The Sting 03/28/2023
🐝 Welcome to The Sting 🐝, your essential source for the latest cybersecurity news, insights, and expert advice from ThreatBee! Stay informed 💡 and secure 🔒 with our AI-powered solutions as we help you navigate the ever-evolving cyber landscape 🌐. Enjoy this issue! 😊
Security Alert: Recent Data Breaches and Cyberattacks
03/28/2023
Russian Hackers Strike French National Assembly Website
France's National Assembly website was brought down yesterday in a cyberattack claimed by pro-Russian hackers. "We decided to repeat our recent trip to France, where protests against [French President Emmanuel] Macron, who decided not to give a damn about the French and continues to 'serve' Ukrainian neo-Nazis, still do not subside," hacker group NoName057(16) wrote on its Telegram channel. The pro-Kremlin group is behind a string of distributed denial-of-service (DDoS) attacks in recent months, including on Polish airport and e-government websites after Warsaw delivered Leopard tanks to Ukraine, but also against targets in Denmark, the Czech Republic and Lithuania. National Assembly officials told franceinfo they couldn't confirm yet that the cyberattack came from Russian hackers but was working on "identification." Full Story
Source: Politico
03/27/2023
Cyberattack Hits Alliance Healthcare, One Of Spain's Largest Drug Wholesalers
Two weeks after a cyberattack hit the Hospital Clínic de Barcelona, another major actor in Spain's healthcare system has been affected by hackers' maneuvers. On this occasion, it has been the drug distribution chains to pharmacies that have been affected due to the problems suffered by Alliance Healthcare, as confirmed to EL PAÍS by four sources in the health sector. “The problem started on Mar. 17. The entire computer system collapsed: the website, the billing systems, the orders... The first few days they had been able to serve practically nothing, although in subsequent days they had been doing what they can", explained a pharmacist with an office in the metropolitan area of Barcelona and which requested anonymity. EL PAÍS tried unsuccessfully for several hours on Mar. 22 to connect to the company's website. Alliance Healthcare is the fourth largest medicines wholesaler in Spain. Full Story
Source: EL PAÍS
03/24/2023
Kids Coding Camp Hacked, Up To 1M Records May Have Been Stolen
Parents are still looking for answers weeks after hackers stole the personal data of thousands of users from kids’ tech coding camp iD Tech, with some fearing that their children’s data was compromised in the data breach. iD Tech, which provides on-campus classes and online tech and coding courses for kids, has yet to acknowledge the breach or notify parents. News of the data breach broke last month after a hacker on a cybercrime forum claimed to have hacked iD Tech a month earlier on Jan. 3. The hacker claimed to have stolen close to 1 million user records, including names, dates of birth, passwords stored in plaintext and about 415,000 unique email addresses, which iD Tech did not dispute when reached by email. That can equate to each parent’s account having one or more kids in classes at the tech camp. Full Story
Source: TechCrunch
03/22/2023
Czech Republic's Internet TV Provider Skylink Is Hacked
M7 Group’s Czech and Slovak operator Skylink is the victim of a cyberattack. In a note published on the Skylink CZ’s Facebook page, the operator said: “We apologise, currently we have reported a system outage (web, customer zone) due to a hacker attack. We are working intensively on the repair. We thank you for your understanding”. Skylink CZ posted the message yesterday afternoon and as of this morning its site is still down. However, Skylink SK, its Slovak site, can be opened. Skylink offers DTH and internet TV services in the Czech Republic and Slovakia. Luxembourg-based M7 Group, owned by Canal+ Group, is one of Europe’s leading Pay-TV operators offering culture and language-specific packages to over three million subscribers in eight countries: Netherlands, Belgium, Germany, Austria, Czech Republic, Slovakia, Romania and Hungary. Full Story
Source: Broadband TV News
03/18/2023
DOCOMO Pacific Confirms Cyberattack, System Restoration Ongoing
DOCOMO Pacific, the largest provider of mobile, TV, internet and phone services to the U.S. territories of Guam and the Northern Mariana Islands, has confirmed that their network experienced a "cybersecurity incident" yesterday morning, in which "some of our servers" were targeted. The company indicated that the system intrusion was isolated, without damage to their customer data, mobile network, or fiber services. Other service has been impacted, with CEO Roderick Boss writing in a press release, "We are working to restore service as soon as possible." An ETA for full system restoration could not be provided. Docomo Pacific is a wholly owned subsidiary of Japanese mobile phone operator NTT Docomo headquartered in Tamuning, Guam. Full Story
Source: KUAM News
Ransomware at Large: Current and Recent Incidents
03/28/2023
Australia's Crown Casinos Investigates As Ransomware Group Claims To Have Breached Data
Crown Resorts has revealed it was one of a number of organisations caught up in a global data breach. The casino giant was recently contacted by a ransomware group who claim they illegally obtained a number of files. “We are investigating the validity of this claim as a matter of priority,” a Crown Resorts spokesman said in a statement yesterday. The hackers claimed they had breached file transfer service GoAnywhere. “We are continuing to work with law enforcement and have notified our gaming regulators as part of the ongoing investigation and will provide relevant updates, as necessary.” It comes as Australian fintech company Latitude Financial Services revealed it had identified 14 million customer details had been stolen in a hack two weeks ago. Full Story
