Twitter has filed a petition with the United States District Court for the Northern District of California requesting that the court require GitHub to disclose the identity of the individual who is responsible for spreading the code as well as any other users that downloaded it.

According to two sources who have been informed on the internal probe, “Twitter initiated an investigation into the leak, and officials handling the subject have guessed that whomever was involved departed the San Francisco-based firm last year.”

One of Twitter’s primary worries is that the code that was stolen has security flaws that might provide cybercriminals or other parties with malicious intent with the tools to access user data or perhaps bring the website down entirely. The organization is concerned that the leak may lead to a data breach or a cyberattack, both of which could be very detrimental to the company’s image and could result in significant financial losses.

The disclosure of Twitter’s source code comes at a time when the company is already grappling with rising financial and structural issues.

Elon Musk, who purchased Twitter in October for $44 billion, has been attempting to turn around the fortunes of the social network over the last several months by reducing expenses, offering new features, and inviting back users who had been banned in the past.

Nevertheless, the service has been experiencing an increasing number of outages, and advertisers, who are the primary source of income for the firm, have been unwilling to run advertisements on the website.

The social media firm has suffered a severe blow as a result of the source code for Twitter being publicly disclosed. Twitter has to address both the problem of the leak and the potential security flaws that have been highlighted as a result of the breach.

The organization is responsible for ensuring that the privacy of its users’ data and the safety of its platform. Twitter not only has to find solutions to its structural and financial problems, but it also needs to win back the confidence of its users and advertisers.

The post Twitter’s source code leaked on GitHub, revealing proprietary information and security flaws appeared first on Information Security Newspaper | Hacking News.

The company, which is owned by Intuit, stated in a  blog post that its security team discovered an intruder on January 11 accessing one of its internal tools used by Mailchimp customer support and account administration. However, the company did not disclose how long the intruder was in its systems, if this information is known. According to Mailchimp, the hacker used social engineering to get access to the company’s workers and contractors. Social engineering is a sort of manipulation in which a person utilizes tactics such as phone calls, emails, or texts to acquire private information such as passwords. The hacker then used those hacked staff credentials to obtain access to data on 133 Mailchimp accounts, which the firm alerted of the incursion after discovering the breach.

E-commerce giant WooCommerce’s account was one of several who were compromised in this attack. WooCommerce said in a statement to its customers that it was informed by Mailchimp a day later that the breach may have exposed the names, store web URLs, and email addresses of its customers. However, the company claimed that no user passwords or other personal data was stolen.

Mailchimp is the service that WooCommerce use in order to send emails to its clients. WooCommerce is a company that develops and maintains popular open source e-commerce software for small enterprises. It has been reported that WooCommerce serves more than five million consumers.

If you feel like you’ve heard any of this before, it’s probably because you have. Mailchimp said in August of last year that company had been the target of a social engineering assault that had resulted in the credentials of its customer care workers being hijacked. This gave the attacker access to Mailchimp’s internal tools. During the incident, the data on around 214 Mailchimp accounts, the most of which were associated to bitcoin and the financial sector, were stolen. 
At the time, Mailchimp said that it had put into place “an extra set of strengthened security measures.”

The post Mailchimp hacked again in 6 months. One more reason of not using MailChimp email marketing platform appeared first on Information Security Newspaper | Hacking News.

According to the notification, Nissan states that on June 21, 2022, it was notified of a data breach by one of the software development suppliers that it works with.

The customer data that the third party had obtained from Nissan to utilize in creating and testing software solutions for the carmaker had mistakenly been exposed owing to a poorly configured database. The data had been received by the third party from Nissan.

In January 2021, Nissan North America was the victim of an incident that was similar to this one. The company accidentally left a Git server accessible online with default access credentials, which led to numerous of the company’s repositories being made public.

This event resulted in the loss of twenty gigabytes worth of data, which included the source code for mobile applications and internal tools, information on market research and client acquisition, diagnostics, and specifics regarding NissanConnect services.

As soon as Nissan became aware of the security breach, the company took immediate action to guarantee that the vulnerable database was protected and began an internal inquiry. On September 26, 2022, it was confirmed that the data had most likely been accessed by a third party that was not permitted.

