Author: Josh Breaker-rolfe

The hacktivist and activist group known as Anonymous has released Nestle’s database.

The move comes days after the Ukrainian President Zelensky called out the world’s largest food company for its continued relationship with Russia.

Anonymous announced the breach in a tweet on Tuesday:

“Hacker group Anonymous has released 10 GB of data from Swiss company Nestlé. This is the collective’s retaliation for continuing the company’s business in Russia.”

The group then posted an additional tweet with a link to the leaked information.

Nestle has defended its decision to remain in Russia, noting that it has made changes since the beginning of the conflict in Ukraine.

“We have significantly scaled back out activities in Russia: we have stopped all imports and exports from Russia, except for essential products,” a spokesperson said in a statement to CNN.

The company also claims that they are no longer making a profit from their activities in Russia.

The post Anonymous leaks 10GB of Nestle Data appeared first on IT Security Guru.

Okta has confirmed that they were hacked by LAPSUS$ ransomware group.

LAPSUS$ ransomware posted screenshots which they claimed were of Okta’s internal company environment yesterday. Today, the authentication services provider has updated a blog post confirming the breach:

“After a thorough analysis of these claims, we have concluded that a small percentage of customers — approximately 2.5% — have potentially been impacted and whose data may have been viewed or acted upon. We have identified those customers and are contacting them directly,” Okta CSO David Bradbury said.

2.5% equates to 375 of Okta’s customers.

“If you are an Okta customer and were impacted, we have already reached out directly by email,” Bradbury continued.

It’s believed that the incident took place in January 2022.

Investigation into the incident suggests that the shared screenshots were sourced from a support engineer’s laptop.

 

The post Okta confirms hack, 2.5% of customers affected appeared first on IT Security Guru.

A new phishing technique dubbed browser-in-the-browser (BitB) attack allows threat actors to simulate a browser window within a browser, spoofing a legitimate domain and initiating a convincing phishing attack.

A penetration tester and security researcher, known as mrd0x on Twitter, explained how the method takes advantage of third-party single sign-on (SSO) options on websites such as “Sign in with Google” (or Facebook, Apple, or Microsoft).

The default behaviour sign in methods such as these is to greet users with a pop-up window to complete the authentication process. BitB attacks aim to replicate this process using a mix  HTML and CSS code, presenting users with a fabricated browser window.

“Combine the window design with an iframe pointing to the malicious server hosting the phishing page, and it’s basically indistinguishable,” mrd0x said in a technical write-up published last week. “JavaScript can be easily used to make the window appear on a link or button click, on the page loading etc.”

The post New attack technique makes phishing near undetectable appeared first on IT Security Guru.

Several US authorities issued an alert warning of the threat to critical national infrastructure (CNI) providers from the AvosLocker ransomware group.

The group is a ransomware-as-a-service affiliate operation known for targeting financial services, manufacturing and government entities, as well as other sectors, the report indicated.

AvosLocker seems to be geographically indiscriminate, with some victims hailing from the US, Syria, Saudi Arabia, Germany, Spain, Belgium, Turkey, the United Arab Emirates, the UK, Canada, China and Taiwan.

The report, Indicators of Compromise Associated with AvosLocker Ransomware, was co-authored by the FBI, the Treasury and the latter’s Financial Crimes Enforcement Network (FinCEN).

The report was designed to help network defenders spot and mitigate the IoCs indicating an AvosLocker attack.

Many AvosLocker affiliates use double extortion techniques to force payment, some groups using the maware variant have taken a more proactive approach.

“In some cases, AvosLocker victims receive phone calls from an AvosLocker representative. The caller encourages the victim to go to the onion site to negotiate and threatens to post stolen data online,” the advisory said. “In some cases, AvosLocker actors will threaten and execute distributed denial-of-service (DDoS) attacks during negotiations.”

 

The post AvosLocker ransomware hits critical infrastructure appeared first on IT Security Guru.

The ultra-prolific ransomware group LAPSUS$ are now claiming to have breached Okta, an authentication services provider.

The report comes after the hackers posted what they claim to be screenshots of Okta’s internal company environment.

Thousands of companies rely on Okta to manage access to their networks and applications, making the possibility of a breach especially concerning.

The company was aware of the reports and was investigating, Okta official Chris Hollis said in a brief statement.

“We will provide updates as more information becomes available,” he added.

The screenshots were posted by a group of ransom-seeking hackers known as LAPSUS$ on their Telegram channel late on Monday. In an accompanying message, the group said its focus was “ONLY on Okta customers.”

LAPSUS$ has been especially active recently, claiming to have hit tech giants Samsung, Nvidia and Microsoft all in the last month.

Security researchers have told Reuters that the screenshots do seem to be legitimate.

Dan Tentler, the founder of cybersecurity consultancy Phobos Group, said he too believed the breach was real and urged Okta customers to be “very vigilant right now.”

In an email, Tentler added, “There are timestamps and dates visible in the screenshots indicating January 21st of this year, which suggests they may have had access for two months.”

The post LAPSUS$ claims to have breached Okta appeared first on IT Security Guru.