Carbon Chemist

Tag: security roundup

  • Hackers Threaten to Leak Planned Parenthood Data

    Hackers Threaten to Leak Planned Parenthood Data

    [ad_1]

    Even those of you who do everything you can to secure those secrets can find yourself vulnerable—especially if you’re using a YubiKey 5 authentication token. The multifactor authentication devices can be cloned thanks to a cryptographic flaw that can’t be patched. The company has rolled out some mitigation measures—and the attack itself is relatively difficult to pull off. But it may be time to invest in a new dongle.

    That’s not all, folks. Each week, we round up the privacy and security news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

    At the end of August, cybercriminals from the ransomware group RansomHub appear to have hacked into the systems of Planned Parenthood’s Montana branch. The organization this week confirmed it had suffered from a “cybersecurity incident” on August 28 and said its staff immediately took parts of its network offline, reporting the incident to law enforcement.

    Days after the incident took place, RansomHub claimed to be behind the attack, posting Planned Parenthood on its leak website. The criminal group said it would publish 93 GB of data. It is unclear what, if anything, the ransomware group has obtained, but Planned Parenthood clinics can hold a huge array of highly sensitive data about patients, including information on abortion appointments. (Around 400,000 Planned Parenthood patients in Los Angeles were impacted following a similar ransomware incident in 2021.)

    In recent months, RansomHub has emerged as one of the most active ransomware-as-a-service groups, following the law enforcement disruption of LockBit. According to an FBI and Cybersecurity and Infrastructure Security Agency alert at the end of August, the group is “efficient and successful” and has stolen data from at least 210 victims since it formed in February. “The affiliates leverage a double-extortion model by encrypting systems and exfiltrating data to extort victims,” the alert said.

    The Nigeria-based scammers known as the Yahoo Boys run almost every scam in the playbook—from romance scams to pretending to be FBI agents. Yet there’s little-more devious than the increase in sextortion cases linked to the West African scammers. This week, Nigerian brothers Samuel Ogoshi and Samson Ogoshi were sentenced to more than 17 years in US jail for running sextortion scams, following their extradition earlier this year. It is the first time Nigerian scammers have been prosecuted for sextortion in the US, the BBC reported.

    The Ogoshi brothers, who pleaded guilty in April, have been linked to the death of 17-year-old Jordan DeMay, who took his life six hours after he started talking to the scammers, who posed as a girl, on Instagram. The teenager had been duped into sending the brothers explicit images, and after he had done so, they threatened to post the images online unless he paid them hundreds of dollars. US prosecutors said the brothers sexually exploited and extorted more than 100 victims, with at least 11 of them being minors. There has been a huge spike in sextortion cases in recent years.

    In June, the US Commerce Department banned the sale of Kaspersky’s antivirus tools over national security concerns about its links to the Russian government. (Kaspersky has, for years, denied connections). The firm later fired its workers and said it was closing its US business. This week, cybersecurity company Pango Group announced it is purchasing Kaspersky Lab’s US antivirus customers, according to Axios. This equates to around 1 million customers, who will be transitioned to Pango’s antivirus software Ultra AV. Ahead of the Kaspersky deal, parent company Aura also announced it was spinning out Pango Group into its own business. Pango’s president said customers would not need to take any action and that it would allow subscribers to continue to receive updates after September 29, when Kaspersky updates will stop.

    For years, the EU has been trying to introduce new child protection laws that would require private chats to be scanned for child sexual abuse material—something that would potentially undermine encrypted messaging apps that provide everyday privacy to billions of people. The plans have been highly controversial and were shelved earlier this year. However, the proposed law, which has been dubbed “chat control,” reappeared in legislators’ in-trays this week. The Council of the EU, which is currently chaired by Hungary, wants to pass legislation by October, but reports say strong resistance to the plans still remain.

    [ad_2]

    Source link

  • Taylor Swift Concert Terror Plot Was Thwarted by Key CIA Tip

    Taylor Swift Concert Terror Plot Was Thwarted by Key CIA Tip

    [ad_1]

    Pavel Durov, the founder and CEO of the communication app Telegram, was arrested in France on Saturday as part of an investigation into his and Telegram’s alleged failure to moderate illegal content on the platform, among other allegations. After being detained for four days, he was charged on Wednesday evening, barred from leaving France, and released on the condition of posting a €5 million ($5.5 million) bail and reporting to a French police station twice a week. The Paris prosecutor’s office said on Wednesday that Durov faces complicity charges related to child sexual abuse material and drug trafficking, as well charges for importing cryptology without prior declaration, and a “near-total absence” of cooperation with French authorities.

    “Nudify” deepfake websites that generate images of people’s naked bodies without their consent have been incorporating mainstream single sign-on authentication systems into their websites, a WIRED investigation found. Discord and Apple are terminating some developers’ accounts over this usage.

    Microsoft published research on Wednesday about a new multistage backdoor that the notorious Iranian hacking group APT 33 or Peach Sandstorm has been using to target victims in sectors including satellite, communications equipment, and oil and gas. And Google researchers found that suspected Russian hackers compromised Mongolian government websites between November 2023 and July 2024 and then infected vulnerable users who visited the sites with malware. Crucially, the attackers compromised targets using exploits that were identical or very similar to hacking tools created by the commercial spyware vendors NSO Group and Intellexa.

