Tag Archive for: buy

Karakurt warning. Clipminer in the wild. GootLoader evolves. Cyber ops in Russia’s hybrid war. Russian agencies buy VPNs.

/in


Dateline Moscow, Kyiv, Washington: Gray zone operations.

Ukraine at D+98: Friction in the gray zone. (The CyberWire) Advancing into the rubble it’s created, Russia’s army tries to come to grips with combat refusals. The White House says that the cyber operations NSA Director Nakasone alluded to this week are entirely consistent with the US policy of avoiding direct combat with Russia. Observers work to understand the state of the cyber phase of the hybrid war. And Russian censorship seems to be producing friction in some Russian government operations. (That’s why agencies in Moscow are buying VPNs.)

Russia-Ukraine war: List of key events, day 99 (Al Jazeera) As the Russia-Ukraine war enters its 99th day, we take a look at the main developments.

Exclusive: Ukraine troops retreating in Donbas have a plan, Luhansk governor says (Newsweek) Serhiy Haidai told Newsweek the defenders remain defiant despite the intense Russian attacks, which included a strike on a chemical plant.

Russia-Ukraine latest news: Kyiv may switch off Europe’s largest nuclear powerplant (The Telegraph) Ukraine would consider switching off its Zaporizhzhia nuclear power plant that lies in Russian-occupied territory if Kyiv loses control of operations at the site, an aide to the prime minister has said, Interfax news agency reports.

Documents Reveal Hundreds of Russian Troops Broke Ranks Over Ukraine Orders (Wall Street Journal) Desertions and refusal to engage in the invasion have put Moscow in a bind over how to punish service members without drawing more attention to the problem. “So many people don’t want to fight.”

The Russian Military’s People Problem (Foreign Affairs) It’s hard for Moscow to win while mistreating its soldiers.

Zelensky will be tried as war criminal if Russia captures him (Newsweek) A lawmaker in the self-declared, Russia-backed Donetsk People’s Republic accused Ukraine’s president of sending “neo-Nazis to Donbas to kill civilians.”

Six lessons the Ukraine conflict has taught us about modern warfare (The Telegraph) From drones to the use of tanks, we dissect the masterstrokes and miscalculations of military tactics after three months of fighting

Some see cyberwar in Ukraine. Others see…

Source…

Hackers compromised some Zola user accounts to buy gift cards – TechCrunch

/in


Zola, a wedding planning startup that allows couples to create websites, budgets and gift registries, has confirmed that hackers gained access to user accounts but has denied a breach of its systems.

The incident first came to light over the weekend after Zola customers took to social media to report that their accounts had been hijacked. Some reported that hackers had depleted funds held in their Zola accounts, while others said they had thousands of dollars charged to their credit cards.

In a statement given to TechCrunch, Zola spokesperson Emily Forrest said that accounts had been breached as a result of a credential stuffing attack, where existing sets of exposed or breached usernames and passwords are used to access accounts on different websites that share the same set of credentials.

“The vast majority of Zola couples were not impacted, but we are deeply apologetic to those who detected any irregular account activity,” Forrest said. “Our team acted as quickly as possible to protect our community of couples and guests, and we were able to block all attempted fraudulent transfers.”

TechCrunch has seen posts from a Telegram channel showing members discussing and posting screenshots accessing user accounts through the Zola app. One of the messages in the Telegram chat says to “make sure” to use the app and not the site. The partially redacted screenshots show the hackers ordering gift cards from a user’s account — including using the credit card on file with Zola — which are sent to the hackers’ email address after the order is placed. Gift cards are often the go-to choice for cybercriminals because they can be notoriously difficult to trace.

Zola confirmed the gift card orders and said the company is “quickly working” to correct them. “The vast majority of the gift card orders have already been refunded and 100% will be refunded by the end of the day,” Forrest told TechCrunch. “Any action that a couple did not take will be corrected.”

