The Sting 02/25/2023 The super long catch up edition!
Sorry for the delay this will be dubbed the super long catch up edition! We will be back on our normal release schudule shortly!
Security Alert: Recent Data Breaches and Cyberattacks
02/25/2023
Hacker Group Defaces Russian Websites To Display The Kremlin On Fire
A hacker group that goes by CH01 defaced a series of Russian websites on the anniversary of the invasion of Ukraine. The hackers replaced the sites’ content with a video showing the Kremlin on fire, along with a song by a Russian rock band named Kino. The video includes a QR code that links to a Telegram channel, where the hackers posted a message claiming responsibility for the attacks and making it clear that these defacements were politically motivated. A source shared a list of 32 hacked websites with TechCrunch. It’s unclear how many sites were defaced, or how the hackers were able to deface them. In cases of mass defacements, hackers usually find a flaw in a library or service used by all the websites they target. The hackers also created a Twitter account and posted the video on the social media app. Full Story
Source: TechCrunch
02/24/2023
Hacker Steals, Posts Data From Long Beach, Calif. Schools
Student data from the Long Beach (Calif.) Unified School District has been stolen by a hacker and posted online, officials confirmed on Feb. 22. "Our school district recently learned about an incident in which an individual gained access to a list containing student identification numbers, names and their corresponding LBUSD-provided email addresses," the district wrote to parents and students in an email obtained by the Press-Telegram. LBUSD first learned about the cyberattack on Feb. 21, the email said. The district's Tecnology and Information Services Branch coordinated with multiple federal, state and local agencies, including law enforcement, to ensure that the more sensitive personal information hadn't been compromised. LBUSD has about 67,500 students, according to the most-recent data available on the state education department's website. Full Story
Source: Government Technology
02/23/2023
Cyberattack On Dole Temporarily Shuts Down North American Plants
Food producer Dole temporarily closed its North American plants after a ransomware attack earlier this month, according to reporting by CNN. The news outlet obtained a company memo dated Feb. 10 shared with retailers that said the company was "in the midst" of a cyberattack and shut down its systems throughout North America. The produce company known for its fruits, leafy greens and other vegetables operates four plants and employs about 3,000 people. In a press release issued Feb. 20, Dole said there was a ransomware attack recently, but did not confirm the closures. A Dole spokesman declined further comment. The release said the company notified law enforcement, and hired third-party cybersecurity experts to fix the issue. Experts are still working with Dole to secure its systems. Full Story
Source: Cincinnati Enquirer
02/22/2023
Indian Ticketing Platform RailYatri Breached – 31 Million Impacted
RailYatri, a popular Indian train ticket booking platform, has suffered a massive data breach that has exposed the personal information of over 31 million users. The breach is believed to have occurred in late Dec. 2022, with the database of sensitive information now being leaked online. The 12 gigabytes worth of leaked data includes email addresses, full names, genders, phone numbers, locations and 37,000 invoices which could put millions of users at risk of identity theft, phishing attacks, and other cyber crimes. The database has been leaked on Breachforums, a hacker and cybercrime forum that surfaced as an alternative to the popular and now-seized Raidforums. Full Story
Source: HackRead
02/21/2023
Major Hack At Virgin Media TV In Ireland ‘Contained And Terminated'
A “major hack” at Virgin Media Television in Ireland has been “fully contained, isolated and terminated”, the broadcaster said. There will be some temporary effects to the broadcasting of some recorded programming on Virgin Media Three, Four, More and VMTV Player. Minister of State Ossian Smyth described a “major hack” and said it was being investigated by the National Cyber Security Centre. In a statement the firm said: “Due to the precautions we have implemented there will be temporary effects to the broadcasting of some of our recorded programming on Virgin Media Three, Four, More and VMTV Player. “We expect normal service will be resumed as soon as we have completed the review and verification process." Full Story
Source: Irish Examiner
02/20/2023
GoDaddy Says A Multi-Year Breach Hijacked Customer Websites And Accounts
GoDaddy said on Feb. 17 that its network suffered a multi-year security compromise that allowed unknown attackers to steal company source code, customer and employee login credentials, and install malware that redirected customer websites to malicious sites. GoDaddy is one of the world’s largest domain registrars, with nearly 21 million customers and revenue in 2022 of almost $4 billion. In a filing Feb. 16 with the Securities and Exchange Commission, the company said that three serious security events starting in 2020 and lasting through 2022 were carried out by the same intruder. The most recent event occurred last December when the threat actor gained access to the cPanel hosting servers customers use to manage websites hosted by GoDaddy. The threat actor then installed malware on the servers that “intermittently redirected random customer websites to malicious sites.” Full Story
Source: ars TECHNICA
02/18/2023
Vermont's Burton Snowboards Website Unable To Process Orders Due To Cyber Incident
The Burton Snowboards website, Burton.com, has a security notification prominently displayed on its homepage. "Burton recently experienced a cyber incident, which is impacting some of our operations. We are working closely with third-party specialists to investigate the incident and determine the full nature and scope. We are also making every effort to get our operations back up and running, but unfortunately are not able to process orders at this time." Burlington, Vt.-based Burton is a global organization with offices in Australia, Austria, Canada, California, China and Japan, and retail shops in New York City; San Francisco; Chicago; Laax, Switzerland; Helsinki, Finland; Innsbruck, Austria; Milan, Italy; Tokyo and Nagano, Japan; Woodbury and Central Valley, N.Y.; Wrentham, Mass.; Grove City, Penn.; Orlando, Fla.; Las Vegas; Santa Barbara, Calif. and Burlington, Vt. Burton.com Update
Source: Burton.com
02/17/2023
Moroccan News Agency MAP Target Of DDoS Cyberattack
Moroccan news agency Maghreb Arab Press (MAP) was the target of a Distributed Denial of Service (DDoS) attack last night. A number of the agency’s sites were down following the attack. “This dangerous incident cannot be explained outside the context of regional geo-political tensions, which are reflected in the severity of this cyber attack on a public institution,” the agency said. Engineers on MAP’s websites noticed an unusual amount of traffic coming through the sites, and proceeded to inform the cyber attacks watch center MACERT of the General Directorate for Information Systems Security (DGSSI). The agency set up a crisis cell to prevent its websites from shutting down completely and has strengthened its security devices to face disruptions that may occur. The news comes a few days after Algeria’s state-owned news agency APS accused Morocco of being behind a cyber attack on its websites. Full Story
Source: Morocco World News
02/16/2023
Aker Solutions’ Brazilian Business Hit By Cyberattack
The Norwegian engineering giant Aker Solutions (OSE:AKSO) announced Feb. 14 that local subsidiary CSE Mecânica e Instrumentação, which provides maintenance and modifications services to oil and gas installations offshore Brazil, had been the victim of an attack on its IT systems. The attackers – whose source and origin are as yet unclear – claim to have entered the systems, encrypted digital files and locked access to data. Aker Solutions said it was working to “contain and neutralize the attack”, but did not know the full extent of the situation. CSE is a fully-owned Aker Solutions subsidiary with approximately 450 employees in Brazil. The incident comes as security measures ramp up across the energy sector, with Norwegian police forces now on alert for an increase in potential spying activity as relations with Russia deteriorate.
Source: Energy Voice
02/15/2023
Sweden’s Main Public TV Broadcaster Disrupted By Cyberattacks
Disruptions rattled Sweden’s national TV broadcaster SVT yesterday following a series of cyberattacks that rendered access to its website impossible. SVT believes it may have been the victim of a denial of access attack – an attack which, while not causing permanent damage or granting access to secret information, risks major disturbances by restricting the system’s use. Over the weekend and on Mon., Feb. 13, a number of Swedish universities, including the Karolinska Institute, Swedish University Network (Sunet) and Luleå University of Technology, were hit by similar attacks. For SVT, the attack did not come as a total surprise as the hacker group “Anonymous Sudan” called for cyberattacks against Swedish authorities and banks, Radio Ekot reported. These hackers claim to be protesting against the Quran burning in Stockholm and announced beforehand that they would attack Swedish universities. Full Story
Source: Euractiv
Ransomware at Large: Current and Recent Incidents
02/24/2023
Los Angeles School District Reveals Ransomware Gang Leaked Thousands Of Student Health Records Online
The health records of around 2,000 current and former Los Angeles students were published to the dark web after last year’s ransomware attack, the district revealed on Feb. 22. Jack Kelanic, the district’s senior IT administrator, said the district is still working to assess the ramifications of the widely-reported Sep. 2022 ransomware attack, which are only now being realized. The administrator said 2,000 student assessment records have been confirmed as part of the attack – including 60 of whom are currently enrolled – as well as driver’s license and social security numbers and COVID-19 test results. Some of these records, he said, even go back several decades, creating "further time-consuming analysis." LAUSD Superintendent Albert Carvalho said the Russian ransomware gang Vice Society was responsible for the attack and had placed the material online. Full Story
Source: FOX Business
02/24/2023
Dutch Police Arrest Three Ransomware Actors Demanding €2.5 Million
The Amsterdam cybercrime police unit has detained three individuals for using ransomware to extort small and large businesses across international borders, generating €2.5 million. The suspects, all male teenagers between the ages of 18 and 21, are accused of collecting private information from victim networks and holding them for ransom. They allegedly attacked thousands of businesses. Depending on how big the company is, the threat actors demanded anywhere from €100,000 to €700,000. The extortion included threats to disclose the data or take down the business’s digital infrastructure. According to the Dutch authorities, the hackers continued to sell the stolen material online even after the victims paid the ransom. Full Story
Source: Information Security Buzz
02/23/2023
Russian Man Accused Of Selling Prolific Hacking Tool Extradited To US
A 28-year-old Russian man accused of developing and selling a hacking tool used to obtain the login information for tens of thousands of computers worldwide was arrested in the country of Georgia and extradited to the US, the Justice Department said yesterday. Dariy Pankov is accused of advertising access to more than 35,000 computers, earning more than $350,000 in illicit sales, and enabling cybercriminals to conduct ransomware attacks and tax fraud, prosecutors said. The hacking tool that Pankov is accused of developing – known as “NLBrute” – used a common technique for cracking passwords by flooding a computer with password guesses. Numerous cybercrime groups have used the NLBrute tool, according to Adam Meyers, senior vice president of intelligence at cybersecurity firm CrowdStrike. “It’s like a lockpick gun for burglars,” Meyers told CNN. Full Story
Source: CNN
02/23/2023
‘Nevada Group’ Hackers Target Thousands Of Computer Networks
A mysterious and unidentified group of hackers has sought to paralyse the computer networks of almost 5,000 victims across the U.S. and Europe, in one of the most widespread ransomware attacks on record. The hacking unit, initially nicknamed the Nevada Group by security researchers, began a series of attacks that started around three weeks ago by exploiting an easily fixed vulnerability in a piece of code that is ubiquitous in cloud servers. Authorities have yet to identify the perpetrators, guessing only from their recruiting announcements on the web that it is a mix of Russian and Chinese hackers. The hackers have demanded a surprisingly small ransom to release their hold over computer networks — as little as two bitcoins (about $50,000) in some cases, according to copies of their ransomware notes that were briefly visible. Full Story
Source: Financial Times
02/23/2023
Cyberattack On Dole Temporarily Shuts Down North American Plants
Food producer Dole temporarily closed its North American plants after a ransomware attack earlier this month, according to reporting by CNN. The news outlet obtained a company memo dated Feb. 10 shared with retailers that said the company was "in the midst" of a cyberattack and shut down its systems throughout North America. The produce company known for its fruits, leafy greens and other vegetables operates four plants and employs about 3,000 people. In a press release issued Feb. 20, Dole said there was a ransomware attack recently, but did not confirm the closures. A Dole spokesman declined further comment. The release said the company notified law enforcement, and hired third-party cybersecurity experts to fix the issue. Experts are still working with Dole to secure its systems. Full Story
Source: Cincinnati Enquirer
02/18/2023
Semiconductor Industry Giant Says Ransomware Attack On Supplier Will Cost It $250 Million
Multibillion-dollar corporation Applied Materials, which provides technology for the semiconductor industry, said during an earnings call this week that a ransomware attack on one of its suppliers would cost it $250 million in the next quarter. The company did not say which supplier it was referencing, but several industry analysts said it was technology and engineering company MKS Instruments. MKS announced Feb. 13 that it was forced to reschedule its own fourth-quarter earnings call due to a ransomware attack that was discovered on Feb. 3. Applied Materials said that for the second quarter of fiscal 2023, it expects net sales to be approximately $6.40 billion — including “ongoing supply chain challenges and a negative estimated impact of $250 million dollars related to a cybersecurity event recently announced by one of our suppliers.” Full Story
Source: The Record
02/16/2023
Tonga Is The Latest Pacific Island Nation Hit With Ransomware
Tonga’s state-owned telecommunications company has been hit with ransomware, it warned customers on Feb. 13. Tonga Communications Corporation (TCC) — one of two telecoms companies in the country — published a notice on Facebook saying the attack may slow down administrative operations. “Ransomware attack has been confirmed to encrypt and lock access to part of TCC’s system. This does not affect voice and internet service delivery to the customers, however, it may slow down the process of connecting new customers, delivering of bills and managing customers’ enquiries,” the company said. “We are working with security companies to mitigate the negative impact of this malware.” The Polynesian country is made up of some 171 islands and has a population of about 100,000. Full Story
Source: The Record
The Cryptocrime Scene: A Summary of recent incidents and developments
02/25/2023
Jump Crypto And Oasis.App ‘Counter Exploits’ Wormhole Hacker For $225M
Web3 infrastructure firm Jump Crypto and decentralized finance (DeFi) platform Oasis.app have conducted a “counter exploit” on the Wormhole protocol hacker, with the duo clawing back $225 million of digital assets and transferring them to a safe wallet. The Wormhole attack occurred in Feb. 2022, with roughly $321 million worth of wrapped ETH (wETH) exploited via a vulnerability in the protocol’s token bridge. The hacker has since moved the stolen funds through various Ethereum-based decentralized applications (DApps), such as Oasis, which recently opened up wrapped stETH (wstETH) and Rocket Pool ETH (RETH) vaults. In a Feb. 24 blog post, the Oasis.app team confirmed that a counter exploit had taken place, outlining that it had “received an order from the High Court of England and Wales” to retrieve certain assets related to the “address associated with the Wormhole Exploit.” Full Story
Source: Cointelegraph
02/25/2023
Smuggler Provided Sensitive US Tech To Russian, N. Korean Governments, Prosecutors Say
A Russian national has been charged in the U.S. with smuggling devices used in counterintelligence operations out of the U.S. and into Russia. Ilya Balakaev, 47, allegedly provided U.S. equipment to the Russian Federal Security Service (FSB) and the North Korean government, breaking U.S. sanctions against those countries. The Department of Justice said Balakaev is “currently a fugitive.” The indictment against him was unsealed Friday in a New York federal court. If captured and convicted, he faces up to 75 years in prison. Balakaev worked with FSB Center 8’s Military Unit 43753, a part of the Russian intelligence agency responsible for communication security and cryptology, prosecutors said. His company, Radiotester, repaired devices such as those designed to find surveillance bugs or send secret messages. Full Story
Source: The Record
02/21/2023
Norway Seizes Millions In North Korean Crypto
Norwegian authorities have allegedly seized roughly $6 million in cryptocurrency that it claims was stolen last year by North Korean threat actors. The authorities tracked and intercepted the funds, stating that it was the largest heist of its kind ever recorded. The economic and environmental crime agency of Norway was responsible for the operation and stated that North Korean threat actors had been quietly carrying out a massive money laundering operation since the Mar. 2022 attack on Ronin Network. The announcement regarding the recovered funds comes just months after investigators claimed to have seized $30 million in funds stolen during the attack on Ronin Network which was developed by Sky Mavis to function as an Ethereum sidechain for one of its games, Axie Infinity. Full Story
