Tag Archive for: believed

The 23andMe User Data Leak May Be Far Worse Than Believed


With the Israel-Hamas war intensifying by the day, many people are desperate for accurate information about the conflict. Getting it has proven difficult. This has been most apparent on Elon Musk’s X, formerly Twitter, where insiders say even the company’s primary fact-checking tool, Community Notes, has been a source of disinformation and is at risk of coordinated manipulation.

Case in point: An explosion at a hospital in Gaza on Tuesday was followed by a wave of mis- and disinformation around the cause. In the hours following the explosion, Hamas blamed Israel, Israel blamed militants in Gaza, mainstream media outlets repeated both sides’ claims without confirmation either way, and people posing as open source intelligence experts rushed out dubious analyses. The result was a toxic mix of information that made it harder than ever to know what’s real.

On Thursday, the United States Department of the Treasury proposed plans to treat foreign-based cryptocurrency “mixers”—services that obscure who owns which specific coins—as suspected money laundering operations, citing as justification crypto donations to Hamas and the Palestinian Islamic Jihad, a Gaza-based militant group with ties to Hamas that Israel blamed for the hospital explosion. While these types of entities do use mixers, experts say they do so far less than criminal groups linked to North Korea and Russia—likely the real targets of the Treasury’s proposed crackdown.

In Myanmar, where a military junta has been in power for two years, people who speak out against deadly air strikes on social media are being systematically doxed on pro-junta Telegram channels. Some were later tracked down and arrested.

Finally, the online ecosystem of AI-generated deepfake pornography is quickly spiraling out of control. The number of websites specializing in and hosting these faked, nonconsensual images and videos has greatly increased in recent years. With the rise of generative AI tools, creating these images is quick and dangerously easy. And finding them is trivial, researchers say. All you have to do is a quick Google or Bing search, and this invasive content is a click away.

That’s not all. Each week, we round up…

Source…

Over 130 Organizations, Millions of Individuals Believed to Be Impacted by MOVEit Hack


More victims of the MOVEit hack have come to light, with a total of over 130 organizations and millions of individuals believed to be impacted. 

Brett Callow, threat analyst at cybersecurity firm Emsisoft, has been monitoring the campaign, which exploited a zero-day vulnerability in Progress Software’s MOVEit Transfer managed file transfer (MFT) product to gain access to data belonging to organizations that had been using the solution.

Callow is aware of 138 organizations known to have been impacted by the campaign, with the data breaches resulting in the personal information of more than 15 million people being compromised. 

The Russia-linked cybercrime group known for operating the Cl0p ransomware has taken credit for the attack, claiming that it had been the only threat actor to know about the MOVEit zero-day exploit before it was patched.

The hackers claim to have hit many organizations and they have started naming those that have refused to pay up or enter negotiations. They have recently named over 60 entities that appear to have been targeted through the MOVEit vulnerability, which the group may have been testing since 2021

The list includes major organizations such as Shell (they have already leaked data allegedly stolen from the energy giant), Siemens Energy, Schneider Electric, UCLA, Sony, EY, PwC, Cognizant, and AbbVie. Law firms Kirkland & Ellis and K&L Gates have also been added to Cl0p’s leak website.

Siemens Energy and Schneider Electric have confirmed for SecurityWeek that they have been targeted. 

Advertisement. Scroll to continue reading.

EY has also confirmed being targeted and told SecurityWeek that it’s investigating the incident.

“We have verified that the vast majority of systems which use this transfer service across our global organization were not compromised. We are manually and thoroughly investigating systems where data may have been accessed,” the financial services giant said in an emailed statement. “Our priority is to communicate to those impacted, as well as the relevant authorities and our investigation is ongoing.”

UCLA also admitted that the vulnerability was exploited to gain access to its MOVEit platform and said it…

Source…

Hillicon Valley: Russian hacking group believed to be behind Kaseya attack goes offline | DHS funding package pours millions into migrant surveillance


Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter by clicking HERE.



a screen shot of a computer: Hillicon Valley: Russian hacking group believed to be behind Kaseya attack goes offline | DHS funding package pours millions into migrant surveillance | Jen Easterly sworn in as director of DHS cyber agency


© istock
Hillicon Valley: Russian hacking group believed to be behind Kaseya attack goes offline | DHS funding package pours millions into migrant surveillance | Jen Easterly sworn in as director of DHS cyber agency

Welcome and Happy Tuesday! Follow our cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@millsrodrigo) and Rebecca Klar (@rebeccaklar_), for more coverage.

Loading...

Load Error

Websites used by the cyber criminal group known as REvil went dark Tuesday, just over a week after the group was linked by cybersecurity experts to the ransomware attack on software company Kaseya. While it is unknown why the websites went dark, President Biden last week urged Russian President Vladimir Putin to take further steps against hackers based in his country, and hinted to reporters that the U.S. had the option of disrupting the hackers’ servers.

Meanwhile on Capitol Hill, the House Appropriations Committee marked up the annual Department of Homeland Security appropriations bill, approving a proposal that included millions to pay for technologies that surveil immigrants.

SUSPICIOUS TIMING FOR A HOLIDAY: Websites on the dark web used by a criminal hacking group believed to be behind the recent massive ransomware attack on software company Kaseya went offline Tuesday.

The hacking group, REvil, is believed to be based in Russia, and has been linked by the FBI to the ransomware attack in May on JBS USA, the nation’s largest beef producer. The more recent attack on Kaseya impacted up to 1,500 companies, many of them small businesses.

According to The New York Times, the websites on the dark web used by REvil to negotiate payment with victims and lists of companies it had targeted went dark early on Tuesday morning.

John Hultquist, the vice president of Analysis at cybersecurity group FireEye’s Mandiant Threat Intelligence, confirmed the takedown, saying in a statement provided to The Hill Tuesday that “at the time of analysis…

Source…

Cybersecurity agency warns suspected Russian hacking campaign broader than previously believed


An alarming new alert issued by the Department of Homeland Security’s cyber arm Thursday revealed that Russian hackers suspected of a massive, ongoing intrusion campaign into government agencies, private companies and critical infrastructure entities used a variety of unidentified tactics and not just a single compromised software program.



a screen shot of an open laptop computer sitting on top of a table


© Shutterstock


Specifically, the Cybersecurity and Infrastructure Security Agency said it has determined that the SolarWinds Orion software vulnerability disclosed earlier this week is not the only way hackers compromised a variety of online networks — warning that in some cases, victims appeared to have been breached despite never using the problematic software.

The news will likely only compound already escalating concerns about the scale and scope of the data breach, which CISA said Thursday “poses a grave risk” to networks across both the public and private sector.

“CISA has determined that this threat poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations,” the alert issued by the agency said. “CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations.”

The agency also acknowledged Thursday that the hackers used “tactics, techniques and procedures that have not yet been discovered,” adding that it is continuing to investigate whether, and how, other intrusion methods may have been used since the campaign began months ago.

The analysis comes as the list of US agencies, private companies and other entities affected by the hacking campaign continues to increase.

Hours after the CISA alert was released, the US Energy Department said it had evidence that hackers accessed some of its networks using the same malware associated with the ongoing data breach already impacting almost half a dozen federal agencies.

The department maintains that the impact has been “isolated to business networks” and “has not impacted the mission essential national security functions of the Department, including the National Nuclear Security Administration…

Source…