The Sting 02-01-2023 Groundhog's Editon
💻🔥Tech Alert!🔥💻 Happy Groundhog's Day! But where's Bill Murray? 🤔 Don't let the same thing happen to your info! 🔒Check out this week's "The Sting" newsletter for the latest on the stolen GitHub Code-Signing Certificates, Google Fi's security breach linked to the T-Mobile hack, a Portuguese Beer Company hit by cyberattack, and a hacker's discovery of a bug allowing bypass of Facebook 2FA! 💻 Stay protected, stay informed 💻🔒📰
Security Alert: Recent Data Breaches and Cyberattacks
02/01/2023
GitHub Code-Signing Certificates Stolen (But Will Be Revoked This Week)
Another day, another access-token-based database breach. This time, the victim (and in some ways, of course, also the culprit) is Microsoft’s GitHub business. GitHub claims that it spotted the breach quickly, the day after it happened, but by then the damage had been done: "On Dec. 6, 2022, repositories from our atom, desktop, and other deprecated GitHub-owned organizations were cloned by a compromised Personal Access Token (PAT) associated with a machine account. Once detected on Dec. 7, 2022, our team immediately revoked the compromised credentials and began investigating potential impact to customers and internal systems." Simply put: someone used a pre-generated access code acquired from who-knows-where to leech the contents of various source code repositories that belonged to GitHub itself. Full Story
Source: Naked Security
02/01/2023
Portuguese Beer Company Hit By Cyberattack
The Super Bock Group was the target of a cyberattack that is causing “disruptions in computer services, with constraints on regular operations, namely in terms of service”. In a statement, the beverage company based in Matosinhos, Portugal adds that the situation is causing “major restrictions in its supply operation to the market for some of its products”. "The company immediately activated the necessary security protocols and informed the competent authorities, having also put into practice a contingency plan with a view to restoring normal market supply conditions". The Super Bock Group owns the beverage brands Super Bock, Vitalis and Pedras. Full Story
Source: The Portugal News
01/31/2023
Hacker Finds Bug That Allowed Anyone To Bypass Facebook 2FA
A bug in a new centralized system that Meta created for users to manage their logins for Facebook and Instagram could have allowed malicious hackers to switch off an account’s two-factor protections just by knowing their phone number. A security researcher from Nepal realized that Meta did not set up a limit of attempts when a user entered the two-factor code used to log into their accounts on the new Meta Accounts Center, which helps users link all their Meta accounts, such as Facebook and Instagram. The researcher found the bug in the Meta Accounts Center last year, and reported it to the company in mid-September. Meta fixed the bug a few days later, and paid the researcher $27,200 for reporting the bug. Full Story
Source: TechCrunch
01/31/2023
Russian Cyber Gang Killnet Brings Down Websites Of 14 Top U.S. Hospitals And Universities
Russian hackers are claiming responsibility for a cyberattack that brought down the websites of more than a dozen U.S. hospitals yesterday morning. Killnet, a pro-Russia group known for distributed denial of service (DDoS) attacks over the past year, says it took down the websites of 14 U.S. hospitals. These include Stanford Healthcare, Duke University Hospital and Cedars-Sinai. The hospitals affected by the hack are from all over the country. DailyMail found seven hospital websites were back in service by 12pm EST. Hospitals in the Netherlands were also reportedly impacted by a DDoS attack from Russian hacking groups during this same time. The DDoS attacks work by attempting to overwhelm a website's servers by flooding it with traffic. Full Story
Source: DailyMail
01/30/2023
Open Season On Hacking Into Gov.Np
As many as 1,500 Nepal government websites went down for hours on Jan. 28, disrupting services and inconveniencing thousands of passengers at Kathmandu airport, exposing the vulnerability to hacking of the gov.np domain. Hackers appear to have targeted the government’s only central data bank at the Government Integrated Data Centre (GIDC) with a ‘Distributed-Denial of Service’ (DDos) attack, possibly from abroad, and knocked out most government ministry websites, including the database of the Department of Immigration as well as Passports. The attack lasted at least four hours. The website of the prime minister’s office and those of various ministries also went down due to the attack. Nepal government’s main server continues to face cyberattacks aimed at shutting it down even though a large number of official websites were restored after the intrusion, according to The Kathmandu Post. Full Story
Source: Nepali Times
01/28/2023
Running Room Canada Website Hit With Data Breach; Some Passwords, Credit Card Info Accessed
An outside group accessed the online personal information of some Running Room customers in Canada over the last several months, the walking and running retailer says. In an email to customers yesterday obtained by CTVNews.ca, the company says it "recently identified and addressed" a security incident. The retailer says an "unauthorized group" managed to access and "skim" customers' emails, names, addresses, phone numbers and credit card information — including the number, expiry date and CVV security code — between Nov. 19, 2022, and Jan. 18, 2023. Running Room says it is co-operating with law enforcement, privacy commissions and the Canadian Centre for Cyber Security. Full Story
Source: CTV News
Ransomware at Large: Current and Recent Incidents
02/01/2023
Ransomware Attack Closes Schools In Nantucket, Mass.
