security breaches
Auto Added by WPeMatico
Auto Added by WPeMatico
Polish video game maker CD Projekt, which makes Cyberpunk 2077 and The Witcher, has confirmed it was hit by a ransomware attack.
In a statement posted to its Twitter account, the company said it will “not give in nor negotiate” with the hackers, saying it has backups in place. “We have already secured our IT infrastructure and begun restoring data,” the company said.
According to the ransom note, the hackers said they would release the company’s stolen source code and other internal files if it did not pay the ransom, since the company would “most likely recover from backups.”
But the company said for now that no personal data was taken. “We are still investigating the incident, however at this time we can confirm that — to our best knowledge — the compromised systems did not contain any personal data of our players or users of our services.”
It’s an increasingly hostile tactic used by ransomware actors: Hackers target high-value businesses and companies with file-encrypting malware and hold the files for a ransom. But since many companies have backups, some ransomware groups threaten to publish the stolen files unless the ransom is paid.
CD Projekt Red did not immediately respond to TechCrunch’s questions, including what kind of ransomware was used to attack its systems.
It’s thought to be the second time in recent years that the company has been hit by ransomware. The game maker confirmed in 2017 that a hack resulted in the compromising of early work related to the Cyberpunk 2077. Weeks following the game’s launch Sony and Microsoft offered gamers refunds, citing bugs and poor performance on older consoles.
Powered by WPeMatico
WildWorks, the gaming company that makes the popular kids game Animal Jam, has confirmed a data breach.
Animal Jam is one of the most popular games for kids, ranking in the top five games in the 9-11 age category in Apple’s App Store in the U.S., according to data provided by App Annie. But while no data breach is ever good news, WildWorks has been more forthcoming about the incident than most companies would be, making it easier for parents to protect both their information and their kids’ data.
Here’s what we know.
WildWorks said in a detailed statement that a hacker stole 46 million Animal Jam records in early October but that it only learned of the breach in November.
The company said someone broke into one of its systems that the company uses for employees to communicate with each other, and accessed a secret key that allowed the hacker to break into the company’s user database. The bad news is that the stolen data is known to be circulating on at least one cybercrime forum, WildWorks said, meaning that malicious hackers may use (or be using) the stolen information.
The stolen data dates back to over the past 10 years, the company said, so former users may still be affected.
Much of the stolen data wasn’t highly sensitive, but the company warned that 32 million of those stolen records had the player’s username, 23.9 million records had the player’s gender, 14.8 million records contained the player’s birth year and 5.7 million records had the player’s full date of birth.
But, the company did say that the hacker also took 7 million parent email addresses used to manage their kids’ accounts. It also said that 12,653 parent accounts had a parent’s full name and billing address, and 16,131 parent accounts had a parent’s name but no billing address.
Besides the billing address, the company said no other billing data — such as financial information — was stolen.
WildWorks also said that the hacker stole players’ passwords, prompting the company to reset every player’s password. (If you can’t log in, that’s probably why. Check your email for a link to reset your password.) WildWorks didn’t say how it scrambled passwords, which leaves open the possibility that they could be unscrambled and potentially used to break into other accounts that have the same password as used on Animal Jam. That’s why it’s so important to use unique passwords for each site or service you use, and use a password manager to store your passwords safely.
The company said it was sharing information about the breach with the FBI and other law enforcement agencies.
So what can parents do?
Powered by WPeMatico
Capcom, the Japanese game maker behind the “Resident Evil” and “Street Fighter” franchises, has confirmed that hackers stole customer data and files from its internal network following a ransomware attack earlier in the month.
That’s an about-turn from the days immediately following the cyberattack, in which Capcom said it had no evidence that customer data had been accessed.
In a statement, the company said data on as many as 350,000 customers may have been stolen, including names, addresses, phone numbers and, in some cases, dates of birth. Capcom said the hackers also stole its own internal financial data and human resources files on current and former employees, which included names, addresses, dates of birth and photos. The attackers also took “confidential corporate information,” the company said, including documents on business partners, sales and development.