    And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

    The US Central Intelligence Agency provided Austrian law enforcement with crucial intelligence that led to the arrest of suspects who were allegedly plotting to attack Taylor Swift concerts in Austria at the beginning of the month. All three of the singer’s planned concerts were canceled at Vienna’s Ernst Happel Stadium because of the threat. CIA deputy director David Cohen said at the Insa intelligence conference on Wednesday, “Within my agency and others there were people who thought that was a really good day for Langley and not just the Swifties in my workforce.”

    The central suspect is a 19-year-old Austrian of North Macedonian background who reportedly made a full confession. Austrian law enforcement also arrested an 18-year-old and a 17-year-old in relation to the plot. Cops also reportedly interrogated a 15-year-old. The plot was allegedly inspired by the Islamic State and included plans to attack fans outside the venue with knives or explosives. Earlier this month, Austrian interior minister Gerhard Karner said foreign intelligence agencies contributed to the investigation because Austrian law bars text message surveillance.

    “They were plotting to kill a huge number, tens of thousands of people at this concert, including I am sure many Americans, and were quite advanced in this,” the CIA’s Cohen said at the conference. “The Austrians were able to make those arrests because the agency and our partners in the intelligence community provided them information about what this ISIS-connected group was planning to do.”

    Hackers who may be backed by the Chinese government have been exploiting a recently patched vulnerability in network management virtualization software known as Versa Director to compromise at least four US-based internet service providers and steal authentication credentials used by their customers. Researchers from Lumen’s Black Lotus Labs, said on Thursday that the attacks began as early as June 12 and are likely still going on. Hackers exploit the Versa Director vulnerability to install remote access malware that Lumen dubbed allow “VersaMem.”

    “Given the severity of the vulnerability, the implications of compromised Versa Director systems, and the time that has now elapsed to allow Versa customers to patch the vulnerability, Black Lotus Labs felt it was appropriate to release this information at this time,” the researchers wrote in a blog post. “Lumen Technologies shared threat intelligence to warn appropriate US government agencies of the emerging risks that could impact our nation’s strategic assets.”

    The movie studio coalition known as the Alliance for Creativity and Entertainment said on Thursday that Hanoi police have investigated and taken down the Vietnam-based pirate streaming service Fmovies and its affiliates. The working group said it collaborated with law enforcement and provided information about Fmovies, which it called “the largest pirate streaming operation in the world.” The group added that Fmovies and its affiliate sites—which included bflixz, flixtorz, movies7, myflixer, and aniwave—had more than 6.7 billion visits between January 2023 and June 2024. The law enforcement operation also led to the takedown of video hosting provider Vidsrc.to and its affiliates because these services were allegedly “operated by the same suspects.” Hanoi police have arrested two men in connection with the case.

    Following a digital attack against dozens of French museums during the Olympic Games earlier this month, the ransomware gang known as Brain Cipher has claimed responsibility for the hacks and is threatening to leak 300 GB of stolen data from the museums. Le Grand Palais and dozens of other French national museums and cultural organizations are overseen by Réunion des Musées Nationaux – Grand Palais and reportedly all use some shared digital infrastructure, which the attackers targeted.

    [ad_2]

    Source link

  • The US Navy Has Run Out of Pants

    The US Navy Has Run Out of Pants

    [ad_1]

    The United States Defense Department has ideas about a dramatic strategy for defending Taiwan against a Chinese military offensive that would involve deploying an “unmanned hellscape” consisting of thousands of drones buzzing around the island nation. Meanwhile, the US National Institute of Standards and Technology announced a red-team hacking competition this week with the AI ethics nonprofit Humane Intelligence to find flaws and biases in generative AI systems.

    WIRED took a closer look at the Telegram channel and website known as Deep State that uses public data and secret intelligence to power its live-tracker map of Ukraine’s evolving front line. Protesters went to Citi Field in New York on Wednesday to raise awareness about the serious privacy risks of deploying facial recognition systems at sporting venues. The technology has increasingly been implemented at stadiums and arenas across the country with little oversight. And Amazon Web Services updated its instructions for how customers should implement authentication in its Application Load Balancer, after researchers found an implementation issue that they say could expose misconfigured web apps.

    But wait, there’s more! Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

    US Navy officials confirmed to Military.com this week that pants for the standard Navy Working Uniform (NWU) are out of stock at Navy Exchanges and are in perilously low supply across the sea service’s distribution channels. The Navy’s Exchange Service Command is “experiencing severe shortages of NWU trousers” both in stores and online, according to spokesperson Courtney Williams. Sailors have been noticing out-of-stock notifications online, which state that pants are “not available for purchase in any size.” Williams said that current stock around the world is at 13 percent and that the top priority right now is providing pants to new recruits at Recruit Training Command in Illinois, the Naval Academy Preparatory School in Rhode Island, and the officer training schools.

    The shortage seems to have resulted from issues with the Defense Logistics Agency’s pants pipeline. Military.com reports that signs currently inside Navy Exchanges say the shortage is “due to Defense Logistics Agency vendor issues.” Williams said the Command has “been in communication with DLA on a timeline for the uniform’s production and supply chain.”

    Mikia Muhammad, a spokesperson for the Defense Logistics Agency, told Military.com that the first pants restocks are scheduled for October, but these supplies will go to recruits and training programs. She said that Navy exchanges should expect “full support” beginning in January.

