The Sting Newsletter logo

The Sting Newsletter

Subscribe
Archives
March 28, 2023

The Sting 03/28/2023

🐝 Welcome to The Sting 🐝, your essential source for the latest cybersecurity news, insights, and expert advice from ThreatBee! Stay informed 💡 and secure 🔒 with our AI-powered solutions as we help you navigate the ever-evolving cyber landscape 🌐. Enjoy this issue! 😊


Security Alert: Recent Data Breaches and Cyberattacks

03/28/2023

Russian Hackers Strike French National Assembly Website

France's National Assembly website was brought down yesterday in a cyberattack claimed by pro-Russian hackers. "We decided to repeat our recent trip to France, where protests against [French President Emmanuel] Macron, who decided not to give a damn about the French and continues to 'serve' Ukrainian neo-Nazis, still do not subside," hacker group NoName057(16) wrote on its Telegram channel. The pro-Kremlin group is behind a string of distributed denial-of-service (DDoS) attacks in recent months, including on Polish airport and e-government websites after Warsaw delivered Leopard tanks to Ukraine, but also against targets in Denmark, the Czech Republic and Lithuania. National Assembly officials told franceinfo they couldn't confirm yet that the cyberattack came from Russian hackers but was working on "identification." Full Story

Source: Politico

03/27/2023

Cyberattack Hits Alliance Healthcare, One Of Spain's Largest Drug Wholesalers

Two weeks after a cyberattack hit the Hospital Clínic de Barcelona, another major actor in Spain's healthcare system has been affected by hackers' maneuvers. On this occasion, it has been the drug distribution chains to pharmacies that have been affected due to the problems suffered by Alliance Healthcare, as confirmed to EL PAÍS by four sources in the health sector. “The problem started on Mar. 17. The entire computer system collapsed: the website, the billing systems, the orders... The first few days they had been able to serve practically nothing, although in subsequent days they had been doing what they can", explained a pharmacist with an office in the metropolitan area of Barcelona and which requested anonymity. EL PAÍS tried unsuccessfully for several hours on Mar. 22 to connect to the company's website. Alliance Healthcare is the fourth largest medicines wholesaler in Spain. Full Story

Source: EL PAÍS

03/24/2023

Kids Coding Camp Hacked, Up To 1M Records May Have Been Stolen

Parents are still looking for answers weeks after hackers stole the personal data of thousands of users from kids’ tech coding camp iD Tech, with some fearing that their children’s data was compromised in the data breach. iD Tech, which provides on-campus classes and online tech and coding courses for kids, has yet to acknowledge the breach or notify parents. News of the data breach broke last month after a hacker on a cybercrime forum claimed to have hacked iD Tech a month earlier on Jan. 3. The hacker claimed to have stolen close to 1 million user records, including names, dates of birth, passwords stored in plaintext and about 415,000 unique email addresses, which iD Tech did not dispute when reached by email. That can equate to each parent’s account having one or more kids in classes at the tech camp. Full Story

Source: TechCrunch

03/22/2023

Czech Republic's Internet TV Provider Skylink Is Hacked

M7 Group’s Czech and Slovak operator Skylink is the victim of a cyberattack. In a note published on the Skylink CZ’s Facebook page, the operator said: “We apologise, currently we have reported a system outage (web, customer zone) due to a hacker attack. We are working intensively on the repair. We thank you for your understanding”. Skylink CZ posted the message yesterday afternoon and as of this morning its site is still down. However, Skylink SK, its Slovak site, can be opened. Skylink offers DTH and internet TV services in the Czech Republic and Slovakia. Luxembourg-based M7 Group, owned by Canal+ Group, is one of Europe’s leading Pay-TV operators offering culture and language-specific packages to over three million subscribers in eight countries: Netherlands, Belgium, Germany, Austria, Czech Republic, Slovakia, Romania and Hungary. Full Story

Source: Broadband TV News

03/18/2023

DOCOMO Pacific Confirms Cyberattack, System Restoration Ongoing

DOCOMO Pacific, the largest provider of mobile, TV, internet and phone services to the U.S. territories of Guam and the Northern Mariana Islands, has confirmed that their network experienced a "cybersecurity incident" yesterday morning, in which "some of our servers" were targeted. The company indicated that the system intrusion was isolated, without damage to their customer data, mobile network, or fiber services. Other service has been impacted, with CEO Roderick Boss writing in a press release, "We are working to restore service as soon as possible." An ETA for full system restoration could not be provided. Docomo Pacific is a wholly owned subsidiary of Japanese mobile phone operator NTT Docomo headquartered in Tamuning, Guam. Full Story

Source: KUAM News


Ransomware at Large: Current and Recent Incidents
 

03/28/2023

Australia's Crown Casinos Investigates As Ransomware Group Claims To Have Breached Data

Crown Resorts has revealed it was one of a number of organisations caught up in a global data breach. The casino giant was recently contacted by a ransomware group who claim they illegally obtained a number of files. “We are investigating the validity of this claim as a matter of priority,” a Crown Resorts spokesman said in a statement yesterday. The hackers claimed they had breached file transfer service GoAnywhere. “We are continuing to work with law enforcement and have notified our gaming regulators as part of the ongoing investigation and will provide relevant updates, as necessary.” It comes as Australian fintech company Latitude Financial Services revealed it had identified 14 million customer details had been stolen in a hack two weeks ago. Full Story

