Much like July, August has also been a quieter month. With the holidays in full swing, the Queens have been enjoying some much needed rest and relaxation. Sophia has been busy with baking beautiful bread, and Sarah has been getting lost in the mountains... Life is all about balance!
Hackers, however, have clearly not been partaking in such wholesome activities. Let's check out this months rundown.
Ironically, a platform many hackers know and love suffered a data breach. Mashable reported that the platform, Discord, suffered a data breach. It was noted that around 760,000 user details were stolen from their database and a sample was posted on Breached Forums. Discord.io stated that the breach was achieved through a vulnerability in their websites code, and the entire database was downloaded. At present, all operations have been shut down, and users are urged to change any passwords that may be reused on other sites.
A summary report was posted by Bleeping Computer about how Lapsus$ utilised SIM swapping to steal MFA codes and breach a number of businesses, such as: Microsoft, Samsung, Okta, T-Mobile and others. Social engineering allowed the hackers to fraudulently impersonate authorities such law enforcement, to make an emergency disclosure request, an gain access to accounts through recovery codes sent to their device. Some attacks were observed to be defeated by applications implementing token or application based MFA.
Now putting on more of our developer hat, Tor has tweaked their onion routing. In recent DDoS attacks, the platform has sought to amend their security by implementing a Proof-of-work solution into their network. This means that clients trying to connect to .onion services will need to complete proof-of-work tasks to prevent excessive repeated connections being made. The solution implemented was based on a research paper written by Moni and Cynthia in 2001.
SecureWorks reported malware, dubbed "whiffy recon" has been tracking victims locations based on Wi-Fi access point location data. It is not known what the attackers are doing with the location data, however, the scan results are stored at a hardcoded C2 address. Security researchers have noted that the IP address is subject to change.
Many of you based in the UK would have heard of the air traffic control failure that hit on Monday. Those holidaying may be concerned this was a cyber attack, however you can rest in peace on your holidays, as the BBC reported this not to be the case.
For anyone still holidaying, we hope you managed to jet off successfully.
As always you can find our most recent posts below...
Lots of love,
The Security Queens xxx