Categories
Cyber Security

SCUF Gaming retailer hacked to steal bank card information of 32,000 prospects

SCUF Gaming store hacked to steal credit card info of 32,000 customers

Picture: SCUF Gaming

SCUF Gaming Worldwide, a number one producer of customized PC and console controllers, is notifying prospects that its web site was hacked in February to plant a malicious script used to steal their bank card data.

SCUF Gaming makes high-performance and customised gaming controllers for PCs and consoles, utilized by each skilled and informal players

It has 118 granted patents and 52 different pending patent purposes overlaying key controller areas, together with the set off management mechanism, again management features and deal with, and extra.

Over 32,000 prospects impacted

SCUF Gaming prospects had been the victims of an online skimming (also called e-Skimming, digital skimming, or Magecart) assault.

Risk actors inject JavaScript-based scripts often known as bank card skimmers (aka Magecart scripts, cost card skimmers, or internet skimmers) into compromised on-line shops which permit them to reap and steal prospects’s cost and private information.

The attackers later promote it to others on hacking or carding boards or use it in numerous monetary or id theft fraud schemes.

On this case, the malicious script was deployed on SCUF Gaming’s on-line retailer after the attackers gained entry to the corporate’s backend on February third utilizing login credentials belonging to a third-party vendor.

Two weeks later, on February 18th, SCUF was alerted by its cost processor of bizarre exercise linked to bank cards used on its internet retailer.

The cost skimmer was detected and eliminated one month later, on March sixteenth, following what the corporate calls “a rigorous investigation in partnership with third-party forensic specialists.”

“Our investigation has decided that orders processed through PayPal weren’t compromised and that the incident was restricted to funds or tried funds through bank card between February third and March sixteenth,” SCUF Gaming says in breach notification letters despatched to affected people.

“The possibly uncovered information was restricted to cardholder identify, e mail tackle, billing tackle, bank card quantity, expiration date, and CVV.”

Whereas the corporate did not disclose the variety of impacted individuals within the notification letters, it informed the Workplace of the Maine Lawyer Normal that 32,645 people had been affected in complete.

Clients warned to observe their financial institution accounts

SCUF Gaming additionally emailed customers in May to warn them that their bank card data could have been uncovered in a knowledge breach and ask them to observe their financial institution accounts for suspicious exercise.

“This communication doesn’t imply that fraud did or will happen in your cost card account,” SCUF Gaming informed affected prospects at this time.

“It’s best to monitor your account and notify your card supplier of any uncommon or suspicious exercise. As a precaution, chances are you’ll want to request a brand new cost card quantity out of your supplier.”

On April tenth, SCUF Gaming disclosed another data breach after exposing an “inner growth database” containing over 1.1 million buyer information with private and cost data.

A SCUF Gaming spokesperson was not instantly obtainable for remark when contacted by BleepingComputer earlier at this time.

Source link

Categories
Cyber Security

Intuit warns QuickBooks prospects of ongoing phishing assaults

Intuit warns QuickBooks customers of ongoing phishing attacks

Intuit has warned QuickBooks prospects that they’re focused by an ongoing phishing marketing campaign impersonating the corporate and making an attempt to lure potential victims with faux renewal costs.

The corporate stated it acquired experiences from prospects that they had been emailed and advised that their QuickBooks plans had expired.

“This e mail didn’t come from Intuit. The sender shouldn’t be related to Intuit, shouldn’t be a licensed agent of Intuit, neither is their use of Intuit’s manufacturers licensed by Intuit,” Intuit defined.

The monetary software program agency advises all prospects who acquired one in every of these phishing messages to not click on any hyperlinks embedded within the emails or open attachments.

Intuit QuickBooks phishing email
Intuit QuickBooks phishing e mail (Intuit)

The really helpful solution to take care of them is to delete them to keep away from being contaminated with malware or redirected to a phishing touchdown web page designed to reap credentials.

Clients who’ve already opened attachments or clicked hyperlinks within the phishing emails ought to:

  1. Delete any downloaded recordsdata instantly.
  2. Scan their techniques utilizing an up-to-date anti-malware answer.
  3. Change their passwords.

Intuit additionally supplies info on how prospects can shield themselves from phishing makes an attempt on its support website.

QuickBooks prospects additionally focused by scammers

In July, Intuit additionally alerted its prospects of phishing emails, asking them to name a telephone quantity to improve to QuickBooks 2021 till the top of the month to keep away from having their databases corrupted or firm backup recordsdata eliminated robotically.

