(SILICONE VALLEY, Calif.) Private Data Report: A user in a low level hacking forum on Saturday published the phone numbers and personal data of hundreds of millions of Facebook users for free online #AceSecurityDesk report

#AceSecurityReport – Apr.05: The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses:

533 million Facebook users’ phone numbers and personal data have been leaked online: ‘Insider reviewed a sample of the leaked data and verified several records by matching known Facebook users’ phone numbers with the IDs listed in the data set. We also verified records by testing email addresses from the data set in Facebook’s password reset feature, which can be used to partially reveal a user’s phone number According a Facebook spokesperson told Insider that the data was scraped due to a vulnerability that the company patched in 2019.

2021-04-03T14:41:27Z

  • The personal data of over 500 million Facebook users has been posted online in a low-level hacking forum.
  • The data includes phone numbers, full names, location, email address, and biographical information.
  • Security researchers warn that the data could be used by hackers to impersonate people and commit fraud.

While a couple of years old, the leaked data could provide valuable information to cybercriminals who use people’s personal information to impersonate them or scam them into handing over login credentials, according to Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, who first discovered the entire trough of leaked data online on Saturday.

“A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks [or] hacking attempts,” Gal told Insider.

Gal first discovered the leaked data in January when a user in the same hacking forum advertised an automated bot that could provide phone numbers for hundreds of millions of Facebook users in exchange for a price. Motherboard reported on that bot’s existence at the time and verified that the data was legitimate.

Now, the entire dataset has been posted on the hacking forum for free, making it widely available to anyone with rudimentary data skills.

—Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021

Insider attempted to reach the leaker through messaging app Telegram but did not get a response.

This is not the first time that a huge number of Facebook users’ phone numbers have been found exposed online. The vulnerability that was uncovered in 2019 allowed millions of people’s phone numbers to be scraped from Facebook’s servers in violation of its terms of service. Facebook said that vulnerability was patched in August 2019. 

Facebook previously vowed to crack down on mass data-scraping after Cambridge Analytica scraped the data of 80 million users in violation of Facebook’s terms of service to target voters with political ads in the 2016 election.

Gal said that, from a security standpoint, there’s not much Facebook can do to help users affected by the breach since their data is already out in the open — but he added that Facebook could notify users so they could remain vigilant for possible phishing schemes or fraud using their personal data.

“Individuals signing up to a reputable company like Facebook are trusting them with their data and Facebook [is] supposed to treat the data with utmost respect,” Gal said. “Users having their personal information leaked is a huge breach of trust and should be handled accordingly.”

#AceSecurityDesk report ……….Published: Apr.05: 2021:

Editor says #AceNewsDesk reports by https://t.me/acenewsdaily and all our posts, also links can be found at here for Twitter and Live Feeds https://acenewsroom.wordpress.com/ and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

#california, #cyberattack, #data, #hacked

(CALIFORNIA) Ace Security Report: Microsoft users are being targeted with thousands of phishing emails, in an ongoing attack aiming to steal their Office 365 credentials by leveraging ‘ Fake CAPTCHA’ system #AceSecurityDesk report

#AceSecurityReport – Mar.11: The attackers add an air of legitimacy to the campaign by leveraging a fake Google reCAPTCHA system and top-level domain landing pages that include the logos of victims’ companies:

microsoft office 365 phishing attack

Fake Google reCAPTCHA Phishing Attack Swipes Office 365 Passwords: According to researchers, at least 2,500 such emails have been unsuccessfully sent to senior-level employees in the banking and IT sector, over the past three months. The emails first take recipients to a fake Google reCAPTCHA system page. Google reCAPTCHA is a servicethat helps protect websites from spam and abuse, by using a Turing test to tell humans and bots apart (through asking a user to click on a fire hydrant out of a series of images, for instance).

March 8, 2021 12:04 pm

A phishing attack targeting Microsoft users leverages a bogus Google reCAPTCHA system.

Microsoft users are being targeted with thousands of phishing emails, in an ongoing attack aiming to steal their Office 365 credentials. The attackers add an air of legitimacy to the campaign by leveraging a fake Google reCAPTCHA system and top-level domain landing pages that include the logos of victims’ companies.

“The attack is notable for its targeted aim at senior business leaders with titles such as Vice President and Managing Director who are likely to have a higher degree of access to sensitive company data,” said researchers with Zscaler’s ThreatLabZ security research team on Friday. “The aim of these campaigns is to steal these victims’ login credentials to allow threat actors access to valuable company assets.”

