Tag: Dozens | SpinSafe

23andMe Blames Users for Recent Data Breach as It’s Hit With Dozens of Lawsuits

January 8, 2024/in Computer Security

It’s been nearly two years since Russia’s invasion of Ukraine, and as the grim milestone looms and winter drags on, the two nations are locked in a grueling standoff. In order to “break military parity” with Russia, Ukraine’s top general says that Kyiv needs an inspired military innovation that equals the magnitude of inventing gunpowder to decide the conflict in the process of advancing modern warfare.

If you made some New Year’s resolutions related to digital security (it’s not too late!), check out our rundown of the most significant software updates to install right now, including fixes from Google for nearly 100 Android bugs. It’s close to impossible to be completely anonymous online, but there are steps you can take to dramatically enhance your digital privacy. And if you’ve been considering turning on Apple’s extra-secure Lockdown Mode, it’s not as hard to enable or as onerous to use as you might think.

If you’re just not quite ready to say goodbye to 2023, take a look back at WIRED’s highlights (or lowlights) of the most dangerous people on the internet last year and the worst hacks that upended digital security.

But wait, there’s more! Each week, we round up the security and privacy news we didn’t break or cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

23andMe said at the beginning of October that attackers had infiltrated some of its users’ accounts and abused this access to scrape personal data from a larger subset of users through the company’s opt-in social sharing service known as DNA Relatives. By December, the company disclosed that the number of compromised accounts was roughly 14,000 and admitted that personal data from 6.9 million DNA Relatives users had been impacted. Now, facing more than 30 lawsuits over the breach—even after tweaking its terms of service to make legal claims against the company more difficult—the company said in a letter to some individuals that “users negligently recycled and failed to update their passwords following … past security incidents, which are unrelated to 23andMe.” This references 23andMe’s long-standing assessment that attackers compromised…

Source…

Ransomware attack in US: Dozens of credit unions experience outrages due to cyberattack on Trellance, federal agency says

December 3, 2023/in Internet Security

About 60 credit unions in the United States are experiencing outages because of a ransomware attack on an IT provider the institutions use, according to a federal agency.

The video above is ABC13’s 24/7 livestream.

On Friday, the National Credit Union Administration (NCUA), the agency that insures deposits at federally insured credit unions, said in a statement to ABC News that it was “coordinating with affected credit unions” in the wake of the hack.

The full extent of the outage and its impact on credit unions was unclear Friday evening. One of the affected credit unions, New York-based Mountain Valley Federal Credit Union, told CNN that technicians from the hacked IT provider were “working around the clock to get our systems” back online.

According to NCUA spokesperson Joseph Adamoli, credit unions reported that the ransomware attack, in which cybercriminals typically lock computer systems as an extortion tactic, affected a unit of Trellance, a cloud computing firm provider used by credit unions.

NCUA told ABC News that the hack occurred through a third-party vendor, FedComp, using Trellance software, which was the source of the cyberattack.

Trellance did not immediately respond to a request for comment on Friday.

“Member deposits at affected federally insured credit unions are insured by the National Credit Union Share Insurance Fund up to $250,000,” NCUA said.

The Record, a cybersecurity news publication, reported earlier on the ransomware attack.

The incident is just the latest example of how ransomware attacks have caused havoc for U.S. critical infrastructure in recent years. Hospitals, fuel pipelines, and schools have also been disrupted by the file-locking cyberattacks, prompting the Biden administration to treat ransomware as a national security crisis.

CNN writer Sean Lyngaas contributed to this report.

Source…

Investigation recovers $45K in back wages from fruit company that denied dozens of agricultural workers full wages, transportation and housing

August 2, 2023/in Mobile Security

Employer name: Mt. Clifton Fruit Company LLC

Investigation site: 17581 Mechanicsville Road, Timberville, VA 22853

Investigative Findings: The U.S. Department of Labor’s Wage and Hour Division found the employer violated multiple requirements of the H-2A agricultural worker program by failing to do the following:

Compensate 55 workers, 50 of whom came from Mexico, for all hours worked.
Comply with the requirements of the agricultural job order.
Pay the hourly adverse effect wage rates of $13.15 in 2021, $14.16 in 2022 and $14.91 in 2023.
Comply with safety and health requirements for housing and transporting H-2A workers.
Request a preoccupancy inspection of housing in a timely way.
Comply with other applicable federal, state and local employment-related laws and regulations.

Back wages recovered: $45,384

Civil money penalties: $8,998

Workers affected: 55, which includes 50 H-2A program workers and five other workers

Quote: “Our investigation found the Mt. Clifton Fruit Company denied dozens of agricultural workers, many of whom traveled to the U.S. at the company’s request, safe housing and transportation, and their legally earned wages,” said Wage and Hour Division District Director Roberto Melendez in Richmond, Virginia. “In addition to recovering back wages, we assessed penalties for these deliberate violations.”

Background: Mt. Clifton Fruit Company LLC is an agricultural fixed-site employer who specializes in growing and harvesting a variety of apples which are sold retail, direct to consumers and to processors in the U.S.

Learn more about the Wage and Hour Division, including a search tool to use if you think you may be owed back wages collected by the division. The department can speak with callers confidentially in more than 200 languages through the agency’s toll-free helpline at 866-4US-WAGE (487-9243). Download the agency’s new Timesheet App for i-OS and Android devices – also available in Spanish – to ensure hours and pay are accurate.

Source…

Famed Hacker Unveils Wild Crack-In-The-Box Password Cracker Fueled By Dozens Of RTX 4090s

April 25, 2023/in Computer Security

A password cracking setup outfitted with multiple graphics cards.

Kevin Mitnick, a former black hat hooligan-turned-good-guy who spent several years in prison in the 1990s for various computer-related tomfoolery, is showing off a beastly setup outfitted with 30 high-end GeForce graphics cards. We know what you’re wondering—can it run Crysis? It certainly has enough firepower to push pixels around like a schoolyard bully on steroids. But what his setup is really designed to do is to crack passwords with the same speed and ease it would take Hercules to crack a walnut.

Anyone who is not familiar with Mitnick can look him up on Google or visit the Wikipedia entry on him for a quick history lesson. His hacking days started in his pre-teen years and it only gets more interesting from there. The US Department of Justice and Federal Bureau of Investigation are certainly familiar with the man who is widely considered to be the world’s most famous hacker—he eluded both agencies for years…up until he didn’t.

A successful “Free Kevin” movement helped Mitnick earn an early release after spending more than five years behind bars. These days he spends his time as a highly sought-after security consultant. He’s also the chief executive officer at Mitnick Security Consulting, and chief hacking officer at KnowBe4, among other roles on his ever-expanding resume.

Kevin Mitnick tweet showing off his password cracking setup.

In posts shared to both Facebook and Twitter, Mitnick uploaded photos of a “badass password cracker” that the team at KnowBe4 helped him set up and configure. The beastly configuration is outfitted with two dozen of NVIDIA’s flagship consumer graphics cards, the GeForce RTX 4090 based on the Ada Lovelace GPU architecture, as well as six GeForce RTX 2080 cards based on Turing.

“This is what companies come up against when we are hired for Red Team engagements. Our team now has a new large group of GPUs to crack passwords much, much faster,” Mitnick explains.

In security parlance, a Red Team engagement is essentially a simulated cyberattack. You can think of it as an intense security audit. Exposing vulnerabilities is inevitably part of the process, but that’s not the main goal. These simulated attacks test a company’s ability to detect and respond to security threats.

This process is of course…

Source…

Tag Archive for: Dozens