CYBERSECURITY / DEFENSE / INTELLIGENCE

  • Crypto exchange Kraken revealed that an unnamed security researcher exploited an “extremely critical” zero-day flaw in its platform to steal $3 million in digital assets and refused to return them. Details of the incident were shared by Kraken’s Chief Security Officer, Nick Percoco, on X (formerly Twitter), stating it received a Bug Bounty program alert about a bug that “allowed them to

    Go to source

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • The China-nexus cyber espionage actor linked to the zero-day exploitation of security flaws in Fortinet, Ivanti, and VMware devices has been observed utilizing multiple persistence mechanisms in order to maintain unfettered access to compromised environments. “Persistence mechanisms encompassed network devices, hypervisors, and virtual machines, ensuring alternative channels remain available

    Go to source

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Amtrak notified its customers regarding a significant security breach involving its Amtrak Guest Rewards accounts.

    The breach between May 15, 2024, and May 18, 2024, allowed unauthorized parties to access users’ accounts.

    The company believes the hackers obtained login credentials from third-party sources rather than Amtrak’s systems.

    This incident has raised customers’ concerns about the security of their personal information and the potential for identity theft.

    What Information Was Compromised?

    During the breach, the unauthorized party changed the affected accounts’ email addresses and accessed sensitive information.

    Scan Your Business Email Inbox to Find Advanced Email Threats - Try AI-Powered Free Threat Scan

    This included users’ names, contact information, Amtrak Guest Rewards account numbers, dates of birth, partial payment details (such as credit card numbers and expiration dates), gift card information (including card numbers and PINs), and details about their transactions and trips with Amtrak.

    The extent of the accessed information has heightened the urgency for affected users to take immediate protective measures.

    Amtrak’s Response and Recommendations

    Upon discovering the breach on May 15, 2024, Amtrak promptly initiated an investigation and took steps to secure the compromised accounts.

    The company reverted the email addresses to the original users and reset the account passwords.

    Additionally, Amtrak has enabled multifactor authentication (MFA) for all Amtrak Guest Rewards accounts to enhance security.

    Users must now enter a validation code via email or text to complete their login process.

    Amtrak has advised affected customers to change their login credentials, not only for their Amtrak accounts but also for any other online accounts that may use similar usernames and passwords.

    The company also recommends reviewing these accounts for any suspicious activity.

    Furthermore, Amtrak has provided a comprehensive Reference Guide with steps to protect personal information, including ordering free credit reports, placing fraud alerts, and considering security freezes on credit files.

    Steps for Affected Users

    Amtrak’s Reference Guide outlines several critical steps for users to safeguard their information and mitigate identity theft risk.

    Affected individuals are encouraged to:

    1. Order Free Credit Reports: Under U.S. law, individuals are entitled to one free credit report annually from the three nationwide consumer reporting agencies. Reviewing these reports can help identify any unauthorized accounts or inaccuracies.
    2. Place Fraud Alerts: A fraud alert notifies potential creditors to take extra steps to verify the identity of anyone applying for credit in the user’s name, thereby helping to prevent identity theft.
    3. Consider Security Freezes: A security freeze restricts access to the user’s credit file, making it more difficult for identity thieves to open new accounts. Users must place a freeze with each consumer reporting agency individually.
    4. Report Incidents: Any detected fraud or identity theft incidents should be reported to law enforcement, the Federal Trade Commission (FTC), and the user’s state Attorney General. The FTC provides resources and guidance on how to recover from identity theft.

    The Amtrak data breach has underscored the importance of robust cybersecurity measures and the need for individuals to remain vigilant in protecting their personal information.

    While Amtrak has taken steps to secure affected accounts and prevent future breaches, users are also responsible for following the recommended actions to safeguard their identities.

    As cyber threats evolve, companies and consumers must proactively combat data breaches and protect sensitive information.

    Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free

    The post Amtrak Data Breach: Hackers Accessed User’s Email Address appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

    Go to source

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Google has announced a new update for the Chrome browser, rolling out version 126.0.6478.114/115 for Windows and Mac and 126.0.6478.114 for Linux.

    This update, which will be distributed over the coming days and weeks, addresses several security vulnerabilities.