Capcom said that no credit card information was taken, as payments are handled by a third-party company.
But the company warned that the overall amount of data stolen “cannot specifically be ascertained” due to losing its own internal logs in the cyberattack.
Capcom apologized for the breach. “Capcom offers its sincerest apologies for any complications and concerns that this may bring to its potentially impacted customers as well as to its many stakeholders,” the statement read.
The video games maker was hit by the Ragnar Locker ransomware on November 2, prompting the company to shut down its network. Ragnar Locker is a data-stealing ransomware, which exfiltrates data from a victim before encrypting its network, and then threatens to publish the stolen files unless a ransom is paid. In doing so, ransomware groups can still demand a company pays the ransom even if the victim restores their files and systems from backups.
Ragnar Locker’s website now lists data allegedly stolen from Capcom, with a message implying that the company did not pay the ransom.
Capcom said it had informed data protection regulators in Japan and the United Kingdom, as required under European GDPR data breach notification rules. Companies can be fined up to 4% of their annual revenue for falling foul of GDPR rules.
Powered by WPeMatico
The election is over, but not without a hitch or two. Some voters in Georgia and Ohio had to use paper ballots after hand sanitizer leaked into voting machines — an unexpected casualty of the pandemic. And a slew of robocalls across a number of swing states urged voters to “stay safe and stay home,” in an effort to disenfranchise voters from going to the polls. With record voter turnout, there’s little evidence to show it worked.
But we saw nothing like the hack-and-leak operations like we did four years ago, which delivered an “October surprise” that derailed the election for Hillary Clinton, despite winning the popular vote by three million votes.
Government officials and cybersecurity firms said there were no significant or damaging cyberattacks during Election Day. One Homeland Security official called it “another Tuesday on the internet,” but conceded there was still cause for concern in the election aftermath.
With the bulk of the votes counted, government officials pointed to the threat of “foreign influence” campaigns — or misinformation — that would try to cast doubt on the election results. In reality, much of the false and misleading claims ended up coming from inside the White House as the Trump administration tried to cling onto power. After being caught out four years ago, the social media giants put into place measures and policies that limited the spread of false news — including Trump’s repeated attempts to claim victory.
Fears that the 2020 election could turn into a national, or even an international security matter did not come to fruition. The U.S. is in a better place than it was four years ago by simply learning the lessons from Russia’s efforts to interfere with the election. Imagine where we could be in another four?
Since you, like us, were glued to the television screens last week, here’s more from the week you might have missed.
Grayshift, the secretive startup behind the U.S. government’s favorite phone unlocking technology, has raised $47 million in fresh funding. The Series A round was led by PeakEquity Partners, and — as first reported by Forbes — is a huge round for a little-known phone forensics firm.
One of only a few photos of the mysterious GrayKey phone unlocking devices. Image Credits: Malwarebytes
Grayshift exploded onto the mobile forensics scene in 2018, months after the company began quietly selling its proprietary GrayKey technology to federal agencies for about $15,000 each. The FBI and other agencies use their purchased GrayKey devices to break into encrypted phones without needing the passcode.
Powered by WPeMatico
I cover a lot of data breaches. From inadvertent exposures to data-exfiltrating hacks, I’ve seen it all. But not every data breach is the same. How a company responds to a data breach — whether it was their fault — can make or break its reputation.
I’ve seen some of the worst responses: legal threats, denials and pretending there isn’t a problem at all. In fact, some companies claim they take security “seriously” when they clearly don’t, while other companies see it merely as an exercise in crisis communications.
But once in a while, a company’s response almost makes up for the daily deluge of hypocrisy, obfuscation and downright lies.
Last week, Assist Wireless, a U.S. cell carrier that provides free government-subsidized cell phones and plans to low-income households, had a security lapse that exposed tens of thousands of customer IDs — driver’s licenses, passports and Social Security cards — used to verify a person’s income and eligibility.
