26 Billion Records Combined in ‘Mother of All Breaches’ Data Leak

Over the past few months, concerns arose when the vast “Naz.API” dataset became public, raising the possibility of a consolidated “combo file” containing searchable information from past breaches. However, new findings have uncovered the existence of the “Mother of All Breaches” (MOAB), a massive 1.2 terabyte file discovered in an online repository by security researchers. The MOAB is divided into more than 3,800 folders, each representing a previous data breach that exposed sensitive personal information or credentials online.

Security researcher Bob Dyachenko from SecurityDiscovery.com and Cybernews, which hosts a searchable list of the breaches, has uncovered the “Mother of All Breaches” (MOAB). This massive archive, spanning approximately the last 10 to 15 years, contains a combination of breaches including approximately 1.5 billion records from Tencent’s services, the 538 million Weibo leak, a 2016 Myspace leak, a 2023 Twitter leak, and numerous others.

Doriel Abrahams, Principal Technologist at Forter, warns that large-scale data breaches like these pose significant risks. Malicious actors can exploit this data to verify users’ passwords across platforms, increasing the likelihood of successful Account Takeover (ATO) attacks. Consumers should use unique passwords for each site and exercise caution when sharing personal information online or by phone.

Read: https://www.cpomagazine.com/cyber-security/mother-of-all-breaches-data-leak-pulls-together-26-billion-records-from-thousands-of-prior-breaches/

NSA Admits Buying American Citizens’ Internet Data Without Warrants

Despite the exposure of some of its activities by whistleblower Edward Snowden over a decade ago, the NSA’s controversial mass surveillance practices persist. In a response to inquiries from a senator, the National Security Agency has been forced to disclose that it is bypassing the requirement for warrants when purchasing individuals’ information from data brokers. This revelation has raised concerns about the agency’s methods of obtaining data without proper legal oversight.

The revelation emerged through a correspondence between Senator Ron Wyden and high-ranking security officials. In this particular instance, due to the NSA’s vested interest, Senator Wyden was able to disclose the information he had acquired. In his letter dated January 25, addressed to Director of National Intelligence Avril Haines, Senator Wyden made a straightforward request, urging intelligence agencies to exclusively procure American citizens’ data that has been lawfully obtained.

Nakasone acknowledged the existence of this practice and proceeded to provide justification by emphasizing that it solely pertains to the “records” of online traffic, excluding “emails and documents.” He clarified that the NSA’s acquisitions are limited to “netflow data” originating from devices where either one or both ends of the connection are located within the United States. According to Nakasone, this measure is deemed “critical” in safeguarding US defense contractors against cyber threats.

Read: https://reclaimthenet.org/nsa-confirms-purchasing-data-on-american-citizens-internet-behavior-circumventing-the-need-for-warrants

The Cobblers Children (almost) Had No Shoes! DMARC Enforcement Went Live This Week…

After spending the last couple weeks writing up an overview on the coming DMARC policy enforcement at Google and Yahoo, even personally reaching out to some large list owners, internet communities and online marketers – I’m sitting here the day before this all goes into effect for Gmail and I realize… “We may not have enabled DMARC for axisofeasy.com.“

Checking it out I realize we don’t even have SPF enabled.

So… “Do as we say, not as we do” – (or used to not do, until a couple days ago), make sure you have SPF and DMARC enabled:

Read: https://easydns.com/blog/2024/01/19/new-email-policies-at-gmail-yahoo-et-al-will-require-dmarc-enabled-domains/

Privacy-Oriented Nitter Project Shuts Down Following Changes to Guest Accounts

Zed, the developer behind the free and open-source Nitter project, has announced that the project is discontinued and not working anymore. Nitter was a privacy-oriented alternative front-end for X/Twitter, enabling users to access the social media content without JavaScript or a user account. This provided a level of anonymity and privacy for users.

Zed made the announcement simply stating “Nitter is dead.” on GitHub, without providing a detailed explanation. However, it appears the project’s termination is linked to X/Twitter’s decision to disable the creation of guest accounts. Nitter was heavily reliant on these anonymous accounts, which were only supported by older versions of the Twitter app.