Source: News.com.au
03/25/2023
Tri Counties Bank Suffers Data Breach
Tri Counties Bank in Chico, Calif., suffered a data breach during a cybersecurity incident that took place last month, the latest fallout of an apparent ransomware attack by criminal group Black Basta. The group published photos of identity documents including passports and driver licenses it says it stole from the bank, but the total scope of the breach is unclear so far. The bank is aware of the alleged data breach and is working with third-party forensic specialists to identify what data exactly the group stole, according to Tom Kane, senior vice president and director of marketing for Tri Counties Bank. Established in 1975 and with assets of $10 billion, Tri Counties Bank is a wholly-owned subsidiary of TriCo Bancshares (NASDAQ:TCBK). Full Story
Source: American Banker
03/24/2023
Shoreline College Website Hacked; Officials Investigating
An apparent ransomware attack forced the majority of Shoreline Community College students and staff to transition to remote work this week and prompted local and federal investigations. The disruption began on Mar. 20. Although Shoreline’s campus — including the Parent Child Center — remains open, the college’s website was down as of last night, and Wi-Fi on campus was inaccessible. Classes and exams are being held in person when possible and the campus payroll system has not been affected. The college has bought mobile hot spots to help alleviate the inconvenience, but there are not enough for everyone. Officials have yet to confirm whether the ransomware attack resulted in a breach of sensitive data. About 5,000 students were enrolled at the Shoreline, Wash.- based college as of fall 2022. Full Story
Source: Seattle Times
03/24/2023
Ottawa County, Ohio Officials Working To Restore Network After Ransomware Attack
Ottawa County, Ohio officials said they are making progress toward restoration after detecting a ransomware attack on their computer network. In a statement, officials with the Ottawa County Commissioners' office said the county IT department and "nationally recognized" third-party cybersecurity consultants were working to restore operations, recover impacted systems and determine the effects of the incident. They also said they have notified law enforcement. An unauthorized party has released county-related information supposedly acquired from the compromised network, authorities said. Jong Kwan Lee, an assistant professor and chair of computer science at Bowling Green State University, said the severity of the ransomware attack depends on what information Ottawa County has stored in its system. "It could be as bad as social security numbers, phone numbers, every basically in their database. Or it could just be the names and addresses." Full Story
Source: WTOL 11
03/24/2023
Saks Fifth Avenue Becomes Latest Clop Ransomware Victim
The list of Clop ransomware victims keeps on growing, with the threat actor adding American retail icon Saks Fifth Avenue to its data leak website. While the threat actor did add the retailer’s name to the leak site, they did not provide any additional details, such as the type of data that was taken, or whom it belonged to. The company confirmed the data breach to BleepingComputer, with a spokesperson saying that it fell prey to the now-infamous GoAnywhere MFT vulnerability. GoAnywhere MFT is a popular file-sharing service developed by Fortra and used by large businesses to share sensitive files, securely. It was vulnerable to CVE-2023-0669, a pre-authentication command injection vulnerability in the License Response Servlet that allowed Clop’s members to execute malicious code, remotely. Full Story
Source: TechRadar
03/21/2023
Ferrari Hit By Ransomware Attack Exposing Customers’ Details
Ferrari has been hit by a ransomware attack which has exposed customers’ details. A message sent to owners and customers and seen by Car Dealer said the Italian sports car maker was aware of the data breach, and will work hard to rebuild trust. ‘A threat actor was able to access a limited number of systems in our IT environment,’ Ferrari CEO Benedetto Vigna said in the message yesterday. ‘As part of this incident, certain data relating to our clients was exposed including names, addresses, email addresses and telephone numbers.’ Vigna added Ferrari has begun an investigation with a ‘leading global third-party forensics firm’ and ‘have confirmed the data’s authenticity’. Hackers have also stolen data from UK dealer groups in recent months, with Arnold Clark and Pendragon being subjected to attacks. Full Story
Source: Car Dealer Magazine
03/21/2023
Hackers Target Schools In West Sussex County, South Of London
A cyberattack caused major disruption at Tanbridge House School in Horsham last week. But headteacher Mark Sheridan says ‘no compromise of sensitive information’ has been found. The attack is the third on schools in West Sussex over the past two weeks. Two schools in Chichester have been subjected to major ransomware attacks. One of them – Bishop Luffa – confirmed that hackers were holding a huge amount of sensitive data to ransom but said the school was not in a position to pay. West Sussex is a county in South East England on the English Channel coast south of London. The ceremonial county comprises the districts of Adur, Arun, Chichester, Horsham, and Mid Sussex, and the boroughs of Crawley and Worthing. Full Story
Source: Sussex World
03/20/2023
Dutch Shipping Giant Royal Dirkzwager Confirms Play Ransomware Attack