A ransomware attack forced the closure yesterday of four public schools serving 1,700 students on the island of Nantucket, Mass., the school district’s superintendent said in an email to parents. The hacking incident shut down all student and staff devices, as well as safety and security systems at Nantucket Public Schools, forcing an early dismissal at noon, Superintendent Elizabeth Hallett said in an email, which she shared with CNN. Nantucket Public Schools includes an elementary, middle and high school, and serves Nantucket, which is about 30 miles south of Cape Cod, Mass. “No school issued devices should be used at home until further notice, as it could compromise home networks,” Hallett said in her email to parents. “We do not have any updates yet on when we will return,” Hallett told CNN in a separate email. Full Story
Source: CNN
02/01/2023
Atlantic General Hospital Coping With A Ransomware Incident
Berlin, Md.-based Atlantic General Hospital experienced what’s being called a ransomware event on Jan. 30. A hospital spokesperson told 47 ABC that the cause of the disruption is being investigated. Network outages did occur but we’re told patient interruption was limited. The hospital Emergency Room is continuing to receive and treat patients and will continue to service elective surgeries and other outpatient procedures. Atlantic General Health System officers remain open and most services are operational. Services not operational at this time include RediScripts, the hospital out-patient walk-in lab, pulmonary function testing and outpatient imaging, according to The Dispatch. Full Story
Source: WMDT 47 ABC
The Cryptocrime Scene: A Summary of recent incidents and developments
02/01/2023
Founder Of $7.5M ‘Brazen Fraud Scheme’ Gets 8 Years Behind Bars
Founder of “My Big Coin” Randall Crater has been sentenced to 100 months in prison and ordered to pay over $7.6 million to the victims of his fraudulent scheme, according to the U.S. Department of Justice. Yesterday's sentence comes after Crater was convicted by a federal jury on Jul. 21 on four counts of wire fraud, three counts of unlawful monetary transactions and one count of operating an unlicensed money-transmitting business. My Big Coin was founded by Crater in 2013 and falsely marketed as a cryptocurrency payment service, luring victims between 2014 and 2017. Crater claimed the coins on My Big Coin were fully functional cryptocurrencies backed by gold and that the platform had a partnership with Mastercard. Full Story
Source: Cointelegraph
01/31/2023
Crypto Wallets Combat Scammers With Transaction Previews And Blocklists
U.S.-based crypto exchange Coinbase has become the latest crypto wallet provider to roll out transaction previews and blocklists amid a rise in crypto thefts. On Jan. 30, the crypto exchange announced that it had integrated a new suite of safety features to its wallet app to make it easier for users to spot and take action on potential foul play from scammers. Such integrations include a transaction preview feature that gives the user an estimation of how users’ “token and NFT balances will change” during a transaction before the confirm button is hit. The crypto exchange joins the ranks of several other crypto wallet providers that have either rolled out or announced similar features aimed at combating crypto scams and phishing attacks, including Solana-based Phantom, Web3 wallet provider Ember and Bitski. Full Story
Source: Cointelegraph
Cybercriminals Brought to Justice: Current and Recent Arrests and Convictions
01/31/2023
Doctor Paid $60k In Bitcoin To Hire Dark Web Hitmen
Ronald Craig Ilg, 56, was sentenced to eight years in prison for hiring hitmen on the dark web to assault and kidnap victims. The doctor in Spokane, Wash. paid $60,000 in Bitcoin as payment for the tasks he asked the hitmen to perform. Senior U.S. District Judge William Fremming Nielsen sentenced Ilg to 96 months in prison, ordering him to pay more than $25,000 in restitution and a $100,000 fine. After release, Ilg will be supervised for three years. The former neonatologist used the dark web’s anonymity to direct purported hitmen to assault his victims; the first was a former colleague, also a Spokane-area doctor; another victim was his estranged wife. The FBI successfully intercepted Ilg’s communications on the dark web and thwarted his plans. Full Story
Source: HackRead
01/30/2023
U.S. Charges Russian Businessman With Hacking, Insider Trading