Source: News.com.au

03/25/2023

Tri Counties Bank Suffers Data Breach

Tri Counties Bank in Chico, Calif., suffered a data breach during a cybersecurity incident that took place last month, the latest fallout of an apparent ransomware attack by criminal group Black Basta. The group published photos of identity documents including passports and driver licenses it says it stole from the bank, but the total scope of the breach is unclear so far. The bank is aware of the alleged data breach and is working with third-party forensic specialists to identify what data exactly the group stole, according to Tom Kane, senior vice president and director of marketing for Tri Counties Bank. Established in 1975 and with assets of $10 billion, Tri Counties Bank is a wholly-owned subsidiary of TriCo Bancshares (NASDAQ:TCBK). Full Story

Source: American Banker

03/24/2023

Shoreline College Website Hacked; Officials Investigating

An apparent ransomware attack forced the majority of Shoreline Community College students and staff to transition to remote work this week and prompted local and federal investigations. The disruption began on Mar. 20. Although Shoreline’s campus — including the Parent Child Center — remains open, the college’s website was down as of last night, and Wi-Fi on campus was inaccessible. Classes and exams are being held in person when possible and the campus payroll system has not been affected. The college has bought mobile hot spots to help alleviate the inconvenience, but there are not enough for everyone. Officials have yet to confirm whether the ransomware attack resulted in a breach of sensitive data. About 5,000 students were enrolled at the Shoreline, Wash.- based college as of fall 2022. Full Story

Source: Seattle Times

03/24/2023

Ottawa County, Ohio Officials Working To Restore Network After Ransomware Attack

Ottawa County, Ohio officials said they are making progress toward restoration after detecting a ransomware attack on their computer network. In a statement, officials with the Ottawa County Commissioners' office said the county IT department and "nationally recognized" third-party cybersecurity consultants were working to restore operations, recover impacted systems and determine the effects of the incident. They also said they have notified law enforcement. An unauthorized party has released county-related information supposedly acquired from the compromised network, authorities said. Jong Kwan Lee, an assistant professor and chair of computer science at Bowling Green State University, said the severity of the ransomware attack depends on what information Ottawa County has stored in its system. "It could be as bad as social security numbers, phone numbers, every basically in their database. Or it could just be the names and addresses." Full Story

Source: WTOL 11

03/24/2023

Saks Fifth Avenue Becomes Latest Clop Ransomware Victim

The list of Clop ransomware victims keeps on growing, with the threat actor adding American retail icon Saks Fifth Avenue to its data leak website. While the threat actor did add the retailer’s name to the leak site, they did not provide any additional details, such as the type of data that was taken, or whom it belonged to. The company confirmed the data breach to BleepingComputer, with a spokesperson saying that it fell prey to the now-infamous GoAnywhere MFT vulnerability. GoAnywhere MFT is a popular file-sharing service developed by Fortra and used by large businesses to share sensitive files, securely. It was vulnerable to CVE-2023-0669, a pre-authentication command injection vulnerability in the License Response Servlet that allowed Clop’s members to execute malicious code, remotely. Full Story

Source: TechRadar

03/21/2023

Ferrari Hit By Ransomware Attack Exposing Customers’ Details

Ferrari has been hit by a ransomware attack which has exposed customers’ details. A message sent to owners and customers and seen by Car Dealer said the Italian sports car maker was aware of the data breach, and will work hard to rebuild trust. ‘A threat actor was able to access a limited number of systems in our IT environment,’ Ferrari CEO Benedetto Vigna said in the message yesterday. ‘As part of this incident, certain data relating to our clients was exposed including names, addresses, email addresses and telephone numbers.’ Vigna added Ferrari has begun an investigation with a ‘leading global third-party forensics firm’ and ‘have confirmed the data’s authenticity’. Hackers have also stolen data from UK dealer groups in recent months, with Arnold Clark and Pendragon being subjected to attacks. Full Story

Source: Car Dealer Magazine

03/21/2023

Hackers Target Schools In West Sussex County, South Of London

A cyberattack caused major disruption at Tanbridge House School in Horsham last week. But headteacher Mark Sheridan says ‘no compromise of sensitive information’ has been found. The attack is the third on schools in West Sussex over the past two weeks. Two schools in Chichester have been subjected to major ransomware attacks. One of them – Bishop Luffa – confirmed that hackers were holding a huge amount of sensitive data to ransom but said the school was not in a position to pay. West Sussex is a county in South East England on the English Channel coast south of London. The ceremonial county comprises the districts of Adur, Arun, Chichester, Horsham, and Mid Sussex, and the boroughs of Crawley and Worthing. Full Story

Source: Sussex World

03/20/2023

Dutch Shipping Giant Royal Dirkzwager Confirms Play Ransomware Attack

Dutch maritime logistics company Royal Dirkzwager has confirmed that it was hit with ransomware from the Play group, the latest in a string of attacks targeting the shipping industry. Company CEO Joan Blaas, who bought the company in October after it went bankrupt the month prior, told The Record the ransomware attack did not have an effect on operations but did involve the theft of data from servers that held a range of contracts and personal information. Founded in 1872, Royal Dirkzwager provides information to more than 800 organizations in the maritime industry and registers more than 200,000 ship movements a year. Blaas confirmed that the Dutch Data Protection Authority has been notified of the attack and said he is in negotiations with the cybercriminals. Full Story