    A joint statement on Monday by the FBI, the Office of the Director of National Intelligence, and the Cybersecurity and Infrastructure Security Agency formally accused Iran of conducting a hack-and-leak operation against Donald Trump’s presidential campaign. Trump himself had accused Iran in a social media post on August 10, following a report from Microsoft on August 9 about Iranian hackers targeting US political campaigns. The Iranian government denies the accusation.

    “The [Intelligence Community] is confident that the Iranians have through social engineering and other efforts sought access to individuals with direct access to the presidential campaigns of both political parties,” the US agencies wrote. “Such activity, including thefts and disclosures, are intended to influence the US election process.”

    Politico reported on August 10 that Iran had breached the Trump campaign, and an entity calling itself “Robert” had contacted the publication offering alleged stolen documents. The same entity also contacted The New York Times and The Washington Post hawking similar documents.

    The popular flight-tracking service FlightAware said this week that a “configuration error” in its systems exposed personal customer data, including names, email addresses, and even some Social Security numbers. The company discovered the exposure on July 25 but said in a breach notification to the attorney general of California that the situation may date as far back as January 2021. The company is mandating that all affected users reset their account passwords.

    The company said in its public statement that the exposed data includes “user ID, password, and email address. Depending on the information you provided, the information may also have included your full name, billing address, shipping address, IP address, social media accounts, telephone numbers, year of birth, last four digits of your credit card number, information about aircraft owned, industry, title, pilot status (yes/no), and your account activity (such as flights viewed and comments posted).” It also said in its disclosure to California, “Additionally, our investigation has revealed that your Social Security Number may have been exposed.”

    Since European law enforcement agencies hacked the end-to-end encrypted phone company Sky in 2021, the communications they compromised have been used as evidence in numerous EU investigations and criminal cases. But a review of court records by 404 Media and Court Watch showed this week that US agencies have also been leaning on the trove of roughly half a billion chat messages. US law enforcement has used the data in multiple drug-trafficking prosecutions, particularly to pursue alleged smugglers who transport cocaine with commercial ships and speedboats.

    [ad_2]

    Source link

  • Geofence Warrants Ruled Unconstitutional—but That’s Not the End of It

    Geofence Warrants Ruled Unconstitutional—but That’s Not the End of It

    [ad_1]

    The 2024 US presidential election is entering its final stretch, which means state-backed hackers are slipping out of the shadows to meddle in their own special way. That includes Iran’s APT42, a hacker group affiliated with Iran’s Islamic Revolutionary Guard Corps, which Google’s Threat Analysis Group says targeted nearly a dozen people associated with Donald Trump’s and Joe Biden’s (now Kamala Harris’) campaigns.

    The rolling disaster that is the breach of data broker and background-check company National Public Data is just beginning. While the breach of the company happened months ago, the company only acknowledged it publicly on Monday after someone posted what they claimed was “2.9 billion records” of people in the US, UK, and Canada, including names, physical addresses, and Social Security numbers. Ongoing analysis of the data, however, shows the story is far messier—as are the risks.

    You can now add bicycle shifters and gym lockers to the list of things that can be hacked. Security researchers revealed this week that Shimano’s Di2 wireless shifters can be vulnerable to various radio-based attacks, which could allow someone to change a rider’s gears remotely or prevent them from changing gears at a crucial moment in a race. Meanwhile, other researchers found that it’s possible to extract the administrator keys to electronic lockers used in gyms and offices around the world, potentially giving a criminal access to every locker at a single location.

    If you use a Google Pixel phone, don’t let it out of your sight: An unpatched vulnerability in a hidden Android app called Showcase.apk could give an attacker the ability to gain deep access to your device. Exploiting the vulnerability may require physical access to a targeted device, but researchers at iVerify who discovered the flaw say it may also be possible through other vulnerabilities. Google says it plans to release a fix “in the coming weeks,” but that’s not good enough for data analytics firm and US military contractor Palantir, which will stop using all Android devices due to what it believes was an insufficient response from Google.

    But that’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

    A US federal appeals court ruled last week that so-called geofence warrants violate the Fourth Amendment’s protections against unreasonable searches and seizures. Geofence warrants allow police to demand that companies such as Google turn over a list of every device that appeared at a certain location at a certain time. The US Fifth Circuit Court of Appeals ruled on August 9 that geofence warrants are “categorically prohibited by the Fourth Amendment” because “they never include a specific user to be identified, only a temporal and geographic location where any given user may turn up post-search.” In other words, they’re the unconstitutional fishing expedition that privacy and civil liberties advocates have long asserted they are.

    Google, which collects the location histories of tens of millions of US residents and is the most frequent target of geofence warrants, vowed late last year that it was changing how it stores location data in such a way that geofence warrants may no longer return the data they once did. Legally, however, the issue is far from settled: The Fifth Circuit decision applies only to law enforcement activity in Louisiana, Mississippi, and Texas. Plus, because of weak US privacy laws, police can simply purchase the data and skip the pesky warrant process altogether. As for the appellants in the case heard by the Fifth Circuit, well, they’re no better off: The court found that the police used the geofence warrant in “good faith” when it was issued in 2018, so they can still use the evidence they obtained.

