{"id":9766,"date":"2024-01-13T07:00:00","date_gmt":"2024-01-13T05:00:00","guid":{"rendered":"https:\/\/forklog.com\/en\/cybersecurity-highlights-airdrop-reveals-iphone-user-alfa-bank-data-breach-and-more\/"},"modified":"2024-01-13T07:00:00","modified_gmt":"2024-01-13T05:00:00","slug":"cybersecurity-highlights-airdrop-reveals-iphone-user-alfa-bank-data-breach-and-more","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/cybersecurity-highlights-airdrop-reveals-iphone-user-alfa-bank-data-breach-and-more\/","title":{"rendered":"Cybersecurity Highlights: AirDrop Reveals iPhone User, Alfa-Bank Data Breach, and More"},"content":{"rendered":"<p>We have compiled the most significant cybersecurity news of the week.<\/p>\n<div class=\"wp-block-text-wrappers-keypoints article_keypoints\">\n<ul class=\"wp-block-list\">\n<li>Chinese researchers identified an iPhone user through the AirDrop feature.<\/li>\n<li>Personal data of 24 million Alfa-Bank clients leaked online.<\/li>\n<li>The creator of a Babuk ransomware variant was arrested in the Netherlands.<\/li>\n<li>A vulnerability was found in a chatbot used for fast-food hiring automation.<\/li>\n<\/ul>\n<\/div>\n<h2 class=\"wp-block-heading\"><strong>Chinese Researchers Identify iPhone User via AirDrop<\/strong><\/h2>\n<p>Staff at the Beijing Institute of Forensic Science decrypted Apple device logs for the AirDrop feature, gaining access to user personal data, according to <a href=\"https:\/\/www.bloomberg.com\/news\/articles\/2024-01-09\/china-says-cracked-apple-s-airdrop-to-identify-message-sources?embedded-checkout=true&#038;leadSource=uverify%20wall\">Bloomberg<\/a>.<\/p>\n<p>Residents of China use AirDrop to send files bypassing state censorship. Researchers became interested in the feature after a group used it to distribute <a href=\"https:\/\/sfj.beijing.gov.cn\/sfj\/sfdt\/ywdt82\/flfw93\/436331732\/index.html\">\u201cunacceptable information\u201d<\/a> in the Beijing subway.<\/p>\n<p>Using <a href=\"https:\/\/ru.wikipedia.org\/wiki\/%D0%A0%D0%B0%D0%B4%D1%83%D0%B6%D0%BD%D0%B0%D1%8F_%D1%82%D0%B0%D0%B1%D0%BB%D0%B8%D1%86%D0%B0\">rainbow tables<\/a>, they decrypted logs to reveal the device name, phone number, and email address of the sender.<\/p>\n<p>This led to the identification of several suspects in illegal distribution.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Data of 24 Million Alfa-Bank Clients Leaked Online<\/strong><\/h2>\n<p>The Ukrainian hacker group KibOrg released the full database of Russia&#8217;s Alfa-Bank to the public.<\/p>\n<p><script async src=\"https:\/\/telegram.org\/js\/telegram-widget.js?22\" data-telegram-post=\"kiborgnews\/19186\" data-width=\"100%\"><\/script><\/p>\n<p>According to the hackers, the table contains 115,217,571 records with data on 24 million people who used the bank&#8217;s services, including their full names, birth dates, phone numbers, card and account numbers. Data on 13 million organizations is also available. The earliest records date back to 2004.<\/p>\n<p>The publication <a href=\"https:\/\/storage.googleapis.com\/istories\/news\/2024\/01\/08\/khakeri-opublikovali-lichnie-dannie-bolee-20-millionov-klientov-alfa-banka\/index.html\">\u201cImportant Stories\u201d<\/a> confirmed that the leaked information pertains to real residents of Russia. Alfa-Bank has not commented on the situation.<\/p>\n<p>Hackers accessed this data in October 2023, initially releasing part of the information. At that time, the bank dismissed the leak as \u201cfake.\u201d<\/p>\n<h2 class=\"wp-block-heading\"><strong>Creator of Babuk Ransomware Variant Arrested in the Netherlands<\/strong><\/h2>\n<p>Dutch police identified and arrested the operator of the Tortilla ransomware, a variant of Babuk, in Amsterdam.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">We are proud to help release an updated version of the <a href=\"https:\/\/twitter.com\/hashtag\/Babuk?src=hash&#038;ref_src=twsrc%5Etfw\">#Babuk<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/ransomware?src=hash&#038;ref_src=twsrc%5Etfw\">#ransomware<\/a> decryptor to include its <a href=\"https:\/\/twitter.com\/hashtag\/Tortilla?src=hash&#038;ref_src=twsrc%5Etfw\">#Tortilla<\/a> variant, with the help of <a href=\"https:\/\/twitter.com\/Politie?ref_src=twsrc%5Etfw\">@Politie<\/a> and <a href=\"https:\/\/twitter.com\/AvastThreatLabs?ref_src=twsrc%5Etfw\">@AvastThreatLabs<\/a> <a href=\"https:\/\/t.co\/oW6xX8dAhW\">https:\/\/t.co\/oW6xX8dAhW<\/a> <a href=\"https:\/\/t.co\/7kXNhw2Q1C\">pic.twitter.com\/7kXNhw2Q1C<\/a><\/p>\n<p>\u2014 Cisco Talos Intelligence Group (@TalosSecurity) <a href=\"https:\/\/twitter.com\/TalosSecurity\/status\/1744729294340084142?ref_src=twsrc%5Etfw\">January 9, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The perpetrator attacked Microsoft Exchange servers using ProxyShell exploits.