Fashion Magazin

Main Menu

  • Home
  • US fashion trends
  • French fashion
  • Famous people
  • Hollywood net worth
  • Capital

Fashion Magazin

Header Banner

Fashion Magazin

  • Home
  • US fashion trends
  • French fashion
  • Famous people
  • Hollywood net worth
  • Capital
Capital
Home›Capital›New Details About Astoria Company Hack Emerge

New Details About Astoria Company Hack Emerge

By Vicki Evans
April 7, 2021
0
0

When the Brilliant hunters The hacking group started peddling the personal data of millions of people in the Dark0de marketplace at the start of last month, this was remarkable because of the sheer number of in-game records – and because of who got hacked. Along with information on 400 million Facebook users and an Instagram user database, the load included data on 300 million users – including 40 million social security numbers – from lead generation company Astoria Company. LLC, whose network of websites collects information about consumers seeking services. like low cost auto loans, medical insurance, and payday loans.

Now researchers from Night Lion Security have explained how the Astoria company hack happened and have recounted interactions with “Seller13,” presumably an alias of the broker known as Yousef, who also sold the data from the company. ‘Astoria on the Russian Exploit Cybercrime Forum and at least one other darkweb marketplace.

While “it’s not clear whether Seller13 is using the ShinyHunters name as a type of bad direction, or whether the two actors are actually working together,” the researchers said their conversations with the threatening actor “seem to indicate that he and ShinyHunters work together. “

Although the attack was “relatively mundane” and “the chain of events and reconnaissance carried out in this particular breach is carried out regularly by threat actors around the world,” according to Brandon Hoffman, CISO at Netenrich, “Details released by Night Lion Security provide some interesting insight,” said Alec Alvarado, head of the threat intelligence team at Digital Shadows.

What the Night Lion researchers discovered was, in the end, a “multi-faceted attack leveraging a perfect storm of software vulnerability, system misconfiguration, and inside hacks,” said Yaniv Bar-Dayan. , CEO and co-founder of Vulcan Cyber.

Night Lion discovered a list of over 400 domains registered with the Astoria Company. A search for “publicly available code with potentially leaked credentials or AWS keys” yielded a list of vulnerable URLs in these domains. Further investigation uncovered a number of malicious web shells and scripts, including Corex.php and Adminer.php, on Astoria company’s domain, MortgageLeads.loans, the researchers said.

A closer look at the Corex web shell URL showed “a number of other operating tools that were left on the system, including the adminer.php script,” they said.

“Upon visiting the URL http://mortgageleads.loans/adminer.php, we immediately noticed that the administrator credentials for user ‘adminastoria’ were pre-registered, allowing anyone full access to the database from a public URL – no authentication required, ”the researchers said.

A malicious insider, which Astoria company officials identified to Night Lion as an India-based developer, took advantage of a previously reported file disclosure vulnerability in Adminer that allows hackers to fill the login window with their remote MySQL server .

After the two servers are connected, the attacker uses a misconfiguration MySQL to read files – including MySQL configuration and PHP WordPress files – on the victim’s server.

“The newly revealed details indicate that the attack was not very sophisticated, as the administrative database credentials were pre-registered and a public URL would have provided full access, ”Alvarado explained. “While the credentials may have been pre-registered in a malevolent fashion, as Astoria’s responses indicate,” he said, this sheds a harsh light on how the company has handled its databases, reinforced by the importance cybercriminals place on personal data.

“If only one of the attack vectors were mitigated or corrected,” said Bar-Dayan, “This data breach could have been avoided.”

The unique perspective offered by Seller13 can serve as a caveat and offer guidance to advocates on how to strengthen their organizations against similar attacks, Alvarado said. Besides being a lesson in how to better protect databases, with a few simple steps, researchers at Night Lion suggested the incident could be used to persuade lawmakers to support a “comprehensive” federal standard. notification of violations. More recently, Congress has leaned in that direction, but significant progress has stuttered and stuttered as lawmakers grappled with what the requirements of this legislation might include. Will the breach of the Astoria company revive these discussions? May be. More likely, however, they will seep into the back burner well into the future.

Related posts:

  1. Liberty Financial launches funds for a float of $ 1.8 billion
  2. Alamosa News | Gilbert’s return to Detroit
  3. Bank loans to midsize industries jump in March-September: RBI data
  4. Mortgage defaults on the rise for the first time in nine months; Increase largely based on timing, but bears are watching

Categories

  • Capital
  • Famous people
  • French fashion
  • Hollywood net worth
  • US fashion trends

Recent Posts

  • 10 bright, colorful, vegan and cruelty-free makeup products to wear all summer long
  • 25 personalities born under the sign of the crab
  • What is Kate Bush’s net worth in 2022?
  • Five takeaways from the French election – and what could happen next | France
  • Smart Clothing Market Trends, R&D Status with Current and Future Industry Figures Research Report 2028 – Designer Women

Archives

  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • August 2020
  • November 2019
  • May 2019
  • January 2019
  • December 2018
  • November 2018
  • Terms and Conditions
  • Privacy Policy