Category: Uncategorized

The Unspoken Playbook of Breach Denials — Silence, Sanitized

Posted on by Manmeet Randhawa

It doesn’t start with a breach.

It starts with the silence that follows one.

Not the stunned kind. The strategic kind. The kind that reads like legalese, smells like PR, and sounds like a script everyone already knows by heart.

A suspicious pause. A vague statement. A subtle shift in language. “We are aware of reports.” “There is no evidence of unauthorized access.” “Only non-sensitive data may have been involved.”

Until it changes. Quietly. Days or weeks later. And just like that, what was once speculation becomes confirmation. What was denied becomes undeniable. And the company? It wasn’t lying, it was just… investigating. Apparently.

The New Art of Breach Management: Delay by Design

Denial isn’t always a flat-out no anymore.

It’s the long silence. The art of obfuscation. The technical jargon and interpretive gymnastics. It’s waiting until a researcher drops a blog. Or a forum post leaks the proof. Or, worse, your own customers become your whistleblowers. Somewhere along the way, delay became a strategy.

Look at 2025 so far:

  • A massive data breach exposed over 184 million unique passwords tied to services such as Google, Apple, Microsoft, Facebook, Instagram, and Snapchat. The unencrypted database was publicly accessible, requiring no password protection.
  • LexisNexis Risk Solutions disclosed a data breach affecting over 364,000 individuals. Sensitive information, including names, Social Security numbers, contact details, and driver’s license numbers, was accessed via LexisNexis’ GitHub account. The breach occurred on December 25, 2024, but was only discovered on April 1, 2025.
  • Marks & Spencer (M&S) experienced a major cyberattack in April 2025, disrupting store operations and online services. The breach, linked to the cybercriminal group Scattered Spider, led to the suspension of online and app orders, contactless payments, and click-and-collect services.

This isn’t a coincidence. It’s choreography. And in a hyper-connected world, that choreography reads like gaslighting.

When Security Firms Fumble Their Own Playbook

The irony is thick.

Some of the worst communicators post-breach? The ones selling cybersecurity. Security companies often play damage control with the same playbook they criticize others for. They write verbose incident reports. They throw in enough qualifiers to make the truth slippery. They draw the line at ‘operational impact’ as if customers care more about uptime than leaked credentials.

Take the Snowflake data breach of 2024. The breach affected numerous high-profile clients and has been regarded as one of the most significant data security incidents of the decade. Reality? The breach resulted in the theft of a wide range of sensitive data, such as personally identifiable information (PII), medical prescriber DEA numbers, digital event tickets, and over 50 billion call records from AT&T.

But they didn’t lie. They just told the part of the truth that wouldn’t hurt.

Breaches with Consequences You Can’t Press Delete On

In sectors like healthcare, the damage isn’t theoretical. It’s deeply human.

The Yale New Haven Health System reported a major data breach that impacted 5.5 million individuals. People didn’t just lose data. They lost control over their most intimate narratives. And the company? Silent. Not a tweet. Not a press conference. Just a statement buried in their website. When data is sensitive, silence isn’t protection. It’s betrayal.

Regulators Are Catching Up. Slowly.

With data protection laws tightening globally—from India’s DPDP Act to increased EU enforcement—companies are running out of places to hide.

But regulation moves slower than breaches. And fines, as it turns out, are often cheaper than reputation rebuilds. Until regulators start naming and shaming delay tactics, the silence will continue.And users will keep paying the price.

What Good Looks Like: Rare, But Real

Not every company fumbles. A few get it right. They disclose early. They admit uncertainty. They prioritize users over shareholders. They understand that a breach isn’t a PR nightmare. It’s a test of character. These are the brands people remember. Not because they were hacked, but because they handled it like humans, not robots with legal advisors.

So, What Needs to Shift?

  • Stop using time as a shield. Delay only deepens the cut.
  • Center the people, not the press release. If you lose customer trust, you’ve already lost.
  • Redefine breach response. It’s not damage control. It’s reputation management.
  • Be the first to talk. If the public hears it from someone else first, you weren’t leading—you were hiding.

