Hackers target tech job seekers with fake interviews and malware. Cyber Security Today for Friday, October 11, 2024

Share post:

The Internet Archive is hacked, leaking details for 31 million users, Fidelity Confirms Data Breach Exposing Personal Data of 77,000 Customers, National Public Data Files for Bankruptcy After Massive Data Breach,North Korean Hackers Target Tech Job Seekers with Fake Interviews and Malware

This is Cyber Security Today. I”m your host, Jim Love


The Internet Archive is hacked, leading details for 31 million users

The Internet Archive, famous for its “Wayback Machine,” recently suffered a significant data breach impacting 31 million users. This breach exposed sensitive user data, including email addresses, usernames, and bcrypt-hashed passwords. The breach was first publicly revealed through a pop-up message on the site, notifying users that their data had been compromised and referencing the “Have I Been Pwned” (HIBP) service, which later confirmed the incident.

Troy Hunt, founder of HIBP, received the stolen database on September 30, 2024, and after reviewing the data, alerted the Internet Archive on October 6. Unfortunately, there was no immediate response from the organization before the data was uploaded to HIBP, allowing users to check if their information had been exposed. Alongside the breach, the Internet Archive faced several Distributed Denial-of-Service (DDoS) attacks, which intermittently took the site offline.

The breach also included defacement of the website, likely facilitated through a compromised JavaScript library. The attack has been linked to the BlackMeta hacktivist group, with other claims coming from a pro-Palestinian group regarding the attacks. Brewster Kahle, founder of the Internet Archive, confirmed that efforts are ongoing to secure the systems and mitigate further damage.

Users are strongly advised to change their passwords and check HIBP to see if their data was involved in the breach.

Sources include: Bleeping Computer, Wired, Neowin and others

Fidelity Confirms Data Breach Exposing Personal Data of 77,000 Customers

Fidelity Investments, one of the world’s largest asset managers, has confirmed that 77,000 customers had their personal information compromised during a data breach in August. The breach occurred when an unnamed third party accessed information from Fidelity’s systems between August 17 and August 19 using two customer accounts that had recently been established.

Fidelity said it detected the suspicious activity on August 19 and immediately terminated the unauthorized access. The company emphasized in a letter to affected customers that there was no access to Fidelity accounts or funds. However, the nature of the compromised personal information has not yet been disclosed.

The financial giant, which has over 51 million individual investors and manages $14.1 trillion in total customer assets, has not yet provided details on how the creation of two customer accounts allowed access to the data of thousands of other customers. At the time of writing, no information about the breach could be found on Fidelity’s website.

A Fidelity spokesperson confirmed to the publication TechCrunch that no customer accounts or funds were affected, but declined to answer specific questions about the incident. The company is continuing its investigation into how the breach occurred and what steps can be taken to prevent future incidents.

Sources include: Tech Crunch

National Public Data Files for Bankruptcy After Massive Data Breach

National Public Data, the Florida-based data brokerage firm behind one of the year’s largest information leaks, has filed for bankruptcy, acknowledging that “hundreds of millions” of individuals were potentially affected. The company is facing a surge of lawsuits and regulatory scrutiny but has few assets to cover the damage.

The breach, first exposed by the hacker group USDoD in June, involved a 277.1 GB file containing personal information on roughly 2.9 billion individuals. The hackers sought $3.5 million for the dataset, which originated from National Public Data’s services that offered corporate clients background checks via an API. Initially, the company stated that only 1.3 million people were affected, but recent bankruptcy filings reveal the figure could be much higher.

Court documents detail that the business, owned by Jerico Pictures and operated by a single person—Salvatore Verini Jr.—is struggling to deal with the fallout. National Public Data may be liable under various state laws to notify and provide credit monitoring for millions of affected individuals. Verini’s setup, which reportedly includes two HP Pavilion desktops, a ThinkPad laptop, and five Dell servers, underscores the company’s inability to manage the liabilities that have arisen.

Lena Cohen, a staff technologist for the Electronic Frontier Foundation (EFF), emphasized the need for tighter regulation in the data brokerage industry. “The data broker industry is the wild west of unregulated surveillance,” she told The Register. “Without strong privacy legislation, companies have every incentive to collect as much personal data as possible and very little incentive to protect it.”

With National Public Data admitting to significant liabilities and its inability to pay out damages, the incident highlights the lack of regulation in the data brokerage industry, leaving millions at risk of privacy breaches without much recourse.

North Korean Hackers Target Tech Job Seekers with Fake Interviews and Malware

North Korean threat actors are once again targeting tech job seekers, luring them into fake interviews that result in the installation of malicious software on their devices. Researchers at Unit 42 dubbed this campaign “Contagious Interview,” and have tracked activity involving advanced malware variants BeaverTail and InvisibleFerret. The attackers, linked to the DPRK, pose as recruiters offering roles in the tech industry, convincing targets to install malware masquerading as video calling apps.

The malware, known as BeaverTail, has been updated to use the Qt framework, making it cross-platform for both macOS and Windows. It now has capabilities to steal browser passwords and cryptocurrency wallets. This is consistent with North Korean actors’ financial motives, which often involve targeting cryptocurrency. BeaverTail is delivered during fake technical interviews, with the malware disguised as legitimate software like MiroTalk or FreeConference.

Once installed, BeaverTail opens a fake login screen while executing its malicious code in the background. It downloads the Python-based backdoor, InvisibleFerret, which allows the attackers to maintain control of the compromised system and exfiltrate sensitive data. The attackers appear to be continuously refining both BeaverTail and InvisibleFerret to improve their functionality.

Unit 42 warns that these attacks not only put individual job seekers at risk but also pose a serious threat to their potential employers, as an infected endpoint could lead to significant data breaches. Palo Alto Networks products, such as Cortex XDR, have been effective in detecting and preventing these threats.
One potential victim spotted and prevented the attack. Despite the “pressure” of a supposed interview, and against the supposed interviewer’s instructions, he spun up a secure VM and ran the code in that environment and was able to spot the attempted attack. A simple maxim saved him – “don’t load strange code.”

That’s our show for today.

You can find links to reports and other details in our show notes at technewsday.com. We welcome your comments, tips and the occasional bit of constructive criticism at editorial@technewsday.ca

I’m your host, Jim Love, thanks for listening.

SUBSCRIBE NOW

Related articles

Social Media Fraud Focuses Attacks On Truth Social: Cyber Security Today Weekend for January 18, 2025

Unmasking Social Media Scams: An Interview with Netcraft's Robert Duncan In this weekend edition of 'Cybersecurity Today,' host Jim...

Can Canada Get It’s Mojo Back? An Exclusive Interview With Jim Balsillie for Hashtag Trending

In this episode of the series, 'Can Canada Get Its Mojo Back?', host Jim Love explores the economic...

North Korean Job Scam Targeting IT Job Seekers

North Korea’s Lazarus advanced persistent threat (APT) group has launched a sophisticated campaign, “Operation 99,” targeting freelance software...

Hackers Exploit FastHTTP in High-Speed Microsoft 365 Attacks

Threat actors are employing the FastHTTP Go library to launch high-speed brute-force password attacks on Microsoft 365 accounts...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways