Acer suffers data breach with hacker seeking to sell stolen dataset
Acer, the Taiwanese computer giant, has confirmed a data breach resulting from threat actors hacking a server hosting private documents used by repair technicians. Despite the breach, the company's investigation has thus far not shown any impact on customer data. The confirmation follows a threat actor's claim on a popular hacking forum to be selling 160GB of data stolen from Acer in mid-February 2023.
The stolen data includes technical manuals, software tools, backend infrastructure details, and product model documentation for phones, tablets, and laptops, as well as BIOS images, ROM files, ISO files, and replacement digital product keys. The threat actor shared screenshots of technical schematics for the Acer V206HQL display, documents, BIOS definitions, and confidential documents as evidence of their theft.
The poster of the data is selling the entire dataset to the highest bidder and will only accept the cryptocurrency Monero (XMR) as payment due to its hard-to-trace nature.
Israel blames Iran for Technion cyber attack
Last month, the Technion, a top Israeli research and education institute, fell victim to an internet attack, which has now been attributed to a group affiliated with Iranian intelligence, according to the Israel National Cyber Directorate. The group in question, known as MuddyWater, has been held responsible for numerous other attacks across the globe.
The probe into the Technion attack revealed that the group used malware designed to encrypt operating systems. To prevent similar attempts in the future, the directorate has disseminated methods to identify the attack and provided additional recommendations for self-defence to other organisations.
Phishing campaign targets Eurovision 2023 fans
Scammers targeting hotel chains are putting Eurovision fans' data at risk after they booked rooms for May's song contest in Liverpool. According to Booking.com, some accommodation partners have received phishing emails, though the company denied suffering any data security breach. In response, customers are advised to contact their hotels directly if they have concerns. Booking.com stated that cyber-attacks have affected "a number of accounts," which were quickly secured, adding that some businesses had unintentionally compromised their internal systems by clicking on links in the phishing emails.
Some quick tips on how to spot phishing emails include:
- Be cautious with links and attachments in emails and text messages, especially if they are from unknown senders or look suspicious.
- Double-check the email address of the sender to make sure it's legitimate. Scammers often use email addresses that look similar to real ones.
- Don't share personal information such as passwords, bank details, or social security numbers in response to unsolicited emails or calls.
- Keep your computer's security software updated to help protect against viruses and malware.
- If you receive an email or message that seems suspicious, contact the company or organisation directly using a phone number or email address you know is legitimate.
Emotet malware returns after hiatus
After a three-month hiatus, the Emotet malware operation has resumed spamming malicious emails on Tuesday, rebuilding its network and infecting devices worldwide. Emotet is a well-known malware that is distributed through email, often containing Microsoft Word and Excel document attachments that are malicious. When users enable macros by opening these documents, the Emotet DLL will be downloaded and loaded into memory.
Once Emotet is loaded, it remains inactive until it receives instructions from a remote command and control server. However, its current method may not be very successful after recent changes made by Microsoft. In July 2022, Microsoft disabled macros by default in Office documents downloaded from the Internet. As a result, users opening an Emotet document will receive a message stating that macros are disabled as the file's source is not trusted.
