EquiLend, a financial technology firm, experienced a data breach following a January ransomware attack – EquiLend is offering credit monitoring and identity theft protection to affected individuals.
Financial technology firm EquiLend recently disclosed a data breach reportedly originating from a January ransomware attack. The attack, which according to Bloomberg’s report, is attributed to the LockBit ransomware group, compromised the personal information of EquiLend employees.
The claim that LockBit ransomware is involved in the incident is concerning for businesses, as the group, despite its shutdown, has not only resurfaced but is already targeting new victims.
Breach Details Emerge
EquiLend initially reported a “technical issue” on January 24th, leading to service disruptions. The company later confirmed a ransomware attack but provided limited details. Recent notifications to affected individuals and authorities reveal the extent of the data breach.
Employee Information Exposed
According to the notification sent by the company to impacted customers, the attack compromised sensitive employee data, including names, dates of birth, Social Security numbers, and internal payroll information. EquiLend assures it has no evidence of this information being misused but is offering two years of complimentary credit monitoring and identity theft protection services to affected individuals.
Ransomware Attack Scope Unclear
While client-facing services were restored by February 5th, the full impact of the attack remains unclear. Speculation suggests EquiLend may have negotiated with the attackers, but the company has not confirmed any ransom payment.
It’s worth noting that at the time of writing, LockBit’s dark web leak site showed no mention of EquiLend. This could indicate that negotiations have occurred, or the group has yet to list EquiLend on their website.
EquiLend Responds
EquiLend is working with cybersecurity experts to investigate the incident and prevent future occurrences. The company emphasizes its commitment to data security and is urging affected individuals to remain vigilant and monitor their financial statements for suspicious activity.
Experts Weigh In
For insights, we reached out to Tamara Kirchleitner, Senior Intelligence Operations Analyst at Centripetal. “In the wake of this cyberattack, it’s a stark reminder of the relentless threat fintech firms face. Offering affected employees free identity theft protection is commendable, yet many companies remain reactive,” Tamara said.
“This incident underscores the need for proactive cybersecurity measures. Implementing robust protocols is imperative in today’s digital landscape. Businesses must embrace advanced technologies to safeguard their systems and customer data. It’s time for a paradigm shift towards anticipatory cybersecurity,” she warned.
Importance of Cybersecurity
This incident highlights the growing threat of ransomware attacks and the importance of strong cybersecurity measures. Financial institutions like EquiLend handle sensitive data, making them prime targets for cybercriminals.
EquiLend’s data breach should be a wakeup for organizations to prioritize data security investments and implement strong safeguards against cyberattacks.
Just to clear things up in terms of naming. The OnePlus Ace 3V will launch in China, while the OnePlus Nord 4 or 5 will be its global variant. That name is far more recognizable to the vast majority of you. It should technically be the Nord 4, but the number 4 is considered to be unlucky in China, so OnePlus could jump straight to the Nord 5.
The OnePlus Ace 3V live image appears, along with the phone’s specs
If you take a look at the image below, you’ll see the device itself. This is technically the OnePlus Ace 3V, but the OnePlus Nord 4/5 will look identical to it… though it will run a global software on it.
You can clearly see that an alert slider will be located on the left side. That is not all that surprising as the Nord 3 had the alert slider too, but it was located on the opposite side.
The phone will have flat sides, which will be slightly curved towards the edges. A flat display will sit on the front, with a centered display camera hole up top. The bezels around that panel will be very thin. All the physical buttons will sit on the right-hand side.
The Snapdragon 7+ Gen 3 will fuel the device, while a 5,500mAh battery will also be included
The phone got spotted on Geekbench. It scored 1,848 points in the single-core, and 5,007 points in the multi-core test. The Snapdragon 7+ Gen 3 SoC will fuel the phone, while we also know that a 5,500mAh battery will be included.
The rest of the specs also got tipped. The phone is expected to include a 1.5K display with a 120Hz refresh rate. Android 14 will come pre-installed on the device, and 100W wired charging will also be on offer.
A 50-megapixel main camera will sit on the back of the device. We don’t have the information regarding other cameras, there could be two or three in total. A 16-megapixel selfie camera will be included on the front.
The device will also have an in-display fingerprint scanner. Chances are that will be an optical unit.