Dutch maritime logistics company Royal Dirkzwager has confirmed that it was hit with ransomware from the Play group, the latest in a string of attacks targeting the shipping industry. Company CEO Joan Blaas, who bought the company in October after it went bankrupt the month prior, told The Record the ransomware attack did not have an effect on operations but did involve the theft of data from servers that held a range of contracts and personal information. Founded in 1872, Royal Dirkzwager provides information to more than 800 organizations in the maritime industry and registers more than 200,000 ship movements a year. Blaas confirmed that the Dutch Data Protection Authority has been notified of the attack and said he is in negotiations with the cybercriminals. Full Story
Source: The Record
03/18/2023
Hitachi Energy Confirms Cybersecurity Incident
Hitachi Energy reported a cybersecurity incident Mar. 17 on its webisite. "We recently learned that a third-party software provider called FORTRA GoAnywhere MFT (Managed File Transfer) was the victim of an attack by the CLOP ransomware group that could have resulted in an unauthorized access to employee data in some countries. Employees who may be affected have been informed and we are providing support. We have also notified applicable data privacy, security and law enforcement authorities and we continue to cooperate with the relevant stakeholders." Headquartered in Switzerland, Hitachi Energy employs around 40,000 people in 90 countries and generate business volumes of approximately $10 billion USD. Incident Notification
Source: Cybercrime Magazine
03/17/2023
Staples-Owned Essendant Coping With Security Incident
Deerfield, Ill. based-Essendant, a Staples-owned wholesale distributor of office products, has issued a Security Incident Update on its website. "We want to provide an update on our ongoing investigation into the network outage we experienced on Mar. 6. Immediately upon discovering the incident, Essendant took systems offline to contain the incident, initiated an investigation, and engaged third party forensics and cybersecurity experts to assist in our remediation and investigative efforts. We are in contact with law enforcement about the incident and are cooperating with their investigation. Our investigation has determined that the outage was the result of a ransomware incident. An unauthorized actor has publicly claimed responsibility for this incident. We are continuing to investigate the validity of these claims." More Information
Source: Cybercrime Magazine
The Cryptocrime Scene: A Summary of recent incidents and developments
3/27/2023
Canadian Crypto King Kidnapped, Tortured In An Attempt To Get Millions In Ransom
Canada's self-described crypto king was abducted, tortured, and beaten for days as his kidnappers looked to solicit millions in ransom, his father told a court in December. New documents, obtained by CTV News Toronto, include details of the December incident where Aiden Pleterski was allegedly abducted from downtown Toronto and driven around southern Ontario for about three days. The nearly 750-page report, released on Mar. 14, also contains the latest findings in a months-long pursuit to trace millions of dollars invested into cryptocurrency and foreign exchange with the 23-year-old before he was petitioned into bankruptcy. The documents allege Pleterski invested less than two per cent of the more than $40 million handed to him. Instead, he allegedly spent nearly 38 per cent, almost $16 million, on luxury cars, private jets, and elaborate vacations. Full Story
Source: CTV News Toronto
03/20/2023
Largest Crypto ATM Manufacturer Hacked, Over $1.5 Bitcoin Stolen
Czech Republic-based General Bytes, who calls itself the world's largest blockchain, Bitcoin and cryptocurrency manufacturer, experienced a security breach on Mar. 17 and 18. A hacker liquidated 56.28 Bitcoins, which was valued at a staggering $1.5 million at the time of the attack. The stolen Bitcoins were taken from cryptocurrency ATM operators in the U.S.. The number of affected operators is between 15 and 20. On Mar. 18, the firm took to Twitter to inform the public about the incident. In a bulletin, General Bytes informed that the hacker could send funds from hot wallets, as well as download user names, their password hashes and switch off their two factor authentication. Full Story
Source: Crypto News Flash
03/18/2023
Ethereum Founder Urges Self-Custody – Recommends Use Of Multi-Sig, Social Recovery Wallets
Ethereum co-founder Vitalik Buterin took to social media to tout the benefits of using multi-sig and social recovery wallets for self-custody of crypto assets. Buterin said that self-custody is important as centralized entities can become untrustworthy and people can lose their funds without notification. However, he added that being solely responsible for the entirety of one’s security system carries inherent risks that can be minimized by using multi-sig and social recovery technology wallets. The Ethereum co-founder said he and the Ethereum Foundation use multi-sig wallets to secure most of their crypto assets. According to Buterin, multi-sig wallets — like Gnosis Safe — should be used for cold storage of crypto-assets as they require multiple keys to sign off on transactions. Full Story
Source: CryptoSlate
03/17/2023
Crypto Investment Fraud In The US Hits Record $2.57B – Up 183 Percent YoY