Source: OODA Loop
02/21/2023
Coinbase Employee Credentials Stolen In Recent Security Incident
Cryptocurrency exchange platform Coinbase has recently disclosed an attack that exposed the company’s systems and cost it sensitive data. The attack, on Feb. 5, involved an unknown fraudster sending fake SMS alerts to several Coinbase employees, attempting to con them into following a malicious link. Reportedly, the SMS mentioned an important message and urged recipients to log in to their corporate accounts to read it. It took only a single employee to follow the rogue URL for the perpetrator to breach Coinbase’s systems and make off with the employee’s data. After typing their credentials into the phishing form, the employee was prompted with a “thank you” note and advised to dismiss the message. Full Story
Source: Bitdefender
02/17/2023
Platypus Finance Hacked For $9M On Avalanche
The DeFi application Platypus Finance has suffered a $9 million attack, according to a series of tweets from the blockchain security firm CertiK on Feb. 16. That report states that an attacker used flash loans on the Avalanche (AVAX) blockchain to exploit a function in one of Platypus’ smart contracts. The attacker deposited $44 million of stablecoins into the application. With the crypto assets obtained, the attacker could mint a similar amount of Platypus’ USP stablecoin (41.79 million USP). The attacker then exploited an emergency withdrawal function to access the original $44 million deposit and the minted USP. Finally, the attacker swapped the USP for other assets before paying back the loan. The final difference, and the estimated loss for Platypus, was $9 million. Full Story
Source: Cryptoslate
02/17/2023
SEC Charges Terraform Labs And Founder Do Kwon With Defrauding Investors
The U.S. Securities and Exchange Commission has charged the collapsed blockchain firm and stablecoin operator Terraform Labs and its founder Do Kwon with defrauding U.S. investors who purchased the digital assets Terra USD and Luna. The U.S. financial regulator accused Kwon and the Singpoare-based crypto firm of offering and selling an inter-connected suite of crypto asset securities, “many in unregistered transactions” from Apr. 2018 to May 2022. The SEC also alleged in federal court that the firm and its founder misrepresented the stability of Terra USD, a stablecoin developed by Kwon, which was supposed to maintain its 1-to-1 peg to the U.S. dollar through its sister token Luna. Full Story
Source: TechCrunch
02/15/2023
Dallas Central Appraisal District Paid $170K Ransom To Get Hacked Website Back Up And Running
The website of DCAD—the Dallas Central Appraisal District—is almost fully recovered from a devastating ransomware attack last November that shut down the functionality of the appraisal district's computer systems. The bad actors who took the data hostage and then locked the files demanded $1 million. DCAD balked at that figure, but through an intermediary, eventually paid a ransom of $170,000 in cryptocurrency. After that, the cyber crooks gave DCAD a digital key to unlock the system. But it only partially worked. So, information technology experts have been rebuilding the servers. In total, DCAD estimates this has cost them somewhere under a half million dollars and it was paid out of their emergency fund. This is the first time in 40 years they’ve had to dip into that account. Full Story
Source: WFAA ABC 8
02/15/2023
MortalKombat Ransomware Found Punching Targets In US, UK, Turkey, Philippines
Over the last month, organizations in the U.S., U.K., Turkey and the Philippines have been hit with a new ransomware that cybersecurity researchers are calling MortalKombat. Researchers from Cisco’s Talos security team said they have been tracking a ransomware group that has been deploying MortalKombat and also developed new malware called Laplas Clipper that steals cryptocurrency from victims. Most of the victims have been in the U.S., while a smaller percentage come from the other countries listed. The ransomware “encrypts various files on the victim machine’s filesystem, such as system, application, database, backup, and virtual machine files, as well as files on the remote locations mapped as logical drives in the victim’s machine,” the researchers said. Full Story
Source: The Record
Cybercriminals Brought to Justice: Current and Recent Arrests and Convictions
02/25/2023
Smuggler Provided Sensitive US Tech To Russian, N. Korean Governments, Prosecutors Say
A Russian national has been charged in the U.S. with smuggling devices used in counterintelligence operations out of the U.S. and into Russia. Ilya Balakaev, 47, allegedly provided U.S. equipment to the Russian Federal Security Service (FSB) and the North Korean government, breaking U.S. sanctions against those countries. The Department of Justice said Balakaev is “currently a fugitive.” The indictment against him was unsealed Friday in a New York federal court. If captured and convicted, he faces up to 75 years in prison. Balakaev worked with FSB Center 8’s Military Unit 43753, a part of the Russian intelligence agency responsible for communication security and cryptology, prosecutors said. His company, Radiotester, repaired devices such as those designed to find surveillance bugs or send secret messages. Full Story
Source: The Record
02/24/2023
Dutch Police Arrest Three Ransomware Actors Demanding €2.5 Million
The Amsterdam cybercrime police unit has detained three individuals for using ransomware to extort small and large businesses across international borders, generating €2.5 million. The suspects, all male teenagers between the ages of 18 and 21, are accused of collecting private information from victim networks and holding them for ransom. They allegedly attacked thousands of businesses. Depending on how big the company is, the threat actors demanded anywhere from €100,000 to €700,000. The extortion included threats to disclose the data or take down the business’s digital infrastructure. According to the Dutch authorities, the hackers continued to sell the stolen material online even after the victims paid the ransom. Full Story
Source: Information Security Buzz
02/23/2023
Russian Man Accused Of Selling Prolific Hacking Tool Extradited To US
A 28-year-old Russian man accused of developing and selling a hacking tool used to obtain the login information for tens of thousands of computers worldwide was arrested in the country of Georgia and extradited to the US, the Justice Department said yesterday. Dariy Pankov is accused of advertising access to more than 35,000 computers, earning more than $350,000 in illicit sales, and enabling cybercriminals to conduct ransomware attacks and tax fraud, prosecutors said. The hacking tool that Pankov is accused of developing – known as “NLBrute” – used a common technique for cracking passwords by flooding a computer with password guesses. Numerous cybercrime groups have used the NLBrute tool, according to Adam Meyers, senior vice president of intelligence at cybersecurity firm CrowdStrike. “It’s like a lockpick gun for burglars,” Meyers told CNN. Full Story
Source: CNN
02/18/2023
Spain Orders Extradition Of British Alleged Hacker To U.S.
Spain’s National Court has agreed to the extradition to the U.S. of a British citizen who allegedly took part in computer attacks, including the Jul. 2020 hacking of Twitter accounts of public figures such as Joseph Biden, Barack Obama and Bill Gates. A court statement yesterday said requirements had been met for handing over Joseph James O’Connor to U.S. authorities for 14 charges covering crimes such as revelation of secrets, membership of a criminal gang, illegal access to computer systems, internet fraud, money laundering and extortion. O’Connor, 23, from Liverpool, England was arrested in the southern Spanish coastal town of Estepona in Jul. 2021. He is accused of hacking some 130 Twitter accounts, and he is also wanted for several cases of “swatting,” prank calls to emergency services aimed at getting large numbers of police to be sent to different locations. Full Story
Source: ABC News
02/15/2023
Russian Businessman Guilty In Hacking, Insider Trade Scheme
A Russian millionaire with ties to the Kremlin was convicted of participating in an elaborate $90 million insider trading scheme using secret earnings information from companies such as Microsoft that was stolen from U.S. computer networks. Vladislav Klyushin, 42, who ran a Moscow-based IT company associated with the Russian government, was found guilty on all charges against him, including wire fraud and securities fraud, after a two-week trial in federal court in Boston. “The jury saw Mr. Klyushin for exactly what he is — a cybercriminal and a cheat. He repeatedly gamed the system and finally got caught. Now he is a convicted felon. For nearly three years, he and his co-conspirators repeatedly hacked into U.S. computer networks to obtain tomorrow’s headlines today,” Massachusetts U.S. Attorney Rachael Rollins said in a statement. Full Story
Source: ABC News
The Cybercrime and Privacy Landscape: A Summary of Recent Developments and News
02/25/2023
A Basic Apple Phone Feature Helps Criminals Steal Your Entire Digital Life
Stories are piling up in police stations around the country about a remarkably low-tech trick: Thieves watch iPhone owners tap their passcodes, then steal their targets’ phones—and their digital lives. The thieves are exploiting a simple vulnerability in the software design of over one billion iPhones active globally. It centers on the passcode, the short string of numbers that grants access to a device; and passwords, generally longer alphanumeric combinations that serve as the logins for different accounts. With only the iPhone and its passcode, an interloper can within seconds change the password associated with the iPhone owner’s Apple ID. This would lock the victim out of their account, which includes anything stored in iCloud. The thief can also often loot the phone’s financial apps. Full Story
Source: The Wall Street Journal
02/25/2023
British Social Media Star Victim Of Deepfake Porn