Because the truth is simple: You can’t claim to protect people and then ghost them when they need protecting. Breaches will keep happening. That’s the cost of digital life. But denial? That’s a choice.

And the companies that still think silence is safer? They’re not just risking data.They’re gambling with trust. And in the long run, trust is the only asset no insurance can replace.

Cookie Bite Attack Exposes MFA Flaw in Microsoft 365

Posted on by Srishti Chaubey

When MFA Isn’t Enough: The Rise of Cookie Bite

You log into your Microsoft 365 account, breeze through multi-factor authentication (MFA), and feel secure. But while you’re at ease, someone else quietly slips in through the back door—no alarms, no malware alerts—just a stolen session cookie turning your session into their playground.

Welcome to Cookie Bite, a sophisticated attack technique developed as a proof-of-concept (PoC) by Varonis Threat Labs. Cookie Bite uses browser extensions and automation scripts to steal session cookies and maintain unauthorized access to cloud services like Outlook and Teams. It’s not just clever—it’s alarmingly hard to detect.

1. Cookie Bite 101: The Cookie That Grants Total Access

What is Cookie Bite?

It’s a session hijacking attack targeting Azure Entra ID (formerly Azure Active Directory), the identity provider behind Microsoft 365.

It exploits two critical authentication cookies:

  • ESTSAUTH: Temporary session validation cookie (expires when the browser closes)
  • ESTSAUTHPERSISTENT: Long-lived cookie for users who select “Stay signed in”

By stealing these cookies, attackers bypass MFA entirely—replaying valid sessions without needing your credentials.

2. The Mechanics of a Silent Invasion: How Cookies Are Stolen

The Varonis PoC showed exactly how devastatingly easy this can be:

  • A malicious Chrome extension monitors login activity and extracts session cookies in real time.
  • A PowerShell script auto-loads this extension using Developer Mode every time Chrome starts.
  • Cookies are exfiltrated silently—sometimes even using seemingly benign platforms like Google Forms.
  • Attackers then use tools like Cookie-Editor to inject these cookies into their own browsers, hijacking active sessions effortlessly.

Every login refreshes their access – You keep logging in, they keep slipping in.

3. Beyond Cookie Bite: Other Methods of Session Hijacking

Cookie theft isn’t limited to this one method. Attackers are getting creative:

  • Infostealers: Scrape browser memory for plaintext cookies.
  • Adversary-in-the-Middle (AITM) Proxies: Intercept authentication cookies during login.
  • Dark Web Markets: Trade stolen authentication tokens and fingerprints.
  • Malicious Extensions: Use excessive permissions to quietly lift session data.

The common theme? – Bypass credentials. Exploit sessions. Sidestep MFA.

4. Post-Login Mayhem: What Attackers Can Do

Once inside, attackers gain full user privileges. They can:

  • Access Outlook: Read, forward, and send emails.
  • Join Microsoft Teams: Impersonate users in chats and meetings.
  • Map Internal Infrastructure: Using tools like Graph Explorer.
  • Escalate Privileges: With tools like ROADtools and AADInternals.
  • Establish Persistence: By registering malicious apps or adding backdoors.

Worse yet, because they’re using your authenticated session, their activities blend seamlessly into legitimate traffic, making detection incredibly difficult.

5. Why Cookie Bite Is So Dangerous

Unlike traditional malware:

  • No binaries or executables.
  • No credential theft.
  • No obvious system changes.

It’s a browser-level persistence that evades most endpoint detection and response (EDR) tools. Security tools are looking for malware; attackers are stealing cookies.

6. How to Defend Against Cookie Bite Attacks

You can’t rely on MFA alone anymore. Here’s what smart defenders are doing:

Adopt a Zero Trust Model: Use solutions like PureAuth to enforce logins only from authorized, compliant, and healthy devices.

Use Microsoft Risk-Based Detection: Set up alerts for atypical login behavior that may signal session hijacking.

Lock Down Chrome Extensions: Restrict allowed extensions via ADMX policies—only allow vetted, secure add-ons.

Block Developer Mode in Chrome: Prevent sideloading of unsigned extensions through policy enforcement.

Monitor Azure and Cloud Logs: Actively watch for suspicious session activities that might otherwise be missed.

Final Takeaway: Securing the Future Means Securing the Session

Cookie Bite is not just a clever exploit—it’s a signpost for the future of cybersecurity. Authentication alone is no longer enough. Attackers aren’t breaking in by smashing down doors; they’re walking through them with stolen keys, blending in, operating silently. The next era of security isn’t about better passwords or even stronger MFA. It’s about continuous trust verification, session protection, and relentless monitoring. If your defenses stop at login, you’ve already lost.

In a world where attackers move faster than policies, your survival depends on evolving faster than their imagination.
Secure the session. Harden the browser. Assume every interaction is a battlefield. Because in this new landscape, it’s not just about keeping intruders out. It’s about ensuring they were never inside to begin with.

The Cyber Battleground: Major Attacks Shaping 2025

Posted on by Srishti Chaubey

The year is 2025, and the cyber war front is more active than ever. Threat actors are refining their tactics, launching sophisticated attacks across industries. From media and infrastructure to encrypted messaging platforms and AI-driven workplaces. Below is a breakdown of the latest high-impact cyber incidents, what they mean for security, and how organizations can stay ahead.

1. The Newsroom Blackout: Cyberattack on Lee Enterprises

On February 3, 2025, a major cyberattack disrupted Lee Enterprises, a leading American media conglomerate, causing print delays and operational chaos. Newspapers like the Post-Dispatch and Casper Star-Tribune struggled to publish content, with parts of the IT infrastructure forcibly taken offline. While the exact attack vector remains undisclosed, the event underscores the vulnerability of media organizations to digital disruptions.

Key Takeaway: Ransomware and IT disruptions in media outlets can impact information dissemination. Cyber resilience planning is crucial for organizations handling sensitive data and tight production schedules.

2. Microsoft KMS Exploited: Sandworm’s Silent Weapon

The infamous Sandworm APT (APT44/UAC-0145) has weaponized Microsoft Key Management Service (KMS) activators, targeting Windows users in Ukraine. The attack leverages pirated KMS tools and fake Windows updates to inject malware, including DarkCrystal RAT (DcRAT), compromising critical systems.

Key Takeaway: Secure software sourcing is critical. Enterprises must enforce strict software policies and monitor for unauthorized activations.

2025 Cyber Attacks: Microsoft: Russia's Sandworm APT Exploits Edge Bugs Globally
Credit: Dark Reading

3. PAN-OS Under Siege: Critical Vulnerability in Palo Alto Networks

Security teams are on high alert as Palo Alto Networks confirmed active exploitation of CVE-2025-0108, an access control flaw rated at 8.8 severity. Attackers with network access can bypass authentication and execute PHP scripts remotely. Combined with CVE-2024-9474, this vulnerability grants root-level access.

Key Takeaway: Immediate patching is essential. Delaying updates could be catastrophic.

4. Phishing Strikes Signal: A New Era of Social Engineering

Russian hacking groups (UNC5792 & UNC4221) are targeting Signal users by exploiting QR codes in phishing campaigns. Victims scanning these malicious codes unknowingly grant attackers access to their encrypted conversations. In response, Signal has rolled out new verification mechanisms to counter unauthorized device linking.

Key Takeaway: Users should verify QR codes before scanning and enable multi-factor authentication (MFA) for sensitive accounts.

5. The Fake IT Support Scam on Microsoft Teams

Russian hacking collectives Fin7 and Storm-1811 have been masquerading as IT support personnel on Microsoft Teams, tricking employees into granting access. Once inside, attackers deploy ransomware, encrypting data and demanding hefty ransoms.

Key Takeaway: Organizations must enforce strict identity verification for remote IT support and educate employees to recognize impersonation attempts.

6. Chinese Hackers Escalate from Espionage to Infrastructure Attacks

Volt Typhoon and Salt Typhoon, the two alleged Chinese state-sponsored groups, have shifted focus from corporate espionage to U.S. critical infrastructure. Their primary targets include utilities, ports, and telecom networks, exploiting outdated telecom equipment to infiltrate systems.

Key Takeaway: The attacks highlight the urgent need for infrastructure modernization and proactive cybersecurity measures.

