Tag Archive for: Dump

Microsoft Reveals How a Crash Dump Led to a Major Security Breach

/in


Sep 07, 2023THNCyber Attack / Email Hacking

Microsoft on Wednesday revealed that a China-based threat actor known as Storm-0558 acquired the inactive consumer signing key to forge tokens and access Outlook by compromising an engineer’s corporate account.

This enabled the adversary to access a debugging environment that contained information pertaining to a crash of the consumer signing system and steal the key. The system crash took place in April 2021.

“A consumer signing system crash in April of 2021 resulted in a snapshot of the crashed process (‘crash dump’),” the Microsoft Security Response Center (MSRC) said in a post-mortem report.

“The crash dumps, which redact sensitive information, should not include the signing key. In this case, a race condition allowed the key to be present in the crash dump. The key material’s presence in the crash dump was not detected by our systems.”

The Windows maker said the crash dump was moved to a debugging environment on the internet-connected corporate network, from where Storm-0558 is suspected to have acquired the key after infiltrating the engineer’s corporate account.

Cybersecurity

It’s not currently not known if this is the exact mechanism that was adopted by the threat actor since Microsoft noted it does not have logs that offer concrete proof of the exfiltration due to its log retention policies.

Microsoft’s report further alludes to spear-phishing and the deployment of token-stealing malware, but it did not elaborate on the modus operandi of how the engineer’s account was breached in the first place, if other corporate accounts were hacked, and when it became aware of the compromise.

That said, the latest development offers insight into a series of cascading security mishaps that culminated in the signing key ending up in the hands of a skilled actor with a “high degree of technical tradecraft and operational security.”

Storm-0558 is the moniker assigned by Microsoft to a hacking group that has been linked to the breach of approximately 25 organizations using the consumer signing key and obtaining unauthorized access to Outlook Web Access (OWA) and Outlook.com.

The zero-day issue was blamed on a validation error that allowed the key to be…

Source…

Ransomware criminals dump personal information of students online after stealing files from MN school

/in


The confidential documents stolen from schools and dumped online by ransomware gangs are raw, intimate and graphic. They describe student sexual assaults, psychiatric hospitalizations, abusive parents, truancy — even suicide attempts.

“Please do something,” begged a student in one leaked file, recalling the trauma of continually bumping into an ex-abuser at a school in Minneapolis. Other victims talked about wetting the bed or crying themselves to sleep.

Complete sexual assault case folios containing these details were among more than 300,000 files dumped online in March after the 36,000-student Minneapolis Public Schools refused to pay a $1 million ransom. Other exposed data included medical records and discrimination complaints.

Rich in digitized data, the nation’s schools are prime targets for far-flung criminal hackers, who are assiduously locating and scooping up sensitive files.

Often strapped for cash, districts are grossly ill-equipped not just to defend themselves but to respond diligently and transparently when attacked, especially as they struggle to help kids catch up from the pandemic and grapple with shrinking budgets.

Months after the Minneapolis attack, administrators have not delivered on their promise to inform individual victims. Unlike for hospitals, no federal law exists to require this notification from schools.

The Associated Press reached families of six students whose sexual assault case files were exposed. The message from a reporter was the first time anyone had alerted them.

“Truth is, they didn’t notify us about anything,” said a mother whose son’s case file has 80 documents.

US MARSHALS SERVICE ATTACKED BY RANSOMWARE TARGETING SENSITIVE LAW ENFORCEMENT INFORMATION

Even when schools catch a ransomware attack in progress, the data are typically already gone. That was what Los Angeles Unified School District did last Labor Day weekend, only to see the private paperwork of more than 1,900 former students — including psychological evaluations and medical records — leaked online. Not until February did district officials disclose the breach’s full dimensions.

The lasting legacy of school ransomware attacks, it turns out, is not in school closures,…

Source…

Hackers Behind Oakland Ransomware Attack Dump Data On City Employees

/in


The ransomware attack on the city of Oakland has gone from bad to worse: The hackers behind the assault also stole files from the city, and have begun leaking them online. 

This past weekend, the Play ransomware gang began dumping the stolen files —which span over 10GB of data— over the group’s site on the Dark Web. Play says the file dump includes “private and personal confidential data, financial information. IDs, passports, employee full info, human rights violation information.”

The gang is also warning it has more stolen data to dump, likely in an attempt to pressure the city to pay up to prevent more confidential information from leaking. “For now partially published compressed 10gb. If there no reaction full dump will be uploaded,” the Play gang wrote in their posting. 

The posting from the ransomware gang.

The posting from the ransomware gang.

The San Francisco Chronicle downloaded the data, and confirmed it contains the social security numbers, drivers’ license numbers, birth dates and home addresses of city employees —information that other cybercriminals could abuse to conduct identity theft schemes. In addition, the data dump contains records covering police misconduct allegations, scanned bank statements from the city’s accounts, and private information on the current and past city mayors. (Oakland employs about 5,000 people.) 