Source: The Record

03/18/2023

Hitachi Energy Confirms Cybersecurity Incident

Hitachi Energy reported a cybersecurity incident Mar. 17 on its webisite. "We recently learned that a third-party software provider called FORTRA GoAnywhere MFT (Managed File Transfer) was the victim of an attack by the CLOP ransomware group that could have resulted in an unauthorized access to employee data in some countries. Employees who may be affected have been informed and we are providing support. We have also notified applicable data privacy, security and law enforcement authorities and we continue to cooperate with the relevant stakeholders." Headquartered in Switzerland, Hitachi Energy employs around 40,000 people in 90 countries and generate business volumes of approximately $10 billion USD. Incident Notification

Source: Cybercrime Magazine

03/17/2023

Staples-Owned Essendant Coping With Security Incident

Deerfield, Ill. based-Essendant, a Staples-owned wholesale distributor of office products, has issued a Security Incident Update on its website. "We want to provide an update on our ongoing investigation into the network outage we experienced on Mar. 6. Immediately upon discovering the incident, Essendant took systems offline to contain the incident, initiated an investigation, and engaged third party forensics and cybersecurity experts to assist in our remediation and investigative efforts. We are in contact with law enforcement about the incident and are cooperating with their investigation. Our investigation has determined that the outage was the result of a ransomware incident. An unauthorized actor has publicly claimed responsibility for this incident. We are continuing to investigate the validity of these claims." More Information

Source: Cybercrime Magazine


The Cryptocrime Scene: A Summary of recent incidents and developments

 

3/27/2023

Canadian Crypto King Kidnapped, Tortured In An Attempt To Get Millions In Ransom

Canada's self-described crypto king was abducted, tortured, and beaten for days as his kidnappers looked to solicit millions in ransom, his father told a court in December. New documents, obtained by CTV News Toronto, include details of the December incident where Aiden Pleterski was allegedly abducted from downtown Toronto and driven around southern Ontario for about three days. The nearly 750-page report, released on Mar. 14, also contains the latest findings in a months-long pursuit to trace millions of dollars invested into cryptocurrency and foreign exchange with the 23-year-old before he was petitioned into bankruptcy. The documents allege Pleterski invested less than two per cent of the more than $40 million handed to him. Instead, he allegedly spent nearly 38 per cent, almost $16 million, on luxury cars, private jets, and elaborate vacations. Full Story

Source: CTV News Toronto

03/20/2023

Largest Crypto ATM Manufacturer Hacked, Over $1.5 Bitcoin Stolen

Czech Republic-based General Bytes, who calls itself the world's largest blockchain, Bitcoin and cryptocurrency manufacturer, experienced a security breach on Mar. 17 and 18. A hacker liquidated 56.28 Bitcoins, which was valued at a staggering $1.5 million at the time of the attack. The stolen Bitcoins were taken from cryptocurrency ATM operators in the U.S.. The number of affected operators is between 15 and 20. On Mar. 18, the firm took to Twitter to inform the public about the incident. In a bulletin, General Bytes informed that the hacker could send funds from hot wallets, as well as download user names, their password hashes and switch off their two factor authentication. Full Story

Source: Crypto News Flash

03/18/2023

Ethereum Founder Urges Self-Custody – Recommends Use Of Multi-Sig, Social Recovery Wallets

Ethereum co-founder Vitalik Buterin took to social media to tout the benefits of using multi-sig and social recovery wallets for self-custody of crypto assets. Buterin said that self-custody is important as centralized entities can become untrustworthy and people can lose their funds without notification. However, he added that being solely responsible for the entirety of one’s security system carries inherent risks that can be minimized by using multi-sig and social recovery technology wallets. The Ethereum co-founder said he and the Ethereum Foundation use multi-sig wallets to secure most of their crypto assets. According to Buterin, multi-sig wallets — like Gnosis Safe — should be used for cold storage of crypto-assets as they require multiple keys to sign off on transactions. Full Story

Source: CryptoSlate

03/17/2023

Crypto Investment Fraud In The US Hits Record $2.57B – Up 183 Percent YoY

Cryptocurrency investment fraud in the U.S. was up almost 3x year-over-year in 2022 — making investment fraud the “costliest scheme reported,” according to the FBI’s 2022 internet crime report. Crypto investment fraud hit a record $2.57 billion in 2022, compared to $907 million in 2021 — a 183 percent increase on an annual basis. Crypto investment fraud losses made up roughly 25 percent of all money lost to online scams and fraud during 2022 and almost 90 percent of the $3.31 billion lost to online investment fraud. Crypto investment frauds were not limited to online schemes, and some scammers used fake real estate investment opportunities to steal people’s cryptocurrency. Fake employment opportunities were also used to scam people. Full Story

Source: CryptoSlate

Cybercriminals Brought to Justice: Current and Recent Arrests and Convictions

 