On Monday, January 16, 2023, the security breach was reported to the Office of the Attorney General of Maine, where Nissan confirmed that a total of 17,998 customers had their information compromised by the attack.

Full names, birth dates, and NMAC account numbers are among the information that has been compromised (Nissan finance account). In addition, the warning makes it quite clear that the information that was disclosed did not include any credit card or Social Security number specifics.

Nissan claims that it has, as of this point in time, found no proof that any of this information has been abused. Nevertheless, the company is sending out the letters because it wants to err on the side of caution.

In addition, Experian will provide each person who received a breach notification with a complimentary subscription to its identity protection services for a period of one full year.

The post Nissan data breach leaks customers full names, dates of birth, & Nissan finance account number appeared first on Information Security Newspaper | Hacking News.

The well-known music streaming service Deezer, which has millions of users all over the globe, has acknowledged that it suffered a significant data breach at the hands of a third-party service provider, which may have affected millions of Deezer subscribers.

The organization reports that the data breach happened in 2019, and that the hackers were only successful in stealing a snapshot of the users’ data.

According to the findings of RestorePrivacy’s study of the data sample, the following types of information were exposed:

Initials and surnames both
Dates and times of birth
Email addresses
Gender Location data (City and Country)
Join date
User ID
According to Deezer, there have been no reports of any passwords or payment information being stolen as a consequence of this incident.

On November 6, 2022, a member on the Breached hacking forums posted a sample of the data that had been compromised. The user claims to have data from more than 240 million Deezer users, and they have now provided a user sample consisting of 5 million people.

Soon after the hacker disclosed this information to the public, Deezer acknowledged the existence of a security issue on its help page on its website.

According to the release made by Deezer, “This information came to light on November 8, 2022 as a consequence of our continuous efforts to safeguard the security and integrity of our users’ personal information.”

“The data at issue had been managed by a third party partner that we haven’t dealt with since 2020, and it was this partner that was subject to the incident,” the statement said. The security mechanisms used by Deezer are still functioning properly, and our own databases are safe.

The ad left by the hacker said that the hacker intended to sell the data and listed the following as part of the whole 60 GB dump:

over 258 million records, 228 million email addresses in cleartext form, and log sessions containing IP addresses and device data. almost 258 million records.

According to the claims made by the hacker, this data breach affects millions of people in each of the following countries:

France: 46.2 million users
Brazil: 37.1 million users
British users total 15.3 million
14.1 million users in Germany
Mexico: 11.1 million users
Columbia: 9.0 million users
Turkey: 6.9 million users
6.4 million users in the U.S.
5.0 million users in Italy
Guatemala: 4.4 million users

Although Deezer has acknowledged that the data breach includes user names, email addresses, and birth dates, our investigation has shown that it also includes location data (including city and country), gender, and user ID for certain users, in addition to the join date and source.

Hackers might use this information to get access to users’ Deezer accounts and commit fraud against them. The data might potentially be linked with information obtained from previous breaches and information that is accessible to the public in order to generate extensive user profiles, which could subsequently be sold to other parties or used in fraudulent behavior.

Users of Deezer are encouraged to change their passwords on the service, as well as change their passwords on any other online platforms where they could be using the same credentials. This will help lessen the likelihood that they will become victims of credential stuffing.

The post PII of more than 200 million Deezer users from 10 countries was hacked and published appeared first on Information Security Newspaper | Hacking News.

Late in the day on December 27, 2022, a malicious cyberattack was launched against the corporation. In a prompt manner, the company’s information technology staff reacted by putting in place the planned risk management systems and processes.

CMMC made measures to control the situation by isolating the affected systems and shutting down other components so that they could be properly examined and the effect of the ransomware attack determined.

In order for the engineers at CMMC to investigate the condition of the mill’s control system, the mill had to be shut down as a precautionary step. In the meanwhile, other processes had to convert to manual operations.

The post Ransomware attack stalls operations of big mining company appeared first on Information Security Newspaper | Hacking News.