<\/p>\n<p>Law enforcement collaborated with Cisco Talos researchers, who also managed to obtain a <a href=\"https:\/\/files.avast.com\/files\/decryptor\/avast_decryptor_babuk.exe\">decryptor<\/a> after extracting its keys from the executable file.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Vulnerability Found in Fast-Food Hiring Chatbot<\/strong><\/h2>\n<p>The AI-based chatbot Chattr allowed unauthorized users to access its backend, used by fast-food franchises for hiring automation. This was reported by a group of researchers led by programmer <a href=\"https:\/\/mrbruh.com\/chattr\/\">Paul Bruh<\/a>.<\/p>\n<p>Using a special script, they discovered a vulnerable Firebase server configuration linked to the KFC network.<\/p>\n<p>Researchers used it to access the database, allowing them to view names, phone numbers, email addresses, branch locations, messages, work schedules, and some passwords. The data pertained to franchise managers, job applicants, and Chattr employees.<\/p>\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"962\" src=\"https:\/\/forklog.com\/wp-content\/uploads\/chattr-image-1-1024x962.png\" alt=\"chattr-image-1\" class=\"wp-image-223796\" srcset=\"https:\/\/forklog.com\/wp-content\/uploads\/chattr-image-1-1024x962.png 1024w, https:\/\/forklog.com\/wp-content\/uploads\/chattr-image-1-300x282.png 300w, https:\/\/forklog.com\/wp-content\/uploads\/chattr-image-1-768x722.png 768w, https:\/\/forklog.com\/wp-content\/uploads\/chattr-image-1.png 1058w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Data: MrBruh\u2019s Epic Blog.<\/figcaption><\/figure>\n<p>Additionally, experts accessed the admin panel listing organizations using the chatbot, with options to accept or reject job candidates and refund payments made in Chattr.<\/p>\n<p>The vulnerability was disclosed on January 9, and the Chattr team resolved the issue the following day.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Former BreachForums Head Re-arrested for Bail Violation<\/strong><\/h2>\n<p>The creator and former administrator of the now-defunct hacker forum BreachForums, Conor Brian Fitzpatrick, was <a href=\"https:\/\/storage.courtlistener.com\/recap\/gov.uscourts.nysd.612924\/gov.uscourts.nysd.612924.3.0.pdf\">jailed<\/a> for violating bail conditions.<\/p>\n<p>Under a plea deal, he was prohibited from accessing the internet from devices without special monitoring software and using VPN services. Now, Pompompurin will remain in custody until January 19, when a court hearing is scheduled.<\/p>\n<p>Fitzpatrick is accused of stealing and selling confidential personal information, conspiracy to commit fraud, and possession of child pornography. The former admin previously pleaded guilty to all three charges and posted a $300,000 bail.<\/p>\n<p>He faces up to 40 years in prison, a $750,000 fine, and at least five years under government supervision after release.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Ukrainian Hackers Breach Moscow Internet Provider M9com<\/strong><\/h2>\n<p>The hacker group Blackjack <a href=\"https:\/\/t.me\/l_blackjack_l\/77\">claimed<\/a> to have hacked the major Moscow internet provider M9com, stealing confidential information from the company.<\/p>\n<p><script async src=\"https:\/\/telegram.org\/js\/telegram-widget.js?22\" data-telegram-post=\"l_blackjack_l\/80\" data-width=\"100%\"><\/script><\/p>\n<p>As proof, they shared a Tor URL for three ZIP archives containing employee and client credentials, including full names, logins, email addresses, unencrypted passwords, and 50 GB of call data.<\/p>\n<p>The hackers also defaced the official M9com website.<\/p>\n<p>Blackjack described the attack as \u201ca continuation of a series of warm-up acts of retribution\u201d for the hack of \u201cKyivstar.\u201d<\/p>\n<h2 class=\"wp-block-heading\"><strong>Virus Creator Arrested in Mykolaiv for U.S. Company Attack<\/strong><\/h2>\n<p>Ukrainian cyber police, with Europol&#8217;s assistance, <a href=\"https:\/\/www.facebook.com\/story.php?story_fbid=708083911502512&#038;id=100069027285973&#038;mibextid=PkCAf5\">arrested<\/a> a hacker who infected servers of a U.S. e-commerce company with a hidden miner.