Cryptocurrency investment fraud in the U.S. was up almost 3x year-over-year in 2022 — making investment fraud the “costliest scheme reported,” according to the FBI’s 2022 internet crime report. Crypto investment fraud hit a record $2.57 billion in 2022, compared to $907 million in 2021 — a 183 percent increase on an annual basis. Crypto investment fraud losses made up roughly 25 percent of all money lost to online scams and fraud during 2022 and almost 90 percent of the $3.31 billion lost to online investment fraud. Crypto investment frauds were not limited to online schemes, and some scammers used fake real estate investment opportunities to steal people’s cryptocurrency. Fake employment opportunities were also used to scam people. Full Story
Source: CryptoSlate
Cybercriminals Brought to Justice: Current and Recent Arrests and Convictions
03/23/2023
Celebrities Lindsay Lohan And Jake Paul Illegally Touted Crypto Assets, SEC Says
U.S. regulators clawed back money that actress Lindsay Lohan and boxer Jake Paul earned by promoting cryptocurrencies, continuing a campaign of making examples of celebrities who tout digital assets in violation of investor-protection laws. Ms. Lohan, Mr. Paul and four other celebrities agreed to pay a combined $400,000 to settle the Securities and Exchange Commission’s investigation of their role in the promotion of crypto assets TRX and BTT. The SEC also alleged that Justin Sun, whose companies sold those digital assets, artificially boosted TRX’s trading volume in 2018 and 2019 by having his own employees buy and sell the token. Mr. Sun is a crypto entrepreneur and investor who paid $4.6 million to have dinner with Warren Buffett. The SEC sued Mr. Sun and his companies in Manhattan federal court. Full Story
Source: The Wall Street Journal
03/23/2023
Associate Of ‘Cryptoqueen’ Fraudster Arrested And Brought To US
A Bulgarian woman accused of assisting in the massive OneCoin cryptocurrency scam has been extradited to the U.S. to face charges of fraud and money laundering in a New York federal court. Irina Dilkinska, 41, was head of “legal and compliance” for OneCoin, but “accomplished the exact opposite of her job title and allegedly enabled OneCoin to launder millions of dollars of illegal proceeds through shell companies,” U.S. Attorney Damian Williams said. OneCoin, which prosecutors characterized as a pyramid scheme that took in $4 billion from victims, was co-founded by Ruja Ignatova, who remains at-large after being charged in 2017 with fraud and money laundering. The other co-founder, Karl Greenwood, pleaded guilty to similar accusations in New York in December. Full Story
Source: The Record
03/23/2023
Bangkok Hacker, Friend Nabbed For Stealing Energy Drink Prizes
Police in Thailand arrested two men, including a postgraduate student, for allegedly hacking into an energy drink producer's prize system and withdrawing the prizes through an electronic wallet. Somprasong Intararak, 29, and Watchanant Siri, 28, were arrested in their rooms in Bangkok's Bueng Kum and Bang Kapi districts this morning, Pol Maj Gen Athip Pongsiwapai, commander of the Technology Crime Suppression Division, said. The arrests followed a complaint from True Money Co that the prize system of Power Thaitanium energy drinks was hacked more than 300,000 times, and the stolen codes were then used to claim prizes through the True Money wallet system about 6,000 times. Full Story
Source: Bangkok Post
03/21/2023
Girls Do Porn Cameraman Ordered To Pay Victims More Than $100,000
The cameraman for sex trafficking ring Girls Do Porn has been ordered to pay victims more than $100,000 in total, including half of what he makes working in the prison system for his two-year sentence. As first reported by Courthouse News, U.S. District Judge Janis Sammartino ordered videographer Theodore Wilfred “Teddy” Gyi to pay $31,508.11 in restitution to one victim, and $72,341 to another. After pleading guilty to counts of conspiracy to commit sex trafficking by force, fraud, and coercion in 2021, Gyi was sentenced to four years in prison. In 2019, during a civil trial brought against Girls Do Porn by 22 women who were targeted by the group, Gyi admitted to lying to women about how their images would be used. Full Story
Source: Motherboard
03/21/2023
Crypto.Com Customer Accused Of $7M Spending Spree Granted Bail
The Crypto.com customer who was accidentally sent $6.95 million from the exchange in 2021 and then allegedly went on a spending spree has been granted bail in Australia despite $2 million funds still unaccounted for. In the Victorian County Court, prosecutors on March 20 tried to convince the judge that imprisonment would be the only way to ensure that Jatinder Singh would not flee the country. The blunder by Crypto.com came about when a Bulgarian-based employee accidentally transferred $6.95 million to his account instead of what was meant to be a $100 refund in May 2021. The Melbourne man is alleged to have bought four houses and a car with the funds, along with sending a portion overseas. Prosecutors argued that Singh is financially motivated to flee the country because only $4.9 million has been recovered, according to a report from the Herald Sun. Full Story
Source: Cointelegraph
03/20/2023
US Authorities Arrest Alleged BreachForums Owner And FBI Hacker Pompompurin
U.S. law enforcement authorities arrested the person allegedly responsible for hacking the FBI in 2021. FBI agents on Mar. 15 arrested Conor Brian Fitzpatrick on suspicion of running BreachForums. In 2021, Pompompurin took credit for compromising the agency’s email servers and sending thousands of fake cybersecurity warnings. Pompompurin is also linked to the 2022 breach of the FBI’s InfraGard network, an incident that saw the contact information of its more than 80,000 members go on sale. Separately, Pompompurin is connected to the 2021 Robinhood hack that saw the data of 7 million users compromised, and the 2022 Twitter data leak. In a sworn affidavit, one of the FBI agents involved in the arrest claims Fitzpatrick identified himself as Pompompurin and admitted to being the owner of BreachForums. The forum rose from the ashes of RaidForums, which the FBI raided and shut down last year. Full Story