03/23/2023

Celebrities Lindsay Lohan And Jake Paul Illegally Touted Crypto Assets, SEC Says

U.S. regulators clawed back money that actress Lindsay Lohan and boxer Jake Paul earned by promoting cryptocurrencies, continuing a campaign of making examples of celebrities who tout digital assets in violation of investor-protection laws. Ms. Lohan, Mr. Paul and four other celebrities agreed to pay a combined $400,000 to settle the Securities and Exchange Commission’s investigation of their role in the promotion of crypto assets TRX and BTT. The SEC also alleged that Justin Sun, whose companies sold those digital assets, artificially boosted TRX’s trading volume in 2018 and 2019 by having his own employees buy and sell the token. Mr. Sun is a crypto entrepreneur and investor who paid $4.6 million to have dinner with Warren Buffett. The SEC sued Mr. Sun and his companies in Manhattan federal court. Full Story

Source: The Wall Street Journal

03/23/2023

Associate Of ‘Cryptoqueen’ Fraudster Arrested And Brought To US

A Bulgarian woman accused of assisting in the massive OneCoin cryptocurrency scam has been extradited to the U.S. to face charges of fraud and money laundering in a New York federal court. Irina Dilkinska, 41, was head of “legal and compliance” for OneCoin, but “accomplished the exact opposite of her job title and allegedly enabled OneCoin to launder millions of dollars of illegal proceeds through shell companies,” U.S. Attorney Damian Williams said. OneCoin, which prosecutors characterized as a pyramid scheme that took in $4 billion from victims, was co-founded by Ruja Ignatova, who remains at-large after being charged in 2017 with fraud and money laundering. The other co-founder, Karl Greenwood, pleaded guilty to similar accusations in New York in December. Full Story

Source: The Record

03/23/2023

Bangkok Hacker, Friend Nabbed For Stealing Energy Drink Prizes

Police in Thailand arrested two men, including a postgraduate student, for allegedly hacking into an energy drink producer's prize system and withdrawing the prizes through an electronic wallet. Somprasong Intararak, 29, and Watchanant Siri, 28, were arrested in their rooms in Bangkok's Bueng Kum and Bang Kapi districts this morning, Pol Maj Gen Athip Pongsiwapai, commander of the Technology Crime Suppression Division, said. The arrests followed a complaint from True Money Co that the prize system of Power Thaitanium energy drinks was hacked more than 300,000 times, and the stolen codes were then used to claim prizes through the True Money wallet system about 6,000 times. Full Story

Source: Bangkok Post

03/21/2023

Girls Do Porn Cameraman Ordered To Pay Victims More Than $100,000

The cameraman for sex trafficking ring Girls Do Porn has been ordered to pay victims more than $100,000 in total, including half of what he makes working in the prison system for his two-year sentence. As first reported by Courthouse News, U.S. District Judge Janis Sammartino ordered videographer Theodore Wilfred “Teddy” Gyi to pay $31,508.11 in restitution to one victim, and $72,341 to another. After pleading guilty to counts of conspiracy to commit sex trafficking by force, fraud, and coercion in 2021, Gyi was sentenced to four years in prison. In 2019, during a civil trial brought against Girls Do Porn by 22 women who were targeted by the group, Gyi admitted to lying to women about how their images would be used. Full Story

Source: Motherboard

03/21/2023

Crypto.Com Customer Accused Of $7M Spending Spree Granted Bail

The Crypto.com customer who was accidentally sent $6.95 million from the exchange in 2021 and then allegedly went on a spending spree has been granted bail in Australia despite $2 million funds still unaccounted for. In the Victorian County Court, prosecutors on March 20 tried to convince the judge that imprisonment would be the only way to ensure that Jatinder Singh would not flee the country. The blunder by Crypto.com came about when a Bulgarian-based employee accidentally transferred $6.95 million to his account instead of what was meant to be a $100 refund in May 2021. The Melbourne man is alleged to have bought four houses and a car with the funds, along with sending a portion overseas. Prosecutors argued that Singh is financially motivated to flee the country because only $4.9 million has been recovered, according to a report from the Herald Sun. Full Story

Source: Cointelegraph

03/20/2023

US Authorities Arrest Alleged BreachForums Owner And FBI Hacker Pompompurin

U.S. law enforcement authorities arrested the person allegedly responsible for hacking the FBI in 2021. FBI agents on Mar. 15 arrested Conor Brian Fitzpatrick on suspicion of running BreachForums. In 2021, Pompompurin took credit for compromising the agency’s email servers and sending thousands of fake cybersecurity warnings. Pompompurin is also linked to the 2022 breach of the FBI’s InfraGard network, an incident that saw the contact information of its more than 80,000 members go on sale. Separately, Pompompurin is connected to the 2021 Robinhood hack that saw the data of 7 million users compromised, and the 2022 Twitter data leak. In a sworn affidavit, one of the FBI agents involved in the arrest claims Fitzpatrick identified himself as Pompompurin and admitted to being the owner of BreachForums. The forum rose from the ashes of RaidForums, which the FBI raided and shut down last year. Full Story

Source: Engadget

03/20/2023

Atlanta Man Sentenced To Federal Prison In Connection With A Multi-Million Dollar International Cyber And Fraud Scheme