7. Astaroth Phishing Attack: Bypassing 2FA Like Never Before

A new phishing campaign “Astaroth” targets Gmail and Outlook users, bypassing two-factor authentication (2FA) through real-time credential interception. Attackers trick users into entering login credentials and 2FA codes on counterfeit pages, hijacking accounts instantly.

Key Takeaway: Phishing-resistant authentication, such as PureAUTH, and continuous monitoring are essential for protection.

Final Thoughts: The Road Ahead

As cyber threats evolve, businesses and individuals must adopt a proactive security stance. The key takeaways:

  • Patch vulnerabilities immediately: Delayed updates remain a hacker’s best friend.
  • Implement Zero-Trust security: Don’t trust, always verify.
  • Educate employees on phishing threats: Human error remains a top attack vector.

Cybersecurity in 2025 is a battleground. Staying ahead requires vigilance, smart investments, and a commitment to continuous security improvements. The question isn’t if you’ll be targeted, it’s when. Are you ready?

Read Also:

Microsoft Reveals Russian Hack: Executives’ Emails Compromised

Passwords Leaked : Microsoft in Trouble

LDAP Nightmare: A Critical Flaw Shakes Enterprise Networks

Posted on by Srishti Chaubey

Introduction: The Storm of 2025 Begins

The year has barely begun and cybersecurity is under attack. Behold LDAP Nightmare, a zero-click vulnerability with a high Criticality CVSS score of 9.8. This vulnerability, officially termed as CVE-2024-49113, affects Windows Servers, including the critical Active Directory Domain Controllers (DCs). No authentication required, and an emphasis on crashing unknown servers, this exploit has the potential to cripple businesses that haven’t taken a proactive approach.

And for whom Active Directory infrastructure is not the ultimate point, this is a wake-up call. Let’s unpack the details of this critical vulnerability and how to defend against it.

What Is LDAP Nightmare?

LDAP Nightmare originates from a bug in Microsoft’s Lightweight Directory Access Protocol (LDAP). Found on December’s Patch Tuesday, this vulnerability allows attackers to crash unpatched Windows servers—or worse, open a door to remote code execution (RCE).

Key Facts:

  • Type: Denial of Service (DoS), with potential for RCE.
  • Impact: Crashes unpatched servers, including DCs.
  • Authentication: None required—just DNS connectivity.
  • Affected Systems: All unpatched versions of Windows Server (2019–2022).

How LDAP Nightmare Works (Without the Tech Jargon)

Imagine this: an attacker sends some cleverly disguised requests to your server. Your server, trusting as it is, starts chatting back. That’s when the attacker sends a sneaky, malformed response that your server doesn’t know how to handle. What happens next? Boom- your LSASS process crashes, and your server reboots.

This isn’t just a one-off prank. If hackers link this security hole to other weaknesses, it could give them complete control of your system. For organizations using Active Directory, that’s a terrifying prospect.

Attack Flow (For the tech savvy)

  • The attacker sends a DCE/RPC request to the Victim Server Machine
  • The Victim is triggered to send a DNS SRV query about SafeBreachLabs.pro
  • The Attacker’s DNS server responds with the Attacker’s hostname machine and LDAP port 
  • The Victim sends a broadcast NBNS request to find the IP address of the received hostname (of the Attacker’s)
  • The Attacker sends an NBNS response with its IP Address
  • The Victim becomes an LDAP client and sends a CLDAP request to the Attacker’s machine
  • The Attacker sends a CLDAP referral response packet with a specific value resulting in LSASS to crash and force a reboot of the Victim server
LDAP Nightmare: Microsoft Critical Flaw.
Credit: SafeBreach

Why This Matters: Compromised Business and Operational Integrity

An organization’s IT network can be seen as Active Directory Domain Controllers. They are responsible for authentication, management of security policies, and making the entire network functional. If one of the DCs stops working, it’s not only irritating- it’s an apocalypse. This is why:

  • Lost Productivity: Resources cannot be accessed, nor can anyone log in, meaning everyone is stuck, ever since a DC crash took place.
  • Data Theft: Such a vulnerability may allow attackers to siphon off very important information contained therein.
  • Ransomware Risks: As soon as they can get in, hackers are able to lock your data and ask for money.

