Connect with us

Malware

Cisco Duo Alert: Third-Party Data Breach Unveils SMS MFA Logs – Protect Your Privacy Now!

Cisco Duo has warned customers of a third-party data breach that exposed SMS multi-factor authentication (MFA) logs, potentially compromising user security. Learn about the breach, its implications, and how to safeguard your accounts using MFA methods.

Published

on

Imagine this: you’re using a highly secure multi-factor authentication (MFA) service like Cisco Duo to protect your business, and then you find out that hackers have accessed your VoIP and SMS logs. Sounds like a nightmare, right? Well, that’s precisely what happened to some Cisco Duo customers recently.

What Went Wrong?

Cisco Duo, an MFA and Single Sign-On service used by companies for secure access to their networks and applications, serves over 100,000 customers and handles more than a billion authentications every month. But even this security giant wasn’t immune to a cyberattack on one of its telephony providers.

On April 1, 2024, an unnamed provider responsible for handling Cisco Duo’s SMS and VoIP MFA messages fell victim to a breach. The hackers obtained employee credentials through a phishing attack, gaining access to the provider’s systems and subsequently downloading SMS and VoIP MFA message logs associated with specific Duo accounts between March 1 and March 31, 2024.

What Information Was Compromised?

Thankfully, the hackers didn’t access the content of the messages or use their access to send messages to customers. However, the stolen logs did contain data that could be exploited in targeted phishing attacks to obtain sensitive information, like corporate credentials. This data included employee phone numbers, carrier information, location data, dates, times, and message types.

How Has the Situation Been Handled?

Upon discovering the breach, the affected provider immediately invalidated the compromised credentials, analyzed activity logs, and notified Cisco. They also implemented additional security measures to prevent similar incidents in the future.

Cisco Duo received all of the exposed message logs from the vendor, which customers can request by emailing ms*@du*.com to better understand the breach’s scope, impact, and appropriate defense strategies.

What Should You Do If You’re Impacted?

If you’re one of the customers affected by this breach, it’s crucial to be vigilant against potential SMS phishing or social engineering attacks using the stolen information. Cisco’s Data Privacy and Incident Response Team advises contacting affected users and advising them to be vigilant and report any suspected social engineering attacks.

Additionally, it’s essential to educate your users on the risks posed by social engineering attacks and investigate any suspicious activity.

Not an Isolated Incident

This breach isn’t an isolated event. Last year, the FBI warned that threat actors were increasingly using SMS phishing and voice calls in social engineering attacks to breach corporate networks. In 2022, Uber experienced a similar breach after a threat actor performed an MFA fatigue attack on an employee and then contacted them on WhatsApp, pretending to be IT help desk personnel.

Although Cisco has not disclosed the supplier’s name or the number of customers impacted by this incident, it serves as a stark reminder that no system is entirely immune to cyberattacks. Stay vigilant, educate your users, and always be on the lookout for suspicious activity.

Stay Informed and Protected with Our IT Services

Don’t let your business become another statistic in the ever-growing list of cyberattack victims. Keep coming back to learn more about the latest threats and how to protect your company. And if you need assistance with your cybersecurity strategy, don’t hesitate to contact us – we’re here to help.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Malware

Helsinki Hit by Data Breach: Hackers Exploit Unpatched Vulnerability

Helsinki’s city services experienced a data breach after hackers exploited an unpatched flaw in a Vastaamo psychotherapy clinic’s system. The attackers demanded ransom and leaked patient records, affecting thousands of individuals and prompting police investigations. Ensure your systems are updated and protected to avoid similar cyberattacks.

Published

on

Breaking News: Helsinki’s Education Division Suffers Major Data Breach

The City of Helsinki is currently investigating a significant data breach that occurred within its education division. This breach, which was discovered in late April 2024, has impacted tens of thousands of students, guardians, and personnel.

What Happened?

On May 2, 2024, information about the attack began circulating, but it wasn’t until a press conference held earlier today that the city’s authorities shared more details. According to their report, an unauthorized actor was able to gain access to a network drive by exploiting a vulnerability in a remote access server.

Shockingly, the officials revealed that a security patch for the vulnerability was available at the time of the attack but had not been installed. This oversight allowed the attacker to access tens of millions of files; while most of these files did not contain personally identifiable information (PII), some did include usernames, email addresses, personal IDs, and physical addresses.

The Stakes Are High

Beyond the basic personal information, the exposed drive also contained highly sensitive data such as fees, childhood education and care records, children’s statuses, welfare requests, medical certificates, and more. Helsinki’s city manager, Jukka-Pekka Ujula, expressed his deep regret over the situation, stating that it is a “very serious data breach, with possible, unfortunate consequences for our customers and personnel.” He went on to say that, in the worst-case scenario, this breach could affect over 80,000 students and their guardians, as well as all personnel within the city’s services.

What’s Being Done?

Due to the massive amount of exposed data, investigating exactly what has been compromised will likely take some time. In the meantime, the City of Helsinki has notified the Data Protection Ombudsman, the Police, and Traficom’s National Cyber Security Centre as required.

At this stage, those impacted by the breach do not need to contact the police. However, they are urged to report any suspicious communications to “ka********************@he*.fi” or “+358 9 310 27139” and follow the advice provided by Traficom for data breach victims.

Who’s Behind the Attack?

As of the time of writing this, no ransomware groups have claimed responsibility for the attack, leaving the identity of the perpetrators unknown. This serves as a stark reminder of the ever-present threat of cyberattacks and the importance of maintaining strong cybersecurity measures.

Stay Informed and Stay Safe

As experts in cybersecurity, we understand the devastating impact data breaches can have on individuals and organizations. We encourage you to contact us to stay up-to-date on the latest cybersecurity news and trends. Together, we can help you protect your information and maintain your peace of mind.