The daloRADIUS project team has taken action to fix a high-security vulnerability that was discovered in the program. This vulnerability, if properly exploited, might result in an account takeover. The vulnerability, which is being tracked as CVE-2022-23475, has a CVSS severity score of 8.0. All versions of daloRADIUS that were released previous to version 1.3 are vulnerable to the security issue. daloRadius is put to use by a variety of companies in order to manage hotspots and ISP installations that are utilized for general purposes. An adversary may take control of an organization’s network with the click of a button by establishing a user account with administrative or operator privileges. An attacker will be able to modify the settings of the network, as well as establish new user accounts, remove existing ones, and erase their own.

Because of an unescaped variable that was mirrored in the DOM on line 116, daloRadius 1.3 is susceptible to XXS+CSRF attacks that might lead to account takeover. This vulnerability was present in the mng-del.php code. It was discovered later by @filippolauria, the maintainer of this repository, that this flaw is not only located on line 116 but on a lot of other areas in the code; kudos to him for the speedy and great repairs. 

The Procedures Needed to Reproduce
1. The /mng-del.php file is where the vulnerability exists, and we may exploit it by sending a request like the one below: http://<domain>/mng-del.php?username[]=a&username[]=%3C%2Ftd%3E%3Cimg+src+onerror%3D%22alert(document.domain)%22%3E  to display a basic warning message in a box.
2. If you want to establish a new operator account, you may do so with the following payload.
There is a wide variety of forms that are susceptible to CSRF attacks.

Mitigation

The CSRF vulnerability may be reduced by setting the daloRadius session cookie to the samesite=Lax value or by implementing a CSRF token in all of its forms. Both of these options are viable mitigation strategies.
Either by escaping the XSS or by implementing a content-security policy, we will be able to stop it from happening.

The post Critical XXS & CSRF vulnerability allows full account take over of daloRADIUS app appeared first on Information Security Newspaper | Hacking News.

The company made the announcement on Tuesday morning that the suspicious behavior that had caused the outage was the result of a cyberattack utilizing ransomware. We investigated the leak websites of some of the most prominent ransomware gangs, however they do not mention Rackspace anywhere on their sites. However, given the recent nature of the occurrence, the perpetrators of the cybercrime are most likely still attempting to bargain with the business in question before adding it to their website and making the threat to disclose stolen data.

Rackspace has said that it is too soon to determine if any customer data has been accessed inappropriately. It is likely dependent on how long the hackers were able to remain hidden inside the company’s systems until the intrusion was discovered. Rackspace has said that they would tell its customers in the right manner “if we establish that sensitive information was impacted.”

“On the basis of the investigation that has been conducted to this point, we think that this problem was restricted to our Hosted Exchange business. The statement went on to say that the company’s other offerings and services are fully functioning, and that the Rackspace Email product line and platform have not been affected by the outage in any way.

Customers who were impacted by this Rackspace outage have been given the instruction to migrate their email services to Microsoft 365. According to the company’s statement, it was successful in restoring email services for thousands of clients using Microsoft 365.

Cyber security researchers, speculates that the event may have included the exploitation of vulnerabilities in Microsoft Exchange listed as CVE-2022-41040 and CVE-2022-41082, together referred to as ProxyNotShell.

Late in the month of September, a Vietnamese cybersecurity organization discovered ProxyNotShell while seeing the vulnerability being abused in the field. Microsoft has acknowledged the vulnerability and established a connection between it and a state-sponsored hacking organisation.

The IT giant moved quickly to disseminate mitigations, but specialists demonstrated that it was simple to get around them. November was the sole month in which Microsoft issued fixes.

The post Rackspace hacked by Ransomware gang via Microsoft exchange vulnerability appeared first on Information Security Newspaper | Hacking News.

On the other hand, it is not clear if this security breach is the same as the one that happened in July of this year and was also acknowledged by Twitter, or whether this security breach is entirely unique. Twitter has not commented on this question.

Chad Loder sent a warning to the followers of his now-closed Twitter account about the data breach, which he alleged happened “no earlier than 2021” and “has not been disclosed previously.” He indicated that he had seen the stolen data in the supposed breach and had talked to the possible victims who verified that the breach data was “correct.” He also claimed that he had seen the stolen data in the alleged breach. The researcher said on his Mastodon page that according to his study, it is likely that there are tens of millions of impacted accounts, and there is a possibility that there are hundreds of millions of affected accounts.

