The Sting 02/10/2023
🔥💻 Welcome to this week's edition of The Sting newsletter! 💻🔥 As we delve into the latest incidents, I can't help but think about how some of these data breaches and cyberattacks could have been prevented. From human error 🤦♀️ to lack of proper security measures 🛡️, it's becoming increasingly evident that we need to be proactive in our approach to online security. Whether it's educating ourselves on the dangers of phishing scams 💰 or ensuring that our passwords are strong 🔒, there are simple steps we can all take to keep our information safe. 💻💻
In this week's newsletter, we'll be taking a closer look at some of the most recent incidents in the world of cybersecurity, and offering insights into how they could have been prevented. So, let's dive in! 🕵️♂️💻
Security Alert: Recent Data Breaches and Cyberattacks
02/10/2023
Reddit Says It Was Hacked But That You Don't Need To Worry About It. Probably.
Reddit says that it was hacked earlier this month, in a security incident that compromised some company data. However, the company says that Redditors have no need to fear because user data was not impacted by the episode—at least, that the company knows of...“so far.” In a thread posted to the official r/reddit community yesterday, a company representative explained that a phishing attack had taken place on the evening of Feb. 5. “Based on our investigation so far, Reddit user passwords and accounts are safe, but on Sunday night (pacific time), Reddit systems were hacked as a result of a sophisticated and highly-targeted phishing attack,” the statement reads. “They gained access to some internal documents, code, and some internal business systems.” Full Story
Source: Gizmodo
02/10/2023
Weee! Acknowledges Data Leak,1.1 Million People Impacted
A data breach at the Weee! Asian and Hispanic meal delivery business exposed the private data of 1.1 million clients. Weee! bills itself as the most prominent Asian and Hispanic supermarket in North America, shipping groceries to all 48 states via its network of warehouses. On Feb. 6, a threat actor named “IntelBroker” started leaking information for Weee! on the Breached hacking forum. The forum post states, “In Feb. 2023, hackers obtained a database of the Sayweee’s 11 million subscribers.” Customers’ first and last names, email addresses, phone numbers, device type (iOS, PC, Android), purchase notes, and other information used by the delivery platform are all included in the stolen database for Weee! Full Story
Source: Information Security Buzz
02/09/2023
Insurers Say Cyberattack That Hit Merck Was Warlike Act, Not Covered
The costly NotPetya cyberattack, which the U.S. blamed on Russia, should be considered a “cyber nuclear attack,” insurers argued as they urged judges to overturn a legal win by Merck & Co. in a dispute that could have broad ramifications for business insurance. Merck, which had an estimated $1.4 billion in losses after NotPetya invaded its computer systems in 2017, suffered the collateral damage of a warlike act not covered by insurance, lawyers for a group of carriers told judges yesterday in a state appeals court in Trenton, N.J. The legal dispute between the Rahway, N.J.-based pharmaceutical company and its insurers centers on what is known as a war exclusion, a relatively common clause in many policies that says insurers don’t have to pay out if the loss traces back to warlike hostilities. Full Story
Source: The Wall Street Journal
02/09/2023
Munster Technological University Closes Cork, Ireland Campuses Due To ‘Significant’ IT Breach
Munster Technological University (MTU) has closed its Cork, Ireland campuses to assess a breach of its systems. All part-time and full-time classes at the impacted campuses were initially cancelled for Feb. 7 and 8, and The Irish Times reports the university is now working towards a phased and a managed return to campus on Feb. 13. The closure impacts the Bishopstown campus, National Maritime College of Ireland, Crawford College of Art & Design and the Cork School of Music. MTU VP Paul Gallagher said the closure is taking place due to a “significant IT breach and telephone outage.” MTU was established at the start of 2021, after a consortium of Cork Institute of Technology and Institute of Technology Tralee received technological university status in May 2020. MTU comprises six campuses across Cork and Kerry counties, holding roughly 18,000 students. Full Story
Source: Silicon Republic
02/08/2023
Häfele IT Systems Down After Cyberattack
German kitchen system specialist Häfele has announced that it has been the victim of a cyberattack and has temporarily shut down its IT systems worldwide and disconnected them from the internet while it determines the extent of the attack and investigates how to restore service as quickly as possible. Until systems are restored, the company is advising its customers to be extra-vigilant regarding any unusual activity on their account and to change their account password as soon as it has re-established its website. This morning, Feb. 8, the Häfele website is inoperable and its homepage displays the message "Our IT systems are currently experiencing a disruption." Häfele reached revenues of 1.7B Euros in 2021 with 8,000 employees worldwide and customers in 150 countries. Full Story
Source: kbbreview
02/07/2023
MKS Instruments Hit By Ransomware Attack, Suspends Some Operations
