Press Release
Online data breaches involving 5.4 million Twitter users and more private sharing
An API flaw that was patched in January allowed for the theft of over 5.4 million Twitter user records that contained private information. These records were made available for free sharing on a hacker forum.
A security researcher has also revealed another enormous, possibly more significant, data dump of millions of Twitter records, illustrating how widely this flaw was utilised by threat actors.
The material is made up of public data that has been scraped as well as secretive email addresses and phone numbers.
The data breach on Twitter
In July of last year, a threat actor started charging $30,000 for the personal data of more than 5.4 million Twitter users.
The majority of the material was made up of publicly available details such Twitter IDs, names, login names, localities, and verified statuses; however, there was also private information like phone numbers and email addresses.
This information was gathered in December 2021 by utilising a Twitter API flaw that was made public through the HackerOne bug bounty programme. This flaw allowed users to submit their phone numbers and email addresses to the API in order to obtain the corresponding Twitter ID.
The threat actors might then use this ID to scrape the account’s public data to generate a user record with both private and public data. The HackerOne disclosure may have been disclosed, but BleepingComputer was informed that numerous threat actors were using the flaw to steal personal data from Twitter.
Twitter confirmed it had experienced a data breach due to an API issue resolved in January 2022 after BleepingComputer sent them a sample of the user details.
This past weekend, Pompompurin, the proprietor of the Breached hacking site, revealed to BleepingComputer that they were in charge of exploiting the flaw and producing the enormous dump of Twitter user data after another threat actor going by the name of “Devil” disclosed the vulnerability to them.
Nearly 7 million Twitter profiles with private information were found overall, including the 5.4 million records for sale and an additional 1.4 million suspended user profiles that were gathered via a separate API.
Pompompurin said that this second data dump was only privately distributed to a select group of individuals and was not sold.
Sharing of Twitter data on a hacking forum
The 5.4 million Twitter records have now been freely posted on a hacking forum twice—once in September and most recently on November 24.
This data, which includes 5,485,635 records of Twitter users, was for sale in August, and Pompompurin has confirmed this to BleepingComputer.
These records include the account’s Twitter ID, name, screen name, verified status, location, URL, description, follower count, account creation date, friends count, likes count, statuses count, and profile image URLs, along with either a private email address or phone number.
An even larger data dump was produced in secret.
Although it is troubling that threat actors gave out 5.4 million records, it is also claimed that the same vulnerability was used to create a much larger data dump.
This data dump may comprise tens of millions of Twitter records, including public data like verified status, account names, Twitter IDs, bios, and screen names, as well as personal phone numbers gathered using the same API problem.
Security expert Chad Loder, who initially reported the information on Twitter and was suspended shortly after publishing it, is the source of the information on this more serious data leak. Later, Loder published a sample of this wider data breach on Mastodon with redactions.
“I recently learned about a significant Twitter data breach that affected millions of US and EU Twitter accounts. I got in touch with a small number of the impacted accounts, and they confirmed that the stolen information is true. This breach did not happen until 2021, “Shared on Twitter by Loder
A sample file from this previously unreported Twitter data dump, which contains 1,377,132 phone numbers for people in France, has been discovered by BleepingComputer.
The phone numbers in this leak have since been verified by a large number of people, proving that this additional data breach is legitimate.
Additionally, none of these phone numbers were part of the initial data sold in August, demonstrating how much more user data was available to threat actors than Twitter had previously reported and how much broader Twitter’s data breach was than had been previously disclosed.
Additionally, Pompompurin informed BleepingComputer that they were not in charge of and were unaware of the creator of the recently found data leak, proving that other parties were utilising this API vulnerability.
According to information obtained by BleepingComputer, this recently found data dump comprises of a large number of files divided up by region codes and countries, including Europe, Israel, and the USA.
Although we were informed that it contains more than 17 million records, we were unable to independently verify this.
It is crucial to carefully review any email that purports to be from Twitter because this information might potentially be used for targeted phishing attacks to get login credentials.
You should disregard and delete any emails that encourage you to log in to a non-Twitter domain and claim that your account has been suspended, there are login problems, or you are about to lose your verified status. These emails are likely phishing attempts.
On Thursday, BleepingComputer contacted Twitter on this additional data leak of personal data, but has not heard back.
NVIDIA has released security upgrades to fix ten more bugs impacting the NVIDIA Virtual GPU (vGPU) management software in addition to six security holes discovered in Windows and Linux GPU display drivers.
The flaws make Windows and Linux systems vulnerable to attacks that could cause a denial of service, privilege escalation, data manipulation, or information disclosure.
Because all of these security flaws need local user access, potential attackers must first get access to susceptible targets via a different attack method.
Patching of eleven high severity vulnerabilities
Attackers can simply escalate privileges to obtain permissions above those provided by the OS after successfully exploiting one of the vulnerabilities fixed today.
Denial-of-service attacks or gaining access to otherwise inaccessible information can also be used to temporarily disable workstations running vulnerable drivers or software.
With the exception of the security flaws identified as CVE-2021-1052, CVE-2021-1053, and CVE-2021-1056 affecting the Linux GPU Display Driver for Tesla GPUs, which will start receiving an updated driver version on January 18, 2021, NVIDIA has patched all impacted software products and platforms.