Continue Reading

Malware

Australia’s Top Non-Bank Lender Issues Dire Warning of Massive Data Breach

Australian non-bank lender Firstmac has warned customers of a potential data breach. The mortgage provider discovered unauthorized access to its client relationship management system. Firstmac urged clients to remain vigilant and monitor their accounts, while assuring that no financial data was compromised. The company is working with cybersecurity experts to investigate the incident.

Published

on

Firstmac Limited, a major player in Australia’s financial services industry, recently experienced a data breach. Just one day after the new Embargo cyber-extortion group claimed to have stolen over 500GB of data from the company, Firstmac began warning customers of the incident.

With a focus on mortgage lending, investment management, and securitization services, Firstmac is headquartered in Brisbane, Queensland. The company has issued 100,000 home loans and currently manages $15 billion in mortgages, employing 460 people.

Recently, we came across a sample of the notification letter sent to Firstmac customers, which detailed the severity of the data breach.

Tweet

The letter explained that an unauthorized third party accessed part of Firstmac’s IT system. Upon detecting the incident, the company immediately took steps to secure their system.

Following an investigation conducted with the help of external cybersecurity experts, Firstmac confirmed that the following information was compromised:

  • Full name
  • Residential address
  • Email address
  • Phone number
  • Date of birth
  • External bank account information
  • Driver’s license number

Despite the breach, Firstmac assured customers that their accounts and funds remain secure, and the company has since strengthened its systems.

Among the security measures introduced is a new requirement for all account changes to confirm the user’s identity using two-factor authentication or biometrics. Customers who received the notice are also provided with free identity theft protection services through IDCare and are advised to remain cautious with unsolicited communications and regularly check their account statements for unusual activity.

New Embargo gang claimed the attack

Australian news outlets reported about the attack on Firstmac in late April after the Embargo extortion group announced it on its data leak site.

On Thursday, Embargo leaked all data they claimed to have stolen from Firstmac’s systems, including documents, source code, email addresses, phone numbers, and database backups.

Embargo leak
Embargo leak of Firstmac data
Source: IT Services

The new threat group currently only lists two victims on its extortion page, and it’s unclear whether they committed the breaches themselves or bought the stolen data from others to blackmail the owners.

Samples of Embargo encryptors have yet to be found, so it’s unknown if they are a ransomware group or simply focus on extortion.

As cybersecurity threats continue to evolve, it’s crucial to stay informed and vigilant. We encourage you to keep coming back to learn more about the latest developments in cybersecurity and how you can better protect your personal information. Don’t hesitate to reach out to us if you have any concerns or questions regarding your own cybersecurity needs.

Continue Reading

Malware

Exclusive: Post-Millennial Data Breach Exposes 26 Million People’s Sensitive Information

Discover how a data breach at The Post Millennial exposed personal data of 26 million users, including emails, phone numbers, and usernames. Learn about the hacker’s motives and subsequent arrest, as well as steps taken to mitigate the damage and prevent future cyberattacks. Stay informed about online security and protect your digital assets.

Published

on

Massive Data Leak Affects Millions of News Website Users

Have you ever had that sinking feeling when you realize your personal information has been exposed in a data breach? Well, 26,818,266 people are experiencing that feeling right now, as their data was leaked in a recent hack of The Post Millennial, a conservative news website.

The Post Millennial is a Canadian online news magazine that’s part of the Human Events Media Group, which also operates the American ‘Human Events’ news platform. Earlier this month, both news platforms were hacked, and their front pages were defaced with fake messages, supposedly from The Post Millennial’s editor, Andy Ngo.

What was stolen and leaked?

The hackers claimed to have stolen the company’s mailing lists, subscriber database, and personal details of its writers and editors. They even shared links to the stolen data on the defaced pages. The data quickly spread online, appearing in torrents and hacking forums, making it easy for anyone to download and potentially misuse.

BreachForums post

The exposed data includes:

  • Full Names
  • Email addresses
  • Usernames
  • Account Passwords
  • IP addresses
  • Phone numbers
  • Physical addresses
  • Genders

This data is said to belong to writers, editors, and subscribers of the sites, which could pose significant privacy and security risks to those affected.

Have I Been Pwned steps in to help

Yesterday, Troy Hunt added the data to the Have I Been Pwned (HIBP) data breach notification service. However, it should be noted that the data hasn’t been confirmed to have been stolen directly from Human Events or The Post Millennial.

Despite this uncertainty, Hunt decided to add the data to HIBP to alert affected users. According to HIBP’s post, the breach resulted in the defacement of the website and links to three different sets of data. Some of these data sets included personal information of writers, editors, and subscribers, while others contained millions of email addresses from mailing lists allegedly used by The Post Millennial.

As Troy Hunt tweeted, although the data was leaked during The Post Millennial defacement, it’s unclear where it originally came from.

No official statement yet from The Post Millennial

As of writing this, The Post Millennial hasn’t issued a public statement about the site’s defacement or warned its subscribers about potential data exposure. We have contacted both The Post Millennial and Human Events for a comment but have not received a reply.

What can you do if you’re affected?

In the meantime, if you’re a subscriber to the mentioned news outlets, we recommend resetting your passwords and monitoring your account activity closely. Also, be extra vigilant with all communications, such as emails, calls, and SMS, especially if they’re related to your account on these websites.

Keep coming back to learn more

As an AI with expertise in cybersecurity, my mission is to help you stay informed and protected. To keep up with the latest news and advice, make sure to check our IT Services regularly. And don’t hesitate to contact us if you have any questions or concerns.

Continue Reading

Trending