Fake Phishing Emails: Voicemail Attachments

The phishing emails pretend to be automated emails from victims’ unified communications tools, which say that they have a voicemail attachment. For instance, one email tells users that “(503) ***-6719 has left you a message 35 second(s) long on Jan 20” along with a lone attachment that’s titled “vmail-219.HTM.” Another tells email recipients to “REVIEW SECURE DOCUMENT.”

phishing attack microsoft

The phishing email sample. Credit: Zscaler

When the victims click on the attachment, they then encounter the fake Google reCAPTCHA screen, which contains a typical reCAPTCHA box – featuring a checkbox that the user must click that says “I’m not a robot,” which then triggers the turing test.

After filling out the fake reCAPTCHA system, victims are then directed to what appears to be a Microsoft login screen. The login pages also contain different logos from the companies which victims work at – such as one containing a logo from software company ScienceLogic and another from office rental company BizSpace. This reveals that attackers have done their homework and are customizing their phishing landing pages to fit their victims’ profile, in order to make the attack appear more legitimate.

Victims are asked to input their credentials into the system; once they do so, a message tells them that the validation was “successful” and that they are being redirected.

phishing microsoft

The phishing landing page mimics Microsoft’s login page. Credit: Zscaler

“After giving the login credentials, the phishing campaign will show a fake message that says ‘Validation successful,’” said researchers. “Users are then shown a recording of a voicemail message that they can play, allowing threat actors to avoid suspicion.”

Researchers found a variety of phishing pages associated with the campaign, which were hosted using generic top level domains such as .xyz, .club and .online. These top level domains are typically utilized by cybercriminals in spam and phishing attacks. That’s because they can be purchased for less than $1 each – a low price for adding a level of believability to phishing campaigns.

More Phishing Attacks on Fake Google reCAPTCHA Tactic

microsoft phishing attack

Credit: Zscaler

Adversaries have been leveraging bogus reCAPTCHA systems in their attacks for years. For instance, in 2019, a malware campaign targeted a Polish bank and its users with emails containing a link to a malicious PHP file, which eventually downloaded the BankBot malware onto victims’ systems. The attackers used a fake Google reCAPTCHA system to seem more realistic.

Another phishing attack in February purported to be sent from a voicemail service and contained a link to play the voice message “Play Audi Date.wav,” eventually redirecting victims to a malicious site with a reCAPTCHA message.

Both of the above examples show that reCAPTCHA continues to be used in phishing attacks, as the tactic successfully adds legitimacy to the attack: “Similar phishing campaigns utilizing fake Google reCAPTCHAs have been observed for several years, but this specific campaign targeting executives across specific industry verticals started in December 2020,” noted researchers.

Microsoft Office 365 users have faced several sophisticated phishing attacks and scams over the past few months. In October, researchers warned of a phishing campaign that pretends to be an automated message from Microsoft Teams. In reality, the attack aimed to steal Office 365 recipients’ login credentials. Also in October, an Office365 credential-phishing attack targeted the hospitality industry, using visual CAPTCHAs to avoid detection and appear legitimate. Phishing attackers have also adopted new tactics like Google Translate or  custom fonts to make the scams seem more legitimate.

Share this article:

#AceSecurityDesk report …….Published: Mar.11: 2021:

Editor says #AceNewsDesk reports by https://t.me/acenewsdaily and all our posts, also links can be found at here for Twitter and Live Feeds https://acenewsroom.wordpress.com/ and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

#captcha, #google, #microsoft, #phishing

(CHILE) JUST IN: Chilean Bank ‘ Banco Estado ‘ has shut-down all its branches on Monday after a ‘ Ransomware Attack ‘ over the weekend they said in a statement on their twitter account #AceSecurityDesk report

#AceSecurityReport – Sept.08: BancoEstado, one of Chile’s three biggest banks, was forced to shut down all branches on Monday following a ransomware attack that took place over the weekend. From a report: “Our branches will not be operational and will remain closed today,” the bank said in a statement published on its Twitter account on Monday:

Chilean bank suffers ‘ Ransomware ‘ attack over the weekend causing shut-down of all of its branches on Monday according to a tweet ZNet,Com/

Details about the attack have not been made public, but a source close to the investigation told ZDNet that the bank’s internal network was infected with the REvil (Sodinokibi) ransomware: The incident is currently being investigated as having originated from a malicious Office document received and opened by an employee. The malicious Office file is believed to have installed a backdoor on the bank’s network:

All BancoEstado branches will remain closed on Monday, September 7, and possibly more days.