The flaws have CVSS V3 base ratings ranging from 5.3 to 8.4, and NVIDIA has classified 11 of them as high-risk.
The risk assessment “is based on an average of risk across a broad set of deployed systems and may not represent the true risk of your local installation,” according to NVIDIA’s security alert.
To accurately assess the risk these vulnerabilities represent to your particular system configuration, the business further suggests speaking with an IT or security specialist.
The January 2021 Security Bulletin is a complete list of security problems that NVIDIA patched this month.
Several driver updates are accessible from hardware vendors.
NVIDIA advises users to use the security updates offered on the NVIDIA Driver Downloads page to upgrade their GeForce, NVIDIA RTX, Quadro, NVS, and Tesla GPU display drivers, as well as Virtual GPU Manager and guest driver software.
According to the business, certain consumers who choose not to manually fix the weaknesses might also get security upgrades bundled with Windows GPU display driver 460.84, 457.49, and 452.66 versions from their computer hardware vendors.
Users of the NVIDIA vGPU enterprise software must sign into the NVIDIA Enterprise Application Hub in order to download updates from the NVIDIA Licensing Center.
By just putting in a Razer mouse or keyboard, a Razer Synapse zero-day vulnerability that has been publicly published on Twitter enables you to take control of Windows as an administrator.
A well-known maker of computer accessories, Razer is well recognised for their gaming keyboards and mice.
The Razer Synapse programme will immediately download and start installing on a computer when a Razer device is plugged into Windows 10 or Windows 11. Users can set up macros, map buttons, and modify their gear using the software Razer Synapse.
Over 100 million people use Razer Synapse, according to Razer, who claims that number.
The plug-and-play Razer Synapse installation contains a zero-day vulnerability that, when exploited, allows users to swiftly gain SYSTEM access on a Windows system. This vulnerability was found by security researcher jonhat.
The greatest user rights in Windows, known as SYSTEM privileges, provide users the ability to run any command on the operating system. Basically, if a user has Windows’ SYSTEM capabilities, they have total control over the system and are able to install anything they want, including malicious software.
Razer had yet to respond, so yesterday jonhat revealed the zero-day vulnerability on Twitter and provided a little video explaining how the flaw operates.
Using a mouse while plugged in to gain access to the SYSTEM
We chose to test the flaw as BleepingComputer has a Razer mouse handy. We can confirm that it took us roughly two minutes to get SYSTEM rights in Windows 10 after plugging in our mouse.
It should be emphasised that this is a local privilege escalation (LPE) vulnerability, requiring physical access to a computer and a Razer device. To exploit the problem, all you need to do is purchase a $20 Razer mouse from Amazon and plug it into a Windows 10 computer.
On one of our Windows 10 machines, we set up a temporary ‘Test’ user with ordinary, non-administrator capabilities to test this flaw.
When we connected the Razer device to Windows 10, the operating system downloaded and set up both the driver and the Razer Synapse application automatically.
The Razer installation application got SYSTEM access as a result of the RazerInstaller.exe executable being started by a Windows process with SYSTEM privileges, as demonstrated below.
The setup procedure lets you choose the folder where the Razer Synapse software will be installed when you install it. Everything goes wrong when you have the choice of where to install your software.
The “Choose a Folder” window will show up when you move your folder. When you right-click the dialogue while holding down Shift, you will be given the option to “Open PowerShell window here,” which will launch a PowerShell prompt in the folder displayed in the dialogue.
This PowerShell prompt will inherit the same rights as the process that launched it because it was run with SYSTEM permissions.
As you can see in the screenshot below, after typing the “whoami” command at the PowerShell prompt, it became clear that the console has SYSTEM capabilities, enabling us to execute whatever command we like.
According to Will Dormann, a Vulnerability Analyst at the CERT/CC, other applications installed by the Windows plug-and-play mechanism is likely to include similar flaws.
Razer will address the flaw
Razer has contacted the security researcher to let them know that they will be delivering a remedy after this zero-day issue attracted significant notice on Twitter.
Despite the fact that the vulnerability was made public, Razer also informed the researcher that he would be getting a bug bounty payment.
Press Release
The New York Times reports that investigators are investigating whether solarwinds has been hacked via offices in Czech, Polish, and Belorussia, where many of the company’s engineering has taken place (NEW YORK TIMES).
Sources: investigators are checking if SolarWinds was hacked via its offices in Czechia, Poland, and Belarus, where the company moved much of its engineering — Those behind the widespread intrusion into government and corporate networks exploited seams in U.S. defenses and gave away nothing to American monitoring of their systems.
-
Social Media7 months agoWho is Rouba Saadeh?
-
Social Media7 months agoMati Marroni Instagram Wiki (Model’s Age, Net Worth, Body Measurements, Marriage)
-
Entertainment7 months ago12 Online Streaming Sites that Serve as Best Alternatives to CouchTuner
-
Entertainment7 months agoMovierulz Website: Movierulzz 2021 Latest Movies on Movierulz.com
-
Social Media7 months agoBrooke Daniells: Everything About Catherine Bell’s Partner
-
Guides7 months agoHow to make selfies with Dorian Rossini
-
Entertainment7 months ago4MovieRulz Download Telegu Movies | 3MovieRulz | Movierulz.com
-
Entertainment7 months agoMangastream is Not Functional – How About Taking Alternative Online Movie Sites in 2021