    The Committee on Foreign Investment in the US (CFIUS) fined German-owned T-Mobile a record $60 million this week for its mishandling of data during its integration with US-based Sprint following the companies’ merger in 2020. According to CFIUS, “T-Mobile failed to take appropriate measures to prevent unauthorized access to certain sensitive data,” in violation of a National Security Agreement the company signed with the committee, which assesses the national security implications of foreign business deals with US companies. T-Mobile said in a statement that technical issues impacted “information shared from a small number of law enforcement information requests.” While the company claims to have acted “quickly” and “in a timely manner,” CFIUS claims T-Mobile “failed to report some incidents of unauthorized access promptly to CFIUS, delaying the Committee’s efforts to investigate and mitigate any potential harm.”

    The 12-year saga that is the prosecution of Kim Dotcom inched forward this week with the New Zealand justice minister approving the US’s request to extradite the controversial entrepreneur. Dotcom created the file-sharing service Megaupload, which US authorities say was used for widespread copyright infringement. The US seized Megaupload in 2012 and indicted Dotcom on charges related to racketeering, copyright infringement, and money laundering. Dotcom has denied any wrongdoing but lost an attempt to block the extradition in 2017 and has been fighting it ever since. Despite the justice minister’s decision, Dotcom vowed in a post on X to remain in the country where he’s been a legal resident since 2010. “I love New Zealand,” he wrote. “I’m not leaving.”

    The growing scourge of deepfake pornography—explicit images that digitally “undress” people without their consent—may have finally hit a major legal roadblock. San Francisco’s chief deputy city attorney, Yvonne Meré—and the City of San Francisco by extension—has filed a lawsuit against the 16 most popular “nudification” websites. These sites and apps allow people to make explicit deepfake images of virtually anyone, but they have increasingly been used by boys to make sexual abuse material of their underage female classmates. While several states have criminalized the creation and distribution of AI-generated sexual abuse material of minors, Meré’s lawsuit effectively seeks to shut down the sites entirely.

    [ad_2]

    Source link

  • US Hands Over Russian Cybercriminals in WSJ Reporter Prisoner Swap

    US Hands Over Russian Cybercriminals in WSJ Reporter Prisoner Swap

    [ad_1]

    If it seems like there’s suddenly a whole lot more data breaches, you may be right. Part of this apparent spike is thanks to the growing popularity of infostealer malware. These types of malicious software are increasingly being used by cybercriminals to scoop up as many login credentials and other sensitive data as possible. That stolen data is then sold on criminal hacker forums, then used to break into victims’ accounts, which can include those of massive corporations. It’s a good reminder to always enable multi-factor authentication anywhere it’s available.

    A security researcher this week disclosed the discovery of more than a dozen unsecured databases containing sensitive information on voters in counties across Illinois. The data, which was stored by a government contractor, includes driver’s license numbers, Social Security numbers, death certificates, and more. While election security has generally improved in recent years, the episode illuminates how difficult it can be to protect all voter data all the time.

    The history of confidential FBI informants is long and sordid—and ongoing. A WIRED investigation published this week revealed how one informant infiltrated far-right groups and turned over their secrets to the Feds—all while pushing hateful ideologies that helped inspire a new generation of violent extremists online.

    Hacking computers with lasers has always been a rich person’s game—until now. Security researchers Sam Beaumont and Larry “Patch” Trowell are releasing an open source laser hacking tool called RayV Lite, which can be produced for just $500, a tiny fraction of the $150,000 price tag of laser equipment historically used for hardware hacking. The pair will be detailing the RayV Lite at the Black Hat security conference next week in Las Vegas. (WIRED will be on the ground for Black Hat and Defcon, the other big security conference happening next week in Vegas, so check back for our full coverage starting on Tuesday.)

    Finally, we dove into the fine print of OpenAI’s ChatGPT-4o to lay out the privacy wins and pitfalls of the generative AI tool.

    But that’s not all. Each week, we round up the big security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

    In a historic prisoner swap between the US and Russia, Wall Street Journal reporter Evan Gershkovich and former Marine Paul Whelan were freed from Russian detention on Thursday. The White House said the secret deal, negotiated for over a year, involved 24 prisoners: 16 moved from Russia to the West and eight from the West to Russia, including two cybercriminals. NBC News reports this is likely the first time the US has released international hackers in a prisoner exchange.

    The two Russian hackers are Roman Seleznev and Vladislav Klyushin. Seleznev was sentenced in 2017 to 27 years in prison for racketeering convictions. According to the US Department of Justice, he installed malware on point-of-sale systems software that allowed him to steal millions of credit card numbers from more than 500 US businesses. In September 2023, Klyushin was sentenced to nine years in prison for what US prosecutors described as a “$93 million hack-to-trade conspiracy.”

    Meta, the parent company of Facebook and Instagram, will pay $1.4 billion to settle a lawsuit brought by the Texas attorney general, whose office accused the social media behemoth of illegally capturing the biometric data of millions of Texans. In 2022, the state sued Meta over its implementation of a feature that used face recognition to automatically suggest people to tag in photos and videos uploaded to Facebook. Prosecutors say the feature, initially called Tag Suggestions, violated a Texas law that makes it illegal for companies to capture and profit from someone’s biometric identifiers without their consent. While Meta did not admit to any wrongdoing as part of the agreement, according to Texas attorney general Ken Paxton’s office, it’s the single largest privacy settlement ever obtained by a state.

    A widespread Microsoft Azure outage that impacted a range of services—including Microsoft 365 products such as Office and Outlook—was caused by a cyberattack, the tech company revealed on Wednesday. According to Microsoft’s Azure status history page, the incident lasted approximately eight hours on Tuesday and affected “a subset” of customers globally.