A misconfigured plugin for resizing images on the carrier’s website was blamed for the inadvertent data leak of customer IDs to the open web. Security researcher John Wethington found the exposed data through a simple Google search. He reported the bug to TechCrunch so we could alert the company.
Make no mistake, the bug was bad and the exposure of customer data was far from ideal. But the company’s response to the incident was one of the best I’ve seen in years.
Take notes, because this is how to handle a data breach.
Their response was quick. Assist immediately responded to acknowledge the receipt of my initial email. That’s already a positive sign, knowing that the company was looking into the issue.
Powered by WPeMatico
Cygilant, a threat detection cybersecurity company, has confirmed a ransomware attack.
Christina Lattuca, Cygilant’s chief financial officer, said in a statement that the company was “aware of a ransomware attack impacting a portion of Cygilant’s technology environment.”
“Our Cyber Defense and Response Center team took immediate and decisive action to stop the progression of the attack. We are working closely with third-party forensic investigators and law enforcement to understand the full nature and impact of the attack. Cygilant is committed to the ongoing security of our network and to continuously strengthening all aspects of our security program,” the statement said.
Cygilant is believed to be the latest victim of NetWalker, a ransomware-as-a-service group, which lets threat groups rent access to its infrastructure to launch their own attacks, according to Brett Callow, a ransomware expert and threat analyst at security firm Emsisoft .
The file-encrypting malware itself not only scrambles a victim’s files but also exfiltrates the data to the hacker’s servers. The hackers typically threaten to publish the victim’s files if the ransom isn’t paid.
A site on the dark web associated with the NetWalker ransomware group posted screenshots of internal network files and directories believed to be associated with Cygilant.
Cygilant did not say if it paid the ransom. But at the time of writing, the dark web listing with Cygilant’s data had disappeared.
“Groups permanently delist companies when they’ve paid or, in some cases, temporarily delist them once they’ve agreed to come to the negotiating table,” said Callow. “NetWalker has temporarily delisted pending negotiations in at least one other case.”
Powered by WPeMatico
A newly discovered bug in a cloud system used to manage SonicWall firewalls could have allowed hackers to break into thousands of corporate networks.
Enterprise firewalls and virtual private network appliances are vital gatekeepers tasked with protecting corporate networks from hackers and cyberattacks while still letting in employees working from home during the pandemic. Even though most offices are empty, hackers frequently look for bugs in critical network gear in order to break into company networks to steal data or plant malware.
Vangelis Stykas, a researcher at security firm Pen Test Partners, found the new bug in SonicWall’s Global Management System (GMS), a web app that lets IT departments remotely configure their SonicWall devices across the network.
But the bug, if exploited, meant any existing user with access to SonicWall’s GMS could create a user account with access to any other company’s network without permission.
From there, the newly created account could remotely manage the SonicWall gear of that company.
In a blog post shared with TechCrunch, Stykas said there were two barriers to entry. Firstly, a would-be attacker would need an existing SonicWall GMS user account. The easiest way — and what Stykas did to independently test the bug — was to buy a SonicWall device.
The second issue was that the would-be attacker would also need to guess a unique seven-digit number associated with another company’s network. But Stykas said that this number appeared to be sequential and could be easily enumerated, one after the other.
Once inside a company’s network, the attacker could deliver ransomware directly to the internal systems of their victims, an increasingly popular tactic for financially driven hackers.
SonicWall confirmed the bug is now fixed. But Stykas criticized the company for taking more than two weeks to patch the vulnerability, which he described as “trivial” to exploit.
“Even car alarm vendors have fixed similar issues inside three days of us reporting,” he wrote.
A SonicWall spokesperson defended the decision to subject the fix to a “full” quality check before it was rolled out, and said it is “not aware” of any exploitation of the vulnerability.
Powered by WPeMatico
Another busy week in cybersecurity.