The most straightforward alternative now seems to be creating a verified X/Twitter account. For users uncomfortable with this, there are other X/Twitter alternatives available, such as Mastodon, Threads, and Bluesky, but this involves switching to another social network.

Read: https://alternativeto.net/news/2024/1/privacy-oriented-x-front-end-nitter-is-shutting-down-following-changes-to-guest-accounts/

Google still tracks you in incognito mode (as per latest wording update)

Users of Chrome Canary have noticed some slight changes in the wording that Google uses for Incognito mode. Designed primarily for developers, Chrome Canary receives frequent updates, almost daily, introducing new features. Since it is compatible with other versions of the standard Chrome browser, collectively referred to as Chrome’s “Stable channel,” it’s a valuable tool for testing and development.

Chrome’s Incognito mode aims to protect your privacy from others using the same device. It mitigates the risk of a spouse, roommate, or anyone on a public computer spying on your browsing habits. Private browsing mode does so by stopping your browser from saving your browsing information on your computer.

The new warning seen in Chrome Canary when you open an incognito window says: “You’ve gone Incognito. Others who use this device won’t see your activity, so you can browse more privately. This won’t change how data is collected by websites you visit and the services they use, including Google.”

It’s clear that Google has put more emphasis on users of the same device while moving away from the websites you visit. It’s generally assumed that the changes are tied to the fact that Google has indicated that it is ready to settle a class-action lawsuit filed in 2020 over the Incognito mode. Arising in the Northern District of California, the lawsuit accused Google of continuing to “track, collect, and identify [users’] browsing data in real time” even when they had opened a new Incognito window.

Read: https://www.malwarebytes.com/blog/news/2024/01/google-changes-wording-for-incognito-browsing-in-chrome

Florida Man Key Suspect in Oktapus, Scattered Spider Hacker Groups

On Jan. 9, 2024, U.S. authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. technology companies during the summer of 2022.

Prosecutors say Noah Michael Urban of Palm Coast, Fla., stole at least $800,000 from at least five victims between August 2022 and March 2023. In each attack, the victims saw their email and financial accounts compromised after suffering an unauthorized SIM-swap, wherein attackers transferred each victim’s mobile phone number to a new device that they controlled.

The government says Urban went by the aliases “Sosa” and “King Bob,” among others. Multiple trusted sources told KrebsOnSecurity that Sosa/King Bob was a core member of a hacking group behind the 2022 breach at Twilio, a company that provides services for making and receiving text messages and phone calls. Twilio disclosed in Aug. 2022 that an intrusion had exposed a “limited number” of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.

Shortly after that disclosure, the security firm Group-IB published a report linking the attackers behind the Twilio intrusion to separate breaches at more than 130 organizations, including LastPass, DoorDash, Mailchimp, and Plex. Multiple security firms soon assigned the hacking group the nickname “Scattered Spider.”

Read: https://krebsonsecurity.com/2024/01/fla-man-charged-in-sim-swapping-spree-is-key-suspect-in-hacker-groups-oktapus-scattered-spider/

 
Elsewhere Online:

Alpha Ransomware launches data breach attack
Read: https://www.infosecurity-magazine.com/news/alpha-ransomware-launches-data/

The Closure of the Hobbes OS/2 Archive Marks the End of an Era in Operating System History
Read: https://www.wired.com/story/hobbes-os2-archive-shutting-down/

Italy Accuses OpenAI’s ChatGPT of Violating European Privacy Laws
Read: https://www.securityweek.com/chatgpt-violated-european-privacy-laws-italy-tells-chatbot-maker-openai/

US Government Works to Disrupt China-linked “Volt Typhoon” Threat Actor
Read: https://www.darkreading.com/cybersecurity-operations/us-govt-reportedly-trying-to-disrupt-volt-typhoon-attack-infrastructure

Brazilian Law Enforcement Serves Warrants Against Grandoreiro Malware Operators
Read: https://thehackernews.com/2024/01/brazilian-feds-dismantle-grandoreiro.html

First Neurolink Human Implant
Read: https://ca.news.yahoo.com/first-human-receive-neuralink-brain-131659386.html

Previously on #AxisOfEasy