MKS Instruments Inc. (NASDAQ: MKSI) said it was hit by a ransomware attack, which has affected production-related systems and prompted the company to suspend operations at certain facilities. The Andover, Mass.-based company, which makes instruments and components used in various end markets, said it noticed the breach on Feb. 3. MKS said it took immediate action to contain the incidents and is investigating the impact of the event. The company said it has notified law enforcement and engaged incident-response professionals. MKS has paused operations at certain facilities as it works to contain the incident. The company is still assessing the full scope of the costs and impacts of the incident, including whether and the extent to which the company's cybersecurity insurance will offset costs. Full Story
Source: The Wall Street Journal
02/07/2023
Hackers Infiltrate Sharp HealthCare In San Diego
Patients of Sharp HealthCare got some concerning news yesterday when the provider informed them that some of the business's servers had been hacked and patient information was stolen. Sharp said it first detected the cyberattack on Jan. 12, after which its IT team took the potentially affected servers offline and engaged a forensic tech firm that aided it in its investigation. The probe determined that a server had been infiltrated for "a few hours" on the date that the suspicious activity was noticed and that the hacker or hackers were able to gain access to a file with patient information in it. The people whose information was hacked all used online bill pay between Aug. 12, 2021, and Jan. 12, 2023. A representative for Sharp told NBC 7 that personal information about 62,777 was seized in the cyberattack. According to a Sharp "Notice of data privacy event", the file held different information on different patients. Full Story
Source: NBC 7 San Diego
02/07/2023
Blow To Morgan Advanced Materials As Cyberattack To Cost Millions To Deal With
Shares in Morgan Advanced Materials Plc tanked 7.5 percent to 292p this morning after the British industrial manufacturer became the latest listed firm to fall victim to a cyberattack which it said would cost millions of pounds to tackle. The 166-year-old Windsor, UK-based firm warned the attack meant some of its IT systems were irrecoverable, and it had been forced to revert to manual transaction processes at a number of sites. The total cost of dealing with the incident could be as much as £12 million, the company said, as it slashed its full-year operating profit forecasts by 10-15 percent. It added: “During January, a number of sites experienced a delay in restarting production and shipping due to the cyber security incident. “Whilst demand has remained strong during January, we are experiencing production inefficiency during the recovery period.” Full Story
Source: Evening Standard
02/07/2023
Baltimore Schools 2020 Cyberattack Cost Nearly $10M: State IG
Baltimore County Public Schools failed to act on several state recommendations to help mitigate cyberattacks before a hack disrupted school operations and cost the school system millions of dollars in damages and repairs, according to a report from a state inspector general. BCPS was hacked using a phishing email in Nov. 2020 -- a process that disrupted the school system's website and remote learning programs for several days, according to the report from the Maryland Office of the Inspector General for Education. The inspector general's report found that the initial network compromise occurred 15 days before the network disruption and came in the form of an e-mail. The report says the network upgrades and damages from the cyber attack cost BCPS nearly $10 million. Full Story
Source: ABC News
02/07/2023
Motto Mortgage Data Breach Exposes Consumers SSNs, Financial Account Numbers
On Feb. 2, Motto Mortgage filed notice of a data breach after learning that an unauthorized party was able to access confidential consumer information stored on the company’s computer system. The incident resulted in an unauthorized party gaining access to consumers’ names, Social Security numbers, Driver’s License numbers, dates of birth, and financial account numbers. Founded in 2016 and based in Denver, Colo,, Motto Mortgage operates a franchise with more than 230 locations across the U.S.. Franchise locations are locally owned and operated mortgage brokerages, but can benefit from the company’s software and infrastructure. Motto Mortgage employs more than 259 people and generates approximately $25 million in annual revenue. Full Story
Source: JDSupra
Ransomware at Large: Current and Recent Incidents
02/10/2023
U.S., U.K. Sanction Russian Hackers In Ransomware Attacks
The U.S. and the U.K.yesterday jointly sanctioned seven Russian government-linked hackers who were linked to ransomware attacks against critical infrastructure in the U.S., U.K. and Ukraine. The hackers were alleged by the U.S. Treasury Department to be members of the Russian-based cybercriminal group Trickbot. They are alleged to be behind attacks on critical infrastructure, including hospitals in both the U.S. and the U.K. during the Covid-19 pandemic, and are associated with Russian intelligence services. The U.K.’s National Crime Agency identified almost 150 British victims of ransomware linked to Russian cybercriminal groups. And the action taken yesterday is part of an effort to shut down ransomware attacks aimed at the U.K., which are classified there as a “tier 1 national security threat.” Full Story
Source: Politico
02/10/2023
Modesto, Calif. Police Computer Network Hobbled By Ransomware Attack, Sources Say
The Modesto, Calif. police department has been hacked in recent days by ransomware, multiple sources with direct knowledge of the incident told The Bee on Feb. 8. While the extent of the damage is not fully known, the cybersecurity breach has disabled patrol vehicle laptops, causing officers to resort to “old school policing.” Since the attack, officers must write down the details of the calls they receive from dispatch rather than receiving them through electronic communication. The city is conducting an investigation with leading cybersecurity experts after it “recently detected suspicious activity on (its) digital network,” according to a statement from Modesto officials after The Bee inquired about the matter. Full Story