How much risk are we talking? A lot.

How soon must action be taken? Right now.

The PoC That Ignited the Internet

In the writings of SafeBreach Labs’ cybersecurity researchers, it was stated that the first exploit demonstration of the LDAP Nightmare vulnerability was released in January 2025. This tool showed not only how easily an unpatched server can be taken down but also its use for penetration testing within corporate networks.

If you did not apply Microsoft’s patch from December 2024, then your servers are nearly a target. As the exploit’s ease of use might suggest, targeting systems that are not covered is going to be an easy task for attackers.

Protecting Your Organization from LDAP Nightmare

Here’s how you can guard against this exploit:

  1. Patch Immediately:
    Microsoft’s December patch closes the door on this vulnerability. Running unpatched servers means exposing the whole company at large.
  2. Tighten DNS Security:
    Configure your DNS servers to block suspicious external queries. LDAP Nightmare gets through to the network over DNS, so blocking its entry point is crucial.
  3. Monitor Anomalous Traffic:
    Keep an eye on:
    • Odd LDAP referral requests.
    • Suspicious DNS SRV queries.
    • Unusual CLDAP response patterns.
  4. Use SafeBreach’s PoC Tool:
    Test your systems with the Ldap Nightmare tool to see if there is a risk. This proactive step can make all the difference.

Conclusion: A New Year’s Resolution You Can’t Ignore

LDAP Nightmare serves as a stark reminder of how swiftly cybersecurity threats evolve. As the first major exploit of 2025, it underscores the importance of patching, monitoring, and adopting long-term protection solutions like PureAuth for preventing unauthorized access and  zero-trust security.

Although the full details of CVE-2024-49113 remain unpublished, organizations must act swiftly to prevent cascading failures that could compromise dependent systems and services. Stay vigilant, secure your infrastructure, and strengthen your cybersecurity posture – before it’s too late.

Zello Faces Another Potential Data Breach, Urges Precautionary Measures

Posted on by Srishti Chaubey

Introduction

Zello, the widely-used push-to-talk app, is once again under scrutiny for its handling of user security. Recently, the company required users to reset their passwords, citing concerns that point to either a credential-stuffing attack or a potential data breach. With 175 million users spanning sectors like emergency response and hospitality, this incident has raised significant questions about the platform’s security measures.

What Happened?

On November 15, 2024, Zello warned users whose account creation date was before November 2nd to change their password. While the exact incident is not known, evidence suggests that:

  • Possible Breach: Customer credentials may have been accessed by unauthorized users.
  • Credential-Stuffing Attack: Threat actors might be using passwords compromised earlier to gain access.

This measure aims to mitigate risks to affected accounts.

Zello Potential Data Theft
Credit: CyberIL

Breaches History at Zello

In 2020, Zello faced a similar challenge:

Data Breach in 2020:

  • Unauthorized activity on a server led to the exposure of email addresses and hashed passwords.
  • Zello required password resets and asked users not to reuse passwords across platforms.

While the company achieved ISO 27001 certification in September 2024—a certification enforcing strict information security procedures—the recurrence of such incidents questions the strength of Zello’s defenses.

The Implications

If confirmed, such a breach or an attack might empower cybercriminals to:

  • Steal Credentials: Access account data for unauthorized use.
  • Expand Attacks: Use cracked passwords for credential-stuffing attacks on other platforms.
  • Expose Sensitive Operations: With Zello used by first responders and other critical sectors, data misuse could disrupt essential services.

What Users Should Do

Zello users should take the following steps to safeguard their accounts immediately:

  • Reset Passwords: Change passwords immediately for accounts created before November 2, 2024.
  • Use Unique Passwords: Avoid reusing passwords across different services.
  • Enable Security Tools: Consider using password managers to generate strong, unique passwords.

With passwordless solutions like PureAuth, organizations can eliminate vulnerabilities altogether, ensuring security by design and default.

Conclusion

The latest security incident at Zello serves as a grim reminder of the changing cyber threats that organizations face. Though breaches may not always be avoidable, proactive measures like enforcing password resets and adopting robust access management solutions can go a long way in mitigating risks.

