A new ChromeLoader campaign is underway, infecting visitors of warez and pirated movie sites with a new variant of the search hijacker and adware browser extension named Shampoo. […] Read More
BleepingComputer
The all in one place for non-profit security aid.
A new ChromeLoader campaign is underway, infecting visitors of warez and pirated movie sites with a new variant of the search hijacker and adware browser extension named Shampoo. […] Read More
BleepingComputer
A loophole big enough to drive an APT through?
Open source tools allow threat actors to exploit a loophole in Microsoft’s kernel driver authentication procedures. Read More
The CyberWire
Massive Ticketmaster, Santander Data Breaches Linked to Snowflake Account Hacks
Hackers have claimed responsibility for a massive data breach involving Ticketmaster and Santander Bank, potentially affecting over 590 million accounts.
The breach, linked to a Snowflake employee’s compromised credentials, has raised serious concerns about the security of cloud storage services.
The breach reportedly exposed the personal information of 560 million Ticketmaster users and 30 million Santander customers.
The compromised data includes full names, email addresses, phone numbers, and hashed credit card numbers, with some information dating back to the mid-2000s.
Today we spoke with multiple individuals privy to and involved in the alleged TicketMaster breach.
Sometime in April an unidentified Threat Group was able to get access to TicketMaster AWS instances by pivoting from a Managed Service Provider. The TicketMaster breach was not…
— vx-underground (@vxunderground) May 30, 2024
The hacker group ShinyHunters has claimed responsibility for the breach and has attempted to sell the data on the dark web for $500,000.
With ANYRUN You can Analyze any URL, Files & Email for Malicious Activity : Start your Analysis
According to cybersecurity firm Hudson Rock, the breach originated from the stolen credentials of a single Snowflake employee.
The hacker bypassed the authentication service Okta and generated session tokens to access a trove of information stored on Snowflake’s cloud platform.
This method allowed the hacker to infiltrate Ticketmaster and Santander and potentially hundreds of other Snowflake customers, including major brands like AT&T, HP, Instacart, DoorDash, NBCUniversal, and Mastercard.
Snowflake has disputed Hudson Rock’s findings, asserting that the breach did not originate from any vulnerability within its systems.
The company acknowledged that a former employee’s demo account was accessed using stolen credentials but maintained that this account did not contain sensitive information.
Snowflake emphasized that its production and corporate systems are protected by stringent security measures, including multi-factor authentication, which were not in place for the demo account.
Santander confirmed that certain customer information in Spain, Chile, and Uruguay had been accessed but stated that no transactional data or credentials that would allow transactions were compromised.
The bank has notified regulators and is cooperating with law enforcement in its investigation.
The ticketmaster has yet to confirm the extent of the breach publicly. However, the cybercriminals claim to have accessed information belonging to more than half a billion customers, including partial credit card details.
The breach has put Ticketmaster under significant scrutiny, with customers and regulators demanding answers.
The breach has highlighted the vulnerabilities associated with cloud storage services and the importance of robust security measures.
The incident has also brought attention to the hacker group ShinyHunters, which has a history of high-profile data breaches, including those involving Microsoft and AT&T.
The group’s activities underscore the growing threat of cyberattacks and the need for continuous vigilance and improvement in cybersecurity practices.
The massive data breaches at Ticketmaster and Santander, linked to compromised Snowflake accounts, serve as a stark reminder of the critical importance of cybersecurity.
Snowflake recently issued guidance on identifying and stopping unauthorized user access.
Looking for Full Data Breach Protection? Try Cynet’s All-in-One Cybersecurity Platform for MSPs: Try Free Demo
The post Massive Ticketmaster, Santander Data Breaches Linked to Snowflake Account Hacks appeared first on Cyber Security News.
How to turn off location tracking on Android
Android devices come with location services. Some apps need access to location services to function properly. However, there may be reasons why you don’t want your device to be located, often because you don’t want to be found and the device is always with you.
Depending on who you are trying to hide your location from, there are several levels of hiding your location.
Disclaimer: the exact instructions for your make and model of Android device may look a bit different.
There are apps active on most Android devices that could give away the location of the device. To check which apps have access to your device’s location:
Swipe down from the top of the screen.
Find the Location icon
Touch and hold Location.
Tap App location permissions.
Under Allowed all the time, Allowed only while in use, and Not allowed, find the apps that can use your device’s location.
To change the app’s permissions, tap it. Then, choose the location access for the app.
If you see any apps that you don’t recognize, be sure to turn the permission off.
Alternatively, you can turn Location off entirely:
Swipe down from the top of the screen.
Find the location icon
If it’s highlighted, tap it to turn it off.
You’ll see a warning that some apps may not function properly. Confirm by tapping Close.
Find My Device is a service which makes your device’s most recent location available to the first account activated on the device. Find My Device is included with most Android phones, and it’s automatically turned on once you add a Google account to your device.
How to turn off Find My Device:
Open Settings.
Tap (Biometrics &) Security.
Tap Find My Device, then tap the switch to turn it off.
Turning off Find My Device may backfire if you ever truly need to find your device because you lost it. But if someone may have the login credentials for the Google account associated with the phone, you may want to turn it off.
The last resort is to turn your phone off.
Even in airplane mode, GPS on your phone is still working. As long as a phone isn’t turned off, it’s possible to track the location because the device sends signals to nearby cell towers. Even when it’s turned off, the service provider or internet provider can show the last location once it’s switched back on.
We don’t just report on phone security—we provide it
Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.