ClixSense, a website that offers users cash to view ads and take surveys, was the latest victim in a massive data breach affecting approximately 6.6 million users. An attacker was able to gain access to the company’s main database through an old server the company was no longer using, but was still connected to the network. After getting access, the cybercriminal copied most of the ClixSense users table, changed the account names to “hacked account” and set user account balances to zero balance.
The file dump included usernames, passwords, other personal information, but also home addresses, IP addresses, payment histories, and banking details. Additionally, it’s possible that social security numbers, dates of birth, and internal ClixSense emails may have been compromised, as well.
References: Over 6 Million ClixSense Users Compromised By Data Breach | Reset Those Passwords: Over 6 Million ClixSense Users Compromised By Data Breach | ClixSense Data Breach Exposes Personal Information of Millions of Subscribers
Miner-C, a new strain of cryptocurrency mining malware has been discovered in thousands of Seagate Central NAS devices. The malware itself doesn’t infect the NAS drives, but uses them as a repository to infect other devices. Cyber criminals copy a file named Photo.scr, disguised as a Windows folder icon, onto a public folder that’s accessible to all users on the Seagate NAS devices. When it’s clicked, it then installs a cryptocurrency mining application on the target PC.
As Miner-C does not have an automatic infection mechanism, attackers scan for FTP servers that are accessible from the internet and attempt to log in with default and weak credentials. Once they’ve gained access, attackers copy the malware in all of the available directories with write access enabled and hope that the newly added files will be clicked on. They will use new movies, music, news or photos file names that are currently trending to peak the interest of the victims. Researchers have found 7,263 Seagate Central devices with write access enabled and 70% of them were infected.
*IP addresses provided by Recorded Future.
Want to learn about Alert Logic products in more detail? Call us direct at +1.877.484.8383, for the UK call +44 (0) 203 011 5533, or complete this form. An Alert Logic representative will contact you soon.