BleepingComputer discovered related emails despatched to Intuit prospects this month, utilizing a really related template with the improve deadline modified to the top of October.

Whereas Intuit did not clarify how the improve scheme labored, from BleepingComputer’s earlier encounters with related rip-off makes an attempt, the scammers will try to take over the callers’ QuickBooks accounts.

To do this, they ask the victims to put in distant entry software program like TeamViewer or AnyDesk whereas posing as QuickBooks help workers.

Subsequent, they join and ask the victims to supply the data wanted to reset their QuickBooks password and take over their accounts to siphon their cash by making funds of their names.

If the victims even have two-factor authentication enabled, the scammers will ask for the one-time authorization code they should go forward with the improve.

QuickBooks deadline scam
QuickBooks improve deadline rip-off e mail (BleepingComputer)

Copyright scams and account takeover assaults

In addition to these two energetic campaigns, Intuit can also be being impersonated by different menace actors in a faux copyright phishing rip-off, as SlickRockWeb CEO Eric Ellason said today.

Recipients focused by these emails danger infecting themselves with the Hancitor (aka Chanitor) malware downloader or have Cobalt Strike beacons deployed on their techniques.

The embedded hyperlinks ship the potential victims by way of superior redirection chains utilizing varied safety evasion ways and sufferer fingerprinting malspam.

In June, Intuit additionally notified TurboTax prospects that a few of their private and monetary data was accessed by attackers following a series of account takeover attacks. The corporate additionally stated that that was not a “systemic knowledge breach of Intuit.”

The corporate’s investigation revealed that the attackers used credentials obtained from “a non-Intuit supply” to entry the shoppers’ accounts and their identify, Social Safety quantity, deal with(es), date of start, driver’s license quantity, monetary info, and extra.

TurboTax prospects had been focused in at the least three different account takeover assault campaigns in 2014/2015 and 2019.



Source link

Categories
Cyber Security

Hackers rob 1000’s of Coinbase prospects utilizing MFA flaw

Coinbase
Supply: Coinbase

Crypto change Coinbase disclosed {that a} menace actor stole cryptocurrency from 6,000 prospects after utilizing a vulnerability to bypass the corporate’s SMS multi-factor authentication safety characteristic.

Coinbase is the world’s second-largest cryptocurrency change, with roughly 68 million customers from over 100 international locations.

In a notification despatched to affected prospects this week, Coinbase explains that between March and Might twentieth, 2021, a menace actor carried out a hacking marketing campaign to breach Coinbase buyer accounts and steal cryptocurrency.

To conduct the assault, Coinbase says the attackers wanted to know the client’s e mail deal with, password, and cellphone quantity related to their Coinbase account and have entry to the sufferer’s e mail account.

Whereas it’s unknown how the menace actors gained entry to this data, Coinbase believes it was by means of phishing campaigns targeting Coinbase customers to steal account credentials, which have turn into widespread. Moreover, banking trojans historically used to steal on-line financial institution accounts are additionally known to steal Coinbase accounts.

MFA bug allowed entry to accounts

Even when a hacker has entry to a Coinbase buyer’s credentials and e mail account, they’re usually prevented from logging into an account if a buyer has multi-factor authentication enabled.

In Coinbase’s guide on securing accounts, they suggest enabling multi-factor (MFA) authentication using safety keys, Time-based One Time Passwords (TOTP) with an authenticator app, or as a final resort, SMS textual content messages.

Nevertheless, Coinbase states a vulnerability existed of their SMS account restoration course of, permitting the hackers to realize the SMS two-factor authentication token wanted to entry a secured account.

“Even with the knowledge described above, extra authentication is required with a purpose to entry your Coinbase account,” defined a Coinbase notification to prospects seen by BleepingComputer.

“Nevertheless, on this incident, for patrons who use SMS texts for two-factor authentication, the third occasion took benefit of a flaw in Coinbase’s SMS Account Restoration course of with a purpose to obtain an SMS two-factor authentication token and acquire entry to your account.”

As soon as they realized of the assault, Coinbase states that they mounted the “SMS Account Restoration protocols” to forestall any additional bypassing of SMS multi-factor authentication.

Because the menace actor additionally had full entry to an account, prospects’ private data was additionally uncovered, together with their full title, e mail deal with, residence deal with, date of start, IP addresses for account exercise, transaction historical past, account holdings, and balances.

Because the Coinbase bug allowed menace actors to entry what have been believed to be secured accounts, the change is depositing funds in affected accounts equal to the stolen quantity.