Roku’s recent filing with the attorney general in California confirms over 15,000 accounts were impacted by a data breach. Last year, the streaming platform was hit by a hacking group, and some of its most sensitive data was compromised. Back then, it was even said that bad actors could steal user’s credit card information and try to make purchases with them.
Roku has given a complete description of the event in its filing, and if you’re a Roku user, you can read the filing to gain insight into the incident. As per the company’s explanations, the unauthorized actors gained login information from “third-party sources that are unrelated to Roku.”
Roku hit with a massive data breach
Attackers reportedly changed login information after taking over the account to keep the original account holder out. Roku further explains that attackers could not access data such as “social security numbers, full payment account numbers, dates of birth, or other similar sensitive personal information requiring notification.”
Roku added that the incidents happened on December 28, 2023, and February 21, 2024. After identifying the impacted account, the company prevented further unauthorized access by demanding the account holder reset their password. Canceling unauthorized subscriptions was another step to keep bad actors out of user’s accounts.
To be exact, 15,363 Roku accounts are compromised. The company says the impacted users need to change their account passwords and check the subscriptions and devices linked to their streaming accounts.
You can now buy compromised Roku accounts for a little price
Bleeping Computer was the first to discover the breaching. As the outlet reports, attackers are now selling Roku accounts for as little as $0.50 per account. Each account comes with credit card information so buyers can make illegal purchases. So far, 439 accounts have been sold.
Unfortunately, Roku doesn’t support two-factor authentication for its account, depriving users of an additional layer of security. If you think your account is impacted, be quick to change your password and enter your information on HaveIBeenPwned to check if your data has been leaked online.
When news broke at the beginning of the year that T-Mobile was preparing a major revision of its longstanding Netflix freebie for some customers, we have to admit… we were far from shocked. While that likely also applied to many of the “Un-carrier’s” impacted users, who probably saw the change coming a long time ago as Netflix kept jacking up its prices, what followed after the initial revelation was indeed surprising for everyone.
Without any warning, it appears that the Netflix “Standard with ads” plan offered for free to high-paying T-Mobile customers has also started to restrict some content. That’s right, certain movies and TV shows that are technically available on Netflix can’t actually be streamed by T-Mo subscribers even with ad support, and as insane as it sounds, that’s intended behavior on the streaming platform’s part rather than the result of some temporary glitch or error.
Of course, this is not technicallyT-Mobile‘s fault, but rather entirely Netflix’s doing, which is not stopping people from shouting in frustration at their carrier all across social media. It’s also not a new situation… and that’s part of the problem.
When T-Mobile communicated to its users that their Netflix benefit was about to be “updated” back in January, there was absolutely no mention of this “little” detail. That continued after the change took effect, and even right now no content restrictions of any sort are mentioned or detailed on Magenta’s “Netflix on Us” webpage.
For its part, Netflix is also keeping things awfully vague about the “lock icon” that sometimes appears on TV shows and movies that “aren’t available with your current plan”, so we’re afraid you’ll just have to discover for yourselves what content you can and cannot watch with ads.
Before getting too angry at T-Mobile, it’s important to remember that you’re not really paying anything for your Netflix Standard with ads subscription, which would otherwise cost you $6.99 a month. And if you simply can’t accept these compromises, you can always upgrade to a no-ads Standard or Premium streaming plan at a discount. That doesn’t make the whole thing right, but it arguably makes it a little easier to stomach.
The Stanford University data breach involved a ransomware attack by the Akira ransomware gang.
The breach occurred between May 12, 2023, and September 27, 2023, with the university discovering the attack on September 27, 2023.
The compromised information varied but could include dates of birth, Social Security numbers, government IDs, passport numbers, driver’s licenses, and potentially biometric data, health/medical information, email addresses with passwords, usernames with passwords, security questions and answers, digital signatures, and credit card information with security codes.
Impact on Affected People
The breach has put over 27,000 individuals at risk, including 3 Maine residents, underscoring the widespread impact of the incident.
The delay in detecting the hack has potentially given bad actors ample time to misuse the exposed information, increasing the risk of identity theft and financial fraud for those affected.
Notification Process
Stanford University began notifying affected individuals through breach notification letters in March 2024, approximately 10 months after the initial compromise.
This delay was attributed to the time required to analyze the incident.
