivpn” extension, for example, compressed and encrypted all browser session cookies and transmitted them to a command-and-control server, a tactic more commonly associated with advanced persistent threat actors [1]. The distribution campaign is unusually sophisticated. Threat actors have registered more than 100 convincing domai...

  Cybersecurity researchers have flagged a "massive" campaign that targets exposed Git configurations to siphon credentials, clone private repositories, and even extract cloud credentials from the source code. The activity, codenamed EMERALDWHALE, is estimated to have collected over 10,000 private repositories and stored in an Amazon S3 storage bucket belonging to a prior victim. The bucket, consisting of no less than 15,000 stolen credentials, has since been taken down by Amazon. "The stolen credentials belong to Cloud Service Providers (CSPs), Email providers, and other services," Sysdig said in a report. "Phishing and spam seem to be the primary goal of stealing the credentials." The multi-faceted criminal operation, while not sophisticated, has been found to leverage an arsenal of private tools to steal credentials as well as scrape Git config files, Laravel .env files, and raw web data. It has not been attributed to any known threat actor or group. Ta...

In our digital age, data is king. It drives businesses, informs decision-making, and plays an essential role in our everyday lives. However, with the convenience of technology comes the risk of data breaches and leaks. One often overlooked aspect of this risk is the role that lost and stolen computers play in compromising sensitive information. According to  Forrester Research’s 2023 State of Data Security  report, only 7% of security decision makers are concerned about a lost or stolen asset causing a breach, even though such incidents account for 17% of breaches. Such assets can include smartphones, tablets, laptops, external hard drives, and USB flash drives. While these types of breaches may not command the same attention-grabbing headlines as major cyberattacks, the theft or loss of laptops, desktops, and flash drives poses a very real problem. It underscores the pressing need for endpoint resilience and recovery. The Rising Threat Lost and stolen computers are a growing ...

  Risk and financial advisory solutions provider Kroll on Friday disclosed that one of its employees fell victim to a "highly sophisticated" SIM swapping attack. The incident, which took place on August 19, 2023, targeted the employee's T-Mobile account, the company said. "Specifically, T-Mobile, without any authority from or contact with Kroll or its employee, transferred that employee's phone number to the threat actor's phone at their request," it  said  in an advisory. This enabled the unidentified actor to gain access to certain files containing personal information of bankruptcy claimants in the matters of BlockFi, FTX, and Genesis. SIM swapping (aka SIM splitting or simjacking), while generally a benign process, could be exploited by threat actors to fraudulently activate a SIM card under their control with a victim's phone number. This makes it possible to intercept SMS messages and voice calls and receive MFA-related messages that control ac...