Sweet Anita, a 32-year-old British social media star with more than 1.9 million Twitch followers, is deeply freaked out after discovering that her face has been digitally superimposed into deepfake pornography clips. Anita, from East Anglia, England — where a forthcoming amendment to the UK’s Online Safety Bill will reportedly criminalize deepfakes — learned that her likeness was being featured in internet porn sans her consent last month. “I have never made a single drop of sexual content in my life, but now they just assume that I have and [that] I must want this,” Sweet Anita, who reportedly chose to withhold her real name, lamented to the Sun. For deepfakes, creators use artificial intelligence and machine learning software to replace the likeness of one person with another in videos and other digital media. High-powered women such as Emma Watson, Gal Gadot, Scarlett Johansson and Michelle Obama have all been targeted in X-rated deepfake films. Full Story
Source: New York Post
02/25/2023
Hacker Group Defaces Russian Websites To Display The Kremlin On Fire
A hacker group that goes by CH01 defaced a series of Russian websites on the anniversary of the invasion of Ukraine. The hackers replaced the sites’ content with a video showing the Kremlin on fire, along with a song by a Russian rock band named Kino. The video includes a QR code that links to a Telegram channel, where the hackers posted a message claiming responsibility for the attacks and making it clear that these defacements were politically motivated. A source shared a list of 32 hacked websites with TechCrunch. It’s unclear how many sites were defaced, or how the hackers were able to deface them. In cases of mass defacements, hackers usually find a flaw in a library or service used by all the websites they target. The hackers also created a Twitter account and posted the video on the social media app. Full Story
Source: TechCrunch
02/25/2023
Jump Crypto And Oasis.App ‘Counter Exploits’ Wormhole Hacker For $225M
Web3 infrastructure firm Jump Crypto and decentralized finance (DeFi) platform Oasis.app have conducted a “counter exploit” on the Wormhole protocol hacker, with the duo clawing back $225 million of digital assets and transferring them to a safe wallet. The Wormhole attack occurred in Feb. 2022, with roughly $321 million worth of wrapped ETH (wETH) exploited via a vulnerability in the protocol’s token bridge. The hacker has since moved the stolen funds through various Ethereum-based decentralized applications (DApps), such as Oasis, which recently opened up wrapped stETH (wstETH) and Rocket Pool ETH (RETH) vaults. In a Feb. 24 blog post, the Oasis.app team confirmed that a counter exploit had taken place, outlining that it had “received an order from the High Court of England and Wales” to retrieve certain assets related to the “address associated with the Wormhole Exploit.” Full Story
Source: Cointelegraph
02/25/2023
São Paulo Congresswoman Denies, Then Admits She Employed Hacker
Congresswoman Carla Zambelli of São Paulo, Brazil admitted to newspaper Folha de S. Paulo that she employed hacker Walter Delgatti, a connection The Brazilian Report revealed on Feb. 7. Mr. Delgatti became famous after he hacked the Telegram accounts of Brazil's Operation Car Wash anti-corruption probe in 2019. Mr. Delgatti recently admitted to working for Ms. Zambelli. He said he managed her social media channels, having an under-the-table contract with her. Speaking to The Brazilian Report, Ms. Zambelli first said she never employed Delgatti, but then she admitted to employing the hacker to perform social media automation services. Delgatti's hacking exploits led him to jail in 2019. He is on parole and a court decision bars him from using the Internet - which makes his social media work for Ms. Zambelli an obvious no-no. Full Story
Source: The Brazilian Report
02/25/2023
Smuggler Provided Sensitive US Tech To Russian, N. Korean Governments, Prosecutors Say
A Russian national has been charged in the U.S. with smuggling devices used in counterintelligence operations out of the U.S. and into Russia. Ilya Balakaev, 47, allegedly provided U.S. equipment to the Russian Federal Security Service (FSB) and the North Korean government, breaking U.S. sanctions against those countries. The Department of Justice said Balakaev is “currently a fugitive.” The indictment against him was unsealed Friday in a New York federal court. If captured and convicted, he faces up to 75 years in prison. Balakaev worked with FSB Center 8’s Military Unit 43753, a part of the Russian intelligence agency responsible for communication security and cryptology, prosecutors said. His company, Radiotester, repaired devices such as those designed to find surveillance bugs or send secret messages. Full Story
Source: The Record
02/24/2023
Hacker Steals, Posts Data From Long Beach, Calif. Schools
Student data from the Long Beach (Calif.) Unified School District has been stolen by a hacker and posted online, officials confirmed on Feb. 22. "Our school district recently learned about an incident in which an individual gained access to a list containing student identification numbers, names and their corresponding LBUSD-provided email addresses," the district wrote to parents and students in an email obtained by the Press-Telegram. LBUSD first learned about the cyberattack on Feb. 21, the email said. The district's Tecnology and Information Services Branch coordinated with multiple federal, state and local agencies, including law enforcement, to ensure that the more sensitive personal information hadn't been compromised. LBUSD has about 67,500 students, according to the most-recent data available on the state education department's website. Full Story
Source: Government Technology
02/24/2023
Millions Of Good Guys Customers Impacted By Data Breach
Aussies have been hit with yet another cyberattack and this time its customers of Australian electronics retailer The Good Guys who have been affected. The Good Guys revealed that third-party company Pegasus Group Australia - now known as My Rewards - was compromised. The company was previously responsible for running the retailer's “Concierge” member rewards service. The Good Guys said it just became aware of the breach, which was believed to have occurred back in Aug. 2021. The Good Guys has contacted all impacted customers, including 325,000 members who set up a My Rewards account, and another 1.5 million members who may have had their details impacted. Full Story
Source: Yahoo! Finance
02/24/2023
Meta Is Reforming ‘Facebook Jail’ In Response To The Oversight Board
It’s now going to be harder to land in “Facebook jail.” Meta says it’s reforming its penalty system so that people are less likely to have their accounts restricted for less serious violations of the company’s rules. “Under the new system, we will focus on helping people understand why we have removed their content, which is shown to be more effective at preventing re-offending, rather than so quickly restricting their ability to post,” Meta explains in a blog post. “We will still apply account restrictions to persistent violators, typically beginning at the seventh violation, after we’ve given sufficient warnings and explanations to help the person understand why we removed their content.” Previously, users could land in “Facebook jail,” which could prevent them from posting on the platform for 30 days at a time, for relatively minor infractions. Full Story
Source: Engadget
02/24/2023
Los Angeles School District Reveals Ransomware Gang Leaked Thousands Of Student Health Records Online
The health records of around 2,000 current and former Los Angeles students were published to the dark web after last year’s ransomware attack, the district revealed on Feb. 22. Jack Kelanic, the district’s senior IT administrator, said the district is still working to assess the ramifications of the widely-reported Sep. 2022 ransomware attack, which are only now being realized. The administrator said 2,000 student assessment records have been confirmed as part of the attack – including 60 of whom are currently enrolled – as well as driver’s license and social security numbers and COVID-19 test results. Some of these records, he said, even go back several decades, creating "further time-consuming analysis." LAUSD Superintendent Albert Carvalho said the Russian ransomware gang Vice Society was responsible for the attack and had placed the material online. Full Story
Source: FOX Business
02/24/2023
Dutch Police Arrest Three Ransomware Actors Demanding €2.5 Million
The Amsterdam cybercrime police unit has detained three individuals for using ransomware to extort small and large businesses across international borders, generating €2.5 million. The suspects, all male teenagers between the ages of 18 and 21, are accused of collecting private information from victim networks and holding them for ransom. They allegedly attacked thousands of businesses. Depending on how big the company is, the threat actors demanded anywhere from €100,000 to €700,000. The extortion included threats to disclose the data or take down the business’s digital infrastructure. According to the Dutch authorities, the hackers continued to sell the stolen material online even after the victims paid the ransom. Full Story
Source: Information Security Buzz
02/24/2023
Stress Pushing Chief Information Security Officers Out The Door
Nearly half of CISOs will change jobs by 2025 due to stress caused by the risk of being breached while trying to retain staff, according to a new Gartner report. The research firm found that the stressors of the cybersecurity world make the job of a cybersecurity professional unsustainable. This includes the knowledge that there are only two possible outcomes: get hacked or don't. Gartner also found that of those nearly 50 percent looking to change jobs, 25 percent are considering a complete change of role due to stress.on’t. “The psychological impact of this is profound, directly affecting decision quality and performance of cybersecurity leaders and their teams,” found Gartner. Full Story
Source: CSO
02/23/2023
Russian Man Accused Of Selling Prolific Hacking Tool Extradited To US
A 28-year-old Russian man accused of developing and selling a hacking tool used to obtain the login information for tens of thousands of computers worldwide was arrested in the country of Georgia and extradited to the US, the Justice Department said yesterday. Dariy Pankov is accused of advertising access to more than 35,000 computers, earning more than $350,000 in illicit sales, and enabling cybercriminals to conduct ransomware attacks and tax fraud, prosecutors said. The hacking tool that Pankov is accused of developing – known as “NLBrute” – used a common technique for cracking passwords by flooding a computer with password guesses. Numerous cybercrime groups have used the NLBrute tool, according to Adam Meyers, senior vice president of intelligence at cybersecurity firm CrowdStrike. “It’s like a lockpick gun for burglars,” Meyers told CNN. Full Story