Christian Akhatsegbe has been sentenced for wire and computer fraud conspiracy, access device fraud, and aggravated identity theft related to a multi-million-dollar cyber-fraud scheme perpetrated through email phishing, credential harvesting, and invoice fraud. His brother, Emmanuel Aiye Akhatsegbe, who is believed to be residing in Nigeria, was also charged in the scheme and remains a fugitive. “The far-reaching scope of this defendant’s criminal conduct is astonishing,” said U.S. Attorney Ryan K. Buchanan. “Hiding behind several aliases, Christian Akhatsegbe and his conspirators stole employee credentials, unlawfully accessed computers, and attempted to scam companies out of more than 12 million dollars. And not content to limiting his criminal conduct to these schemes, Akhatsegbe also engaged in hundreds of thousands of dollars of COVID-19-related loan fraud. Full Story

Source: U.S. Department of Justice

03/18/2023

Massachusetts Man Sentenced In Business Email Compromise Scheme

A Framingham, Mass. man was sentenced on Mar. 9 for his role in a business email compromise (BEC) scheme. Gustaf Njei, 27, was sentenced to 27 months in prison and two years of supervised release. Njei was also ordered to pay restitution in the amount of $94,630. In Dec. 2022, Njei was convicted by a federal jury of two counts of wire fraud, one count of structuring to avoid reporting requirements, one count of unlawful monetary transactions and one count of money laundering conspiracy. Njei’s co-conspirators used hacked and spoofed email accounts to trick the victims of the BEC scheme into wiring hundreds of thousands of dollars to a bank account under Njei’s control. Njei then transferred part of the funds to a bank account located overseas, while splitting the remaining funds with a co-conspirator in the U.S. News Release

Source: U.S. Department of Justice

 

The Cybercrime and Privacy Landscape: A Summary of Recent Developments and News

03/28/2023

New Jersey Turns To License Plate Reader Technology To Address Rise In Auto Thefts

New Jersey Governor Phil Murphy recently announced additional funding for license plate readers in an effort to crack down on vehicle thefts. The state plans to allocate $10 million to expand the use of automated license plate readers (ALPRs), which employ high-tech cameras to scan thousands of cars’ license plates per minute and allow police to quickly identify and search for a wanted vehicle. In recent years, owing to the advancement of computing power, ALPRs have become increasingly adopted by law enforcement agencies across the country despite concerns from privacy advocates about increasing and unwanted surveillance. Law enforcement leaders have touted the technology as an essential part of modern policing in the Garden State. Full Story

Source: American Police Beat

03/28/2023

Hacker Ordered To Repay Wegmans Supermarket Customers For Orders He Made Through Their Accounts

A hacker has been ordered to repay Wegmans supermarket customers for the groceries he ordered after he broke into their online accounts. Maurice Sheftall, 24, of Brooklyn, was sentenced to three years' probation and ordered to pay $41,441 in restitution after entering his guilty plea to fraud and related activity with computers before U.S. District Judge Charles J. Siragusa. Prosecutors said Sheftall got information about more than 50 people with accounts at wegmans.com, changed their passwords and used their credit card data to place 25 orders for about $9,297 in items for himself and others between Jan. 22, 2021, and Jul. 25, 2021. Actual losses came to $41,441, and included reimbursement to customers, credit monitoring for them and the purchase of dark web monitoring to determine how Sheftall got access to their accounts. Full Story

Source: The Buffalo News

03/28/2023

White House Says 50 US Officials Targeted With Spyware As It Rolls Out New Ban Of Hacking Tools

At least 50 U.S. government officials are have been targeted by invasive commercial spyware designed to hack mobile phones, a senior U.S. administration official told reporters, revealing a far bigger number than previously known. The revelation came as The White House issued an executive order banning U.S. government agencies from using spyware that is deemed a threat to U.S. national security or are implicated in human rights abuses. A bipartisan group of U.S. lawmakers wrote to Secretary of State Antony Blinken this month urging him to form an “international coalition” to combat spyware. Such hacking tools pose “distinct and growing counterintelligence and security risks to the U.S., including to the safety and security of U.S. personnel and their families,” the senior official said in previewing the executive order. The tools also directly threaten U.S. diplomats. Full Story

Source: CNN

03/28/2023

Pwn2Own Hacker Competition Awards Over $1 Million In Vancouver

Every year, Trend Micro’s Zero Day Initiative (ZDI) hosts Pwn2Own, a hacking contest in which ethical hackers, cybersecurity professionals, and others compete. In the Pwn2Own hacking competition, security researchers demonstrate their expertise and reveal significant zero-day vulnerabilities to tech companies by hacking the newest and most popular mobile devices. The exploited equipment, as well as cash prizes, are awarded to contest winners. Following the conclusion of Pwn2Own Vancouver 2023, competitors received more than $1 million and a Tesla Model 3 for exploiting 27 zero-day vulnerabilities between Mar. 22 and 24. Security researchers targeted devices in the enterprise applications and communications, the local elevation of privilege (EoP), virtualization, servers, and automotive categories during the hacking competition. Full Story

Source: Information Security Buzz

03/28/2023

Australia's Crown Casinos Investigates As Ransomware Group Claims To Have Breached Data

Crown Resorts has revealed it was one of a number of organisations caught up in a global data breach. The casino giant was recently contacted by a ransomware group who claim they illegally obtained a number of files. “We are investigating the validity of this claim as a matter of priority,” a Crown Resorts spokesman said in a statement yesterday. The hackers claimed they had breached file transfer service GoAnywhere. “We are continuing to work with law enforcement and have notified our gaming regulators as part of the ongoing investigation and will provide relevant updates, as necessary.” It comes as Australian fintech company Latitude Financial Services revealed it had identified 14 million customer details had been stolen in a hack two weeks ago. Full Story