Source: The Modesto Bee
02/08/2023
Hidalgo County, Texas Adult Probation Center Hit By Cyber Attack
The Hidalgo County Adult Probation Center based in Edinburg, Texas is offline after their computer system was infected with ransomware this past weekend. Staff is unable to access emails, and the county is working to recover any affected files. “We're still in the process of retrieving everything,” Hidalgo County IT Director Daniel Salinas said. “It is a lengthy process and very technical process, and at this point we really just can't divulge the steps taken to do that.” Faustino Lopez, Director at the agency, says they notified the proper authorities and an investigation is underway. Local cybersecurity consultant Shawn Neely advises the public to be suspicious of any email you get, especially if it’s from someone you do not know. Another red flag is if the email has misspellings or asks you to click on a link. Full Story
Source: KRGV Channel 5 News
02/06/2023
Ransomware Hacking Campaign Targets Europe And North America, Italy Warns
Italy’s National Cybersecurity Agency (ACN) warned yesterday of a large-scale campaign to spread ransomware on thousands of computer servers across Europe and North America. France, Finland and Italy are the most affected countries in Europe at the moment, while the U.S. and Canada also have a high number of targets, the ACN warned, according to Italian news agency ANSA. The attack targets vulnerabilities in VMware ESXi technology that were previously discovered but that still leave many organizations vulnerable to intrusion by hackers. France was the first country to detect the attack, according ANSA. The French cybersecurity agency ANSSI on Feb. 3 released an alert to warn organizations to patch the vulnerability. It is estimated that thousands of computer servers have been compromised around the world. Full Story
Source: Politico
The Cryptocrime Scene: A Summary of recent incidents and developments
02/09/2023
Trust Wallet Says User’s $4M Hack Was Done Via Social Engineering
Crypto wallet Trust Wallet said an organized crime unit in Rome social engineered its user who lost $4 million, according to a Feb. 8 Twitter thread. The hacking victim, Ahad Shams, claimed the hacker perpetrated the theft by taking a picture of his wallet’s balance — adding that there was no way the criminals could have accessed the wallet’s private key because it was freshly created. According to Trust Wallet, the organized crime unit has perpetrated these scams across different locations in Milan and Barcelona. It noted that victims, in all cases, were using various hot and cold wallet service providers on different kinds of devices. Trust Wallet said the criminals had always insisted on physical meetings and posed as web3 project investors. Full Story
Source: CryptoSlate
02/07/2023
CoW Swap Hacker Milks Around 550 BNB Worth $180K+ Using ‘Solver’ Exploit
Decentralized exchange (DEX) protocol CoW Swap recently suffered an attack, losing at least 550 BNB in a contract exploit that approved fund transfers from the protocol. Blockchain security firm PeckShield estimated that around 551 BNB was lost, worth $181,600 at the time of writing. After stealing the assets, the hacker moved the funds to the infamous crypto mixer Tornado Cash. During the attack, some community members panicked and urged users to revoke approvals from the DEX. According to CoW Swap, the exploited settlement contract only has access to the fees that the protocol collected in a week. The team said that it is unable to access user funds without an order signed by users directly. The DEX's team explained their full-length analysis on what happened in an official Twitter announcement. Full Story
Source: Cointelegraph
Cybercriminals Brought to Justice: Current and Recent Arrests and Convictions
02/10/2023
Digital Rights Activist Ola Bini Declared Innocent By Ecuadorian Court
Swedish software developer and digital rights activist Ola Bini was acquitted of charges of hacking a computer on Jan. 31 by a court in Quito, Ecuador. The activist was acquitted unanimously by a tribunal of three judges after delivering a nearly 4.5-hour-long statement. Bini has faced persecution from the Ecuadorian state since 2019, and the legal proceedings against him have been marred by irregularities. Bini was arrested in Quito on Apr.11, 2019, the same day his friend, WikiLeaks founder Julian Assange, was dragged out of the Ecuadorian Embassy in London and arrested. Bini was released after 70 days in prison. Bini was accused of participating in efforts to politically destabilise the Lenin Moreno government in Ecuador, presumably because of his close ties to Assange. Full Story
Source: Peoples Dispatch
The Cybercrime and Privacy Landscape: A Summary of Recent Developments and News
02/10/2023
New Jersey Student Ends Her Life After Months Of Bullying, Video Of School Hallway Beating Circulates Online