In case you missed it: A widely used messaging app used by over a million protesters has several major security flaws; a little-known loophole has let the DMV sell driver’s licenses and Social Security records to private investigators; and the U.S. government is suing to reclaim over $2.5 million in cryptocurrency stolen by North Korean hackers from two major exchanges.
But this week we are focusing on how a Tesla employee foiled a ransomware attack, and, ahead of Palantir’s debut on the stock market, how much of a risk factor is the company’s public image?
$1 million. That’s how much a Tesla employee would have netted if they accepted a bribe from a Russian operative to install malware on Tesla’s Gigafactory network in Nevada. Instead, the employee told the FBI and the Russian was arrested.
The Justice Department charged the 27-year-old Russian, Egor Igorevich, weeks later as he tried to flee the United States. According to the indictment, his plan was to ask the employee to deliberately deploy ransomware on the Gigafactory’s network, grinding the network to a halt for a ransom of several million dollars. The would-be insider threat is likely the first of its kind, one ransomware expert told Wired, as financially driven hackers continue to up their game.
Tesla founder Elon Musk tweeted earlier this week confirming that Tesla was the target of the failed attack.
The attack, if carried out, could have been devastating. The indictment said that the malware was designed to extract data from the network before locking its files. This data-stealing ransomware is an increasing trend. These hacker groups not only encrypt a victim’s files but also exfiltrate the data to their servers. The hackers typically threaten to publish the victim’s files if the ransom isn’t paid.
Powered by WPeMatico
Nintendo has almost doubled the number of user accounts compromised by hackers in the past few months.
The Japanese gaming giant originally said that 160,000 Nintendo accounts were compromised, exposing personal information like the account owner’s name, email address, date-of-birth and their country of residence. In an updated statement, the company said another 140,000 Nintendo accounts had been compromised.
Nintendo said the number increased as a result of its continuing investigation.
The company said it reset those passwords and contacted customers. The statement reiterated that fewer than 1% of all accounts were impacted by the breach.
News of account compromises came as early as March when users complained that their accounts were charged for digital items without their permission. Nintendo said in a tweet in April that users should enable two-factor authentication on their accounts but without saying why.
It took another two weeks before Nintendo admitted that accounts had been improperly accessed.
But Nintendo still hasn’t said how the accounts were accessed, beyond claiming that hackers got access to accounts by obtaining account passwords “by some means other than our company’s service.” Its implication is that users may have used weak passwords that hackers cracked, or reused passwords that were breached from other services and used by hackers to break into their Nintendo accounts.
If you haven’t enabled two-factor authentication on your Nintendo account yet, now would probably be a good time.
Powered by WPeMatico
Ransomware is getting sneakier and smarter.
The latest example comes from ExecuPharm, a little-known but major outsourced pharmaceutical company that confirmed it was hit by a new type of ransomware last month. The incursion not only encrypted the company’s network and files, hackers also exfiltrated vast amounts of data from the network. The company was handed a two-for-one threat: pay the ransom and get your files back or don’t pay and the hackers will post the files to the internet.
This new tactic is shifting how organizations think of ransomware attacks: it’s no longer just a data-recovery mission; it’s also now a data breach. Now companies are torn between taking the FBI’s advice of not paying the ransom or the fear their intellectual property (or other sensitive internal files) are published online.
Because millions are now working from home, the surface area for attackers to get in is far greater than it was, making the threat of ransomware higher than ever before.
That’s just one of the stories from the week. Here’s what else you need to know.
Education giant Chegg confirmed its third data breach in as many years. The latest break-in affected past and present staff after a hacker made off with 700 names and Social Security numbers. It’s a drop in the ocean when compared to the 40 million records stolen in 2018 and an undisclosed number of passwords taken in a breach at Thinkful, which Chegg had just acquired in 2019.
Those 700 names account for about half of its 1,400 full-time employees, per a filing with the Securities and Exchange Commission. But Chegg’s refusal to disclose further details about the breach — beyond a state-mandated notice to the California attorney general’s office — makes it tough to know exactly went wrong this time.
Powered by WPeMatico