By going passwordless, facilitated by solutions like PureAuth, businesses can ensure user credentials and data are secure by default and design, protecting against future incidents.

Read Also

Your 1st Step to #GoPasswordless

Making World Password Free

3 ways passwords are Failing the Enterprises

RockYou2024: Nearly 10 Billion Passwords Leaked Online

Posted on by Srishti Chaubey

Introduction

On July 4, 2024, the cybersecurity community was rocked by the discovery of RockYou2024, the largest password compilation leak in history. This staggering breach, revealed by a Cybernews research team, includes nearly 10 billion unique plaintext passwords. The massive dataset, posted on a popular hacking forum, presents severe security risks, especially for users prone to reusing passwords.

The RockYou2024 Password Leak

The RockYou2024 password leak, tracked as the largest of its kind, was unveiled by Cybernews researchers. The file, named rockyou2024.txt, contains an astounding 9,948,575,739 unique plaintext passwords. The dataset was posted by a user named “ObamaCare,” who has a history of leaking sensitive information. This compilation is believed to be a mix of old and new data breaches, significantly increasing the risk of credential stuffing attacks.

Credit: Cybernews

A Brief History of RockYou

The RockYou series of password leaks dates back to 2009, when the original RockYou breach exposed over 32 million user account details. In 2021, the RockYou2021 compilation, containing 8.4 billion passwords, set a new record at the time. RockYou2024 expands on this legacy, adding another 1.5 billion new passwords, making it the largest password dump to date.

Impact and Exploitation Risks

The RockYou2024 leak poses significant dangers due to the vast number of real-world passwords it contains. Cyber-criminals can leverage this data to execute brute-force attacks, attempting to gain unauthorised access to various online accounts. Combined with other leaked databases containing usernames and email addresses, RockYou2024 could lead to widespread data breaches, financial fraud, and identity theft.

How to Protect Against RockYou2024

Reset Compromised Passwords

Immediately reset passwords for any accounts associated with the leaked data. Ensure new passwords are strong, unique, and not reused across multiple platforms.

Enable Multi-Factor Authentication (MFA)

Enable MFA wherever possible. This adds an extra layer of security by requiring additional verification beyond just a password.

Implement Passwordless Solutions

Adopting passwordless solutions can further enhance security. SAML-based passwordless solutions, such as Single Sign-On (SSO) systems, eliminate the need for passwords by using secure tokens for authentication. These solutions reduce the risk of password-related attacks and improve user convenience.

Monitor Accounts and Stay Informed

Regularly monitor accounts for suspicious activity and stay informed about the latest cybersecurity threats and best practices.

Conclusion

This recent breach highlights how fragile and unsafe passwords are, underscoring the need for more secure authentication methods. The RockYou2024 leak demonstrates that even with strong, unique passwords, the risks remain significant. Multi-factor authentication (MFA), while an added layer of security, is not foolproof. For example, MFA breaches such as the 2022 Uber hack and the attack on Microsoft’s Office 365 users in 2021 show its vulnerabilities.

Additionally, password managers are not entirely reliable. The Okta breach in 2022 and the OneLogin breach in 2017 exposed millions of user accounts, demonstrating that even these tools can be compromised.

In light of these risks, passwordless systems are emerging as the next hot trend in cybersecurity. SAML-based passwordless solutions, like PureAuth, provide enhanced security by eliminating the need for passwords and reducing the attack surface for cybercriminals.

Embracing passwordless systems, combined with continuous monitoring and updated security practices, is essential for protecting against the evolving threat landscape. Stay ahead of cyber threats by adopting innovative authentication methods and ensuring your digital assets are well-protected.

Dell Data Breach: 49M Customer Records Exposed

Posted on by Srishti Chaubey

In a data breach that has caused anxiety about security and privacy, Dell, a technology hardware giant, has admitted to its occurrence having affected 49 million customer records. The unsecured API linked to a partner portal allowed hackers to swipe a huge amount of information about customers from Dell’s database.