“We will likely be depositing funds into your account equal to the worth of the foreign money improperly eliminated out of your account on the time of the incident. Some prospects have already been reimbursed — we’ll guarantee all prospects affected obtain the complete worth of what you misplaced. It’s best to see this mirrored in your account no later than right now,” promised Coinbase.

It’s not clear if Coinbase will likely be crediting hacked prospects with the cryptocurrency that was stolen or fiat foreign money. If fiat foreign money, it might result in a taxable occasion for the victims if that they had a rise in earnings.

Prospects who have been affected by this assault can contact Coinbase at (844) 613-1499 to be taught extra about what’s being accomplished.

Coinbase shared the next assertion once we requested extra details about the assaults. Nevertheless, they didn’t present any additional data on the SMS MFA flaw that they mounted.

“Between late April and early Might, 2021, the Coinbase safety workforce noticed a large-scale phishing marketing campaign that confirmed explicit success in bypassing the spam filters of sure, older e mail companies. We took instant motion to mitigate the impression of the marketing campaign by working with exterior companions to take away phishing websites as they have been recognized, in addition to notifying the e-mail suppliers impacted. Sadly we imagine, though can not conclusively decide, that some Coinbase prospects could have fallen sufferer to the phishing marketing campaign and turned over their Coinbase credentials and the cellphone numbers verified of their accounts to attackers. As soon as the attackers had compromised the person’s e mail inbox and their Coinbase credentials, in a small variety of circumstances they have been in a position to make use of that data to impersonate the person, obtain an SMS two-factor authentication code, and acquire entry to the Coinbase buyer account. We instantly mounted the flaw and have labored with these prospects to regain management of their accounts and reimburse them for the funds they misplaced. These large-scale, subtle phishing assaults are on the rise, and we strongly suggest anybody that makes use of on-line monetary companies to stay vigilant and take the mandatory steps to guard their on-line id.” – Coinbase spokesperson.

What Coinbase victims ought to do

Because the assault required the password of each a buyer’s Coinbase and e mail account, it’s strongly really useful that victims change their passwords instantly.

Coinbase additionally recommends customers swap to a safer MFA methodology, reminiscent of a {hardware} safety key or an authentication app.

Lastly, victims needs to be looking out for future focused phishing emails or SMS texts that try and steal credentials utilizing data uncovered within the breach.

This isn’t the primary time a bug in Coinbase’s MFA system brought on points for his or her prospects.

In August, Coinbase by accident alerted 125,000 customers that their 2FA settings had been changed, inflicting panic amongst these receiving the alert.

BleepingComputer has contacted Coinbase with additional questions relating to this assault however has not heard again at the moment.

Replace 10/1/21 11:49 AM EST: Added assertion from Coinbase and hyperlink to a latest weblog in regards to the phishing assaults.
Replace 10/1/21 12:26 PM EST: Added cellphone quantity for patrons impacted by the assaults to search out extra data.



Source link

Categories
Cyber Security

Hackers rob hundreds of Coinbase clients utilizing MFA flaw

Coinbase
Supply: Coinbase

Crypto change Coinbase disclosed {that a} risk actor stole cryptocurrency from 6,000 clients after utilizing a vulnerability to bypass the corporate’s SMS multi-factor authentication safety function.

Coinbase is the world’s second-largest cryptocurrency change, with roughly 68 million customers from over 100 international locations.

In a notification despatched to affected clients this week, Coinbase explains that between March and Might twentieth, 2021, a risk actor carried out a hacking marketing campaign to breach Coinbase buyer accounts and steal cryptocurrency.

To conduct the assault, Coinbase says the attackers wanted to know the shopper’s e-mail handle, password, and telephone quantity related to their Coinbase account and have entry to the sufferer’s e-mail account.

Whereas it’s unknown how the risk actors gained entry to this info, Coinbase believes it was by means of phishing campaigns targeting Coinbase customers to steal account credentials, which have grow to be frequent. Moreover, banking trojans historically used to steal on-line financial institution accounts are additionally known to steal Coinbase accounts.

MFA bug allowed entry to accounts

Even when a hacker has entry to a Coinbase buyer’s credentials and e-mail account, they’re usually prevented from logging into an account if a buyer has multi-factor authentication enabled.

In Coinbase’s guide on securing accounts, they suggest enabling multi-factor (MFA) authentication using safety keys, Time-based One Time Passwords (TOTP) with an authenticator app, or as a final resort, SMS textual content messages.