    The company described the attack as a distributed denial of service, a malicious attempt by hackers to disrupt a target company’s operations by overwhelming its infrastructure with a flood of internet traffic. According to PCMag, two hacktivist groups have claimed responsibility. Microsoft plans on publishing a review of the incident.

    [ad_2]

    Source link

  • A Catastrophic Hospital Hack Ends in a Leak of 300M Patient Records

    A Catastrophic Hospital Hack Ends in a Leak of 300M Patient Records

    [ad_1]

    The rolling series of breaches targeting customers of cloud platform Snowflake appears to be a supply chain attack wrapped in another supply chain attack. A hacker who claims to have been involved in the attacks tells WIRED that the hackers, known as ShinyHunter, stole victims’ Snowflake credentials by first breaching an employee of a third-party contractor. (The contractor, however, says it does not believe it was involved.)

    Ultimately, the breach of the Snowflake customer accounts, which include Ticketmaster, banking firm Santander, and potentially more than 160 other companies, was possible because their Snowflake accounts did not have multifactor authentication enabled.

    Antivirus giant Kaspersky’s worst nightmare has finally come true: The United States government announced on Thursday that it is banning the sale of its software to new customers in the US over alleged Russian national security threats. (Kaspersky has challenged the Biden administration’s claims.) Existing customers, meanwhile, will be banned from downloading Kaspersky software updates after September 29. What could go wrong?

    Perplexity AI, an artificial-intelligence-powered search startup, says it’s already valued at a billion dollars. But a WIRED investigation published this week found that its secret sauce has a pungent ingredient: bullshit.

    Beyond “hallucinating” details generated by its chatbot, WIRED found that the AI tool appears to be ignoring the Robots Exclusion Protocol—a standard web tool used to prevent scraping—on sites owned by WIRED’s parent company, Condé Nast, and other publications, seemingly allowing it to scrape articles despite the internet equivalent of a “Do Not Enter” sign hanging on WIRED and other Condé Nast sites. Perplexity’s chatbot later plagiarized that same article when prompted.

    People traveling through some of the largest train stations in the United Kingdom secretly had their faces scanned by Amazon’s face-recognition tools, according to documents obtained by WIRED. The technology, which was used as part of a trial run, predicted travelers’ various attributes, including gender, age, and likely emotions. The surveillance, which one privacy advocate called “concerning,” could potentially be used for serving advertisements.

    Finally, we detailed the rise of robot “dogs” used by militaries, explained what would happen if China invaded Taiwan, and got into the nitty-gritty of the boring-sounding but serious work of spotting the billion-dollar scam tactic known as business email compromise.

    That’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

    For months, ransomware gangs have rampaged across the health care industry, with ruthless attacks targeting Change Healthcare’s national payment network for more than a thousand health care providers, Ascension Healthcare’s 140 hospitals, and dozens of other victims in the medical field. Now that hacking epidemic is crystallizing into yet another catastrophic hospital hack—one that has resulted in the data of 300 million UK patient records leaking online.

    Synnovis, a joint-venture medical testing company partially owned by the UK’s National Health Service, has for weeks been battling and negotiating with the Russia-linked ransomware group Qilin, which has deeply disrupted its services in an attempt to extort the company. The result has been well over a thousand postponed operations and thousands more postponed outpatient appointments across multiple UK hospitals. Ambulances have been diverted from the affected hospitals, potentially causing delays in lifesaving care. They’ve even had to ask for new urgent donations of O-type blood, as testing disruptions have prevented other types from being used in patients’ blood transfusions.

    [ad_2]

    Source link

  • Ransomware Attacks Are Getting Worse

    Ransomware Attacks Are Getting Worse

    [ad_1]

    Despite years worth of efforts to eliminate the scourge of ransomware targeting schools, hospitals, and critical infrastructure worldwide, experts are warning that the crisis is only heating up, with criminal gangs growing ever more aggressive in their tactics. The threat of real-world violence now looms, some experts warn, as the data stolen grows increasingly sensitive and millions in potential profits hang in the balance. “We know where your CEO lives,” read a message reportedly received by one victim. Attacks targeting the medical sector are blooming in response to the $44 million payout by Change Healthcare this March.

    United States lawmakers and intelligence officials are circling their wagons following the revelation of Israel’s involvement in a malign influence campaign that targeted US voters—an attempt by America’s Middle East ally to artificially boost support for an increasingly unpopular war that was kicked off by Hamas’ unprecedented Oct. 7th attack. The sock-puppet operation, which was launched by an Israeli contractor on X, Facebook, and Instagram and utilized OpenAI’s ChatGPT software, impersonated mostly Black Americans and targeted “Black and Democratic” lawmakers. A weeks’ worth of efforts by WIRED to get answers from US officials who may have been notified about the operation prior to a vote on enhancing military aide to Israel went ignored. Strikingly, the National Security Council denied having ever heard of it.

    Frank McCourt, a real estate mogul and former owner of the Los Angeles Dodgers, explained why he’s spearheading an effort to purchase TikTok, which the United States is slated to ban unless its current owner, ByteDance, decides to sell the platform to a US company—a decision that will undoubtedly require the consent of the Chinese government. McCourt sees the internet as being imperiled by closed-off platforms like Facebook and X and is embracing the growing interest in decentralized networks. Decentralized platforms such as Mastodon have been popular among a subset of users for many years, allowing people to effectively own their own social networks and moderate them according to their own rules. These private networks are free to connect with others using the same software but can also sever connections to communities that embrace harmful content. (Think of these user-controlled networks as “islands” with diplomatic ties between them.) McCourt says purchasing and decentralizing TikTok could be the first step in raising the internet out of the siloed swamp that it is today thanks to Meta and its competitors.