Dell Data Breach Customer Records: Source Daily Dark Web
Dell customer data on Breach Forums
Source: Daily Dark Web

Methodology of the Breach

The hacker, known as Menelik, shared his methodology with TechCrunch .

“Believe me or not, I kept doing this for nearly 3 weeks and Dell did not notice anything. Nearly 50 Million requests…After I thought I got enough data, I sent multiple emails to Dell and notified the vulnerability. It took them nearly a week to patch it all up,” Menelik said.

Dell on the other hand, responded with “Let’s keep in mind, this threat actor is a criminal and we have notified law enforcement.”

  • Exploiting Partner Accounts: The threat actor created multiple “partner” firms known by different names for multiple accounts thereby leading in access to sensitive customer records.
  • Scraping Customer Data: They stole huge amounts of client data directly from Dell’s servers including personal particulars and purchase information.
  • Persistence and Volume: For nearly three weeks, the perpetrator launched an unyielding onslaught of appeals that led to almost 50 million records.
  • Reporting:  They emailed Dell on April 12th and 14th to report the bug to Dell security team
Dell Data Breach Customer Records: Email to Dell from Menelik
Email sent to Dell about partner portal flaw
Source: Menelik

“Prior to receiving the threat actor’s email, Dell was already aware of and investigating the incident, implementing our response procedures and taking containment steps. We have also engaged a third-party forensics firm to investigate.”

Stolen Data Details

The exposed data has customer order data, including warranty information, service tags, names, locations, customer numbers, and order numbers.

The hacker, Menelik says the stolen customer records include the following hardware breakdown:

  • Monitors: 22,406,133
  • Alienware Notebooks: 447,315
  • Chromebooks: 198,713
  • Inspiron Notebooks: 11,257,567
  • Inspiron Desktops: 1,731,767
  • Latitude Laptops: 4,130,510 
  • Optiplex: 5,177,626
  • Poweredge: 783,575
  • Precision Desktops: 798,018
  • Precision Notebooks: 486,244
  • Vostro Notebooks: 148,087
  • Vostro Desktops: 37,427
  • Xps Notebooks: 1,045,302
  • XPS/Alienware desktops: 399,695

Mitigation Efforts

Incident response protocols were deployed by Dell, containment strategies were employed, and external forensic experts were contracted to investigate and fix vulnerabilities.

Conclusion

Dell has advised customers to remain vigilant at all times by reporting any suspicious activities associated with their accounts or purchases as soon as possible.

Dell Email to Customers

The 49 million customer purchase data between 2017-2024 looks like the perfect phishing bait. Anyone posing as dell representative can trick users into clicking links and being set up for credential theft.

We need to prevent a phishing incident like those that rocked Okta, Dropbox and Lastpass. It becomes imperative to fortify your organization with robust authentication methods. Embracing passwordless authentication could be precisely the solution needed. After all, if you don’t possess traditional credentials, they can’t be stolen, can they?

Read Also

Massive Data Breach: 125 Million Records Exposed Due to Firebase Misconfiguration

CASPR – The Ultimate Code Defender

Posted on by Srishti Chaubey

Amidst the fear of breaches and mishaps, a beacon of hope emerges : PureAUTH CASPR. This innovative solution redefines code security by tackling the inherent vulnerabilities in source control systems, paving the way for a new era of trust and integrity in software development.

Overview

Source control, pivotal in any project, demands vigilance against malicious code. Yet, traditional commit signing places the onus on developers, leaving organizations vulnerable to rogue actors. Enter PureAUTH CASPR, a security revolution for a paradigm shift in securing code repositories.

Security Challenges

For IT security teams, configuring repositories and user access control is paramount. Meanwhile, developers grapple with integrating security practices without impeding release cycles, especially in large teams where enforcing consistency proves daunting.

Developer Challenges

Security is a luxury, not a necessity between the junior developers. Deadlines, Lack of Awareness, and human error at developer’s side is very much possible. Such occurrences can compromise the CI/CD pipeline, and allow un-trusted commits and data to seep in.

GitGuardian saw a massive 1,212x increase in the number of OpenAI API keys leaked on GitHub compared to 2022, leaking an average of 46,441 API keys per month, achieving the highest growing data point in the report.

