Tag Archive for: feds

9 Years After the Mt. Gox Hack, Feds Indict Alleged Culprits

/in


Apple’s Worldwide Developer’s Conference this week included an array of announcements about operating system releases and, of course, the company’s anticipated mixed-reality headset, Vision Pro. Apple also announced that it is expanding on-device nudity detection for children’s accounts as part of its efforts to combat the creation and distribution of child sexual abuse material. The company also debuted more flexible nudity detection for adults.

Internal documents obtained by WIRED revealed new details this week about how the imageboard platform 4chan does, and does not, moderate content—resulting in a violent and bigoted morass. Researchers like a group at the University of Texas, Austin, are increasingly developing support resources and clinics that institutions like local governments and small businesses can lean on for critical cybersecurity advice and assistance. Meanwhile, cybercriminals are expanding their use of artificial intelligence tools to generate content for scams, but defenders are also incorporating AI into their detection strategies.

New insight from North Korean defectors illustrates the fraught digital landscape within the reclusive nation. Surveillance, censorship, and monitoring are rampant for North Koreans who can get online, and millions of others have no digital access. And research released this week from the internet infrastructure company Cloudflare sheds light on the digital threats facing participants in the company’s Project Galileo program, which provides free protections to civil society and human rights organizations around the world.

And there’s more. Each week we round up the security stories we didn’t cover in depth ourselves. Click on the headlines to read the full stories. And stay safe out there.

The US Department of Justice on Friday indicted two Russian men, Alexey Bilyuchenko and Aleksandr Verner, for the 650,000-bitcoin hack of Mt. Gox. The two appear to have been charged in absentia while evading arrest in Russia—unlike one of their alleged accomplices, Alexander Vinnik, who was previously convicted in 2020.

Bilyuchenko and Verner are accused of breaching Mt. Gox in 2011, in the earliest days of that original bitcoin exchange’s…

Source…

Illumina, Feds Say Genetic Testing Gear at Risk of Hacking

/in


Endpoint Security
,
Healthcare
,
Industry Specific

Feds Warn of Vulnerabilities Affecting Illumina’s Universal Copy Service Software

Marianne Kolbasuk McGee (HealthInfoSec) •
April 27, 2023    

Illumina, Feds Say Genetic Testing Gear at Risk of Hacking
Flaws in Illumina’s Universal Copy Service software could allow hackers to take over certain genetic testing gear, warn federal authorities. (Image: Illumina)

Federal authorities are warning that hackers could take over genetic testing devices manufactured by Illumina, although neither the manufacturer nor the Food and Drug Administration has received reports of attacks.

See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources

The FDA said the vulnerabilities affect Illumina’s proprietary Universal Copy Service software. Illumina posted a list of affected devices.

In a separate Thursday alert, the Cybersecurity and Infrastructure Security Agency warned that a remote code execution bug tracked as CVE-2023-1966 allows hackers to “change settings, configurations, software, or access sensitive data.”

Another, CVE-2023-1968, allows attackers to use UCS to listen on all IP addresses in a network, including those capable of accepting remote communications.

Alex Aravanis, Illumina chief technology officer, in a post Thursday on LinkedIn said that upon identifying the vulnerabilities, “our team worked diligently to develop mitigations to protect our instruments and customers.”

The company is providing customers with “a simple software update at no cost, requiring little to no downtime for most” to address the issues, he said.

Besides the software updates, CISA also recommended users take “defensive measures” to…

Source…

Feds to Microsoft: Clean up your security act — or else

/in


The US government, worried about the continuing growth of cybercrime, ransomware, and countries including Russia, Iran, and North Korea hacking into government and private networks, is in the middle of drastically changing its cybersecurity strategy. No longer will it rely largely on prodding businesses and tech companies to voluntarily take basic security measures such as patching vulnerable systems to keep them updated.

Instead, it now wants to establish baseline security requirements for businesses and tech companies and to fine those that don’t comply.

It’s not just companies that use the systems who might eventually need to abide by the regulations. Companies that make and sell them, such as Microsoft, Apple, and others could be held accountable as well. Early indications are that the feds already have Microsoft in their crosshairs — they’ve warned the company that, at the moment, it doesn’t appear to be up to the task.

First, let’s delve into the government’s emerging strategy.

The new National Cybersecurity Strategy

In early March, the Biden Administration released a new National Cybersecurity Strategy; it puts more responsibility on private industry and tech firms to follow best security practices such as patching systems to fight newly found vulnerabilities and using multifactor authentication whenever possible.

US regulators have long recommended that tech companies do this. The difference now, according to the New York Times, is that “the new National Cybersecurity Strategy concludes that such good-faith efforts are helpful but insufficient in a world of constant attempts by sophisticated hackers, often backed by Russia, China, Iran or North Korea, to get into critical government and private networks. Instead, companies must be required to meet minimum cybersecurity standards.”

Source…

Data management company to pay $3 million in settlement with feds over 2020 ransomware disclosures

/in


Blackbaud Inc., which sells donor data management software to nonprofits, agreed Thursday to pay the Securities and Exchange Commission $3 million in a settlement regarding disclosures of a 2020 ransomware attack.

The SEC charged that Blackbaud violated federal law in making misleading disclosures that failed to mention the full extent of customer information seized in the cyberattack. Part of that failure stemmed from company personnel neglecting to inform upper management that sensitive data had been taken.

On May 14, 2020, Blackbaud discovered that someone had been accessing their internal systems without authorization since as early as February 2020, and found messages from the perpetrator saying that customer data had been taken from the system. 

The attacker demanded ransom in exchange for deleting the stolen data. A third-party vendor was hired to investigate, and to arrange communications with the attacker to eventually arrange payment of the ransom.

By July 16, 2020,

Source…