Nevertheless, Coinbase states a vulnerability existed of their SMS account restoration course of, permitting the hackers to achieve the SMS two-factor authentication token wanted to entry a secured account.

“Even with the data described above, further authentication is required as a way to entry your Coinbase account,” defined a Coinbase notification to clients seen by BleepingComputer.

“Nevertheless, on this incident, for purchasers who use SMS texts for two-factor authentication, the third get together took benefit of a flaw in Coinbase’s SMS Account Restoration course of as a way to obtain an SMS two-factor authentication token and achieve entry to your account.”

As soon as they realized of the assault, Coinbase states that they fastened the “SMS Account Restoration protocols” to stop any additional bypassing of SMS multi-factor authentication.

Because the risk actor additionally had full entry to an account, clients’ private info was additionally uncovered, together with their full identify, e-mail handle, residence handle, date of start, IP addresses for account exercise, transaction historical past, account holdings, and balances.

Because the Coinbase bug allowed risk actors to entry what had been believed to be secured accounts, the change is depositing funds in affected accounts equal to the stolen quantity.

“We shall be depositing funds into your account equal to the worth of the forex improperly eliminated out of your account on the time of the incident. Some clients have already been reimbursed — we are going to guarantee all clients affected obtain the total worth of what you misplaced. It is best to see this mirrored in your account no later than at present,” promised Coinbase.

It isn’t clear if Coinbase shall be crediting hacked clients with the cryptocurrency that was stolen or fiat forex. If fiat forex, it might result in a taxable occasion for the victims if that they had a rise in earnings.

Clients who had been affected by this assault can contact Coinbase at (844) 613-1499 to be taught extra about what’s being accomplished.

Coinbase shared the next assertion once we requested extra details about the assaults. Nevertheless, they didn’t present any additional data on the SMS MFA flaw that they fastened.

“Between late April and early Might, 2021, the Coinbase safety crew noticed a large-scale phishing marketing campaign that confirmed specific success in bypassing the spam filters of sure, older e-mail providers. We took rapid motion to mitigate the influence of the marketing campaign by working with exterior companions to take away phishing websites as they had been recognized, in addition to notifying the e-mail suppliers impacted. Sadly we consider, though can’t conclusively decide, that some Coinbase clients could have fallen sufferer to the phishing marketing campaign and turned over their Coinbase credentials and the telephone numbers verified of their accounts to attackers. As soon as the attackers had compromised the consumer’s e-mail inbox and their Coinbase credentials, in a small variety of instances they had been ready to make use of that info to impersonate the consumer, obtain an SMS two-factor authentication code, and achieve entry to the Coinbase buyer account. We instantly fastened the flaw and have labored with these clients to regain management of their accounts and reimburse them for the funds they misplaced. These large-scale, subtle phishing assaults are on the rise, and we strongly suggest anybody that makes use of on-line monetary providers to stay vigilant and take the required steps to guard their on-line id.” – Coinbase spokesperson.

What Coinbase victims ought to do

Because the assault required the password of each a buyer’s Coinbase and e-mail account, it’s strongly beneficial that victims change their passwords instantly.

Coinbase additionally recommends customers swap to a safer MFA technique, reminiscent of a {hardware} safety key or an authentication app.

Lastly, victims ought to be looking out for future focused phishing emails or SMS texts that try and steal credentials utilizing info uncovered within the breach.

This isn’t the primary time a bug in Coinbase’s MFA system brought about points for his or her clients.

In August, Coinbase unintentionally alerted 125,000 customers that their 2FA settings had been changed, inflicting panic amongst these receiving the alert.

BleepingComputer has contacted Coinbase with additional questions relating to this assault however has not heard again presently.

Replace 10/1/21 11:49 AM EST: Added assertion from Coinbase and hyperlink to a latest weblog concerning the phishing assaults.
Replace 10/1/21 12:26 PM EST: Added telephone quantity for purchasers impacted by the assaults to search out extra info.



Source link

Categories
Cyber Security

Hydra Android trojan marketing campaign targets prospects of European banksSecurity Affairs

Specialists warn of a brand new Hydra banking trojan marketing campaign concentrating on European e-banking platform customers, together with the shoppers of Commerzbank.  

Specialists warn of a malware marketing campaign concentrating on European e-banking platform customers with the Hydra banking trojan. In keeping with malware researchers from the MalwareHunterTeam and Cyble, the brand new marketing campaign primarily impacted the shoppers of Commerzbank, Germany’s second-largest financial institution.  Hydra is an Android Banking Bot that has been lively a minimum of since early 2019.