Source: News.com.au

03/27/2023

Parts Of Twitter Source Code Leaked Online, Company Takes Legal Action: Report

Parts of the crucial computer code that keeps Twitter up and running were leaked online, the Elon Musk-led company said in a legal filing Mar. 24. The leak came to light after the social media company took legal action to have the information about the code taken off GitHub, an online platform for software development, according to the New York Times. GitHub agreed to immediately remove the content after Twitter sent over a copyright infringement notice, though it’s unclear how long the code was online. The Times reported it appeared to have been public for several months. One concern tied to the leak is the code includes security vulnerabilities that would give hackers the chance to steal user data or take down the site, two people briefed on an internal probe Twitter is conducting told the Times. Full Story

Source: New York Post

03/27/2023

Hackers Are Stealing Gmail Messages With A Malicious Browser Extension

Gmail accounts are under attack from a malicious browser extension spread via phishing emails that targets Google Chrome, Microsoft Edge and other Chromium-based browsers. Once installed in your browser, this malicious extension is able to steal the contents of your Gmail messages and even infect the best Android phones with malware. The cybercriminals behind the campaign hail from North Korea and the Kimsuky (aka Thallium, Velvet Chollima) threat group has a history of using spear phishing for cyber-espionage in attacks targeting diplomats, journalists, government agencies, politicians and university professors. However, while the campaign started in South Korea, it has now expanded to both the U.S. and Europe. Even if you don’t have a high-profile job, you could end up accidentally installing this malicious extension and having your Gmail account compromised. Full Story

Source: Tom's Guide

03/27/2023

Australia's NGS SuperFund Hit By Cyberattack

Melbourne, Australia-based superannuation fund NGS Super has confirmed it was hit by a cyber attack earlier this month. In an email to its members, the superannuation fund said it became aware that a cyber attacker had gained access to its corporate IT system on Mar. 17. The fund said it "immediately" shut down its network after it detected the unusual activity. NGS Super describes itself as "the leading Industry SuperFund for those in the independent education and community sectors" but is open to the public, and has an estimated 112,000 members. NGS has not disclosed how many of its members had data stolen in the attack, or the type of data that was taken. The super fund has also not said who it believes to be responsible for the attack. Some members have criticised NGS on social media for not advising of the cyber attack until 10 days after it occurred. Full Story

Source: ABC News

03/25/2023

'10 Macbooks' Twitter Hack, Phishing Scam Persists

Over the past few months, a hacker or group of hackers have been stealing influential high-profile accounts. Mashable first exclusively reported on the hacks last week. Once the hacker accesses an account, they begin sharing a scam offering brand new MacBooks for well-below retail value. Mashable heard from those who fell for the scam, taken in by seeing the offer from a user they've long followed and trusted, without knowing that the account had been hacked. The victim then sends the money via a peer-to-peer payment service like Zelle, Cashapp, or Apple Pay, which does not provide buyer protection or refunds. Full Story

Source: Mashable

03/25/2023

Hackers Render Tesla Car Unsafe To Drive, Win Themselves A Model 3

A group of security researchers have, once again, proven that Tesla vehicles’ high-tech software and systems are easily exploited. At Zero Day Initiative’s Pwn2Own 2023 hacking competition this week, cybersecurity firm Synacktiv successfully cracked both Tesla’s infotainment and Gateway networks in a Model 3 car, as first reported in a Zero Day blogpost. As the “Pwn2Own” name of the contest suggests, the researchers subsequently won the vehicle—along with a combined cash prize of $350,000 for the two achievements. Though the security researchers weren’t working on an actual vehicle, the breach would’ve theoretically allowed them to open the car’s doors and front hood, per an Axios report.

Source: Gizmodo

03/25/2023

41,000 Nedbank Clients' Cellphone Numbers 'Retrieved' In Cyberattack

At least 41,000 Nedbank clients have been targeted in a cyberattack. Nedbank's head of corporate communications confirmed to TimesLIVE that about 41,000 cellphone numbers were retrieved by the hackers. The bank confirmed the incident took place between Mar. 15-18 in which attackers attempted to create fraudulent profiles (Nedbank IDs) on the Nedbank MoneyApp using valid South African identity numbers. “These identity numbers were already in the possession of the attackers and obtained from external sources" the bank said. “Personal information such as phone numbers and ID numbers can create opportunities for criminals to impersonate you... (and) use this information to trick you into disclosing your confidential banking details.” Nedbank Group is South Africa's fourth largest banking group measured by assets, and the second largest retail deposit base. Full Story

Source: TimesLIVE

03/25/2023

San Antonio's Our Lady Of The Lake University Hit By Cyberattack

Our Lady of the Lake University has confirmed its computer network was hit by a cyberattack. It plans to notify affected individuals next week. A cyberattack on the University’s computer network compromised personal data on its faculty, students and even individuals who applied to the university but never attended. The private Catholic university on San Antonio’s West Side this week confirmed that it recently found evidence that “unauthorized access” to its network occurred about Aug. 30 and that "a limited amount of personal information was removed." It declined to detail the types of information taken. OLLU, founded in 1895, has an enrollment of more than 2,700 students, and offers more than 70 undergraduate majors and minors, more than 15 master's programs and four doctoral programs. Full Story

