Tag Archive for: credentials

US government urges Sisense customers to reset credentials after hack

/in


U.S. cybersecurity agency CISA is warning Sisense customers to reset their credentials and secrets after the data analytics company reported a security incident.

In a brief statement on Thursday, CISA said it was responding to a “recent compromise” at Sisense, which provides business intelligence and data analytics to companies around the world.

CISA urged Sisense customers to “reset credentials and secrets potentially exposed to, or used to access, Sisense services,” and report to the agency any suspicious activity involving the use of compromised credentials.

The exact nature of the cybersecurity incident is not clear yet.

Founded in 2004, Sisense develops business intelligence and data analytics software for big companies, including telcos, airlines and tech giants. Sisense’s technology allows organizations to collect, analyze and visualize large amounts of their corporate data by tapping directly into their existing technologies and cloud systems.

Companies like Sisense rely on using credentials, such as passwords and private keys, to access a customer’s various stores of data for analysis. With access to these credentials, an attacker could potentially also access a customer’s data.

CISA said it is “taking an active role in collaborating with private industry partners to respond to this incident, especially as it relates to impacted critical infrastructure sector organizations.”

Sisense counts Air Canada, PagerDuty, Philips Healthcare, Skullcandy and Verizon as its customers, as well as thousands of other organizations globally.

News of the incident first emerged on Wednesday after cybersecurity journalist Brian Krebs published a note sent by Sisense Chief Information Security Officer Sangram Dash urging customers to “rotate any credentials that you use within your Sisense application.”

Neither Dash nor a spokesperson for Sisense responded to an email seeking comment.

Israeli media reported in January that Sisense had laid off about half of its employees since 2022. It is unclear if the layoffs impacted the company’s security posture. Sisense has taken in close to $300 million in funding from investors, which include Insight Partners, Bessemer Ventures Partners and Battery Ventures.

Do…

Source…

Advanced Insights into Digital Credentials to Fortify Internet Security

/in


As we navigate the complex landscape of the digital realm, the importance of securing all our online interactions has become paramount. The exchange of sensitive information and execution of financial transactions underscore the critical need for advanced digital security measures.

Digital credentials are at the forefront of establishing digital trust—a concept we have delved into previously in  ‘The Evolution of Digital Trust’. In this blog, we zero in on the role of digital credentials within Transport Layer Security (TLS), supported by Public Key Infrastructure (PKI), which has been a fundamental aspect of internet security for over three decades.

In today’s AI-driven era, fostering trust in digital transactions and interactions presents a unique set of challenges. With cyber threats rapidly evolving and on the rise, the urgency to adopt advanced security frameworks has never been more acute, necessitating a proactive approach to safeguard our digital interactions and ecosystem.

Client-Server and The Man-in-the-Middle

Long before the evolution of the modern internet as we know it today, security and privacy in digital transactions were of paramount concern. This was the era of Web 1.0, the first version of the internet, where digital users were merely consumers of information; web developers were the only content creators, and ubiquitous ‘http’ protocol governed browser addresses.

Afiinidi

In the traditional client-server communication model, powered by http, anyone with basic networking tools can decipher every bit of the un-encrypted interaction between a browser (i.e. client) and the website (i.e. server). Fortunately, browsers ensure that users are cautioned that such interactions are not innately secure.

Affinidi

Client-Server and HTTPS

It did not take long before Netscape, in 1995, introduced Hyper Text Transfer Protocol Secure (HTTPS), which was HTTP secured by SSL 2.0 – a cryptographic protocol that provided end-to-end communication security over networks. This protocol has evolved significantly since then and is now known as TLS (Transport Layer Security), with the most recent version being TLS 1.3.

When you visit a…

Source…

Roku Suffers Data Breach, Hackers Sell Credentials of Hundreds of 15,000 Stolen Accounts

/in


Streaming platform Roku officially discloses hackers have successfully breached its systems to steal more than 15,000 customer accounts containing sensitive information. Hundreds of the accounts are reportedly being sold online as the breach has given hackers access to the owner’s stored credit card information to make illegal purchases.

With over 80 million active users, the firm reportedly disclosed the hack on Friday in documents it filed with the attorneys general of Maine and California. Fifteen thousand three hundred sixty-three accounts were compromised between December 28, 2023, and February 21, 2024, according to the papers.

The documents show that hackers gained access to the accounts by obtaining login credentials from other sources, instead of getting into Roku’s system. Using a hacking technique called a credential stuffing assault, threat actors gather credentials that have been made public in past data breaches and then try to use them to access other websites.  

DNA Testing Companies Adopt Two-Factor Authentication in Response to 23andMe Data Breach

(Photo : THOMAS SAMSON/AFP via Getty Images)
An agent of the operational center of the French National Cybersecurity Agency (ANSSI) checks datas on a computer in Paris on November 24, 2022.

According to the firm, once an account was compromised, threat actors were able to alter all of the user’s data, including passwords, email addresses, and shipping addresses.

Roku clarified, however, that the unauthorized actors who gained access to the impacted Roku accounts did not have dates of birth, social security numbers, complete payment account numbers, or any other kind of sensitive personal information that needed to be disclosed.  

This essentially locked the user out of the account, enabling threat actors to utilize the saved credit card information to make transactions without sending order confirmation emails to the actual account holder.

According to BleepingComputer, several threat actors are employing the Open Bullet 2 or SilverBullet cracking tools to carry out credential-stuffing assaults. With the help of these apps, hackers can import custom configuration files made specifically to carry out credential-stuffing attacks against particular…

Source…

Hackers Hijack Websites to Inject Malware that Steals Credentials

/in


Concerning a development for internet security, a new form of website malware known as “Angel Drainer” has been increasingly targeting Web3 and cryptocurrency assets since January 2024.

This malware is part of a broader trend of rising Web3 phishing sites and crypto drainers that significantly threaten user credentials and wallets.

Document

Live Account Takeover Attack Simulation

Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks

.

Web3 Crypto Malware: Angel Drainer Overview

Angel Drainer is a crypto drainer implicated in security breaches, including a notable incident with Ledger Connect Kit in December.

It operates by injecting itself directly into compromised websites or redirecting visitors to phishing sites containing the drainer. Once in place, it can steal and redistribute assets from compromised wallets, reads the Sucuri report.

The surge in malicious activity is alarming, with over 20,000 unique Web3 phishing sites created in 2023 alone.

As per recent reports, the Angel Drainer phishing group has illicitly acquired a sum of over $400,000 from a total of 128 cryptocurrency wallets.

The group has utilized a new and sophisticated tactic to carry out their fraudulent activities, which is a cause of concern for businesses and individuals alike.

In the first two months of 2024, at least three unrelated malware campaigns have begun using crypto drainers in website hacks.

fake browser update + crypto drainer

Sucuri’s SiteCheck remote website scanner detected the Angel Drainer variant on over 550 sites since early February, and the public showed this injection on 432 sites at the time of writing.

The impact of these attacks is profound, with Angel Drainer found on 5,751 different unique domains over the past four weeks.

The malware leverages phishing tactics and malicious injections to exploit the Web3 ecosystem’s reliance on direct wallet interactions, endangering both website owners and the safety of user assets.

Injection Methods and Strategies

The injection methods used by these attackers are sophisticated and varied. They can…

Source…