Source: CNN
02/23/2023
‘Nevada Group’ Hackers Target Thousands Of Computer Networks
A mysterious and unidentified group of hackers has sought to paralyse the computer networks of almost 5,000 victims across the U.S. and Europe, in one of the most widespread ransomware attacks on record. The hacking unit, initially nicknamed the Nevada Group by security researchers, began a series of attacks that started around three weeks ago by exploiting an easily fixed vulnerability in a piece of code that is ubiquitous in cloud servers. Authorities have yet to identify the perpetrators, guessing only from their recruiting announcements on the web that it is a mix of Russian and Chinese hackers. The hackers have demanded a surprisingly small ransom to release their hold over computer networks — as little as two bitcoins (about $50,000) in some cases, according to copies of their ransomware notes that were briefly visible. Full Story
Source: Financial Times
02/23/2023
Russia Blames Hackers As Commercial Radio Stations Broadcast Fake Air Strike Warnings
Commercial radio stations across Russia yesterday morning broadcast warnings about air raids and missile strikes. The Ministry of Emergency Situations said the broadcasts were the “result of a hacker attack.” Gazprom-Media, Russia’s largest media company and a subsidiary of the state-owned energy corporation Gazprom, said an “attack on the infrastructure of a satellite operator” was to blame and allowed the messages to be broadcast over multiple radio stations, according to the RIA Novosti news agency. A statement from the Ministry of Emergency Situations said: “This morning in some regions, listeners on the air of radio stations could hear an alarm signal and a text message asking them to go to the shelter.” An official quoted by the Kommersant newspaper said the goal is to sow panic. Full Story
Source: The Record
02/23/2023
Cyberattack On Dole Temporarily Shuts Down North American Plants
Food producer Dole temporarily closed its North American plants after a ransomware attack earlier this month, according to reporting by CNN. The news outlet obtained a company memo dated Feb. 10 shared with retailers that said the company was "in the midst" of a cyberattack and shut down its systems throughout North America. The produce company known for its fruits, leafy greens and other vegetables operates four plants and employs about 3,000 people. In a press release issued Feb. 20, Dole said there was a ransomware attack recently, but did not confirm the closures. A Dole spokesman declined further comment. The release said the company notified law enforcement, and hired third-party cybersecurity experts to fix the issue. Experts are still working with Dole to secure its systems. Full Story
Source: Cincinnati Enquirer
02/23/2023
NSA’s “State Secrets” Defense Kills Lawsuit Challenging Internet Surveillance
The U.S. Supreme Court denied a petition to review a case involving the National Security Agency's surveillance of Internet traffic, leaving in place a lower-court ruling that invoked "state secrets privilege" to dismiss the lawsuit. The NSA surveillance was challenged by the Wikimedia Foundation, the American Civil Liberties Union, and the Knight First Amendment Institute at Columbia University. The Supreme Court's denial of Wikimedia's petition for review was confirmed in a long list of decisions released Feb.21. The lawsuit challenged the NSA's "Upstream" surveillance program in which "the NSA systematically searches the contents of Internet traffic entering and leaving the United States, including Americans' private emails, messages, and web communications," the Wikimedia Foundation said. The Department of Justice, has said the publicly available evidence doesn't support Wikimedia's claim that the agency copies and reviews all Internet communications. Full Story
Source: ars TECHNICA
02/23/2023
FCC Chair Proposes Rules To Reduce Scam Robotexts
The chair of the Federal Trade Commission has proposed new rules to tackle the scourge of text message scams. If the agency's commissioners approve the rules at a meeting in March, providers would have to block robotexts that are "highly likely to be illegal," chair Jessica Rosenworcel said in a statement. The robotext proposal follows measures the FCC has taken to stamp out robocalls. Both issues are on the agenda for the FCC's open meeting next month, along with other items like a proposed framework "for increased collaboration between terrestrial mobile network operators and satellite service providers" to bolster phone service in areas where it is lacking. That could could come in useful for life-or-death situations in remote areas. Full Story
Source: Engadget
02/22/2023
Phone Hackers Use Florida Man’s Password To Steal $65K From Bank Account
A $65,000 wire transfer to a mystery bank account left an admissions manager with Full Sail University in Winter Park, Fla. staring at a zero balance with little proof he was the victim of a smartphone hacker. Julius “DJ Caesar” told News 6 that Regions Bank twice denied his appeals to have the funds restored to his business account determining “the transactions were authorized using agreed upon security procedures.” “I know somebody hacked my phone,” Julius said. “As to how, I don’t know.” Bank records show the funds were transferred on Nov. 7, 2022 to a woman in another state. Julius, who asked that we not use his full name, said his phone records show his smartphone was bypassed to a number with an 801 exchange. Regions’ corporate fraud team reversed the denial decision and returned more than $64,000 to Julius. Full Story
Source: Click Orlando
02/22/2023
Russian State TV ‘Hit By Cyber Attack’ During Putin’s Speech
Russian state TV stations have reportedly been hit by a cyber attack as Vladimir Putin delivered a keynote speech on the Ukraine war. State media websites broadcasting the State of the Nation address suffered an outage yesterday morning. The All-Russia State Television and Radio Broadcasting Company (VGTRK) website and the Smotrim live-streaming platform went down during periods of the speech. A message on the VGTRK website said that “technical works were being carried out” while the Smotrim website was not loading. The state-run RIA Novosti news agency claimed the outage was the result of a distributed denial of service (DDoS) attack, although this claim has not yet been independently verified. Full Story
Source: INDEPENDENT
02/22/2023
Microsoft Unravels One Of NOBELIUM’s Most Novel Cyber Attacks
A new report from Microsoft describes the first time a Global Assembly Cache (GAC) implant was seen in the wild. This new malware, known as MagicWeb, from Russia-based nation-state hacking group NOBELIUM allows the attacker to authenticate as anyone in a targeted network. NOBELIUM is perhaps most notorious for the SolarWinds supply chain compromise in Dec. 2020, which is widely regarded as the most sophisticated nation-state cyber attack in history. In fact, Microsoft says NOBELIUM remains highly active, executing multiple campaigns in parallel targeting government organizations, non-governmental organizations (NGOs), intergovernmental organizations (IGOs), and think tanks across the US, Europe, and Central Asia. Full Story
Source: Homeland Security Today
02/22/2023
North Macedonia Steps Up Security After Cyberattacks And Bomb Hoaxes Linked To Ukraine War
The government of North Macedonia has pledged yesterday to enhance its cyber security in response to a series of fake bomb threats and cyberattacks that have caused significant disruptions in the country since last October. More than 30 locations were evacuated in Skopje and one in the town of Prilep after authorities received fake bomb threats. The threats targeted a wide range of locations, including the presidential palace for the first time, but also schools, public institutions, TV stations, courts, shopping malls, residential buildings, museums and hotels. North Macedonia’s authorities have stated that the senders of the fake bomb threats are difficult to detect and that the attacks represent a form of hybrid warfare. Full Story
Source: bne INTELLINEWS
02/22/2023
Activision Failed To Tell Employees Of 2022 Data Breach
Activision was hacked in Dec. 2022, and according to TechCrunch, its employees weren't even aware of the breach until this past weekend. Hackers reportedly managed to phish an employee at the Call of Duty publisher on Dec. 4, 2022, and were able to access internal data related to games and employees. Those hackers told TechCrunch they successfully accessed spreadsheets that featured full names of employees (and their work emails), telephone numbers, and the offices where several developers worked. The data breach at Activision comes nearly a month after source code for Riot Games' League of Legends was obtained by hackers. And both of those came months after Rockstar Games was hacked, leading to the release of in-progress footage for Grand Theft Auto VI. Full Story
Source: Game Developer
02/22/2023
Indian Ticketing Platform RailYatri Breached – 31 Million Impacted
RailYatri, a popular Indian train ticket booking platform, has suffered a massive data breach that has exposed the personal information of over 31 million users. The breach is believed to have occurred in late Dec. 2022, with the database of sensitive information now being leaked online. The 12 gigabytes worth of leaked data includes email addresses, full names, genders, phone numbers, locations and 37,000 invoices which could put millions of users at risk of identity theft, phishing attacks, and other cyber crimes. The database has been leaked on Breachforums, a hacker and cybercrime forum that surfaced as an alternative to the popular and now-seized Raidforums. Full Story
Source: HackRead
02/21/2023
Consumers Beware: Thieves Are Clearing Out Bank Accounts Using 'Check Washing'