A 14-year-old girl from New Jersey ended her life after a disturbing video of girls viciously beating her up in the high school's hallway circulated online. Adriana Kush, a student at Central Regional High School, was found dead on Feb. 3 at her home two days after the shocking video surfaced. Her father, Michael Kush said his daughter showed him videos of people taunting and threatening her on TikTok, Instagram, and Snapchat following the attack. Kush shared with Fox News Digital that he is taking legal action against the school and that he believes his daughter would be alive if the school and police had taken immediate action. He said that Adriana is not the first student at Central Regional High School who has faced extensive physical abuse and cyberbullying on school grounds. On his Facebook page, Kush shared videos from other parents whose children have faced bullying without school administration stepping in. Full Story
Source: FOX News
02/09/2023
Hackers Used Fake Websites To Target State Agencies In Ukraine And Poland
Hackers attempted last week to infect Ukrainian government computer systems with malware hosted on fake websites impersonating legitimate state services. Ukraine’s computer emergency response team, CERT-UA, attributed the attack to a group called WinterVivern. The group has been active since at least June and includes Russian-speaking members. In addition to its Ukrainian targets, it has also targeted government agencies in Poland, according to a report released Wednesday. One of the malware variants used by this group, Aperetif, has been known to security researchers since May, and has been used to steal technical information about victims’ computers, such as about the operating system, hardware and software components, and network configuration values. Full Story
Source: The Record
02/09/2023
Hack-And-Leak Gang “Seaborgium” Claims A British Politician As Its Latest Victim
A notorious hacking group with alleged ties to Russian intelligence services has claimed its latest victim: British lawmaker Stewart McDonald. McDonald, a member of Parliament for his constituency in Glasgow South, told BBC News that he fears he had been the victim of a “disinformation” campaign after his personal email account was “hacked by Russia.” McDonald said the hackers sent a document purporting to include a military update on Ukraine, but when opened contained a phishing page that tricked him into entering his email address and password. The intrusion is believed to be linked to the prolific “Seaborgium” hacking group, also referred to as “Cold River” and “Calisto.” Full Story
Source: TechCrunch
02/08/2023
Toyota Hacked Again But This Time It Was A Security Researcher With No Ill Intent
Japanese car giant Toyota Motor Co. has been hacked again, but this time the hacker was a security researcher with no ill intent. Security researcher Eaton Zveare said Feb. 6 that he gained access to Toyota’s Global Supplier Preparation Information Management System in October. Zveare claims that any user could be logged in by just knowing their email, completely bypassing corporate login flows. Having entered the system using a backdoor, Zveare had read and write access to the system’s global user directory of more than 14,000 users. The access included confidential documents, projects, supplier rankings and comments, and other internal information. Zveare disclosed his findings to Toyota in November and the company subsequently fixed the issue in a timely manner. Full Story
Source: siliconANGLE
02/08/2023
Häfele IT Systems Down After Cyberattack
German kitchen system specialist Häfele has announced that it has been the victim of a cyberattack and has temporarily shut down its IT systems worldwide and disconnected them from the internet while it determines the extent of the attack and investigates how to restore service as quickly as possible. Until systems are restored, the company is advising its customers to be extra-vigilant regarding any unusual activity on their account and to change their account password as soon as it has re-established its website. This morning, Feb. 8, the Häfele website is inoperable and its homepage displays the message "Our IT systems are currently experiencing a disruption." Häfele reached revenues of 1.7B Euros in 2021 with 8,000 employees worldwide and customers in 150 countries. Full Story
Source: kbbreview
02/08/2023
Cyberattack Gives 19,000 West Virginia Students A Day Off School
Over 19,000 students in a West Virginia school district got the day off Feb. 6 after a cyberattack hit the school district. The Berkeley County Schools suffered a network outage which affected IT operations across the school system, WV Metro News reported. On Feb. 3 Superintendent Ron Stephens said the district was “working diligently to restore operations” as they investigated the “cause and scope” of the cyber issues. Personal data on the students may have been harvested in the cyberattack, he warned in a statement, according to the outlet. “If it is determined that there was unauthorized access to sensitive personal information, we will notify individuals in accordance with applicable laws,” Stephens said. Full Story
Source: Daily Caller
02/08/2023
Google Pay And Chrome Can Now Combat Cybercrime With Virtual Cards For American Express
American Express cardholders can now use a virtual card number in place of their actual credit card information when shopping with Google Pay and Chrome. Virtual card numbers, including a CVV security code, are generated by machine learning algorithms at the time of sale, and thanks to Google’s partnerships with banks like Amex, this still bills you and earns rewards as if you entered your regular credit card number. The virtual card is only temporary, so even if the numbers get stolen, cybercriminals are significantly less likely to be able to charge your account. Google launched this feature for Capital One customers last year and is now expanding the service to Amex cardholders. The company is working with Visa, Mastercard, and other major banks to potentially bring this feature to their credit cards later this year. Full Story
Source: Android Police