Our Solution

PureAUTH CASPR empowers organizations to uphold a trusted codebase through seamless integration with user-authenticated profiles. By leveraging trusted signing keys tied to corporate machines, developers ensure commit integrity while thwarting insider threats upon employee separation.

Key Benefits

  1. Trust Your Keys, Zero Trust: Generate GPG key-pairs recognised and trusted by PureAUTH using AuthVR5. Reject commits signed with unauthorised keys.
  2. Revocation On Departure: Revoke signing keys instantly when employees leave, directly from Active Directory, eliminating the risk of delayed access removal.
  3. Passwordless Authentication, Security Made Easy: Utilise passwordless authentication for DevOps platform login, eliminating password leaks and phishing threats.
  4. Effortless Key Management: Developers can easily generate GPG keys and configure repositories, streamlining the authentication process.
  5. Trust But Verify: Verify each commit in the CI/CD pipeline, ensuring it’s signed with AuthVR5-generated keys by current organization-affiliated developers.

How it Works

  1. Administrator onboards users onto PureAUTH platform.
  2. User creates AuthVR5 profile.
  3. User generates trusted GPG key-pair.
  4. Repository configured for AuthVR5 commit signing.
  5. User signs commits using AuthVR5.
  6. Code pushed to DevOps platform.
  7. Code Defender CI/CD module verifies signatures.
  8. Deployment halted if checks fail; admin notified.
CASPR, Code Security Revolution Process

With PureAUTH CASPR, the era of compromised code and breached repositories draws to a close. Embrace the future of code security, safeguarding your digital assets with confidence and resilience.

Read Also

GitHub: Millions of Secrets Exposed

Massive Data Breach: 125 Million Records Exposed Due to Firebase Misconfiguration

Posted on by Srishti Chaubey

Introduction

Logykk, xyzeva, and MrBruh have unveiled a troubling truth: 900+ sites suffered a Firebase misconfiguration, exposing 125M user records. The records contain plaintext passwords and sensitive billing information.

Scanning for Vulnerabilities

Initially, researchers employed a Python scanner, but it proved impractical due to memory consumption issues. Subsequently, they turned to Go-based scanning, which, though expected to conclude in 11 days, actually took nearly 2 to 3 weeks, producing valuable insights.

Identifying Misconfigurations

To expedite the process, researchers compiled a shortlist of potentially affected websites and developed the “Catalyst” scanner. This tool identifies read access to Firebase collections and calculates the impact of exposed data, facilitating efficient analysis.

Uncovering Disturbing Findings

The resulting database revealed alarming statistics: 84 million names, 106 million email addresses, 33 million phone numbers, 20 million passwords, and 27 million pieces of billing information were compromised. What’s more interesting, is that 98% of passwords, or 19,867,627 to be exact, are in plain text. The researchers added that these numbers should be taken with a grain of salt. Real numbers of impact can be much larger. Among the impacted sites were Silid LMS, Lead Carrot, and MyChefTool, with millions of user records exposed, underscoring the severity of the breach.

Numbers of Firebase Misconfiguration Data Breach
Private Database of exposed user records
source: xyzeva

Aftermath and Response

Despite efforts to notify affected organizations, the response was modest, with only 200 misconfigurations rectified. Notably, some gambling websites attempted to downplay the issue, even offering flirtatious responses.

  • 842 Emails sent over 13 days
  • 85% Emails delivered
  • 9% Emails bounced
  • 24% of Site owners fixed the misconfiguration
  • 1% of Site owners emailed us back
  • 0.2% (2) Sites owners offered a bug bounty

Conclusion: Strengthening Security Posture

While data breaches may appear unavoidable, proactive measures can significantly mitigate risks. Adopting a zero-trust approach, coupled with just-in-time access architecture, offers essential protection against unauthorised access. PureID provides cutting-edge solutions, including passwordless technology and advanced authentication frameworks like ZITA. By prioritising robust cybersecurity measures and leveraging innovative solutions, organizations can bolster their defences and safeguard sensitive data in today’s increasingly vulnerable digital landscape.

© 2025 | PureID. All Rights Reserved

Privacy & Terms | Licenses