Unfortunately, if you're still using paper checks to pay bills or send money to others, you could be a victim of an old scam that's recently come back into fashion: check washing. Check washing is when thieves steal checks you've written and use a chemical solution to remove the ink from the amount and the payee lines (while leaving your signature behind). Per IAG Forensics & Valuation, acetone is the most common chemical used (you may know it better as nail polish remover). Then the thieves can fill in their own names as the payee, write in any amount of money they want, and cash your check, potentially draining your checking account in the process. According to IAG, check washing accounts for more than $815 million of stolen money every year, and first began in the 1980s. Full Story
Source: The Motley Fool
02/21/2023
Hackers Start Selling Data Center Logins For Some Of World’s Largest Corporations
In an episode that underscores the vulnerability of global computer networks, hackers got ahold of login credentials for data centers in Asia used by some of the world’s biggest businesses, a potential bonanza for spying or sabotage. The previously unreported data caches involve emails and passwords for customer-support websites for two of the largest data center operators in Asia: Shanghai-based GDS Holdings Ltd. and Singapore-based ST Telemedia Global Data Centres, according to Resecurity Inc. About 2,000 customers of GDS and STT GDC were affected. Hackers have logged into the accounts of at least five of them, including China’s main foreign exchange and debt trading platform and four others from India. Full Story
Source: Bloomberg
02/21/2023
Norway Seizes Millions In North Korean Crypto
Norwegian authorities have allegedly seized roughly $6 million in cryptocurrency that it claims was stolen last year by North Korean threat actors. The authorities tracked and intercepted the funds, stating that it was the largest heist of its kind ever recorded. The economic and environmental crime agency of Norway was responsible for the operation and stated that North Korean threat actors had been quietly carrying out a massive money laundering operation since the Mar. 2022 attack on Ronin Network. The announcement regarding the recovered funds comes just months after investigators claimed to have seized $30 million in funds stolen during the attack on Ronin Network which was developed by Sky Mavis to function as an Ethereum sidechain for one of its games, Axie Infinity. Full Story
Source: OODA Loop
02/21/2023
Car Owners Warned That Key Fobs Could Be Vulnerable To Hackers
Wireless key fobs are part of everyday life for car owners, but now AAA is warning hackers might use it against you. A supposed new TikTok challenge is teaching people how to use special amplifier devices to get the signal from your key fob in your house to then unlock your car as it's parked in your driveway. "Our car keys and our vehicle actually are talking to each other pretty much constantly, waiting for that signal to unlock," AAA spokesperson Mark Schieldrop told WBZ-TV. "So the thieves are able to intercept that signal, boost it, get the car unlocked." Kia and Hyundai have launched improved anti-theft software to tackle the issue. In the meantime, AAA is warning drivers now before the trend takes off. Full Story
Source: CBS Boston
02/21/2023
Coinbase Employee Credentials Stolen In Recent Security Incident
Cryptocurrency exchange platform Coinbase has recently disclosed an attack that exposed the company’s systems and cost it sensitive data. The attack, on Feb. 5, involved an unknown fraudster sending fake SMS alerts to several Coinbase employees, attempting to con them into following a malicious link. Reportedly, the SMS mentioned an important message and urged recipients to log in to their corporate accounts to read it. It took only a single employee to follow the rogue URL for the perpetrator to breach Coinbase’s systems and make off with the employee’s data. After typing their credentials into the phishing form, the employee was prompted with a “thank you” note and advised to dismiss the message. Full Story
Source: Bitdefender
02/21/2023
Major Hack At Virgin Media TV In Ireland ‘Contained And Terminated'
A “major hack” at Virgin Media Television in Ireland has been “fully contained, isolated and terminated”, the broadcaster said. There will be some temporary effects to the broadcasting of some recorded programming on Virgin Media Three, Four, More and VMTV Player. Minister of State Ossian Smyth described a “major hack” and said it was being investigated by the National Cyber Security Centre. In a statement the firm said: “Due to the precautions we have implemented there will be temporary effects to the broadcasting of some of our recorded programming on Virgin Media Three, Four, More and VMTV Player. “We expect normal service will be resumed as soon as we have completed the review and verification process." Full Story
Source: Irish Examiner
02/20/2023
GoDaddy Says A Multi-Year Breach Hijacked Customer Websites And Accounts
GoDaddy said on Feb. 17 that its network suffered a multi-year security compromise that allowed unknown attackers to steal company source code, customer and employee login credentials, and install malware that redirected customer websites to malicious sites. GoDaddy is one of the world’s largest domain registrars, with nearly 21 million customers and revenue in 2022 of almost $4 billion. In a filing Feb. 16 with the Securities and Exchange Commission, the company said that three serious security events starting in 2020 and lasting through 2022 were carried out by the same intruder. The most recent event occurred last December when the threat actor gained access to the cPanel hosting servers customers use to manage websites hosted by GoDaddy. The threat actor then installed malware on the servers that “intermittently redirected random customer websites to malicious sites.” Full Story
Source: ars TECHNICA
02/20/2023
U.S. Launches ‘Strike Force’ To Keep Disruptive Tech Away From Adversaries
A senior Justice Department official on Feb. 16 said the agency would intensify its efforts to block foreign adversaries such as China and Russia from obtaining sensitive data and technologies, including by launching a new partnership with the U.S. Commerce Department. The Disruptive Technology Strike Force will pair federal prosecutors with Commerce Department agents to investigate and prosecute criminal violations of U.S. export controls laws, Deputy Attorney General Lisa Monaco said in a speech in London. Export controls are a set of regulations that restrict the sale of technologies with both commercial and military uses. They are administered by the Commerce Department’s Bureau of Industry and Security, which can bring civil penalties against companies that allow such “dual use” items to fall into the wrong hands. Full Story
Source: The Wall Street Journal
02/20/2023
Cyber Attacks On Ukraine And NATO Are Carried Out By 5 Hacker Groups
Russian government-backed hackers stepped up cyber operations starting in 2021, just before Russia's invasion of Ukraine. In 2022, Russia increased its targeting of users in Ukraine by 250 percent compared to 2020, and its targeting of users in NATO countries by over 300 percent. Among the hacker groups that organise cyber attacks on Ukrainian and NATO institutions are FrozenLake, Coldriver, Summit, FrozenBarents and FrozenVista. Experts name phishing as one of the main strategies of these hacker groups. Most often, hackers attack Gmail, as well as the mail services of various government institutions: the Ministry of Defence, the Ministry of Foreign Affairs, and others. Full Story
Source: Yahoo! News
02/20/2023
Phishing Scam Cost Small Ohio City $219K, Finance Director His Job
Phishing-scam training has become a commonplace requirement in many workplaces these days. But not everyone is adhering to its lessons. When emails from a fake paving company landed in the inbox of an accounting assistant working for a small Ohio city last month, the assistant was hooked. The author pretended to be an existing vendor and persuaded the finance worker in the Columbus suburb of Hilliard, Ohio, to change bank-routing information for the vendor. A day later, the city paid that account $218,992.06. Taking such actions is part of the standard work of an accounting assistant, but there is a verification protocol that was not followed, city officials told The Columbus Dispatch, a member of the USA TODAY Network. Full Story
Source: USA TODAY
02/20/2023
Moldova, Facing Cyberattacks As Part Of Alleged Russian Coup Plan, Asks For Western Support
Maia Sandu, the pro-European president of Moldova who last week warned of an active Russian plot to overthrow her country’s government, told the Munich Security Conference on Saturday that she needed a range of support from other European nations to defend the integrity of her state. Her calls for support come at a moment of crisis for Moldova, with Prime Minister Natalia Gavrilita resigning last week due to domestic challenges, including inflation and energy security issues exacerbated by Russian activity. President Sandu said Russia was “waging hybrid war against Moldova” including through “propaganda and disinformation” alongside “multiple cyberattacks” and “multiple false bomb alerts.” These actions are intended to undermine social cohesion, provoke protests and allow external saboteurs to launch a coup, she said. Full Story
Source: The Record
02/20/2023
Tile Steps Up Measures Against Thieves And Stalkers
Tile has launched a new feature, called Anti-Theft Mode, for all of its Bluetooth-powered tracking devices. The feature is designed to let users track their devices while staying "under the radar," so to speak -- so a thief with your stolen item doesn't find out you're onto them. The new anti-theft mode is the latest development in an ongoing discourse over the misuse of Bluetooth trackers. Thanks to trackers like Tile devices and Apple's AirTags, it's easier than ever to find a misplaced item. However, the devices also make it concerningly easy to track someone without their consent. The new Anti-Theft Mode makes Tile trackers undetectable by Scan and Secure, a featured introduced by Tile around a year ago. Tile will impose a $1 million fine on anyone convicted of illegally tracking a person with a Tile device, and the company also said it will share information with law enforcement at its discretion, even without a subpoena. Full Story
Source: ZDNet
02/18/2023
Spain Orders Extradition Of British Alleged Hacker To U.S.