    Users are encouraged to update their browsers to protect themselves against potential threats. The official Chrome Log provides a comprehensive list of changes in this build.

    Scan Your Business Email Inbox to Find Advanced Email Threats - Try AI-Powered Free Threat Scan

    Highlighted Security Fixes

    The latest update includes six critical security fixes, with contributions from external researchers. Notable among these are:

    • CVE-2024-6100: Type Confusion in V8 – Reported by Seunghyun Lee (@0x10n) during SSD Secure Disclosure’s TyphoonPWN 2024 on June 4, 2024. This high-severity vulnerability earned a reward of $20,000.
    • CVE-2024-6101: Inappropriate Implementation in WebAssembly – Reported by @ginggilBesel on May 31, 2024, this high-severity issue was awarded $7,000.
    • CVE-2024-6102: Out of Bounds Memory Access in Dawn – Reported by wgslfuzz on May 7, 2024. The reward for this high-severity vulnerability is yet to be determined.
    • CVE-2024-6103: Use After Free in Dawn – Also reported by wgslfuzz on June 4, 2024, the reward remains to be determined.

    Google has restricted access to bug details and links until most users have updated their browsers. This precaution ensures that vulnerabilities are not exploited before users are protected.

    Ongoing Security Efforts

    In addition to the contributions from external researchers, Google’s internal security team has been actively working to identify and fix vulnerabilities.

    This includes various fixes from internal audits, fuzzing, and other initiatives. Tools like AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL are crucial in detecting security bugs.

    Google extends its gratitude to all security researchers who collaborated during the development cycle to prevent security bugs from reaching the stable channel.

    Users interested in switching release channels or reporting new issues can find more information on the Chrome Security Page and the community help forum.

    Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free

    The post Chrome Security Update – Patch for 6 Vulnerabilities appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

    Go to source

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Cybersecurity researchers have uncovered a sophisticated malware campaign orchestrated by a threat actor group, Void Arachne.

    This group has targeted Chinese-speaking users by distributing malicious Windows Installer (MSI) files.

    The campaign leverages popular software and AI technologies to lure unsuspecting victims, leading to severe security breaches and potential financial losses.

    Void Arachne’s campaign primarily targets the Chinese-speaking demographic, utilizing SEO poisoning and widely used messaging applications such as Telegram.

    According to the TrendMicro blogs, the hacker group has disseminated malicious MSI files embedded with nudifiers and deepfake pornography-generating software, exploiting the public’s interest in AI technologies.

    Scan Your Business Email Inbox to Find Advanced Email Threats - Try AI-Powered Free Threat Scan

    These compromised files are advertised as legitimate software installers, including language packs, VPNs, and AI-powered applications.

    Technical Analysis

    The malicious MSI files, such as letvpn.msi, use Dynamic Link Libraries (DLLs) during installation.

    These DLLs facilitate various operations, including property management, task scheduling, and firewall configuration.

    The MSI file creates scheduled tasks and configures firewall rules to whitelist both inbound and outbound traffic associated with the malware, ensuring uninterrupted operation.

    Table 1: Sample of Files Dropped by LetsPro.msi

    File NameSizeMD5 HashParent Directory
    19996288D82362C15DDB7206010B8FCEC7F611C5C:\Users%USERNAME%\
    792258.vbs2405CD95B5408531DC5342180A1BECE74757C:\Users%USERNAME%\
    LetsPRO.exe40960FE7AEDAB70A5A58EFB84E6CB988D67A4C:\Users%USERNAME%\

    Malicious AI Applications

    Void Arachne has also promoted AI technologies that can be used for virtual kidnapping and sextortion schemes.

    These include voice-altering and face-swapping AI applications advertised on Telegram channels.

    The group has shared infected modifier applications that create nonconsensual deepfake pornography, often used in sextortion schemes.

    A Screenshot of the Void Arachne Telegram Channel Advertising Face-Swapping Applications
    A Screenshot of the Void Arachne Telegram Channel Advertising Face-Swapping Applications

    Distribution Methods

    Void Arachne employs multiple initial access vectors to distribute malware, including SEO poisoning and spear-phishing links.

    These links are hosted on attacker-controlled websites disguised as legitimate sites, ranking high on search engines.