The notification process was conducted in writing, with specific letters sent to affected Maine residents as per regulatory requirements.
The university has been transparent about the breach, stating that the compromised system was isolated to the Department of Public Safety and did not involve other Stanford systems or networks.
The Maine Attorney General’s office in the US has recently reported that a hack at Stanford University exposed sensitive data belonging to over 27,000 individuals.
Identity Theft Protection Services
To mitigate the breach’s impact, Stanford University offered victims 24 months of complimentary credit monitoring and identity protection services through IDX and TransUnion.
These services are designed to help affected individuals monitor their credit for signs of fraudulent activity and take steps to protect their identity.
The university’s response also includes ongoing investigations in collaboration with federal and local law enforcement to address and prevent future cybersecurity incidents.
This incident is part of a series of cybersecurity challenges Stanford University faces. Other challenges include a previous breach 2021 involving the Clop ransomware gang and the Accellion File Transfer Appliance software, which affected Stanford Medicine.
With Perimeter81 malware protection, you can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are incredibly harmful and can wreak havoc on your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
Some hoaxes on Facebook are years old, but like a cat with nine lives they keep coming back again and again. This is certainly the case with this most recent hoax.
Fact-checking site Snopes is reporting on a hoax that concerns Meta’s use of our photos, messages and other posts on Facebook. Users are told in numerous ways to repost something that contains the phrase:
“I do not authorize META, Facebook or any entity associated with Facebook to use my photos, information, messages or posts, past or future.”
“Hello 🔵 It’s official. Signed at 8:44 PM. It was even on TV. Mine really turned blue. Don’t forget that tomorrow starts the new Facebook rule (aka… new name, META) where they can use your photos. Don’t forget the deadline is today!!!
I do not authorize META, Facebook or any entity associated with Facebook to use my photos, information, messages or posts, past or future.
With this statement, I notify Facebook that
it is strictly prohibited to disclose, copy, distribute or take any other action against me based on this profile and/or its contents. Violation of privacy may be punishable by law.
Here’s how to do it:
Hold your finger anywhere in this message and “copy” will appear. Click “copy”. Then go to your page, create a new post and place your finger anywhere in the empty field. “Paste” will appear and click Paste.
This will bypass the system….
He who does nothing consents.”
The first round of hoax posts similar to this one surfaced in 2012 (and have resurfaced many times since then). As you can see in this page on the Internet archives, Facebook even issued a statement about it:
“Fact Check
Copyright Meme Spreading on Facebook
There is a rumor circulating that Facebook is making a change related to ownership of users’ information or the content they post to the site. This is false. Anyone who uses Facebook owns and controls the content and information they post, as stated in our terms. They control how that content and information is shared. That is our policy, and it always has been.”
It’s not a Real Thing
With all the—legitimate—concern around keeping personal data private, one can see why people fall for hoaxes like this. However, this copy-paste post does nothing. Facebook doesn’t get to “own” your content and you don’t need to make any declarations about copyright issues since the law already protects you.
Equally, Facebook users cannot retroactively negate any of the privacy or copyright terms they agreed to when they signed up for their accounts, simply by posting a contrary legal notice on to Facebook.
In other words, you agreed to Facebook’s terms of use and when you did, you provided Facebook with a right to use, distribute, and share the things you post, subject to the terms and applicable privacy settings. If that doesn’t sit well with you, it’s worth considering deactivating or deleting your Facebook account.
Sharing posts like this “just in case” continues the hoax and unnecessarily worries people who might see your post. If you’re not sure about whether you should share something, it’s worth googling the post’s text to check if there are any alerts about it.
If you are worried about how much of your data has been exposed online, you can try our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.
We don’t just report on threats – we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using Malwarebytes Identity Theft Protection.
Various companies are included here, ranging from Samsung and Huawei to HONOR and OnePlus. The red line is Samsung’s, and you can clearly see a decline there, from the third quarter of last year. Huawei has been gradually climbing from that point.
DSCC says that foldable smartphone shipments have increased by 33% YoY in the fourth quarter of last year. 4.2 million units have been shipped out. The source also states that the foldable smartphone market could rise by 105% YoY in the first quarter of 2024.