Spain’s National Court has agreed to the extradition to the U.S. of a British citizen who allegedly took part in computer attacks, including the Jul. 2020 hacking of Twitter accounts of public figures such as Joseph Biden, Barack Obama and Bill Gates. A court statement yesterday said requirements had been met for handing over Joseph James O’Connor to U.S. authorities for 14 charges covering crimes such as revelation of secrets, membership of a criminal gang, illegal access to computer systems, internet fraud, money laundering and extortion. O’Connor, 23, from Liverpool, England was arrested in the southern Spanish coastal town of Estepona in Jul. 2021. He is accused of hacking some 130 Twitter accounts, and he is also wanted for several cases of “swatting,” prank calls to emergency services aimed at getting large numbers of police to be sent to different locations. Full Story
Source: ABC News
02/18/2023
Semiconductor Industry Giant Says Ransomware Attack On Supplier Will Cost It $250 Million
Multibillion-dollar corporation Applied Materials, which provides technology for the semiconductor industry, said during an earnings call this week that a ransomware attack on one of its suppliers would cost it $250 million in the next quarter. The company did not say which supplier it was referencing, but several industry analysts said it was technology and engineering company MKS Instruments. MKS announced Feb. 13 that it was forced to reschedule its own fourth-quarter earnings call due to a ransomware attack that was discovered on Feb. 3. Applied Materials said that for the second quarter of fiscal 2023, it expects net sales to be approximately $6.40 billion — including “ongoing supply chain challenges and a negative estimated impact of $250 million dollars related to a cybersecurity event recently announced by one of our suppliers.” Full Story
Source: The Record
02/18/2023
Vermont's Burton Snowboards Website Unable To Process Orders Due To Cyber Incident
The Burton Snowboards website, Burton.com, has a security notification prominently displayed on its homepage. "Burton recently experienced a cyber incident, which is impacting some of our operations. We are working closely with third-party specialists to investigate the incident and determine the full nature and scope. We are also making every effort to get our operations back up and running, but unfortunately are not able to process orders at this time." Burlington, Vt.-based Burton is a global organization with offices in Australia, Austria, Canada, California, China and Japan, and retail shops in New York City; San Francisco; Chicago; Laax, Switzerland; Helsinki, Finland; Innsbruck, Austria; Milan, Italy; Tokyo and Nagano, Japan; Woodbury and Central Valley, N.Y.; Wrentham, Mass.; Grove City, Penn.; Orlando, Fla.; Las Vegas; Santa Barbara, Calif. and Burlington, Vt. Burton.com Update
Source: Burton.com
02/18/2023
FBI Says It Has ‘Contained’ Cyber Incident On Bureau’s Computer Network
The FBI has been investigating and working to contain a malicious cyber incident on part of its computer network in recent days, according to people briefed on the matter. FBI officials believe the incident involved an FBI computer system used in investigations of images of child sexual exploitation, two sources briefed on the matter told CNN. “The FBI is aware of the incident and is working to gain additional information,” the bureau said in a statement to CNN. “This is an isolated incident that has been contained. As this is an ongoing investigation the FBI does not have further comment to provide at this time.” FBI officials have worked to isolate the malicious cyber activity, which two of the sources said involved the FBI New York Field Office – one of the bureau’s biggest and highest profile offices. Full Story
Source: CNN
02/18/2023
White Castle Could Face Multibillion-Dollar Judgment In Illinois Privacy Lawsuit
Illinois' highest court yesterday said companies violate the state's unique biometric privacy law each time they misuse a person's private information, not just the first time, a ruling that could expose businesses to billions of dollars in penalties. The Illinois Supreme Court in a 4-3 decision said fast food chain White Castle System Inc must face claims that it repeatedly scanned fingerprints of nearly 9,500 employees without their consent, which the company says could cost it more than $17 billion. The Illinois Biometric Information Privacy Act (BIPA) imposes penalties of $1,000 per violation and $5,000 for reckless or intentional violations. The law requires companies to obtain permission before collecting fingerprints, retinal scans and other biometric information from workers and consumers. Full Story
Source: Reuters
02/18/2023
TikTok Plans 2 More European Data Centers Amid Privacy Fears
TikTok said Friday that it’s planning two more European data centers, as the popular Chinese-owned video sharing app seeks to allay growing concerns about data privacy for its users in the West. TikTok has been under fire from European and American authorities over concerns that it could scoop up masses of user data and send it to China. The company’s general manager for European operations, Rich Waterworth, said in a blog post that it is “at an advanced stage of finalizing a plan” with a third-party provider for a second data center in Ireland. It announced its first center there last year. TikTok also is in talks to set up a third European data center, without specifying a location. Full Story
Source: CMToday
02/17/2023
German Airport Websites Down In Suspected Hacker Attack
Several German airports had their websites disrupted yesterday, with experts investigating a possible online attack. "Once again, airports fell victim to large-scale distributed denial of service (DDoS) attacks," Ralph Beisel. chief executive of the ADV airport association, said in a statement. Among the airports affected were Düsseldorf, Nüremberg, Erfurt-Weimar and Dortmund. The websites were either not reachable or flagged up failure messages. Nüremberg Airport in northern Bavaria said its site had been receiving so many requests that it collapsed. The websites of German airports were among multiple targets believed to have been brought down last month by the pro-Russian hacking group Killnet. Full Story
Source: DW
02/17/2023
Moroccan News Agency MAP Target Of DDoS Cyberattack
Moroccan news agency Maghreb Arab Press (MAP) was the target of a Distributed Denial of Service (DDoS) attack last night. A number of the agency’s sites were down following the attack. “This dangerous incident cannot be explained outside the context of regional geo-political tensions, which are reflected in the severity of this cyber attack on a public institution,” the agency said. Engineers on MAP’s websites noticed an unusual amount of traffic coming through the sites, and proceeded to inform the cyber attacks watch center MACERT of the General Directorate for Information Systems Security (DGSSI). The agency set up a crisis cell to prevent its websites from shutting down completely and has strengthened its security devices to face disruptions that may occur. The news comes a few days after Algeria’s state-owned news agency APS accused Morocco of being behind a cyber attack on its websites. Full Story
Source: Morocco World News
02/17/2023
Louisiana HBCU Says Personal Data From 44,000 Students Accessed In November Cyberattack
The only Catholic historically Black college or university (HBCU) reported a data breach this week involving Social Security numbers and other personal information from more than 44,000 students and vendors. Xavier University of Louisiana said it suffered a cyberattack on Nov. 22. “Xavier engaged cybersecurity experts to assist with the process,” they wrote, determining on Jan. 24 that “student and vendor personal information may have been acquired without authorization during the incident" and “the information accessed and potentially acquired by an unknown person may have included full names and Social Security numbers.” Colleges and universities across the U.S. continue to face an onslaught of cyberattacks resulting in troves of student information pouring onto the dark web. Full Story
Source: The Record
02/17/2023
Passport Breach Hits Over 500 Cricket Stars, From Wasim Akram To Ian Bell
Some of cricket’s all-time greats and current superstars have had their passport information exposed, after a cybersecurity researcher said he found a batch of players' personal data online. Pakistan and West Indies legends Wasim Akram and Chris Gayle were amongst more than 500 famous cricketers’ affected by the breach, as were current stars like big-scoring England batsman Ian Bell and Pakistan captain Mohammad Babar Azam. Indian, New Zealand and Afghan players were also affected, according to Etizaz Mohsin, a U.K.-based researcher, who shared his findings with Forbes. Many of the passports were still valid at the time of publication, while some were recently expired. Phone numbers and email addresses of some players and their agents were also in the data discovered by Mohsin. Full Story
Source: Forbes
02/17/2023
Platypus Finance Hacked For $9M On Avalanche
The DeFi application Platypus Finance has suffered a $9 million attack, according to a series of tweets from the blockchain security firm CertiK on Feb. 16. That report states that an attacker used flash loans on the Avalanche (AVAX) blockchain to exploit a function in one of Platypus’ smart contracts. The attacker deposited $44 million of stablecoins into the application. With the crypto assets obtained, the attacker could mint a similar amount of Platypus’ USP stablecoin (41.79 million USP). The attacker then exploited an emergency withdrawal function to access the original $44 million deposit and the minted USP. Finally, the attacker swapped the USP for other assets before paying back the loan. The final difference, and the estimated loss for Platypus, was $9 million. Full Story
Source: Cryptoslate
02/17/2023
SEC Charges Terraform Labs And Founder Do Kwon With Defrauding Investors
The U.S. Securities and Exchange Commission has charged the collapsed blockchain firm and stablecoin operator Terraform Labs and its founder Do Kwon with defrauding U.S. investors who purchased the digital assets Terra USD and Luna. The U.S. financial regulator accused Kwon and the Singpoare-based crypto firm of offering and selling an inter-connected suite of crypto asset securities, “many in unregistered transactions” from Apr. 2018 to May 2022. The SEC also alleged in federal court that the firm and its founder misrepresented the stability of Terra USD, a stablecoin developed by Kwon, which was supposed to maintain its 1-to-1 peg to the U.S. dollar through its sister token Luna. Full Story
Source: TechCrunch
02/16/2023
Instagram Influencers Were Forced To Send Striptease Video And Thousands Of Dollars In Ransom To A 24-Year-Old Hacker
The FBI has filed a criminal complaint against a hacker who took over the Instagram accounts of multiple female influencers and tried to solicit money out of them. When one victim refused to hand over money, he demanded she strip for him on a video call in order to get her account back, court documents claim. The complaint against Amir Hossein Golshan, accuses him of SIM swapping — reassigning someone's phone number to another device without their authorization, in order to bypass two-factor authentication and access their apps. It described the experiences of four female victims, who say 24-year-old Golshan gained access to their phone numbers and Instagram accounts and demanded money from them. Full Story
Source: Insider
02/16/2023
Aker Solutions’ Brazilian Business Hit By Cyberattack
The Norwegian engineering giant Aker Solutions (OSE:AKSO) announced Feb. 14 that local subsidiary CSE Mecânica e Instrumentação, which provides maintenance and modifications services to oil and gas installations offshore Brazil, had been the victim of an attack on its IT systems. The attackers – whose source and origin are as yet unclear – claim to have entered the systems, encrypted digital files and locked access to data. Aker Solutions said it was working to “contain and neutralize the attack”, but did not know the full extent of the situation. CSE is a fully-owned Aker Solutions subsidiary with approximately 450 employees in Brazil. The incident comes as security measures ramp up across the energy sector, with Norwegian police forces now on alert for an increase in potential spying activity as relations with Russia deteriorate.