Source: Engadget
03/20/2023
Atlanta Man Sentenced To Federal Prison In Connection With A Multi-Million Dollar International Cyber And Fraud Scheme
Christian Akhatsegbe has been sentenced for wire and computer fraud conspiracy, access device fraud, and aggravated identity theft related to a multi-million-dollar cyber-fraud scheme perpetrated through email phishing, credential harvesting, and invoice fraud. His brother, Emmanuel Aiye Akhatsegbe, who is believed to be residing in Nigeria, was also charged in the scheme and remains a fugitive. “The far-reaching scope of this defendant’s criminal conduct is astonishing,” said U.S. Attorney Ryan K. Buchanan. “Hiding behind several aliases, Christian Akhatsegbe and his conspirators stole employee credentials, unlawfully accessed computers, and attempted to scam companies out of more than 12 million dollars. And not content to limiting his criminal conduct to these schemes, Akhatsegbe also engaged in hundreds of thousands of dollars of COVID-19-related loan fraud. Full Story
Source: U.S. Department of Justice
03/18/2023
Massachusetts Man Sentenced In Business Email Compromise Scheme
A Framingham, Mass. man was sentenced on Mar. 9 for his role in a business email compromise (BEC) scheme. Gustaf Njei, 27, was sentenced to 27 months in prison and two years of supervised release. Njei was also ordered to pay restitution in the amount of $94,630. In Dec. 2022, Njei was convicted by a federal jury of two counts of wire fraud, one count of structuring to avoid reporting requirements, one count of unlawful monetary transactions and one count of money laundering conspiracy. Njei’s co-conspirators used hacked and spoofed email accounts to trick the victims of the BEC scheme into wiring hundreds of thousands of dollars to a bank account under Njei’s control. Njei then transferred part of the funds to a bank account located overseas, while splitting the remaining funds with a co-conspirator in the U.S. News Release
Source: U.S. Department of Justice
The Cybercrime and Privacy Landscape: A Summary of Recent Developments and News
03/28/2023
New Jersey Turns To License Plate Reader Technology To Address Rise In Auto Thefts
New Jersey Governor Phil Murphy recently announced additional funding for license plate readers in an effort to crack down on vehicle thefts. The state plans to allocate $10 million to expand the use of automated license plate readers (ALPRs), which employ high-tech cameras to scan thousands of cars’ license plates per minute and allow police to quickly identify and search for a wanted vehicle. In recent years, owing to the advancement of computing power, ALPRs have become increasingly adopted by law enforcement agencies across the country despite concerns from privacy advocates about increasing and unwanted surveillance. Law enforcement leaders have touted the technology as an essential part of modern policing in the Garden State. Full Story
Source: American Police Beat
03/28/2023
Hacker Ordered To Repay Wegmans Supermarket Customers For Orders He Made Through Their Accounts
A hacker has been ordered to repay Wegmans supermarket customers for the groceries he ordered after he broke into their online accounts. Maurice Sheftall, 24, of Brooklyn, was sentenced to three years' probation and ordered to pay $41,441 in restitution after entering his guilty plea to fraud and related activity with computers before U.S. District Judge Charles J. Siragusa. Prosecutors said Sheftall got information about more than 50 people with accounts at wegmans.com, changed their passwords and used their credit card data to place 25 orders for about $9,297 in items for himself and others between Jan. 22, 2021, and Jul. 25, 2021. Actual losses came to $41,441, and included reimbursement to customers, credit monitoring for them and the purchase of dark web monitoring to determine how Sheftall got access to their accounts. Full Story
Source: The Buffalo News
03/28/2023
White House Says 50 US Officials Targeted With Spyware As It Rolls Out New Ban Of Hacking Tools
At least 50 U.S. government officials are have been targeted by invasive commercial spyware designed to hack mobile phones, a senior U.S. administration official told reporters, revealing a far bigger number than previously known. The revelation came as The White House issued an executive order banning U.S. government agencies from using spyware that is deemed a threat to U.S. national security or are implicated in human rights abuses. A bipartisan group of U.S. lawmakers wrote to Secretary of State Antony Blinken this month urging him to form an “international coalition” to combat spyware. Such hacking tools pose “distinct and growing counterintelligence and security risks to the U.S., including to the safety and security of U.S. personnel and their families,” the senior official said in previewing the executive order. The tools also directly threaten U.S. diplomats. Full Story
Source: CNN
03/28/2023
Pwn2Own Hacker Competition Awards Over $1 Million In Vancouver