According to Loder, there is no way that this could have been the same breach since Twitter “lied” about the incident that occurred in July. In addition to this, he said that the material in question was presented in a “totally different way” and that it had “differently impacted accounts.” Within twenty-four hours of Loder tweeting on this topic, his account on Twitter was suspended on the grounds that he had “violated the Twitter rules.”

It is quite probable that both breaches took use of the same vulnerability, which was discovered and disclosed for the first time in January. It enabled anybody to locate the Twitter handle that was linked with a phone number or email address by entering the number or address. This is a feature that Twitter uses as an internal identity, but it can be easily transformed to a Twitter ID if you so want. Twitter recognized the existence of the vulnerability at the time and indicated that it had been fixed. However, the company did not identify anybody taking use of the weakness. On the other hand, Restore Privacy later revealed that a hacker had taken use of the weakness to compile a dataset that included the Twitter handles, email addresses, and phone numbers of millions of accounts. The data covers users of Twitter in the United Kingdom, almost every countries in the European Union, and some sections of the United States.

Affected is any Twitter account that, inside its “discoverability” settings, has selected the option to “let people locate you by phone number.” This option is not really obvious unless you go fairly far into Twitter’s settings, where it is also on by default. When the current events are taken into consideration, it becomes quite clear that more than one malicious actor gained access to these records. According to the reports, they were provided a dataset that had information that was quite comparable but presented in a different style. It is possible that the information may be sold to hostile parties who would then use the data for advertising reasons or maliciously target specific accounts, such as those belonging to celebrities.

The post A hacker has posted data of 5.3 million Twitter accounts on a Raidforums, while another researcher confirmed another hack involving 100 million Twitter accounts appeared first on Information Security Newspaper | Hacking News.

Every time a license is issued or changed, a new card number is shown on both the front and back of the document.

People will be asked for both of those numbers when they enter a telecom, bank, or other establishment where their identification and driver’s license must be verified. Why they do so is because all of those significant organizations and banks verify documents through a system in the background managed by the federal government called the document verification system.

Companies who requested card information “went a long way” toward fixing” the problems brought on by the Optus attack and other data breaches.

The Queensland licenses that were disclosed, for instance, consisted just of license numbers when the data from the Optus breach was made public.

Therefore, it follows that under the previous method, anyone could have checked that number. However, as of this week, if someone check that second number, it implies that authentication will be validated and they will be aware that you are the legitimate holder of that license.

However, individuals expressed worries that it was not two-factor authentication because the digits were available on the same card when officials wrote about the modified criteria on social media.

Despite coming from the same ID source, there were two separate numbers.

But they countered, “That [card] number] changes every time a card is changed, so if there’s ever a disclosure of information in the future, it’s far faster for us to replace people’s licenses by changing the card rather than having to update the actual license number itself.”

“Over the last month, we’ve worked really hard to replace many driver’s licenses – well over 170,000 people have walked through our doors.

“In the future, we might not need to do that since the danger may be lower. Instead, we might just mail individuals new licenses and new card numbers, which would solve the problem.

It’s an excellent concept since you can acquire a new card and it will be void if data is ever compromised.
They will still have to go through the hassle of acquiring a replacement card, but they won’t have to worry about the data being compromised all the time.”

Banks and businesses still needed to make sure the data they held was secure.

If businesses were simply collecting data to confirm a customer’s identification, they would be required by the government to destroy license and card numbers, which would offer an additional degree of protection. A company simply needs to make sure they’re storing it for as long as they need it and then getting rid of it, If for any reason they need to hold it because they need to perform numerous verifications or anything like that, or send it on to third parties and stuff.

The post Australian government is issuing new driving licenses to millions and changing the license verification process because of the Optus data breach appeared first on Information Security Newspaper | Hacking News.

Although the Z-Library operation has suffered greatly as a result of the seizures, the service is still operational. As of this writing, the service’s.onion domain is still up and reachable via the Tor network.

Interestingly, neither the seizures nor Z-Library have been confirmed. A note on the Tor website mentions “issues with the servers,” although that description seems to be an understatement.