A Russian with close ties to the Kremlin decided to take a ski vacation to Switzerland with his family on his private jet. That was a big mistake, considering he was in the crosshairs of the FBI. Hacking and insider trading charges were unsealed Monday in Boston against Russian businessman Vladislav Klyushin after the United States secured his extradition from Switzerland. He had been arrested after stepping off the plane in March. Russia had urged the Swiss government not to send him to the U.S., according to Russian state media. Klyushin owns M13, a Russian company that offers media monitoring and cybersecurity services. He is accused of making tens of millions of dollars with accomplices through insider trading, using hacked confidential information about American companies. Full Story
Source: NBC News
The Cybercrime and Privacy Landscape: A Summary of Recent Developments and News
02/01/2023
Google Fi Says Hackers Accessed Customers’ Information
Google’s cell network provider Google Fi has confirmed a data breach, likely related to the recent security incident at T-Mobile, which allowed hackers to steal millions of customers’ information. In an email sent to customers on Jan. 30, obtained by TechCrunch, Google said that the primary network provider for Google Fi recently informed the company that there had been suspicious activity relating to a third-party support system containing a “limited amount” of Google Fi customer data. The timing of the notice — and the fact that Google Fi uses a combination of T-Mobile and U.S. Cellular for network connectivity — suggests the breach is linked to the most recent T-Mobile hack. Full Story
Source: TechCrunch
01/31/2023
Man Wanted For Attempted Murder Is Using Dating Apps While On The Run, Cops Say
Dating apps are helping an attempted murderer, 36-year-old Benjamin Obadiah Foster, evade capture in Oregon, the Grants Pass Police Department warned last week after the suspect escaped arrest. After arresting Jones, the department vaguely reported that its search revealed that Foster is “actively using online dating applications to contact unsuspecting individuals who may be lured into assisting with the suspect’s escape or potentially as additional victims.” Dating apps have recently come under fire over user safety concerns. Last month, the Match Group, which owns Tinder, Match, Hinge, OKCupid, Plenty of Fish, and other dating apps, rolled out a background check feature on Tinder that could help some dating app users avoid potentially dangerous matches. Full Story
Source: ars TECHNICA
01/30/2023
RSA’s Demise From Quantum Attacks Is Greatly Exaggerated, Expert Says
Three weeks ago, panic swept across some corners of the security world after researchers discovered a breakthrough that, at long last, put the cracking of the widely used RSA encryption scheme within reach by using quantum computing. At the Enigma 2023 Conference in Santa Clara, Calif. last week, computer scientist and security and privacy expert Simson Garfinkel assured researchers that the demise of RSA was greatly exaggerated. For the time being, he said, quantum computing has few, if any, practical applications. On Jan. 23, Japanese technology company Fujitsu published a press release that provided further reassurance that the cryptocalypse isn't near. Full Story
Source: ars TECHNICA
01/30/2023
UK Retailer JD Sports Hit By Cyberattack, Customer Data Leaked
Bury, UK-based JD Sports has been hit by a cyberattack, resulting in the unauthorised access to a system that contained customer data relating to some online orders placed between Nov. 2018 and Oct. 2020. The affected brands from the group are JD, Size?, Millets, Blacks, Scotts and MilletSport. The information that may have been accessed consists of the name, billing address, delivery address, email address, phone number, order details and the final four digits of payment cards of approximately 10 million customers. “We have taken the necessary immediate steps to investigate and respond to the incident, including working with leading cyber security experts,” said the retailer in a statement. “We are engaging with the relevant authorities, including the UK’s Information Commissioner’s Office (ICO), as necessary.” Full Story
Source: Retail Gazette
01/30/2023
Latvia Confirms Phishing Attack On Ministry Of Defense, Linking It To Russian Hacking Group
The Russian cyber-espionage group known as Gamaredon may have been behind a phishing attack on Latvia’s Ministry of Defense last week, the ministry told The Record. Hackers sent malicious emails to several employees of the ministry, pretending to be Ukrainian government officials. The attempted cyberattack was unsuccessful, the ministry added. The sample of the malicious email was first shared on Twitter by French cybersecurity company Sekoia.io. A spokesperson for Latvia’s Ministry of Defense confirmed that the latest attack was “most likely” linked to Gamaredon, although the investigation is still ongoing. Hacker groups tied to the Russian government, including Gamaredon, have targeted Latvian organizations for several years, but their activity rapidly increased since the start of the war in Ukraine. Full Story
Source: The Record