Source: San Antonio Express

03/25/2023

Cyberabad Police In Hyderbad, India Report Massive Data Breach, Arrest Gang Members

A massive data breach that has implications for national security was unearthed by Cyberabad Police in Hyderabad, India, who arrested seven people of a gang allegedly involved in the theft and sale of sensitive data of the government and important organisations, including details of defence personnel as well as the personal and confidential data of about 16.8 crore (160 million) citizens. The accused persons were found selling more than 140 different categories of information, including details of defence personnel and the mobile numbers of citizens and NEET students, among others, Cyberabad Police Commissioner M Stephen Raveendra told reporters on Mar. 24. Seven data brokers were arrested from Delhi, police said adding that the accused had been operating through three companies (call centres) in Noida and other places. Full Story

Source: NDTV

03/24/2023

Hackers Attack Wisconsin Court System Computer Network

Hackers have attacked the Wisconsin court system’s computer network earlier this week, and network users may have experienced intermittent service or slower than usual response times from online services, court officials said yesterday. A statement said that attorneys or self-represented litigants who might experience difficulty filing documents electronically should contact the clerk of court in their respective counties, suggesting the attack was continuing yesterday afternoon. Director of State Courts Randy Koschnick said in the statement that the court system has taken effective counter measures but did not elaborate. The attack has not resulted in the breach of any data and court operations are continuing as usual statewide, state Supreme Court Chief Justice Annette Ziegler said in the statement. Full Story

Source: WEAU 13 News

03/24/2023

Cyber Thieves Swipe Worker Information At Cincinnati-Based Procter And Gamble

Procter and Gamble's dominating physical presence in downtown Cincinnati was not enough to keep cybercriminals from causing waves recently. "There's not going to be a system 100 percent secure," said Deep Ramanayake, professor of cybersecurity at Xavier University. P&G told WLWT that an incident involving an external file transfer tool it had been using called GoAnywhere allowed crooks to get "some information" about people who work for the consumer products giant. Ramanayake said hackers exploited a bug in a data transfer tool called GoAnywhere and launched a huge ransomware attack aimed at companies with huge footprints. P&G has not indicated if it's paid the hackers any money to retrieve information that was stolen from workers. Full Story

Source: WLWT 5

03/24/2023

Oak Ridge, Tenn. Malware Attack: Police Investigating As City Offices Remain Closed

As city of Oak Ridge, Tenn. employees continued to work offline because of a malware attack on the city's computer network, officials announced earlier this week they are working with law enforcement to investigate the attack. When asked if foul play was suspected, city senior communications specialist Lauren Gray said an investigation is considered standard practice for a malware attack. Offices in the Municipal Building, the Utility Business Office and the Planning and Development permit desk are closed to the public until further notice. Departments can be reached by telephone. Mar. 22 marked the third day the offices were closed to the public. City Managers described the malware assault as a "business process attack." Office employees cannot access or send email or do other work that requires the computer network. Full Story

Source: OakRidger

03/23/2023

Beloved Hacking Veteran Kelly ‘Aloria’ Lum Passes Away At 41

Kelly Lum, better known in hacking circles as Aloria, passed away on Sunday. Aloria was a veteran of the cybersecurity community, especially the one in New York, her home for many years. The Twitter account of the New York City security conference SummerCon announced her death on Monday, prompting a seemingly endless list of people to publicly mourn her loss and pay tribute to her life. According to the SummerCon official Twitter account, “Kelly did not take her own life, but passed due to progressed critical illness, in a hospitalized setting surrounded by her family.” Aloria was 41, and she’s survived by her husband. Some people remember her for her qualities as a person, and for her contributions to hacking culture, more than for her technical abilities, even though she was very knowledgeable and a remarkable cybersecurity professional. Full Story

Source: TechCrunch

03/23/2023

Personal Data Of Thousands Of Special Needs Children Exposed Online

Security researcher Jeremiah Fowler recently discovered and reported to vpnMentor a non-password protected database that contained nearly 50,000 records. The publicly exposed documents were invoices belonging to a special education and behavioral health service provider for school children. Upon further research it was identified that the records referenced a company called Encore Support Services that has offices in New York, New Jersey, and Michigan, USA. The invoices exposed contained the students’ name and address, parent’s name, the students’ OSIS number, the service provider’s name, and more. OSIS stands for Open Student Information System and is a nine-digit number that is issued to all students who attend a New York City public school. The invoices also contained the vendor’s information, EIN / SSN tax identification and billing hours from the detailed vendor payment requests. Full Story

Source: vpnMentor

03/22/2023

Credit Ratings Increasingly Looking At Cybersecurity

U.S. companies face a wide array of issues potentially impacting their ability to borrow money. In recent months, a banking crisis and high interest rates have stretched some companies thin, leading to layoffs and decreases in spending. Credit rating agencies are increasingly factoring in cybersecurity as part of their credit assessment criteria. Some companies’ credit ratings have suffered after major cyberattacks. But recent victims say that they’ve been able to bounce back by focusing on cybersecurity investments. Equifax, whose credit outlook was downgraded by Moody’s in 2019 following its 2017 data breach, said the incident was a “catalyst for change” at the company. And SolarWinds, which was hit by Russian hackers, rebounded in 2022 with a stable credit outlook. Full Story