    The group also shares malicious MSI files on Chinese-language-themed Telegram channels, increasing the chances of infection.

    An attacker-controlled website that hosts a malicious payload
    An attacker-controlled website that hosts a malicious payload

    Table 2: Winos 4.0 External Plugins

    Plugin Name in ChinesePlugin Name in EnglishSHA256 Hash
    删除360急速安全账号密码.dllDelete 360 Speed Security Account Password.dll03669424bdf8241a7ef7f8982cc3d0cf56280a5804f042961f3c6a111252ffd3
    提权-EnableDebugPrivilege.dllElevate Privileges-EnableDebugPrivilege.dll11a96c107b8d4254722a35ab9a4d25974819de1ce8aa212e12cae39354929d5f
    体积膨胀.dllVolume Expansion.dll186bf42bf48dc74ef12e369ca533422ce30a85791b6732016de079192f4aac5f

    Impact and Recommendations

    The proliferation of these malicious MSI files poses a significant threat to organizations and individuals.

    Malware can lead to system compromise, data theft, and financial losses.

    Trend Micro has curated comprehensive resources to educate the community on identifying, preventing, and addressing sextortion attacks.

    Victims are strongly advised to report incidents to relevant authorities, such as the Internet Crime Complaint Center (IC3).

    Void Arachne’s campaign highlights the growing sophistication of cyber threats and the need for robust cybersecurity measures.

    Individuals and organizations can protect themselves from such malicious campaigns by staying vigilant and adopting comprehensive security practices.

    Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free

    The post Hackers Weaponize Windows Installer (MSI) Files to Deliver Malware appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

    Go to source

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Hackers are offering “free” mobile data access on Telegram channels by exploiting loopholes in telecom provider policies, which target users in Africa and Asia and involve sharing configuration files to mimic zero-rated traffic. 

    The channels function as technical support hubs where users exchange instructions on creating custom payloads, setting up secure tunnels, and manipulating HTTP headers to disguise data usage, which has circulated numerous configuration files for various telecom providers over the past year. 

    To bypass data metering on telecom networks, attackers leverage various tunneling techniques by manipulating data packets using tools like HTTP Injector to mimic traffic from zero-rated services (exempt from data charges).

    Scan Your Business Email Inbox to Find Advanced Email Threats - Try AI-Powered Free Threat Scan

    Payload generators further enhance this deception. Alternatively, they establish encrypted tunnels using SSH or Stunnel, disguising their traffic as legitimate secure communication, while VPNs with obfuscation techniques and undetectable protocols achieve a similar outcome. 

    Configuration files

    Attackers can manipulate traffic headers with proxies or route all traffic through a remote server using SOCKS proxies, tricking the network into treating their data as unmetered. 

    To abuse zero-rating policies, attackers manipulate data traffic to appear as originating from exempt services, which involves modifying HTTP headers and payloads (traffic redirection), altering DNS settings to exploit zero-rated domains, or spoofing the Server Name Indication (SNI) in HTTPS requests. 

    SNI proxies can also be used to forward traffic while disguising it as coming from a zero-rated source. Split tunneling and selective routing techniques channel-specific traffic through zero-rated services while keeping other data encrypted. 

    For mobile data, attackers can exploit weaknesses in APN configurations, including modifying APN settings to trick the network (APN tweaks) or rapidly switching between APNs to bypass billing (APN switching). 

    HTTP injectors can be used in conjunction with pre-configured profiles that contain individualized parameters to automate zero-rating exploitation. 

    CloudSEK identified several tools used to bypass online restrictions and access secure connections, including HTTP Injector, an Android application for manipulating HTTP headers, crafting custom payloads, and establishing secure tunnels. 

    Your Freedom VPN Client provides various tunneling methods to bypass firewalls, while HA Tunnel Plus is another option for creating secure VPN connections.

    All three tools leverage their tunneling capabilities to circumvent restrictions and enable secure internet access. 

    Telecom providers can deploy a multi-layered defense to curb free data exploitation via VPNs and tunneling, while deep packet inspection (DPI) and traffic analysis pinpoint suspicious traffic patterns. 

    Limiting bandwidth for well-known tunneling protocols and blocking certain SNI fields that these apps use makes them less useful.