Every year, Trend Micro’s Zero Day Initiative (ZDI) hosts Pwn2Own, a hacking contest in which ethical hackers, cybersecurity professionals, and others compete. In the Pwn2Own hacking competition, security researchers demonstrate their expertise and reveal significant zero-day vulnerabilities to tech companies by hacking the newest and most popular mobile devices. The exploited equipment, as well as cash prizes, are awarded to contest winners. Following the conclusion of Pwn2Own Vancouver 2023, competitors received more than $1 million and a Tesla Model 3 for exploiting 27 zero-day vulnerabilities between Mar. 22 and 24. Security researchers targeted devices in the enterprise applications and communications, the local elevation of privilege (EoP), virtualization, servers, and automotive categories during the hacking competition. Full Story
Source: Information Security Buzz
03/28/2023
Australia's Crown Casinos Investigates As Ransomware Group Claims To Have Breached Data
Crown Resorts has revealed it was one of a number of organisations caught up in a global data breach. The casino giant was recently contacted by a ransomware group who claim they illegally obtained a number of files. “We are investigating the validity of this claim as a matter of priority,” a Crown Resorts spokesman said in a statement yesterday. The hackers claimed they had breached file transfer service GoAnywhere. “We are continuing to work with law enforcement and have notified our gaming regulators as part of the ongoing investigation and will provide relevant updates, as necessary.” It comes as Australian fintech company Latitude Financial Services revealed it had identified 14 million customer details had been stolen in a hack two weeks ago. Full Story
Source: News.com.au
03/27/2023
Parts Of Twitter Source Code Leaked Online, Company Takes Legal Action: Report
Parts of the crucial computer code that keeps Twitter up and running were leaked online, the Elon Musk-led company said in a legal filing Mar. 24. The leak came to light after the social media company took legal action to have the information about the code taken off GitHub, an online platform for software development, according to the New York Times. GitHub agreed to immediately remove the content after Twitter sent over a copyright infringement notice, though it’s unclear how long the code was online. The Times reported it appeared to have been public for several months. One concern tied to the leak is the code includes security vulnerabilities that would give hackers the chance to steal user data or take down the site, two people briefed on an internal probe Twitter is conducting told the Times. Full Story
Source: New York Post
03/27/2023
Hackers Are Stealing Gmail Messages With A Malicious Browser Extension
Gmail accounts are under attack from a malicious browser extension spread via phishing emails that targets Google Chrome, Microsoft Edge and other Chromium-based browsers. Once installed in your browser, this malicious extension is able to steal the contents of your Gmail messages and even infect the best Android phones with malware. The cybercriminals behind the campaign hail from North Korea and the Kimsuky (aka Thallium, Velvet Chollima) threat group has a history of using spear phishing for cyber-espionage in attacks targeting diplomats, journalists, government agencies, politicians and university professors. However, while the campaign started in South Korea, it has now expanded to both the U.S. and Europe. Even if you don’t have a high-profile job, you could end up accidentally installing this malicious extension and having your Gmail account compromised. Full Story
Source: Tom's Guide
03/27/2023
Australia's NGS SuperFund Hit By Cyberattack
Melbourne, Australia-based superannuation fund NGS Super has confirmed it was hit by a cyber attack earlier this month. In an email to its members, the superannuation fund said it became aware that a cyber attacker had gained access to its corporate IT system on Mar. 17. The fund said it "immediately" shut down its network after it detected the unusual activity. NGS Super describes itself as "the leading Industry SuperFund for those in the independent education and community sectors" but is open to the public, and has an estimated 112,000 members. NGS has not disclosed how many of its members had data stolen in the attack, or the type of data that was taken. The super fund has also not said who it believes to be responsible for the attack. Some members have criticised NGS on social media for not advising of the cyber attack until 10 days after it occurred. Full Story
Source: ABC News
03/25/2023
'10 Macbooks' Twitter Hack, Phishing Scam Persists
Over the past few months, a hacker or group of hackers have been stealing influential high-profile accounts. Mashable first exclusively reported on the hacks last week. Once the hacker accesses an account, they begin sharing a scam offering brand new MacBooks for well-below retail value. Mashable heard from those who fell for the scam, taken in by seeing the offer from a user they've long followed and trusted, without knowing that the account had been hacked. The victim then sends the money via a peer-to-peer payment service like Zelle, Cashapp, or Apple Pay, which does not provide buyer protection or refunds. Full Story
Source: Mashable
03/25/2023
Hackers Render Tesla Car Unsafe To Drive, Win Themselves A Model 3
A group of security researchers have, once again, proven that Tesla vehicles’ high-tech software and systems are easily exploited. At Zero Day Initiative’s Pwn2Own 2023 hacking competition this week, cybersecurity firm Synacktiv successfully cracked both Tesla’s infotainment and Gateway networks in a Model 3 car, as first reported in a Zero Day blogpost. As the “Pwn2Own” name of the contest suggests, the researchers subsequently won the vehicle—along with a combined cash prize of $350,000 for the two achievements. Though the security researchers weren’t working on an actual vehicle, the breach would’ve theoretically allowed them to open the car’s doors and front hood, per an Axios report.