It is one of the biggest online collections of pirated books is Z-Library, which has millions of daily visitors. The website’s free, publicly accessible digital archive has approximately 12 million copies of books.

Even while many individuals like the service, writers and publishers are not pleased.

Z-Library made use of several registrar services, such as those provided by American businesses Tucows and GoDaddy. Now, the majority of these domains go to seizure banners. Investigation indicated that more than 140 related domain names, including z-lib.org, book4you.org, u1lib.org, bookmail.org, b-ok.org, b-ok.cc, booksc.xyz, bookos-z1.org, vn1lib.club, zlibcdn.com, and usa1lib.org, were included in this enforcement action. These domain names frequently serve as mirrors or backups for Z-Library services.

Not every known Z-Library domain is inactive right now. For instance, the login pages “singlelogin.me” and “booksc.me” are still accessible. These domains were registered by the Sarek Oy organization in Finland, which is connected to Pirate Bay co-founder Peter Sunde.

But B-ok.cc, which is registered via Sarek as well, has been taken. This implies that the.CC domain registrar intervened in this situation.

We understand that the authorities presented the warrant to both registrars and registries. The Department of Justice has not yet released an official statement, which may be because some businesses have not yet taken any action.

The post Z-Library biggest collection of 12 million pirated e-books shutdown by FBI & DOJ appeared first on Information Security Newspaper | Hacking News.

A high severity (CVSS 8.8) authorization controls issue was discovered by a Bishop Fox security researcher. It enables users with the ‘people’ permission to raise their privilege, or that of any other user, to “super admin” using the MasterUserEdit API. According to Jake Shafer, a senior security consultant, super administrators have the ability to change security settings, reset user accounts, and reconfigure Jira connections, among other things.

Additionally, attackers had access to “whatever the SaaS client had in their Jira deployment or simply take the entire thing down.”

The setting of an instance determines the function of the “people” permissions. “ This permission was introduced to the “program manager” position in the testing sandbox environment, although it may also be used by any role having the “people” permission. The API call may be made using a POST request including their session cookies, or it could be done by “intercepting the role change request straight to the API and altering the cmbRoleID parameter to 9”.

The Jira Align ManageJiraConnectors API, which controls external connections, houses the SSRF.

TxtAPIURL, a user-supplied URL value, refers to the appropriate API address. Jira Align added /rest/api/2/ automatically on the server side, but the additional ‘#’ addition “would let an attacker to provide any URL”

In the “worst-case scenario,” two Jira Align security flaws might be coupled by hostile users with minimal privileges to attack Atlassian’s cloud infrastructure.

The post Vulnerability in Atlassian Jira Align allows threat actor to access whatever the SaaS client has in their Jira deployment or simply take the entire thing down appeared first on Information Security Newspaper | Hacking News.

Unknown numbers of prepaid subscribers received warnings from Verizon that attackers had accessed their accounts and were using SIM swapping attacks to exploit credit card information that had been exposed second time this year. On hacked accounts, the threat actors may have had access to names, phone numbers, billing addresses, pricing information, and other service-related details.

The business found that a third party actor gained access to the last four numbers of the credit card used to make automated payments on your account between October 6 and October 10, 2022. The third party may have changed the SIM card on the prepaid line that got the SMS containing this message by using the last four numbers of that credit card to access the client’s Verizon account. Verizon has undone any SIM card changes that could have taken place.

It found 250 prepaid cellular accounts that may have been the subject of illicit activity. To safeguard our clients from future illegal access or fraud, it protected these accounts and put additional safeguards in place.

“Verizon has alerted the affected consumers and given them advice on further actions they may take to strengthen the security of their accounts. We take these issues seriously and continuously improve and change our security procedures to protect consumer information and accounts.”

As usual, customers should contact us online, using the MyVerizon app, or by dialing 888-483-7200 if they think their accounts have been accessed improperly.

To protect their Verizon accounts against future assaults, customers are recommended to establish a new Verizon PIN number, as well as a new password and secret.

The post Verizon prepaid customers data leaked and many become victim of SIM swapping attacks appeared first on Information Security Newspaper | Hacking News.