    Blacklisting malicious IP addresses and monitoring DNS traffic for tunneling attempts further tighten the net. 

    Better APN security protects against changes made without permission, and machine learning models find strange behavior that could be a sign of zero-rating abuse by disrupting free data exploitation methods.

    Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free

    The post Hackers Using VPNs To Exploit Restrictions & Steal Mobile Data appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

    Go to source

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Several phishing campaign kits have been used widely by threat actors in the past. One popular PhaaS (Phishing-as-a-Platform) was Caffeine, which was first identified and reported by Mandiant researchers. 

    MRxC0DER, an Arabic-speaking threat actor, developed and maintained the caffeine kit.

    However, Caffeine has now been discovered to be rebranded as ONNX Store and is found to be managed independently, but the original developer is taking care of the Client support.

    Threat actors are currently using this new rebranded platform to target financial institutions through phishing emails.

    Additionally, the ONNX store offers a user-friendly interface that can be accessed via Telegram bots.

    Scan Your Business Email Inbox to Find Advanced Email Threats - Try AI-Powered Free Threat Scan

    Further, it also has the capabilities to bypass 2FA mechanisms which will increase the success rate of business email compromise attacks.

    PhaaS Platform Bypass 2FA

    According to the reports shared with Cyber Security News, the phishing pages used in these campaigns resemble the original Microsoft 365 login page that will convince any unsuspecting user to enter their authentication credentials.

    As a matter of fact, the rebranding specifically focused on improving operational security for threat actors and their services.

    Overview of ONNX store (Source: EclecticIQ)

    While Caffeine kit used a single shared web server for managing all the phishing campaigns, this new ONNX store allows threat actors to control their operations via Telegram bots and support is provided by a support channel. Some of the observed ONNX store channels and bots are

    • @ONNXIT: A Telegram user – manages support needs from clients. 
    • @ONNX2FA_bot: A Telegram bot for clients to receive 2FA codes from successful phishing operations. 
    • @ONNXNORMAL_bot: A Telegram bot for clients to receive Microsoft Office 365 login credentials. 
    • @ONNXWEBMAIL_bot: A Telegram bot for clients to control a Webmail server for sending phishing emails. 
    • @ONNXKITS_BOT: A Telegram bot for clients to make payments for ONNX Store services and track their orders. 

    This is one hand of the channels and the bots, whereas the Services offered include: 

    • Microsoft Office 365 phishing template generation. 
    • Webmail service for sending phishing emails and using social engineering lures. 
    • Bulletproof hosting and RDP services for cybercriminals to manage their operations securely. 

    Cloudflare To prevent Domain Shutdowns

    In several instances, Law Enforcement fought against these cybercriminal operations that have resulted in domain shutdowns to prevent further activities.

    However, this new setup uses Cloudflare to delay the takedown process of phishing domains, which provides features like anti-bot CAPTCHA to evade website scanner detections and IP proxying to hide the original hosting provider.

    Cloudflare implementation (Source: EclecticIQ)

    Further, the cost of different phishing tools is as follows:

    • Webmail Normal service ($150/Month): Offers customizable phishing pages and webmail server. 
    • Office 2FA Cookie Stealer ($400/Month): A phishing landing page that captures 2FA tokens and cookies from victims, featuring statistics, country blocking, and email grabbing. 
    • Office Normal package ($200/Month): Enables email credential harvesting capabilities without bypassing 2FA. 
    • Office Redirect Service ($200/Month): Advertised by ONNX Store as creating “Fully Undetectable (FUD) links”. This service exploits trusted domains, such as bing.com, to redirect victims into attacker controlled phishing landing pages. 
    List of available options in ONNX Store (Source: EclecticIQ)

    As added information, this new PhaaS platform also allows Quishing (QR-phishing) attacks in which threat actors distribute PDF documents via phishing emails that will contain a QR code. 

    If these QR codes are scanned, it will redirect the victim to a phishing landing page. Further, most of the phishing emails impersonated reputable services like Adobe or Microsoft 365.

    Encrypted JS Code To Evade Detection

    Adding to its arsenal, this phishing kit also uses an encrypted Javascript code that will only decrypt when the page loads.

    This prevents anti-phishing scanners from detecting these phishing domains. 