Source: Gizmodo
03/25/2023
41,000 Nedbank Clients' Cellphone Numbers 'Retrieved' In Cyberattack
At least 41,000 Nedbank clients have been targeted in a cyberattack. Nedbank's head of corporate communications confirmed to TimesLIVE that about 41,000 cellphone numbers were retrieved by the hackers. The bank confirmed the incident took place between Mar. 15-18 in which attackers attempted to create fraudulent profiles (Nedbank IDs) on the Nedbank MoneyApp using valid South African identity numbers. “These identity numbers were already in the possession of the attackers and obtained from external sources" the bank said. “Personal information such as phone numbers and ID numbers can create opportunities for criminals to impersonate you... (and) use this information to trick you into disclosing your confidential banking details.” Nedbank Group is South Africa's fourth largest banking group measured by assets, and the second largest retail deposit base. Full Story
Source: TimesLIVE
03/25/2023
San Antonio's Our Lady Of The Lake University Hit By Cyberattack
Our Lady of the Lake University has confirmed its computer network was hit by a cyberattack. It plans to notify affected individuals next week. A cyberattack on the University’s computer network compromised personal data on its faculty, students and even individuals who applied to the university but never attended. The private Catholic university on San Antonio’s West Side this week confirmed that it recently found evidence that “unauthorized access” to its network occurred about Aug. 30 and that "a limited amount of personal information was removed." It declined to detail the types of information taken. OLLU, founded in 1895, has an enrollment of more than 2,700 students, and offers more than 70 undergraduate majors and minors, more than 15 master's programs and four doctoral programs. Full Story
Source: San Antonio Express
03/25/2023
Cyberabad Police In Hyderbad, India Report Massive Data Breach, Arrest Gang Members
A massive data breach that has implications for national security was unearthed by Cyberabad Police in Hyderabad, India, who arrested seven people of a gang allegedly involved in the theft and sale of sensitive data of the government and important organisations, including details of defence personnel as well as the personal and confidential data of about 16.8 crore (160 million) citizens. The accused persons were found selling more than 140 different categories of information, including details of defence personnel and the mobile numbers of citizens and NEET students, among others, Cyberabad Police Commissioner M Stephen Raveendra told reporters on Mar. 24. Seven data brokers were arrested from Delhi, police said adding that the accused had been operating through three companies (call centres) in Noida and other places. Full Story
Source: NDTV
03/24/2023
Hackers Attack Wisconsin Court System Computer Network
Hackers have attacked the Wisconsin court system’s computer network earlier this week, and network users may have experienced intermittent service or slower than usual response times from online services, court officials said yesterday. A statement said that attorneys or self-represented litigants who might experience difficulty filing documents electronically should contact the clerk of court in their respective counties, suggesting the attack was continuing yesterday afternoon. Director of State Courts Randy Koschnick said in the statement that the court system has taken effective counter measures but did not elaborate. The attack has not resulted in the breach of any data and court operations are continuing as usual statewide, state Supreme Court Chief Justice Annette Ziegler said in the statement. Full Story
Source: WEAU 13 News
03/24/2023
Cyber Thieves Swipe Worker Information At Cincinnati-Based Procter And Gamble
Procter and Gamble's dominating physical presence in downtown Cincinnati was not enough to keep cybercriminals from causing waves recently. "There's not going to be a system 100 percent secure," said Deep Ramanayake, professor of cybersecurity at Xavier University. P&G told WLWT that an incident involving an external file transfer tool it had been using called GoAnywhere allowed crooks to get "some information" about people who work for the consumer products giant. Ramanayake said hackers exploited a bug in a data transfer tool called GoAnywhere and launched a huge ransomware attack aimed at companies with huge footprints. P&G has not indicated if it's paid the hackers any money to retrieve information that was stolen from workers. Full Story
Source: WLWT 5
03/24/2023
Oak Ridge, Tenn. Malware Attack: Police Investigating As City Offices Remain Closed
As city of Oak Ridge, Tenn. employees continued to work offline because of a malware attack on the city's computer network, officials announced earlier this week they are working with law enforcement to investigate the attack. When asked if foul play was suspected, city senior communications specialist Lauren Gray said an investigation is considered standard practice for a malware attack. Offices in the Municipal Building, the Utility Business Office and the Planning and Development permit desk are closed to the public until further notice. Departments can be reached by telephone. Mar. 22 marked the third day the offices were closed to the public. City Managers described the malware assault as a "business process attack." Office employees cannot access or send email or do other work that requires the computer network. Full Story
Source: OakRidger
03/23/2023
Beloved Hacking Veteran Kelly ‘Aloria’ Lum Passes Away At 41
Kelly Lum, better known in hacking circles as Aloria, passed away on Sunday. Aloria was a veteran of the cybersecurity community, especially the one in New York, her home for many years. The Twitter account of the New York City security conference SummerCon announced her death on Monday, prompting a seemingly endless list of people to publicly mourn her loss and pay tribute to her life. According to the SummerCon official Twitter account, “Kelly did not take her own life, but passed due to progressed critical illness, in a hospitalized setting surrounded by her family.” Aloria was 41, and she’s survived by her husband. Some people remember her for her qualities as a person, and for her contributions to hacking culture, more than for her technical abilities, even though she was very knowledgeable and a remarkable cybersecurity professional. Full Story
Source: TechCrunch
03/23/2023
Personal Data Of Thousands Of Special Needs Children Exposed Online