    But that’s not all. Each week, we round up the security news we didn’t cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

    A bombshell Reuters investigation has unearthed a malign influence campaign launched by the US military at the height of the 2020 Covid-19 pandemic. The campaign utilized sock-puppet accounts on X, Facebook, and Instagram and was focused on convincing citizens of the Philippines that vaccines produced by China were dangerous and—preying on the religious beliefs of Muslims—full of pig parts. Infectious disease experts expressed dismay at the Pentagon’s actions. According to Reuters, the campaign was ordered to an end by the Biden White House shortly after the president’s inauguration, though the Pentagon was apparently slow to enact the commander in chief’s orders. The private contractor responsible for producing the Pentagon’s disinformation was recently awarded a $493 million US government contract.

    ProPublica recounts how, in 2016, a top cybersecurity specialist raised alarms about a cloud-based vulnerability at Microsoft, a major US government contractor. The weakness threatened to expose national security secrets among other sensitive data. The specialist “pleaded” with the company to address the problem, but his concerns were dismissed by the tech giant as it strived to secure a multibillion-dollar government contract in the cloud computing space. Frustrated, the specialist quit the company and, months later, as predicted, Russian hackers carried out SolarWinds, one of the largest cyberattacks in US history. The reporting brings into question testimony by Microsoft president Brad Smith, who assured Congress in 2016 there was no way the hackers had exploited his company’s software.

    Three Black men jailed in the US for crimes they didn’t commit—after having been falsely identified by police face-recognition software—are speaking out against pending legislation in California that lawmakers claim would protect citizens from such egregious mistakes. The men say the bill, which passed with unanimous support from the state assembly last month and now is under scrutiny in its upper chamber, would have done nothing to stop them from being falsely arrested. Said one of the men: “In my case, as in others, the police did exactly what AB 1814 would require them to do,” adding, “Once the facial recognition software told them I was the suspect, it poisoned the investigation. This technology is racially biased and unreliable and should be prohibited.”

    While much of the scrutiny facing the data broker industry concerns its power to monitor people’s movements and attendance at sensitive locations such abortion clinics and mental health facilities, there’s another issue at play: Much of the data it markets is “inaccurate trash,” The Record reports. A chief privacy officer at Acxiom, a leading third-party data broker, acknowledged as much in an interview last month, saying the “inferences” drawn by his company are, at best, “informed guesses.” Experts are growing increasingly concerned about the downstream effects, with some highlighting how insurance companies are relying more and more on data brokers to inform how much customers should pay. Another expert tells The Record that data brokers may be incentivized not to scrutinize the data too closely, noting that customers aren’t too worried if a fraction of it leads them to false assumptions.

    [ad_2]

    Source link

  • Apple Is Coming for Your Password Manager

    Apple Is Coming for Your Password Manager

    [ad_1]

    That’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

    At Apple’s Worldwide Developer Conference next week, the company will reportedly announce its own stand-alone password manager that will compete with apps like 1Password and LastPass. Dubbed simply Passwords, according to Bloomberg News, the app will reportedly have features that go well beyond the iCloud or Mac Keychain tools Apple already offers, allowing users to save passwords for Wi-Fi networks, store passkeys, and organize login credentials into categories. Passwords will also reportedly work on Windows machines, but it’s unclear whether people who use Android devices can get in on the security tool.

    US prosecutors on Monday charged an executive at The Epoch Times newspaper with carrying out a massive money-laundering scheme. According to the US Department of Justice, Epoch Times chief financial officer Weidong “Bill” Guan engaged in “a transnational scheme to launder at least approximately $67 million of illegally obtained funds to benefit himself and the media company.”

    The scheme, according to the indictment against Guan, largely involved using cryptocurrency to purchase prepaid debit cards “loaded with US dollars that had been obtained through various frauds”—including funds obtained through unemployment benefits fraud—for less than the funds on the prepaid debit cards. The purchase of the cards was carried out by members of The Epoch Times’ “Make Money Online” team, which Guan managed, according to the DOJ. The so-called MMO team would allegedly then use “stolen personal identification information” to open various accounts, which were used to transfer money from the prepaid debit cards to bank accounts associated with The Epoch Times and its employees. Guan faces one count of conspiring to commit money laundering, two counts of bank fraud, and could face decades in prison if convicted.

    Google’s former CEO, billionaire Eric Schmidt, is quietly building a military drone company, reports Forbes. The company, called White Stork, has been testing devices at both its Hillspire office complex in Menlo Park, California, and in Ukraine. Relatively little has been publicly revealed about the company or the specifics of its technology. According to Forbes, however, “individuals flying small drones” have been spotted near the Hillspire property, and Schmidt has reportedly hired alumni from Google, SpaceX, and Apple to carry out his secretive project, providing some clues about its ambitions.