Source: The Washington Post

03/22/2023

AI Can Fool Voice Recognition Used To Verify Identity By Centrelink And Australian Tax Office

A voice identification system used by the Australian government for millions of people has a serious security flaw, a Guardian Australia investigation has found. Centrelink and the Australian Taxation Office (ATO) both give people the option of using a “voiceprint”, along with other information, to verify their identity over the phone, allowing them to then access sensitive information from their accounts. But following reports that an AI-generated voice trained to sound like a specific person could be used to access phone-banking services overseas, Guardian Australia has confirmed that the voiceprint system can also be fooled by an AI-generated voice. Voice cloning, a relatively new technology using machine learning, is offered by a number of apps and websites either free or for a small fee, and a voice model can be created with only a handful of recordings of a person. Full Story

Source: The Guardian

03/22/2023

Zoom Awarded $3.9M To Bug Bounty Hunters In 2022

Zoom paid $3.9 million to bug bounty hunters in 2022 which means its Bug Bounty program has now surpassed $7 million in awards. The program, which began in Oct. 2021, calls on the expertise of the ethical hacking community to find vulnerabilities in Zoom’s platform. In return, Zoom provides payment which averages nearly $4,500 per bug, based on its 2021 figures (which can be higher now). To attract professional hackers, Zoom created a private program via the cybersecurity company, HackerOne, which Zoom describes as the “industry’s leading provider” for connecting with IT security professionals. Zoom’s security team is also now resolving reports at a much quicker rate than it was when its bug bounty program first started. Full Story

Source: UC Today

03/22/2023

TikTok CEO Details App Safety And Privacy Efforts In Prepared Remarks For Congress

TikTok Chief Executive Officer Shou Zi Chew plans to tell Congress his app does more to protect young users than rival social media platforms, invoking a familiar argument as he tries to head off a U.S. ban or forced sale. The app owned by Chinese internet leader ByteDance Ltd. expends a lot of effort protecting its mostly youthful contingent, Chew plans to say when he testifies before the House Energy and Commerce Committee tomorrow, according to prepared comments reviewed by Bloomberg News. That includes blocking under-16 users from sending direct messages and imposing automatic one-hour scrolling limits for those below the age of 18—a policy the company instituted just this month. Full Story

Source: TIME

 

03/21/2023

Is Your Kid Really In Trouble? Beware Family Emergency Voice-Cloning Scams

If you receive an unexpected phone call from a family member in trouble, be careful: The other person on the line might be a scammer using AI voice technologies to pull off an impersonation. The Federal Trade Commission is raising alarm bells about fraudsters exploiting commercially available voice-cloning software for family emergency scams. These scams have been around for years and involve the culprit impersonating a family member, typically a child or grandchild. The fraudster will then call the victim, claiming they’re in desperate need of money to resolve an emergency. The FTC now says AI-powered voice-cloning software can make the impersonation scam seem even more authentic, duping victims into handing over their funds. Full Story

Source: PCMag

03/20/2023

Long Island Venture Capital Firm Topspin Partners Hacked

Topspin Partners, a Roslyn Heights, N.Y.-based venture capital firm was the victim of a cybersecurity breach that compromised data, including Social Security numbers, according to a government filing. The firm has backed Long Island startups, including Codagenix Inc., a Farmingdale-based synthetic biology company that is testing a COVID-19 vaccine administered through the nose in a World Health Organization trial. Topspin Partners reported the breach on Mar. 12 and has said it retained legal counsel and a cybersecurity firm to investigate the attack. Personal information about investors, often wealthy individuals, typically is closely guarded by venture capital firms. Hackers can dwell in networks “for weeks to months before they are detected,” said Steve Morgan, founder of Northport-based Cybersecurity Ventures, publisher of Cybercrime Magazine. Full Story

Source: Newsday

03/18/2023

NBA Notifies Fans Of Data Breach, Warns On Phishing Attacks

The National Basketball Association has alerted its fans of a recent data breach. The data acquired may be used to conduct phishing attacks on the affected individuals. The personal data exposed was said to be held by a third-party newsletter service. It was not disclosed how many fans were affected by the cyberattack. The NBA has already hired an external cybersecurity service to resolve the issue and is working with a third-party service provider for the investigation. The association urged fans to be cautious when opening suspicious emails or communication that only appear to be from the NBA or its partners. To make sure that fans will not fall for phishing attempts, the NBA clarified that they will never ask fans for their account information, usernames, or passwords through their emails. Full Story

Source: iTECHPOST

That's a wrap for this edition of The Sting! 🐝 Remember, at ThreatBee, we're here to help you stay safe in the digital world 🌐. Our cybersecurity services, including security assessments 🔍 and data monitoring 📊, are designed to protect you and your business from threats. Don't hesitate to reach out if you need assistance or have any questions. Stay secure, and see you in the next issue! 🔒💼✨

Don't miss what's next. Subscribe to The Sting Newsletter:
facebook
Powered by Buttondown, the easiest way to start and grow your newsletter.