Risk actors arrange a web page posing because the official CommerzBank web page and registered a number of domains on the identical IP (91.214.124[.]225). Crooks used the faux web site to unfold the contaminated CommerzBank apps.

Hydra Malware Phishing campaign

In keeping with Cyble researchers, Hydra continues to evolve, the variants employed within the current marketing campaign incorporates TeamViewer performance, just like S.O.V.A. Android banking Trojan, and leverages completely different encryption methods to evade detection together with using Tor for communication. The brand new model can be in a position to disable the Play Defend Android safety function.

The consultants warn that the malware requests for 2 extraordinarily harmful permissions, BIND_ACCESSIBILITY_PERMISSION and BIND_DEVICE_ADMIN.

The Accessibility Service is a background service that aids customers with disabilities, whereas BIND_ACCESSIBILITY_SERVICE permission permits the app to entry the Accessibility Service.

“Malware authors abuse this service to intercept and monitor all actions taking place on the gadget’s display. For instance, utilizing Accessibility Service, malware authors can intercept the credentials entered on one other app.” states the analysis printed by Cyble. “BIND_DEVICE_ADMIN is a permission that permits faux apps to get admin privileges on the contaminated gadget. Hydra can abuse this permission to lock the gadget, modify or reset the display lock PIN, and many others.”

The malware asks different permissions to hold out malicious actions equivalent to entry SMS content material, ship SMSs, carry out calls, modify gadget settings, spy on person actions, ship bulk SMSs to sufferer’s contacts:

Permission Identify Description
CHANGE_WIFI_STATE Modify Machine’s Wi-Fi settings
READ_CONTACTS Entry to cellphone contacts
READ_EXTERNAL_STORAGE Entry gadget exterior storage
WRITE_EXTERNAL_STORAGE Modify gadget exterior storage
READ_PHONE_STATE Entry cellphone state and knowledge
CALL_PHONE Carry out name with out person intervention
READ_SMS Entry person’s SMSs saved within the gadget
REQUEST_INSTALL_PACKAGES Set up functions with out person interplay
SEND_SMS Permits the app to ship SMS messages
SYSTEM_ALERT_WINDOW Permits the show of system alerts over different apps

The evaluation of the code revealed that numerous courses are lacking within the APK file. The malicious code makes use of a customized packer to evade signature-based detection.

“We have additionally noticed that the malware authors of Hydra are incorporating new know-how to steal info and cash from its victims. Alongside these options, the current trojans have integrated subtle options. We noticed the brand new variants have TeamViewer or VNC performance and TOR for communication, which exhibits that TAs are enhancing their TTPs.” concludes Cyble.

“Based mostly on this sample that now we have noticed, malware authors are always including new options to the banking trojans to evade detection by safety software program and to entice cybercriminals to purchase the malware. To guard themselves from these threats, customers ought to solely set up functions from the official Google Play Retailer.”Observe me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, Hydra)






Source link

Categories
Cyber Security

Coinbase says hackers stole cryptocurrency from no less than 6,000 clients

Oct 1 (Reuters) – Hackers stole from the accounts of no less than 6,000 clients of Coinbase World Inc (COIN.O), in keeping with a breach notification letter despatched by the cryptocurrency trade to affected clients.

The hack happened between March and Could 20 of this yr, in keeping with a copy of the letter posted on the web site of California’s Lawyer Common.

Unauthorized third events exploited a flaw within the firm’s SMS account restoration course of to realize entry to the accounts, and switch funds to crypto wallets not related to Coinbase, the corporate mentioned.

“We instantly mounted the flaw and have labored with these clients to regain management of their accounts and reimburse them for the funds they misplaced,” a Coinbase spokesperson mentioned on Friday.

The hackers wanted to know the e-mail addresses, passwords and cellphone numbers linked to the affected Coinbase accounts, and have entry to private emails, the corporate mentioned.

Coinbase mentioned there was no proof to counsel the knowledge was obtained from the corporate.

Information of the hack was earlier reported by expertise information portal Bleeping Pc.

Reporting by Niket Nishant in Bengaluru; Modifying by Shounak Dasgupta

Our Requirements: The Thomson Reuters Trust Principles.

Source link

Categories
Uncategorized

MFA Glitch Results in 6K+ Coinbase Prospects Getting Robbed

Coinbase suspects phishing led to attackers getting private particulars wanted to entry wallets but in addition blamed a flaw in its SMS-based 2FA.

Source link