Security researcher Jeremiah Fowler recently discovered and reported to vpnMentor a non-password protected database that contained nearly 50,000 records. The publicly exposed documents were invoices belonging to a special education and behavioral health service provider for school children. Upon further research it was identified that the records referenced a company called Encore Support Services that has offices in New York, New Jersey, and Michigan, USA. The invoices exposed contained the students’ name and address, parent’s name, the students’ OSIS number, the service provider’s name, and more. OSIS stands for Open Student Information System and is a nine-digit number that is issued to all students who attend a New York City public school. The invoices also contained the vendor’s information, EIN / SSN tax identification and billing hours from the detailed vendor payment requests. Full Story
Source: vpnMentor
03/22/2023
Credit Ratings Increasingly Looking At Cybersecurity
U.S. companies face a wide array of issues potentially impacting their ability to borrow money. In recent months, a banking crisis and high interest rates have stretched some companies thin, leading to layoffs and decreases in spending. Credit rating agencies are increasingly factoring in cybersecurity as part of their credit assessment criteria. Some companies’ credit ratings have suffered after major cyberattacks. But recent victims say that they’ve been able to bounce back by focusing on cybersecurity investments. Equifax, whose credit outlook was downgraded by Moody’s in 2019 following its 2017 data breach, said the incident was a “catalyst for change” at the company. And SolarWinds, which was hit by Russian hackers, rebounded in 2022 with a stable credit outlook. Full Story
Source: The Washington Post
03/22/2023
AI Can Fool Voice Recognition Used To Verify Identity By Centrelink And Australian Tax Office
A voice identification system used by the Australian government for millions of people has a serious security flaw, a Guardian Australia investigation has found. Centrelink and the Australian Taxation Office (ATO) both give people the option of using a “voiceprint”, along with other information, to verify their identity over the phone, allowing them to then access sensitive information from their accounts. But following reports that an AI-generated voice trained to sound like a specific person could be used to access phone-banking services overseas, Guardian Australia has confirmed that the voiceprint system can also be fooled by an AI-generated voice. Voice cloning, a relatively new technology using machine learning, is offered by a number of apps and websites either free or for a small fee, and a voice model can be created with only a handful of recordings of a person. Full Story
Source: The Guardian
03/22/2023
Zoom Awarded $3.9M To Bug Bounty Hunters In 2022
Zoom paid $3.9 million to bug bounty hunters in 2022 which means its Bug Bounty program has now surpassed $7 million in awards. The program, which began in Oct. 2021, calls on the expertise of the ethical hacking community to find vulnerabilities in Zoom’s platform. In return, Zoom provides payment which averages nearly $4,500 per bug, based on its 2021 figures (which can be higher now). To attract professional hackers, Zoom created a private program via the cybersecurity company, HackerOne, which Zoom describes as the “industry’s leading provider” for connecting with IT security professionals. Zoom’s security team is also now resolving reports at a much quicker rate than it was when its bug bounty program first started. Full Story
Source: UC Today
03/22/2023
TikTok CEO Details App Safety And Privacy Efforts In Prepared Remarks For Congress
TikTok Chief Executive Officer Shou Zi Chew plans to tell Congress his app does more to protect young users than rival social media platforms, invoking a familiar argument as he tries to head off a U.S. ban or forced sale. The app owned by Chinese internet leader ByteDance Ltd. expends a lot of effort protecting its mostly youthful contingent, Chew plans to say when he testifies before the House Energy and Commerce Committee tomorrow, according to prepared comments reviewed by Bloomberg News. That includes blocking under-16 users from sending direct messages and imposing automatic one-hour scrolling limits for those below the age of 18—a policy the company instituted just this month. Full Story
Source: TIME
03/21/2023
Is Your Kid Really In Trouble? Beware Family Emergency Voice-Cloning Scams
If you receive an unexpected phone call from a family member in trouble, be careful: The other person on the line might be a scammer using AI voice technologies to pull off an impersonation. The Federal Trade Commission is raising alarm bells about fraudsters exploiting commercially available voice-cloning software for family emergency scams. These scams have been around for years and involve the culprit impersonating a family member, typically a child or grandchild. The fraudster will then call the victim, claiming they’re in desperate need of money to resolve an emergency. The FTC now says AI-powered voice-cloning software can make the impersonation scam seem even more authentic, duping victims into handing over their funds. Full Story
Source: PCMag
03/20/2023
Long Island Venture Capital Firm Topspin Partners Hacked
Topspin Partners, a Roslyn Heights, N.Y.-based venture capital firm was the victim of a cybersecurity breach that compromised data, including Social Security numbers, according to a government filing. The firm has backed Long Island startups, including Codagenix Inc., a Farmingdale-based synthetic biology company that is testing a COVID-19 vaccine administered through the nose in a World Health Organization trial. Topspin Partners reported the breach on Mar. 12 and has said it retained legal counsel and a cybersecurity firm to investigate the attack. Personal information about investors, often wealthy individuals, typically is closely guarded by venture capital firms. Hackers can dwell in networks “for weeks to months before they are detected,” said Steve Morgan, founder of Northport-based Cybersecurity Ventures, publisher of Cybercrime Magazine. Full Story
Source: Newsday
03/18/2023
NBA Notifies Fans Of Data Breach, Warns On Phishing Attacks
The National Basketball Association has alerted its fans of a recent data breach. The data acquired may be used to conduct phishing attacks on the affected individuals. The personal data exposed was said to be held by a third-party newsletter service. It was not disclosed how many fans were affected by the cyberattack. The NBA has already hired an external cybersecurity service to resolve the issue and is working with a third-party service provider for the investigation. The association urged fans to be cautious when opening suspicious emails or communication that only appear to be from the NBA or its partners. To make sure that fans will not fall for phishing attempts, the NBA clarified that they will never ask fans for their account information, usernames, or passwords through their emails. Full Story
Source: iTECHPOST