Source: Energy Voice
02/16/2023
Stiles Machinery Detects Cyberattack
Stiles Machinery has detected a cyberattack on its IT systems. They have decided to completely shut down their systems while investigating the incident. "The security and data of our customers and business partners is one of our highest priorities," the company states in a notice on the homepage of its website. "We are working to restore operations to full functionality as soon as possible. As a consequence, our regular operations and ability to communicate have become limited. We appreciate your patience and understanding during this time, as there will be delays in deliveries and communications. Headquartered in Grand Rapids, Mich., Stiles has regional offices in High Point, N.C.; Bristol, Penn,; Coppell, Texas; and Rancho Cucamonga, Calif. Founded in 1965, the company is a leading provider of advanced manufacturing solutions. Stiles is a subsidiary of Schopfloch, Germany-based HOMAG Group AG. Full Story
Source: Woodworking Network
02/16/2023
Cyberattack Hits Greece’s ‘Documento’ After Report On Fraudster’s Wife
Greek media group Documento’s two websites, Documentonews.gr and Koutipandoras.gr, were subjected to distributed denial-of-service DDoS cyberattacks earlier this week as a result of which the servers went down, and users experienced connectivity problems. The hackers buffeted the websites one day after the publication of a new report on Yasam Ayavefe’s wife and her connections to the Greek underworld. Earlier, Balkan Insight and Greek media outlets Solomon and Inside Story reported on how Ayavefe was awarded honorary Greek citizenship in 2022 despite the fact that in 2017 he was convicted of defrauding online gamblers in his home country, and in 2019 was arrested in Greece while trying to cross the border into Bulgaria on a false Greek passport. Full Story
Source: BalkanInsight
02/16/2023
UK's Succession Wealth Hit By Cyberattack
National advice firm Succession Wealth has launched an investigation after it suffered a cyberattack, The Birmingham, U.K.-based firm, which is owned by Aviva, confirmed it had notified the appropriate authorities after it was alerted to a potential cyberattack on Feb. 8. An investigation into what happened is still ongoing. The firm said it communicated with clients and employees who were potentially affected as soon as it had verified some of the details and had some firm evidence of an attack. Aviva bought Succession Wealth last March in a deal worth up to £385mn. At the time Aviva said the deal “significantly enhances” its presence in the wealth market as more people seek advice for their retirement and savings options. Aviva said it would be able to offer advice to approximately six million of its customers through Succession Wealth. Full Story
Source: FT Adviser
02/16/2023
Tonga Is The Latest Pacific Island Nation Hit With Ransomware
Tonga’s state-owned telecommunications company has been hit with ransomware, it warned customers on Feb. 13. Tonga Communications Corporation (TCC) — one of two telecoms companies in the country — published a notice on Facebook saying the attack may slow down administrative operations. “Ransomware attack has been confirmed to encrypt and lock access to part of TCC’s system. This does not affect voice and internet service delivery to the customers, however, it may slow down the process of connecting new customers, delivering of bills and managing customers’ enquiries,” the company said. “We are working with security companies to mitigate the negative impact of this malware.” The Polynesian country is made up of some 171 islands and has a population of about 100,000. Full Story
Source: The Record
02/15/2023
Revealed: The Hacking And Disinformation Team Meddling In Elections
A covert team of Israeli contractors who claim to have manipulated more than 30 elections around the world using hacking, sabotage and automated disinformation on social media have been exposed in a new investigation. The unit is run by 50-year-old Tal Hanan, a former Israeli special forces operative who now works privately using the pseudonym 'Jorge'. In more than six hours of secretly recorded meetings, Hanan and his team, codename 'Team Jorge', explained how they could gather intelligence on rivals, including by using hacking methods to access Gmail and Telegram accounts. According to the investigation, software used by Team Jorge controls over 30,000 fake social media profiles all of which can be used to spread disinformation or propaganda far and wide at extraordinary speed, reports The Jerusalem Post. Full Story
Source: The Guardian
02/15/2023
Russian Businessman Guilty In Hacking, Insider Trade Scheme
A Russian millionaire with ties to the Kremlin was convicted of participating in an elaborate $90 million insider trading scheme using secret earnings information from companies such as Microsoft that was stolen from U.S. computer networks. Vladislav Klyushin, 42, who ran a Moscow-based IT company associated with the Russian government, was found guilty on all charges against him, including wire fraud and securities fraud, after a two-week trial in federal court in Boston. “The jury saw Mr. Klyushin for exactly what he is — a cybercriminal and a cheat. He repeatedly gamed the system and finally got caught. Now he is a convicted felon. For nearly three years, he and his co-conspirators repeatedly hacked into U.S. computer networks to obtain tomorrow’s headlines today,” Massachusetts U.S. Attorney Rachael Rollins said in a statement. Full Story
Source: ABC News
02/15/2023
Scandinavian Airline SAS Network Hit By Hackers, Says App Was Compromised
Scandinavian airline SAS said it was hit by a cyberattack last night and urged customers to refrain from using its app but later said it had fixed the problem. News reports said the hack paralyzed the carrier's website and leaked customer information from its app. Karin Nyman, head of press at SAS, told Reuters that the company was working to remedy the attack on its app and website. "We aren't able to say a lot more right now as we are right in the attack right now," she said, adding that the app was at that point working fine. Earlier, she told the national news agency TT that there was a risk of getting incorrect information by logging onto the app and urged customers to refrain from using it. The entire website was down for a while yesterday. Full Story
Source: Reuters
02/15/2023
Sweden’s Main Public TV Broadcaster Disrupted By Cyberattacks
Disruptions rattled Sweden’s national TV broadcaster SVT yesterday following a series of cyberattacks that rendered access to its website impossible. SVT believes it may have been the victim of a denial of access attack – an attack which, while not causing permanent damage or granting access to secret information, risks major disturbances by restricting the system’s use. Over the weekend and on Mon., Feb. 13, a number of Swedish universities, including the Karolinska Institute, Swedish University Network (Sunet) and Luleå University of Technology, were hit by similar attacks. For SVT, the attack did not come as a total surprise as the hacker group “Anonymous Sudan” called for cyberattacks against Swedish authorities and banks, Radio Ekot reported. These hackers claim to be protesting against the Quran burning in Stockholm and announced beforehand that they would attack Swedish universities. Full Story
Source: Euractiv
02/15/2023
Dallas Central Appraisal District Paid $170K Ransom To Get Hacked Website Back Up And Running
The website of DCAD—the Dallas Central Appraisal District—is almost fully recovered from a devastating ransomware attack last November that shut down the functionality of the appraisal district's computer systems. The bad actors who took the data hostage and then locked the files demanded $1 million. DCAD balked at that figure, but through an intermediary, eventually paid a ransom of $170,000 in cryptocurrency. After that, the cyber crooks gave DCAD a digital key to unlock the system. But it only partially worked. So, information technology experts have been rebuilding the servers. In total, DCAD estimates this has cost them somewhere under a half million dollars and it was paid out of their emergency fund. This is the first time in 40 years they’ve had to dip into that account. Full Story
Source: WFAA ABC 8