Zola said it temporarily suspended its iOS and Android apps during the incident, and reset all user passwords out of an “abundance of caution.”

Source…

Data Brokers Track Abortion Clinic Visits for Anyone to Buy

/in


If the war in Ukraine and Russia’s still-unfolding atrocities there didn’t offer enough fodder for doomscrolling, this week supplied a new dose of domestic crisis: A leaked Supreme Court draft decision that would overturn Roe v. Wade, demolishing a ruling that has served as a cornerstone of reproductive rights for nearly five decades. And this crisis, too, will play out in the digital realm as much as the physical and legal ones.

WIRED’s Lily Hay Newman responded to the news with a guide to protecting your privacy if you’re seeking an abortion in a near-future world in which Roe has in fact been overturned. As right-wing pundits demand the Supreme Court leaker’s prosecution, meanwhile, we analyzed the laws concerning leaks of unclassified government information like a draft court ruling and found that there’s no clear statute criminalizing that sort of information sharing. And law professor Amy Gajda walked us through the history of Supreme Court information leaks, which stretches back hundreds of years.

As Russia’s war in Ukraine grinds on, we looked at how small, consumer-grade drones are offering a defensive tool to Ukrainians that they’re exploiting as in no other war in history. And further abroad in India, a battle is taking shape between VPN firms and the Indian government, which is demanding they hand over users’ data. Meanwhile, the country’s new “super app,” Tata Neu, has sparked user privacy concerns.

And there’s more. As we do every week, we’ve rounded up all the news that we didn’t break or cover in-depth. Click on the headlines to read the full stories. And stay safe out there.

If Roe‘s precedent ceases to protect people seeking abortions across the United States, the question of who can digitally surveil those seeking abortions and abortion providers—and how to evade that surveillance—will become a civil liberties battle of the highest urgency. This week, Motherboard’s Joseph Cox fired the opening salvos of that battle with a series of stories about data brokers who offer to sell location data that include individuals’ visits to abortion clinics and Planned Parenthood offices, an egregious form of surveillance capitalism with immediate human consequences….

Source…

Bots Buy Up Raspberry Pi Products | Avast

/in


Adafruit, a distributor of Raspberry Pi single board computers, has mandated that certain new purchases can only be completed with the use of two-factor authentication. The new requirement is due to reselling schemes that use bots to buy up the last of the products. Raspberry Pi chief Eben Upton told ZDNet that this kind of automated purchasing is typical when supplies are short, as opportunists try to profit from the situation by clearing the market, then reselling the products at a marked-up cost. Users intending to purchase “certain high-demand items” from Adafruit will now need to have a verified Adafruit account with two-factor authentication enabled. 

“This is an interesting use of 2FA – not to protect users from ID Theft, but to make sure it’s a real user behind the purchase,” commented Avast Security Evangelist Luis Corrons. “This is not the first time we’ve seen bots being used this way, either. When PlayStation 5 and Xbox Series were launched, the demand was much higher than the supply, and some groups used bots to acquire any and all units in order to resell them later at a higher price.” Currently, 1GB, 2GB, 4GB, and 8GB Raspberry Pi variants are all sold out at Adafruit. 

Apple services experience massive outage

On Monday, many Apple services went down for several hours, including Apple Music, iCloud, iMessage, Apple Maps, Apple Card, Apple TV+, the App Store, FaceTime, Siri, and more. The outage was both consumer-facing and internal, as Apple’s own infrastructure was affected, causing Apple Store employees to resort to pen and paper to keep the stores running. Apple suffered a smaller outage last month, but it was nowhere near the scale of Monday’s issues, which affected over 29 Apple services. Apple’s System Status page now reports all outages and issues resolved. For more, see Ars Technica

Lapsus$ hacking group steals Microsoft source code

Microsoft confirmed on its blog this week that the Lapsus$ hacking group had exfiltrated portions of Microsoft source code. “No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Our…

Source…