<\/p>\n<p>According to case materials, since 2021, a 29-year-old resident of Mykolaiv <span data-descr=\"brute force method\" class=\"old_tooltip\">brute-forced<\/span> 1,500 accounts of a subsidiary firm. Using them, he gained control over the target service.<\/p>\n<p>The hacker then infected server equipment with a mining virus and created a botnet of over a million virtual computers.<\/p>\n<p>Over two years, the malware transferred about $2 million in cryptocurrencies to controlled wallets. Europol helped Ukrainian colleagues block these addresses.<\/p>\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"766\" height=\"1024\" src=\"https:\/\/forklog.com\/wp-content\/uploads\/419079583_708083808169189_1349237111814456154_n-766x1024.jpg\" alt=\"419079583_708083808169189_1349237111814456154_n\" class=\"wp-image-223795\" srcset=\"https:\/\/forklog.com\/wp-content\/uploads\/419079583_708083808169189_1349237111814456154_n-766x1024.jpg 766w, https:\/\/forklog.com\/wp-content\/uploads\/419079583_708083808169189_1349237111814456154_n-224x300.jpg 224w, https:\/\/forklog.com\/wp-content\/uploads\/419079583_708083808169189_1349237111814456154_n-768x1027.jpg 768w, https:\/\/forklog.com\/wp-content\/uploads\/419079583_708083808169189_1349237111814456154_n.jpg 1104w\" sizes=\"auto, (max-width: 766px) 100vw, 766px\" \/><figcaption class=\"wp-element-caption\">Data: Cyber Police of Ukraine.<\/figcaption><\/figure>\n<p>Law enforcement seized computer equipment, flash drives, bank cards, and SIM cards from the suspect&#8217;s apartment.<\/p>\n<p>Criminal proceedings have been initiated for unauthorized interference with information systems. Possible accomplices are being identified.<\/p>\n<p>Also on ForkLog:<\/p>\n<ul class=\"wp-block-list\">\n<li>The SEC&#8217;s X account was <a href=\"https:\/\/forklog.com\/en\/news\/secs-x-account-hacked-to-announce-fake-bitcoin-etf-approval\">hacked<\/a> to announce a fake Bitcoin ETF approval. The FBI is investigating.<\/li>\n<li>X accounts of CoinGecko, as well as <a href=\"https:\/\/forklog.com\/en\/news\/netgear-and-hyundai-x-accounts-compromised-to-promote-crypto-scam\">Netgear and Hyundai<\/a>, were hacked to promote scams.<\/li>\n<li>The Russian Ministry of Internal Affairs detailed <a href=\"https:\/\/forklog.com\/en\/news\/russian-police-detail-bitcoin-seizure-practices-in-drug-trafficking-cases\">Bitcoin seizure practices<\/a> in drug trafficking cases.<\/li>\n<li>In the U.S., a promoter of the HyperVerse crypto scam was <a href=\"https:\/\/forklog.com\/en\/news\/us-arrests-promoter-of-hyperverse-crypto-scam\">arrested<\/a>.<\/li>\n<li>Media reported a <a href=\"https:\/\/forklog.com\/en\/news\/data-breach-reported-at-iranian-crypto-platform-bit24-cash\">data breach<\/a> at the Bit24.cash platform.<\/li>\n<li>The U.S. charged <a href=\"https:\/\/forklog.com\/en\/news\/us-charges-operators-and-users-of-darknet-marketplace-xdedic\">operators and users<\/a> of the darknet marketplace xDedic.<\/li>\n<li>Zengo Wallet challenged hackers to <a href=\"https:\/\/forklog.com\/en\/news\/zengo-wallet-challenges-hackers-with-10-btc-bounty\">hack a wallet<\/a> containing 10 BTC.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\"><strong>Weekend Reading Suggestions<\/strong><\/h2>\n<p>Explore the biggest DeFi segment hacks of 2023 in our year-end article:<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We have compiled the most significant cybersecurity news of the week. Chinese researchers identified an iPhone user through the AirDrop feature. Personal data of 24 million Alfa-Bank clients leaked online. The creator of a Babuk ransomware variant was arrested in the Netherlands. A vulnerability was found in a chatbot used for fast-food hiring automation. Chinese [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":9765,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1238,1233],"class_list":["post-9766","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity-digest","tag-industry-digests"],"aioseo_notices":[],"amp_enabled":true,"views":"62","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/9766","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=9766"}],"version-history":[{"count":0,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/9766\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/9765"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=9766"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=9766"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=9766"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}