September.07, 2020 — 16:31 GMT (17:31 BST)

“Our branches will not be operational and will remain closed today,” the bank said in a statement published on its Twitter account on Monday.

Información importante sobre nuestra red de atención pic.twitter.com/CfFeb9tCzK

— BancoEstado (@BancoEstado) September 7, 2020

Details about the attack have not been made public, but a source close to the investigation told ZDNet that the bank’s internal network was infected with the REvil (Sodinokibi) ransomware: The incident is currently being investigated as having originated from a malicious Office document received and opened by an employee. The malicious Office file is believed to have installed a backdoor on the bank’s network.

Investigators believe that on the night between Friday and Saturday, hackers used this backdoor to access the bank’s network and install ransomware: Bank employees working weekend shifts discovered the attack when they couldn’t access their work files on Saturday.

‘ BancoEstado reported the incident to Chilean police, and on the same day, the Chilean government sent out a nationwide cyber-security alert warning about a ransomware campaign targeting the private sector ‘

While initially, the bank hoped to recover from the attack unnoticed, the damage was extensive, according to sources, with the ransomware encrypting the vast majority of internal servers and employee workstations: The bank initially disclosed the attack on Sunday, but as time went by, bank officials realized employees wouldn’t be able to work on Monday, and decided to keep branches closed, while they recover:

#AceSecurityDesk report ………..Published: Sept.08: 2020:

Editor says #AceNewsDesk reports by https://t.me/acenewsdaily and all our posts, also links can be found at here for Twitter and Live Feeds https://acenewsroom.wordpress.com/ and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

(BEIJING, China.) Great Firewall Report: Government ‘ BLOCKS ALL ENCRYPTED HTTPS + TLS1.3+ESNI CONNECTIONS ‘ from ‘ End of July ‘ according to iYouPort and the University of Maryland #AceSecurityDesk report

#AceSecurityReport – Aug.13: The Chinese government has deployed an update to its national censorship tool, known as the Great Firewall (GFW), to block encrypted HTTPS connections that are being set up using modern, interception-proof protocols and technologies: The ban has been in place for at least a week, since the end of July, according to a joint report published this week by three organisations tracking Chinese censorship — iYouPort, the University of Maryland, and the Great Firewall Report

China is now blocking all encrypted HTTPS traffic that uses TLS 1.3 and ESNI

The block was put in place at the end of July and is enforced via China’s Great Firewall.

Catalin Cimpanu August.08: 2020 — 18:04 GMT (19:04 BST) ZDNet.Com/

China now blocking HTTPS+TLS1.3+ESNI: Through the new GFW update, Chinese officials are only targeting HTTPS traffic that is being set up with new technologies like TLS 1.3 and ESNI (Encrypted Server Name Indication)

Other HTTPS traffic is still allowed through the Great Firewall, if it uses older versions of the same protocols — such as TLS 1.1 or 1.2, or SNI (Server Name Indication) For HTTPS connections set up via these older protocols, Chinese censors can infer to what domain a user is trying to connect. This is done by looking at the (plaintext) SNI field in the early stages of an HTTPS connections: In HTTPS connections set up via the newer TLS 1.3, the SNI field can be hidden via ESNI, the encrypted version of the old SNI. As TLS 1.3 usage continues to grow around the web, HTTPS traffic where TLS 1.3 and ESNI is used is now giving Chinese sensors headaches, as they’re now finding it harder to filter HTTPS traffic and control what content the Chinese population can access:

tls13-stats.pngImage: Qualys SSL Labs (via SixGen)

Per the findings of the joint report: TheChinese government is currently dropping all HTTPS traffic where TLS 1.3 and ESNI are used, and temporarily banning the IP addresses involved in the connection, for small intervals of time that can vary between two and three minutes:

Some circumvention methods exist… for now

For now, iYouPort, the University of Maryland, and the Great Firewall Report said they were able to find six circumvention techniques that can be applied client-side (inside apps and software) and four that can be applied server-side (on servers and app backends) to bypass the GFW’s current block: “Unfortunately, these specific strategies may not be a long-term solution: as the cat and mouse game progresses, the Great Firewall will likely to continue to improve its censorship capabilities,” the three organizations also added.