    Once the JS code decrypts, third-party domains such as “httbin[.]org” and “ipapi[.]co” collect the victims’ network metadata, such as browser name, IP address, and location, before sending it to threat actors.

    The encryption method also hides malicious scripts which follow the below approaches

    • Encoded string is decoded from base64
    • Every character of the decoded string is XORed with a character from the hardcoded key, cycling through the key for the decryption. 
    • The result is a decrypted string (JavaScript code), which is then executed by the browser. 

    These hidden malicious scripts cannot be viewed during a casual inspection. However, if the key and the encrypted string are known, it can be decrypted easily.

    However, the decrypted JS code was also designed to steal the 2FA token entered by the victims.

    Bulletproof Hosting For Cybercriminals

    The phishing domains registered have SSL certificates, which GTS CA 1P5 issued from Google Trust Services LLC.

    Further, most of the registered domains were through NameSilo and EVILEMPIRE-AS.

    Further, these bulletproof hosting services enabled cybercriminals an additional layer of anonymity.

    Bulletproof hosting (Source: EclecticIQ)

    In addition, there were services designed to support a wide range of illegal operations.

    The advertisement on a Telegram group stated that the Bulletproof hosting was under development and they were adding RDP sessions.

    Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free

    Further, this new ONNX store is also mentioned to support multiple malicious campaigns with high-performance features using enhanced RAM, CPU, and SSD speeds and unlimited bandwidths.

    Indicators Of Compromise

    Phishing URLs  

    • authmicronlineonfication[.]com 
    • verify-office-outlook[.]com 
    • stream-verify-login[.]com 
    • zaq[.]gletber[.]com 
    • v744[.]r9gh2[.]com 
    • bsifinancial019[.]ssllst[.]cloud 
    • 473[.]kernam[.]com 
    • docusign[.]multiparteurope[.]com 
    • 56789iugtfrd5t69i9ei9die9di9eidy7u889[.]rhiltons[.]com 
    • agchoice[.]us-hindus[.]com 

    Malicious PDF Files 

    • 432b1b688e21e43d2ccc68e040b3ecac4734b7d1d4356049f9e1297814627cb3 
    • 47b12127c3d1d2af24f6d230e8e86a7b0c661b4e70ba3b77a9beca4998a491ea 
    • 51fdaa65511e7c3a8d4d08af59d310a2ad8a18093ca8d3c817147d79a89f44a1 
    • f99b01620ef174bb48e22e54327ca9cffa4520868f49a41c524b81ab6d935070 
    • 52e04c615b08af10b4982506c1cee74cb062116d31f0300ed027f6efd3119b1a 
    • 3d58733b646431a60d39394be99ff083d6db3583796b503e8422baebed8d097e 
    • 702008cae9a145741e817e6c6566cd1d79c737d51b718f13a2d16d72a00cd5a7 
    • 908af49857b6f5d1e0384a5e6fc8ee53ca1df077601843ebdd7fc8a4db8bcb12 
    • d3b03f79cf1d088d2ed41e25c961e9945533aeabb93eac2d33ebc4b589ba6172 
    • 4751234ac4e1b0a5d4685b870de1ea1a7754258977f5d1d9534631c09c748732 

    The post New PhaaS Platform Lets Attackers Bypass Two-Factor Authentication appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

    Go to source

  • Stuxnet, a complex worm discovered in 2010, targeted Supervisory Control and Data Acquisition (SCADA) systems used in industrial facilities.

    By exploiting multiple vulnerabilities, including zero-days, it breached air-gapped networks (isolated systems) and disrupted Iranian nuclear centrifuges controlled by Siemens Step7 software. 

    It exposed the limitations of traditional security and highlighted the evolving cyber threat landscape, forcing a reevaluation of cybersecurity strategies and serving as a case study for the challenges of defending critical infrastructure in the digital age, where interconnected systems are vulnerable to sophisticated cyberattacks.  

    Stuxnet, a sophisticated computer worm, targeted Siemens Step7 software used in industrial control systems, particularly those controlling uranium enrichment centrifuges, and by exploiting zero-day vulnerabilities, it infiltrated air-gapped networks and manipulated programmable logic controllers (PLCs) to increase centrifuge speed, causing them to malfunction and damage Iran’s nuclear infrastructure. 