    A cyberattack against an organization that facilitates blood transfusions and other sensitive medical care disrupted hospitals and other health care entities across London this week. The attack targeted Synnovis, which manages a partnership between King’s College Hospitals trust and Guy’s and St Thomas’ hospital trust, and Synlab, a European medical testing firm. In a statement published on Tuesday, Synnovis said the attack “has affected all Synnovis IT systems, resulting in interruptions to many of our pathology services.” This forced hospitals to cancel surgeries involving blood transfusions and other procedures. Ciaran Martin, a former top UK cybersecurity official, blamed the attack on Qilin, a cybercriminal gang believed to have ties to Russia.

    [ad_2]

    Source link

  • Mysterious Hack Destroyed 600,000 Internet Routers

    Mysterious Hack Destroyed 600,000 Internet Routers

    [ad_1]

    If you have a crypto wallet containing a fortune but forgot the password, all may not be lost. This week, a pair of researchers revealed how they cracked an 11-year-old password to a crypto wallet containing roughly $3 million in bitcoins. With a lot of skill and a bit of luck, the researchers uncovered a flaw in how a previous version of the RoboForm password manager generates passwords that allowed them to accurately figure out the missing login and access the buried treasure.

    Police in Western countries are using a new tactic to go after cybercriminals who remain physically out of reach of US law enforcement: trolling. The recent takedowns of ransomware groups like LockBit go beyond the traditional disruption of online infrastructure to include messages on seized websites meant to mess with the minds of criminal hackers. Experts say these trollish tactics help sow distrust between cybercriminals—who already have ample reason to distrust one another.

    A graduate student at the University of Minnesota has been charged under the Espionage Act for photographing a shipyard in Virginia where the US Navy assembles nuclear submarines and other vessels whose components are classified. What makes the case novel, however, is that he allegedly took the photos with a drone, making his prosecution likely the first of its kind in the US.

    It was a big week for cops taking down botnets (as you’ll read more about below). This week, the US announced that it had disrupted what may be the “largest botnet ever,” according to FBI director Christopher Wray. The botnet, called 911 S5, included some 19 million hijacked IP addresses around the world, which authorities say were used to carry out billions of dollars in Covid-19 relief fraud, make bomb threats, traffic in child sexual abuse material, and more.

    But that’s not all. Each week, we round up the security news we didn’t cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

    More than a half-million internet routers were disabled last year in a malware attack carried out by an unknown threat actor targeting a US internet service provider. Launched in late October, the attack—one of the largest ever against the sector—reportedly disrupted internet across several Midwestern states. The attack was first disclosed this week by the security firm Black Lotus Labs, which did not identify the specific company affected. However, Ars Technica reports that the incident appears to have impacted a ISP called Windstream, which provides internet service to 18 states in the US Midwest and South.

    Black Lotus Labs researchers say the attacker used off-the-shelf Chalubo malware to gain access to the routers, and that their firmware was eventually overwritten, effectively bricking the devices. The disruption resulted in a flood of complaints on a forum about the damaged routers. “The routers now just sit there with a steady red light on the front,” a user wrote on the DSLReports forum. “They won’t even respond to a RESET.”

    The Biden administration allegedly fabricated the conclusion of a report released in early May which found the United States did not have “complete information to verify” whether US-made weapons had been used by Israel in contravention of international humanitarian law, according to a whistleblower, Stacy Gilbert, a senior civil-military expert who resigned in protest this week from the US State Department. Gilbert says the State Department experts who compiled the report clearly implicated Israel in limiting the amount of food and medical supplies able to reach Gaza; however, the report was reportedly taken out of the experts’ hands and then “edited at a higher level.”

    The report consisted of a mandatory national security assessment that, had Israel been found in violation of humanitarian law, would have obligated the US to discontinue its arms sales. At the time of the report’s publishing, critics of the administration’s Gaza policy accused the White House of willfully ignoring the conduct of Israeli forces attempting to disrupt food deliveries to the famine-stricken Palestinian territory. Gilbert is the second US official to publicly resign this week in protest over the US’s involvement in the attacks.

    An international coalition of law enforcement agencies, cybersecurity firms, and other organizations announced this week the disruption of large swathes of the global botnet ecosystem. Branded “Operation Endgame,” the effort targeted malware “droppers,” or malicious software that’s used to infiltrate a machine so it can be used to infect a machine with additional malware more easily. The droppers Operation Endgame targeted include IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot, according to Europol, which says authorities seized more than 100 servers and 2,000 websites allegedly linked to cybercriminal activity. Law enforcement also arrested four “high-value” individuals; Germany added eight others to its most-wanted list. One of the “main suspects,” according to Europol, amassed a cryptocurrency fortune worth 69 million euros ($74 million) by renting out infrastructure for ransomware attacks. And the action isn’t over: The Operation Endgame website indicates a new announcement coming in the next several days.

    Meta says it has shut down an AI-driven network comprising hundreds of fake Facebook and Instagram accounts linked to an Israeli business intelligence firm. The company, Stoic, is accused of accepting contracts to propagate inauthentic pro-Israel content across the platforms for the purpose of manipulating North American users’ political views. Meta claimed Stoic’s influence operation was still in its “audience building” phase, “before they were able to gain engagement among authentic communities.”