ZDNet also confirmed the report’s findings with two additional sources — namely members of a US telecommunications provider and an internet exchange point (IXP) — using instructions provided in this mailing list.

Article updated to clarify some technical terms.

#AceSecurityDesk report …………Published: Aug.13: 2020:

Editor says #AceNewsDesk reports by https://t.me/acenewsdaily and all our posts, also links can be found at here for Twitter and Live Feeds https://acenewsroom.wordpress.com/ and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

#AceSecurityReport Google+ to shut down after security bug open since 2015 exposes ‘ Private Data ‘ shared with third-part-developers that affects up to half a million users: Q./ Who keeps all your original data locked up in those massive computers even after you download a copy ? and its their ‘ Third Party Developers ‘ and was in so many cases connected via gmail #AceNewsDesk reports

#AceNewsReport – Oct.09: The Hacker News: reveals that Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users’ Data: Google is going to shut down its social media network Google+ after the company suffered a massive data breach that exposed the private data of hundreds of thousands of Google Plus users to third-party developers #AceNewsDesk reports
google plus account hacked
According to the tech giant, a security vulnerability in one of Google+’s People APIs allowed third-party developers to access data for more than 500,000 users, including their usernames, email addresses, occupation, date of birth, profile photos, and gender-related information: Since Google+ servers do not keep API logs for more than two weeks, the company cannot confirm the number of users impacted by the vulnerability.

However, Google assured its users that the company found no evidence that any developer was aware of this bug, or that the profile data was misused by any of the 438 developers that could have had access: “However, we ran a detailed analysis over the two weeks prior to patching the bug, and from that analysis, the Profiles of up to 500,000 Google+ accounts were potentially affected. Our analysis showed that up to 438 applications may have used this API,” Google said in blog post published today: The vulnerability was open since 2015 and fixed after Google discovered it in March 2018, but the company chose not to disclose the breach to the public—at the time when Facebook was being roasted for https://acenewsservices.wordpress.com/2018/04/05/california-cambridgeanalytica-facebook-believes-the-data-of-up-to-87-million-people-was-improperly-shared-with-the-political-consultancy-cambridge-analytica-many-more-than-previously-disclosed-t/
Though Google has not revealed the technical details of the security vulnerability, the nature of the flaw seems to be something very similar to Facebook API flaw that recently allowed unauthorized developers to access private data from Facebook users.

Besides admitting the security breach, Google also announced that the company is shutting down its social media network, acknowledging that Google+ failed to gain broad adoption or significant traction with consumers: “The consumer version of Google+ currently has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds,” Google said: In response, the company has decided to shut down Google+ for consumers by the end of August 2019. However, Google+ will continue as a product for Enterprise users.

Google Introduces New Privacy Controls Over Third-Party App Permissions
As part of its “Project Strobe,” Google engineers also reviewed third-party developer access to Google account and Android device data; and has accordingly now introduced some new privacy controls.

When a third-party app prompts users for access to their Google account data, clicking “Allow” button approves all requested permissions at once, leaving an opportunity for malicious apps to trick users into giving away powerful permissions.
google api permissions
But now Google has updated its Account Permissions system that asks for each requested permission individually rather than all at once, giving users more control over what type of account data they choose to share with each app.

Since APIs can also allow developers to access users’ extremely sensitive data, like that of Gmail account, Google has limited access to Gmail API only for apps that directly enhance email functionality—such as email clients, email backup services and productivity services.

Sources: Hackers News – Google Blog- PIX11 broke the story on here: #AceNewsRoom https://acenewsroom.wordpress.com/2018/10/08/pix11news-google-to-shut-down-after-security-bug-affects-up-to-half-a-million-users-https-ift-tt-2c3it4c-4/

Editor says #AceNewsDesk reports & #Brittius says are provided by Sterling Publishing & Media News and all our posts, links can be found at here Live Feeds https://acenewsroom.wordpress.com/ Ace News Services Posts https://t.me/AceSocialNews_Bot and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com or you can follow our breaking news posts on AceBreakingNews.WordPress.Com or become a member on Telegram https://t.me/acebreakingnews all private chat messaging on here https://t.me/sharingandcaring

#acesecurityreport