Your Tech Story

hackers

cyber attack

German airport websites hit by suspected cyber attack

A day after a significant IT malfunction at Lufthansa left thousands of travellers stuck, the webpages of seven German airports were reportedly targeted by a probable cyber attack on Thursday, according to the ADV airport organisation. Düsseldorf, Nuremberg, and Dortmund were among the airports that were impacted, although the websites for Germany’s three largest airports—Frankfurt, Munich, and Berlin—were unaffected.

cyber attack
Image Source: brecorder.com

Due to a technological malfunction, numerous German airport websites are no longer accessible. According to reports, the disruptions might be caused by cyber attack. The website issues have not interfered with airport operations, indicating that the IT problem appears to be limited to the online environment.

Also Read: Google Staff in Zurich Stage Walkout Over Job Cuts

Passengers will be impacted by further outages in the days ahead, particularly as other airports experience strikes. Even though websites occasionally experience problems and even go offline, it is unusual for several airport websites to do so at the same time.

It is assumed that these failures are the consequence of cyber attack directed at airport infrastructure given their proximity in time and form. None of these interruptions has, as of yet, affected airport operations. Before any flights are impacted by the outage, airport officials are working fast to address the problems and restore service to the websites.

The website breakdowns, which could cause operational hiccups in the upcoming days, occur just one day before a significant one-day walkout. A one-day airport employee strike has been organised for tomorrow, February 17, and will run the entire day.

Tourists are advised against flying tomorrow in Germany as the walkouts are expected to cause significant delays at airports throughout the nation. Tomorrow’s flights out of Frankfurt and Munich have been cancelled by Lufthansa due to the strikes, causing major issues and lost reservations for travellers.

On the list of airports where a strike is anticipated, DUS is the only one impacted by the website outage. Yet, the strike’s large number of cancelled flights will undoubtedly create a domino effect that will affect almost all German airports.

For the next few days, this will cause airline disruptions across the nation and many neighbouring nations. The only thing that will fuel this upcoming storm is the website outages.

Also Read: Elon Musk Forced Algorithm Change to Help Boost His Tweets

The airports hit by the website disruptions are not the only ones this week to experience such setbacks. An IT issue on February 15, had a significant impact on the operations of the Lufthansa Group. All of the company’s airlines had delays as a result of the malfunction.

Frankfurt Airport (FRA) was closed to all arrivals as a result of the inconvenience. This resulted in the cancellation of thousands of flights and hundreds of travellers’ travel plans. With all the flight cancellations and delays, the German air transit business is heading towards what appears to be a weekend to remember.

Twitter

What Does Twitter 200 Million User Email Leak Actually Mean?

Researchers say that after reports surfaced at the end of 2022 that hackers were peddling data stolen from 400 million Twitter users, a widely publicized collection of email addresses linked to about 200 million users is likely a refined version of the larger collection with duplicate entries removed.

Although Twitter is yet to respond to the extensive disclosure, the cache of information underlines the extent of the leak and who may be most at risk as a result of it

Twitter
Image Source: techradar.com

A weakness in a Twitter application programming interface, or API, existed from June 2021 to January 2022 and allowed attackers to send contact information, such as email addresses, and receive the corresponding Twitter account, if any, in response.

Attackers used the vulnerability to “scrape” data from the social network before it was fixed.

The issue exposed the connection between Twitter accounts, which are frequently pseudonymous, and the email addresses and phone numbers attached to them, potentially identifying users, even if it did not allow hackers to access passwords or other sensitive information like DMs.

The vulnerability appeared to have been used by numerous actors to create various data sets while it was active. The email addresses and phone numbers of roughly 5.4 million Twitter users were contained in one that has been going around in criminal forums since the summer.

The vast, recently discovered cache appears to simply include email addresses.

The chance that the data will be used to support phishing attacks, identity theft efforts, and other forms of personal targeting is nonetheless increased by its widespread distribution.

Twitter is by no means the first platform to make data available for mass scraping via an API fault, and in such cases, it is typical for there to be a misunderstanding regarding the number of distinct data troves that truly exist as a result of criminal exploitation.

However, these occurrences continue to be important because they strengthen the vast volume of user-related stolen data that already exists in the criminal ecosystem by providing more links and validation.

As a result of the API vulnerability, Twitter expressed concern in an email to users in August that their pseudonymous accounts might be connected to their real identities. The organization said in a statement, “If you operate a pseudonymous Twitter account, we understand the risks an incident like this can introduce and deeply regret that this happened.

To keep your identity as veiled as possible, we recommend not adding a publicly known phone number or email address to your Twitter account.”

However, the advice is too late for those who weren’t already linking their Twitter accounts to burner email addresses at the time of the scraping. The social network announced in August that it was informing those who might be impacted about the problem. In light of the hundreds of millions of records that were exposed, the corporation has not indicated if it will send out more notifications.

The Data Protection Commission of Ireland announced last month that it is looking into the event that resulted in the collection of 5.4 million users’ email and phone numbers. The US Federal Trade Commission is also looking into whether Twitter broke the terms of a “consent decree” that required the firm to strengthen its user privacy and data protection policies.

LastPass

LastPass Says Hackers Stole Customer’s Data and Passwords

LastPass has released a doozy of an update regarding a recent data breach. The company now claims that hackers were able to “copy a backup of customer vault data,” meaning they now theoretically have access to all of those passcodes if they can crack the stolen vaults.