    [ad_2]

    Source link

  • Microsoft’s New Recall AI Tool May Be a ‘Privacy Nightmare’

    Microsoft’s New Recall AI Tool May Be a ‘Privacy Nightmare’

    [ad_1]

    Sex, drugs, and … Eventbrite? A WIRED investigation published this week uncovered a network of spammers and scammers pushing the illegal sale of controlled substances like Xanax and oxycodone, escort services, social media accounts, and personal information on the event management platform. Making matters worse, Eventbrite’s recommendation algorithm promoted posts for opioids alongside addiction recovery events. The good news is, the company appears to have removed most of the more than 7,400 illicit posts WIRED uncovered.

    If you drive a Tesla Model 3, make sure to enable your PIN-to-drive feature or your car could be easily stolen within seconds. While the company has added new ultra-wideband radio tech to its keyless system, which can prevent “relay attacks,” researchers at Beijing-based security firm GoGoByte found that Model 3s (as well as other unnamed makes and models of vehicles) are still vulnerable. Relay attacks use inexpensive radios to transmit the signal from someone’s key fob or phone app that can then be used to unlock and start an impacted vehicle. Tesla says its adoption of ultra-wideband radio was not meant to stop relay attacks (even though it technically could), but it’s possible the automaker will add that protection in the future.

    Police busting people for running illicit online markets is nearly as old a tale as the dark web itself. But this week’s takedown offered a new twist. The FBI recently arrested Lin Rui-siang, a 23-year-old accused of operating Incognito Market, which authorities claim facilitated $100 million in sales of narcotics on the dark web. US prosecutors claim Lin then extorted Incognito’s users by threatening to expose them unless they paid up. Curiously, Lin’s professional experience includes teaching police how to catch cybercriminals by tracing cryptocurrency on blockchains. If the US Justice Department is correct about his alleged involvement in Incognito Market, that would make him one of the most unusual cybercriminals we’ve ever encountered.

    Leaks don’t just impact people on the wrong side of the law, of course. An unsecured database recently exposed biometric data of police officers in India, including face scans, fingerprints, and more. The incident reveals the dangers of collecting sensitive biometrics in the first place.

    Finally, the saga of WikiLeaks founder Julian Assange inched forward again this week, with a British court ruling that he can appeal his extradition to the US, where he faces 18 charges under the Espionage Act for WikiLeaks’ publication of classified US military information. The judges said that Assange can appeal US prosecutors’ assurances about how his trial would be conducted and on First Amendment grounds. The appeals process will inevitably push back any final decision about his potential extradition for months.

    But that’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

    Following the trend of tech companies in the AI race throwing privacy and caution to the wind, Microsoft unveiled plans this week to launch a tool on its forthcoming Copilot+ PCs called Recall that takes screenshots of its customers’ computers every few seconds. Microsoft says the tool is meant to give people the ability to “find the content you have viewed on your device.” The company also claims to have a range of protections in place and says the images are only stored locally in an encrypted drive, but the response has been roundly negative nonetheless, with some watchdogs reportedly calling it a possible “privacy nightmare.” The company notes that an intruder would need a password and physical access to the device to view any of the screenshots, which should rule out the possibility of anyone with legal concerns ever adopting the system. Ironically, Recall’s description sounds eerily reminiscent of computer monitoring software the FBI has used in the past. Microsoft even acknowledges that the system takes no steps to redact passwords or financial information.

    Federal authorities are reportedly working quietly to establish ties between antiwar demonstrators on US campuses and any foreign groups or individuals overseas, according to journalist Ken Klippenstein, formerly of the Intercept, who says the National Counterterrorism Center is at the center of the effort. Evidence of overseas ties would lend further ammunition to politicians, university officials, and police, who’ve widely claimed “outside agitators” are to blame for the demonstrations—an allegation that’s routinely lobbed at protesters in the United States, often meant to imply that the protesters themselves are dupes. Incidentally, authorities may also overcome constitutional hurdles to surveillance by establishing a foreign target to spy on; someone unprotected by the country’s Fourth Amendment. Republicans in Congress—representatives Mark Green and August Pfluger—have, meanwhile, asked the FBI and Department of Homeland Security to supply congressional committees with records about the government’s surveillance of the protesters, including any efforts to infiltrate them using “online covert employees or confidential human sources.”

    The FBI has nabbed a 42-year-old Wisconsin man for using Stable Diffusion, the text-to-image generative AI software, to manufacture child sexual abuse material. The man was reportedly caught with “thousands of realistic images” of children, some featuring them nude or partially clothed with men. Court records indicate the evidence includes more than 13,000 gen-AI images as well as the prompts he used to create the images. “Using AI to produce sexually explicit depictions of children is illegal, and the Justice Department will not hesitate to hold accountable those who possess, produce, or distribute AI-generated child sexual abuse material,” Nicole Argentieri, head of the Justice Department’s Criminal Division, says in a statement. The arrest is part of Project Safe Childhood, a collaboration between the government and corporations reportedly targeting online offenders.

    Security researchers this week disclosed to TechCrunch that they’d discovered consumer-grade spyware—often known as “stalkerware”—on the computers of “at least three” Wyndham hotels in the United States, potentially exposing travelers’ personal details. The stalkerware, called pcTattletale, can be installed on Android and Windows devices, giving whoever has control of the sneaky app the ability to access data on the targeted machine and monitor users’ activity. The presence of pcTattletale was discovered thanks to a security flaw in the spyware that exposed screenshots of infected machines to the open internet, according to the researchers. Although the researchers found pcTattletale on Wyndham computers, the hotel company says each of its locations are franchises, suggesting that the spyware infection could be limited to just a few locations.

    [ad_2]

    Source link