The city of Oakland didn’t immediately respond to a request for comment. But on Friday, the city said it was “aware” the hackers planned on dumping data allegedly stolen during the attack. 

“We are working with third-party specialists and law enforcement on this issue and are actively monitoring the unauthorized third party’s claims to investigate their validity. If we determine that any individual’s personal information is involved, we will notify those individuals in accordance with applicable law,” the city said in a statement posted over its website. 

The ransomware attack initially caused an outage last month across the city’s IT systems, including online services. According to the city’s website, Oakland is still working to restore its remaining systems. 

As for the Play ransomware gang, the group is relatively new, emerging on the…

Source…

In Response To George Floyd Killing, Minnesota Schools Dump Contracts With Minneapolis PD

/in

We can disagree (vehemently and at length) about the most effective means of societal change. But we’ve seen a blend of tactics that no one unanimously agrees are helpful or harmful, but are still pushing legislators and other government officials towards meaningful change.

Maybe we’ll never fully understand what motivates society as a whole. (And yet we live in one.) Let’s celebrate the steps forward — especially one that have occurred despite certain government officials (including our President) declaring almost any anti-government action to be stupid, criminal, and useless.

No one asked for cops in schools. At least, very few students did. Maybe some parents did. To be sure, a whole lot of school administrators did because it meant they could offload every disciplinary problem — no matter how small — to cops trained to handle serious criminal acts rather than underage acts of defiance. It made things easier for administrators who used this void they’d created in their own responsibility to enact a number of “zero tolerance” policies that relieved them of the pressure of using common sense and restraint when dealing with troublesome students. The end result was objectively awful.

Now, with law enforcement agencies having proven themselves objectively awful by badly reacting to a cop-created problem, Minnesota schools are deciding to kick cops to the curb.

The city’s public school board unanimously approved a resolution on Tuesday night that will end the district’s contract with the Minneapolis police department to use officers to provide school security. The Minneapolis superintendent said he would begin work on an alternative plan to keep the district’s more than 35,000 students safe in the coming school year.  

“We cannot continue to be in partnership with an organization that has the culture of violence and racism that the Minneapolis police department has historically demonstrated,” Nelson Inz, one of the school board members, said. “We have to stand in solidarity with our black students.

Hopefully this will spring a sizable leak in the school-to-prison pipeline, allowing the tax dollars no longer required for the receiving end to be routed to the future of America and those tasked with teaching them.

But it’s not just minors being protected from cops. It’s also a number of adults.

In a statement Wednesday evening, University of Minnesota President Joan Gabel announced changes in the school’s relationship with the Minneapolis Police Department.

U of M will no longer contract with MPD for additional law enforcement support needed for large events. This includes football games.

The school will also no longer use MPD for specialized services such as K-9 Explosive detection units.

As extraneous cop opportunities dry up, so should their funding. This will make it easier for legislators to remove police from situations where their dubious expertise has done more to harm than to help. What used to be just a libertarian fever dream is now a few steps closer to reality. Members of the Minneapolis City Council are actually considering at least a partial dismantling of the city’s police force.

Several members of the Minneapolis City Council this week have expressed support for drastic overhauls to the way the city handles law enforcement, ranging from calls to defund the department, to suggestions that social workers, medics or mental health professionals should be sent to some calls currently handled by police.

Council member Jeremiah Ellison, son of Minnesota Attorney General Keith Ellison — who is leading the case against the officers involved in Floyd’s death — took a more radical approach.

“We are going to dismantle the Minneapolis Police Department. And when we’re done, we’re not simply gonna glue it back together. We are going to dramatically rethink how we approach public safety and emergency response. It’s really past due,” Ellison wrote on Twitter Thursday.

Council President Lisa Bender joined Ellison’s call to dismantle the department.

“We are going to dismantle the Minneapolis Police Department and replace it with a transformative new model of public safety,” Bender wrote on Twitter Thursday.

The police likely won’t be disbanded, no matter who’s vowing to do what. And the Council — at this point – isn’t threatening to deprive the PD of its funding until it gets its problems sorted out. But the state’s Department of Human Rights has sued the PD, demanding a host of changes and a partial blockade on certain enforcement activities until the PD agrees to its demands for increased accountability. This is nothing new for the Minneapolis PD, which was hit with similar demands by the DOJ back in 2003. It appears the federal effort didn’t actually result in better officers so more drastic reforms are in the works.

While legislators may not be able to dismantle the PD and rebuild it from the ground up, they are taking steps to steer cops away from situations they’ve proven they can’t handle, like welfare checks and calls relating to mental health issues. Too often when cops are faced with situations they don’t completely comprehend, they respond with force, mostly of the “deadly” variety. If these reforms are pushed through, calls like these will turn EMS units and mental health professionals into first responders, giving these at-risk residents a better chance of surviving their encounter with the government.

Things are changing. This is good news. But let’s not be dismissive of all the bad news that led us to this point — including demonstrations (violent and otherwise) that demonstrated law enforcement’s inability to properly serve the public they owe their jobs to.

Techdirt.