The Huawei Mate X5 & Pocket 2 sales were rather significant, it seems
It seems like the Huawei Mate X5 and Pocket 2 played a huge role for Huawei. Even though both of those smartphones are limited to China, their sales have been off the hook and thus managed to mess up Samsung’s plans.
The report also notes that HONOR gained a significant share of the foldable smartphone market in the last year or so. OPPO and Vivo, on the other hand, could lose their shares due to the unavailability of new products in China, it is stated.
It remains to be seen what will the rest of the year look like. The Galaxy Z Fold 6 is coming later this year, with a wider cover display, and hopefully a less noticeable crease. It may appeal to users and help Samsung get some of its market share back. Samsung really is playing catchup to other companies in terms of foldable phones, at least when it comes to design/build.
A new threat actor, Magnet Goblin, emerged by rapidly exploiting recently disclosed vulnerabilities (CVE-2023-46805 & CVE-2023-21887) in Ivanti Connect Secure VPN, which allowed them to deploy custom Linux backdoors on vulnerable systems.
Magnet Goblin has a history of targeting platforms like Magento, Qlik Sense, and potentially Apache ActiveMQ, using similar tactics to gain financial advantage.
Their strategy involves quickly adopting newly discovered vulnerabilities to establish backdoors on compromised systems. These backdoors enable them to steal data or gain unauthorized access by exploiting one-day vulnerabilities for potential financial gain.
A financially driven cybercriminal group exploits weaknesses in edge devices and public servers.
Magento – CVE-2022-24086
Qlik Sense – CVE-2023-41265, CVE-2023-41266, and CVE-2023-48365
Ivanti Connect Secure – CVE-2023-46805 and CVE-2024-21887, CVE-2024-21888 and CVE-2024-21893.
Their custom-made Nerbian malware family includes tools like NerbianRAT (cross-platform) for complete remote control and MiniNerbian (Linux-specific) for maintaining backdoor access.
Past Magnet Goblin campaigns.
Rapid Exploitation of Public Servers with Custom Malware
An investigation of recent Ivanti exploits revealed downloads linked to a Linux variant of NerbianRAT malware, which fetched various malicious payloads from an attacker-controlled server, including a WARPWIRE JS stealer and Ligolo tunneling tool.
After finding vulnerabilities, the attackers’ malicious servers allowed them to retrieve a fresh version of the NerbianRAT malware.
http://94.156.71[.]115/lxrt
http://91.92.240[.]113/aparche2
http://45.9.149[.]215/aparche2
It uses a custom WARPWIRE variant alongside NerbianRAT, which steals VPN credentials and sends them to a compromised Magento server. This highlights the threat actor’s multi-tool approach.
WARPWIRE variant used by Magnet Goblin.
Analysis of the Infrastructure:
Beyond the Linux tools mentioned above, Magnet Goblin’s arsenal also extends to Windows. They leverage legitimate tools like ScreenConnect (downloaded from their server) and AnyDesk for remote access.
Interestingly, the IP used for ScreenConnect downloads aligns with the one observed on compromised Qlik Sense servers, suggesting a wider exploitation attempt.
Evidence suggests possible connections to both Cactus ransomware (based on observed tactics) and Apache ActiveMQ vulnerabilities (based on downloaded files).
Compromised Magento servers were used to deploy BAT scripts that downloaded and executed AnyDesk, further showcasing the diverse tools used by this threat actor.
Batch script deploying AnyDesk, utilizing a hacked Magento server.
NerbianRAT is a Linux backdoor first observed in May 2022. It is poorly obfuscated and lacks anti-analysis techniques. Upon execution, it collects basic information about the infected machine and generates a unique bot ID.
Then, it decrypts its working directory and searches for a configuration file containing various settings, including the C2 server address, working hours, and a public key for encryption.
It communicates with its C2 server using raw TCP sockets and a custom protocol, and data is encrypted using AES or RSA, depending on the type of data transmitted.
The backdoor operates in two primary states: during working hours (as defined in the configuration), it sends data to the C2 server and awaits instructions, while outside of working hours, it can still send “ping” messages to the server.
MiniNerbian simplifies NerbianRAT for command execution and sends HTTP POST requests to its C2 server to execute system commands, change its internal time flag, and update configuration.
Code similarity between NerbianRAT and MiniNerbian.