    Scan Your Business Email Inbox to Find Advanced Email Threats - Try AI-Powered Free Threat Scan 

    This highly modular worm’s ability to adapt and its rootkit capabilities to hide its presence underscored the need for robust cybersecurity practices to protect critical infrastructure from cyberattacks. 

    It targeted Iranian nuclear centrifuges with zero-day exploits and manipulated Siemens industrial control systems, suggesting nation-state involvement and possibly a collaboration between US and Israeli intelligence agencies (codename: Operation Olympic Games) aiming to disrupt Iran’s nuclear program. 

    Despite lacking official confirmation, Stuxnet’s impact on cyber warfare is undeniable. A skilled team likely spent years developing it, potentially inspiring future covert operations. 

    It exploited zero-day vulnerabilities, used stolen certificates to disguise origin, and manipulated centrifuge frequency converters to destroy them.

    Success in disrupting air-gapped networks with these techniques highlighted the potential for cyber weapons to inflict physical damage on critical assets. 

    Stuxnet exposed critical infrastructure vulnerabilities to cyberattacks, prompting discussions on international regulations for cyber warfare and improving cybersecurity collaboration by targeting industrial control systems, blurring the lines between cyber and physical warfare. 

    Its success in disrupting Iran’s nuclear program highlighted the potential for digital weapons to cause physical damage and achieve strategic goals, raising concerns about cyberwar escalation and unintended consequences. 

    According to GreyDynamics, it led to a global reassessment of cybersecurity practices and discussions on regulating cyber weapons development and deployment. 

    This influence continues to shape cyberwarfare, where malicious code will likely target critical infrastructure like healthcare and finance, causing immense disruption.

    State-sponsored hacking increases the risk of cyber weapons leaking to non-state actors, potentially leading to widespread attacks. 

    To counter this, international agreements for regulating cyberwarfare are being developed, but geopolitical tensions and difficulty in pinpointing attackers make consensus challenging.

    The future of cyberwarfare hinges on technological advancements, political maneuvering, and the delicate balance between security and individual freedoms.

    Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free

    The post Stuxnet, The Malware That Propagates To Air-Gapped Networks appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

    Go to source

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Are your tags really safe with Google Tag Manager? If you’ve been thinking that using GTM means that your tracking tags and pixels are safely managed, then it might be time to think again. In this article we look at how a big-ticket seller that does business on every continent came unstuck when it forgot that you can’t afford to allow tags to go unmanaged or become misconfigured.  Read the

    Go to source

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • A threat actor named ” IntelBroker ” claims to have breached AMD in June 2024 and is now selling the allegedly stolen data on hacking forums.

    The compromised information reportedly includes sensitive data such as future AMD product plans, specification sheets, employee and customer databases, property files, ROMs, source code, firmware, and financial documents.

    According to IntelBroker’s post on the BreachForums site, the employee database contains user IDs, first and last names, job functions, business phone numbers, email addresses, and employment status of AMD personnel.

    The threat actor is offering the data for sale exclusively in exchange for Monero (XMR) cryptocurrency and is accepting a middleman for transactions.

    Scan Your Business Email Inbox to Find Advanced Email Threats - Try AI-Powered Free Threat Scan

    IntelBroker has a notorious reputation in the cybersecurity community, with previous high-profile hacks of entities such as Europol, Home Depot, the U.S. Pentagon, and allegedly one of the T-Mobile data breaches.

    The origins and affiliations of the threat actor are currently unknown.

    If the claims are substantiated, the breach could have significant implications for AMD, its employees, customers, and partners.

    Sensitive data like source code, firmware, future product plans, and employee information could potentially be exploited if it fall into the wrong hands.

    AMD’s IT and security teams are likely urgently investigating the incident to determine the validity and full extent of the alleged breach.

    This developing story underscores the ongoing challenges companies face in securing their digital assets against increasingly sophisticated cyber threats and the importance of robust cybersecurity measures to protect sensitive data.

    More details are expected to emerge as AMD’s investigation progresses.

    Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free

    The post Threat Actors Claiming Breach of AMD Source Code on Hacking Forums appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

    Go to source

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