LastPass
Image Source: forbes.com

LastPass has acknowledged that hackers stole user password vaults that were encrypted as well as other private information. This is the most recent information provided by the corporation concerning a security incident involving the theft of the platform’s source code, which was initially revealed in August 2022.

Once obtained, source code provides hackers with a better understanding of closed systems and increases a platform’s susceptibility to attacks. By first acquiring source code and technical information from the firm back in August, the hacker was able to gain access to LastPass.

The attacker then used the information they had obtained to hack a LastPass employee, steal their security codes, and access files stored on the company’s cloud storage service.

According to LastPass, it has reset all companywide corporate login credentials in reaction to the breach. Although LastPass does not expressly state this, it is obvious that users must take steps to protect their account information. Users are advised to update any passwords they have on the platform.

The company noted, “We are also performing an exhaustive analysis of every account with signs of any suspicious activity within our cloud storage service, adding additional safeguards within this environment.” There is, however, ample proof that not everyone uses the optimal password procedures. One’s entire data is at risk if they have an easily cracked master password.

Additionally, according to LastPass, the hackers would attempt to access users’ accounts by “phishing attacks, credential stuffing, or other brute force attacks”. Do not click on any links in emails requesting personal information that purport to be from LastPass. It is advised that one immediately change their master password if it is brief, simple to guess, or contains information about you that is readily available online to prevent additional account vulnerability.

The minimum suggested length for master passwords is 12 characters. Additionally, it is advised against using the master password on some other websites. LastPass asserts that users who have safe master passwords need not be concerned, but advises those who have not complied with the suggestions to “consider minimizing risk by changing passwords of websites you have stored.”

Concerned users may want to think about changing any important passwords kept in their vault and turning on two-factor authentication for the relevant online accounts. The CEO of the company, Karim Toubba, claimed in a new blog article that hackers got access to other “credentials and keys which were used to access and decrypt some storage volumes within the cloud-based storage service.”

The IP addresses from which clients were using the LastPass service, as well as corporate names, end-user identities, mailing addresses, email addresses, and phone numbers, were also stolen by hackers. The most alarming fact is that they were also able to “copy a backup of customer vault data from the encrypted storage container.”

Nvidia Hackers

190GB Of Data Allegedly Stolen From Samsung Leaked By Nvidia Hackers.

LAPSUS$, the hackers group responsible for the recent Nvidia data breach, claims to have hacked Samsung and stolen nearly 200GB of sensitive data.

The 190GB trove of exposed files includes source code for Samsung’s activation servers, bootloaders and biometric unlock algorithms for all recently released Samsung devices, and trusted applets for Samsung’s TrustZone environment. The leaked data is also thought to include Qualcomm’s confidential source code.

Members of the LAPSUS$ hackers group have claimed responsibility for the data breach, posting details of the data obtained in a Telegram channel and encouraging other members to “enjoy” the contents made available for Torrent download.

According to the message, the hackers also got “a variety of other data,” but the elements listed could put Samsung device users in immediate danger of being hacked or impersonated by cybercriminals.

Because the trusted applets (TA) source codes obtained by LAPSUS$ are installed in Samsung’s Trusted Execution Environment (TEE) known as TrustZone, the hackers – and anyone who has downloaded the Torrent files – may be able to bypass Samsung’s hardware cryptography, binary encryption, and access control.

Nvidia Hackers
Image source:

The total size of the leaked data is around 190GB, which LAPSUS$ divided into three compressed files, and the torrent has already been downloaded and shared by over 400 peers.

According to a Samsung spokesperson, the company “immediately after discovering the incident” took steps to strengthen its security system.

“According to our preliminary findings, the breach involves some source code related to Galaxy device operation, but no personal information about our customers or employees. At this time, we do not expect any impact on our business or customers. We’ve put safeguards in place to prevent future incidents, and we’ll continue to serve our customers as usual “, they had informed.

Source: www.itpro.co.uk

Qualcomm has yet to respond, and it’s unclear whether the hacking group had any demands for Samsung before leaking the private information.

Researchers discovered “severe” security flaws in a long line of Samsung flagship smartphones just weeks ago, which if exploited could allow attackers to steal cryptographic keys.

It also comes just five days after Nvidia confirmed that on February 26th, the LAPSUS$ hacking group successfully breached its systems and distributed 1TB of confidential company data, including security credentials for 71,000 former and current Nvidia employees.

The data was obtained through a double extortion scheme that entailed compromising a victim and stealing data before encrypting their machine, as well as threatening to leak the stolen data if the ransom is not paid. In the last year, the number of double extortion cases has increased, with one in every seven cases resulting in the loss of sensitive information.

It is worth noting that LAPSUS$’ attacks coincide with a spike in cyber warfare due to Russia’s invasion of Ukraine, yet the hacking group maintains that its actions are not politically motivated.

According to Matt Aldridge, principal solutions analyst at Carbonite and Webroot, “these gangs continue to be more inventive with the types of data and businesses they target,” similar to “most modern cyber attacks.”

“Given the high-profile nature of the victim, the hackers may have posted a message releasing Samsung’s data along with a snapshot of its source code in order to gain additional leverage in the event of a ransom demand. However, because the data breach has already occurred and the data has been exfiltrated, no ransom payment can ensure that all copies of the data are securely destroyed “, he said.