In cybersecurity, distinguishing specific activities amid widespread opportunistic exploitation attacks is challenging due to the technical and attribution complexities.
Defenders often prioritize response and mitigation, sometimes missing the activities of unique actors who exploit these situations.
A recent example is the Ivanti Secure Connect VPN exploitation by various threat actors, including Magnet Goblin, who exploited the vulnerability before appliances were patched.
Motivated by financial gains, Magnet Goblin quickly utilized one-day vulnerabilities to deploy custom Linux malware, such as NerbianRAT and MiniNerbian, primarily targeting unprotected edge devices.
Samsung significantly improved the Galaxy user experience with the Galaxy S24 series. The new flagships arrived with One UI 6.1 which offers smoother system animations. These improvements may soon come to older Galaxy devices courtesy of an update for the company’s One UI Home launcher app. The update may arrive as a part of the One UI 6.1 update or separately.
Your Samsung device may soon get Galaxy S24-like smooth animations
One UI 6.1 brought several new features to the Galaxy S24 lineup. While AI features received more attention from the public and media alike, Samsung also worked on improving the overall user experience. It made some minor UI tweaks and improved system animations. The latter is enabled by version 15.1.01.3 of One UI Home. The new version isn’t available for devices running One UI 6.0. They are on One UI Home version 15.0.09.1.
However, SamMobile recently found that the updated version, officially exclusive to the Galaxy S24, Galaxy S24+, and Galaxy S24 Ultra, also works as effectively on the Galaxy S23 series. The publication downloaded an APK file for version 15.1.01.3 of the app from apkmirror.com and sideloaded it on their Galaxy S23. It worked like a charm, offering improved animations on the home screen, particularly when opening and closing apps.
The new version solved the problem of frame drops in animations, something very common on One UI 6.0. The animation stutter that was previously there on the Galaxy S23 was gone after installing the new version of One UI Home. This suggests Samsung is ready to roll out the update to older Galaxy phones, beyond the Galaxy S23 series. It might hold off the rollout until the One UI 6.1 release, which is expected later this month.
While you can already sideload One UI Home version 15.1.01.3 on your Samsung smartphone or tablet for Galaxy S24-like smooth animations, we recommend waiting for the official update. You should always download apps from official sources. APK files downloaded from third-party stores may contain malware, potentially causing security issues on your phone. The official update may not be too far off now.
One UI 6.1 will bring more changes to your Galaxy device
Along with smoother system animations, One UI 6.1 will add AI features and other changes to your Galaxy device. You get camera improvements, including the ability to use two rear cameras for Dual Recording. Previously, you could only record with one rear camera and the selfie camera. The update also brings AI-powered photo and video editing tools. We will let you know when Samsung rolls out One UI 6.1 to older models.
We are entering an AI-powered era, where AI has started hitting almost everything up on the internet. Dozens of AI chatbots are already taking over the internet and now, the Cupertino tech giant Apple is planning to use AI to run their advertisement services. The brand potentially targets more effective ways to include and run ads in its App Store using AI.
Apple will soon introduce AI-powered ads in the App Store
According to the information from Business Insider, Apple has started informing all of their advertisement partners that they will soon test the implementation of AI to run the ads. The tech giant will start rolling out this in the future months. As of now, they have already started testing this on a very small portion of users to check whether the AI can increase the overall performance of advertisements on the App Store.
The basic use of AI in this case would be to find the perfect spot to place and run ads inside the App Store. Not only this, based on the advertiser’s budget and the type of ad, the AI will be now used to test which spot would be the best to run that particular ad. The AI will also analyze the overall use case of the consumer, which will help in providing more relevant ads to them. This will eliminate the need to do manual research to find the perfect place to run the ad and may end up saving some money in the long run.
Why does Apple want to use AI in its services?
The concept is not very new to the market. Google and Meta have been using this kind of advertisement technique for a long time. And now, Apple also seems to be joining the race. Apple generates a healthy amount of revenue using its ad services. And it would be very interesting to see what potential benefit this implementation of AI in ads can give to the brand.
It won’t have much effect on the user’s overall user experience until or unless the AI keeps increasing the tabs or space allotted for the placement of AI for no good reason; which is very unlikely. As mentioned earlier, this is still in the testing phase. A full rollout could happen during the iPhone 16 launch event, or sooner.
