Tag Archive for: Hacks

data breaches and leaks, new hacks & more

/in


Jak Connor | Aug 12, 2023 3:15 AM CDT

A Microsoft cloud breach that resulted in China state-backed hackers breaking into U.S. government emails has led the Cyber Security Review Board to launch an investigation.

Microsoft vulnerability causes government emails to be hacked, officials launch investigation 48

The Cyber Security Review Board (CSRB) announced on Friday that its investigation will look into cloud-based identity and authentication infrastructure, which will lead to a wider review of all potential and current problems.

This investigation was launched following U.S. government official email accounts being infiltrated by China state-backed hackers that gained access to U.S. Commerce Secretary Gina Raimondo’s inbox, several other officials at the U.S. State Department, and officials at a few different government agencies.

Continue reading: Microsoft vulnerability causes government emails to be hacked, officials launch investigation (full post)

Jak Connor | Aug 1, 2023 3:34 AM CDT

US officials have claimed they have discovered what they suspect is Chinese malware designed to perform a specific task.

US military detects hidden Chinese malware on multiple systems that has an unusual intent 21451

A new report from The New York Times has revealed that US officials have found Chinese malware across several military systems and that this malware isn’t like the typical Chinese malware as it has a specific purpose – to disrupt. According to the report from the NYT, the malware isn’t designed for surveillance, which is the typical form of malware that’s discovered on US military and government systems.

Experts claim the recently discovered malware is simply to disrupt US military and civilian operations, and according to National Security Agency deputy director George Barnes, “China is steadfast and determined to penetrate our governments, our companies, our critical infrastructure.” Notably, Rob Joyce, the director of cybersecurity at the NSA, said last month that the capabilities of the malware are “really disturbing” as it’s able to shut off water and power and disable communications for both military bases and civilians.

Continue reading: US military detects hidden Chinese malware on multiple systems that has an unusual intent (full post)

Kosta Andreadis | Jul 11, 2023 1:28 AM CDT

It’s a common belief that DRM in PC game releases, specifically the popular Denuvo Anti-Tamper…

Source…

Hacks And Data Leaks – Cyber Defense Magazine

/in


How to protect businesses from cyberattacks

By Sergey Ozhegov, CEO, SearchInform

Hacks and data leaks: how to protect businesses from cyberattacks

Hardly a week goes by without a hack or data breach incident occurrence. Quite often, large organizations, such as banks, state bodies and corporations become attacked, despite the fact that they are well-sponsored and their employees are usually quite well informed in the information security related issues. Thus, even large enterprises are often incapable of protection against cyber threats. So, the questions arises – what should executives of SMEs, which information security budget is much smaller do? The SearchInform CEO shares advice on how to strengthen an organization’s information security protection.

SMEs are in the focus

Owners of small businesses quite often don’t take cyber security issues seriously, because they believe that intruders aren’t interested in their companies due to their small size. Such approach leads to serious consequences, as it turns small businesses into perfect and vulnerable target.

One of the core risk is critical data leak. Such data includes, but isn’t limited to:

  • Client database
  • Critical data on some business processes
  • Commercial data on business deals etc.

Businesses should also take data privacy laws seriously. There is a global trend of adoption of various acts, aimed at regulation of data-related processes. The new regulations, coming into force worldwide motivate companies to implement specific protective software. The consequences of such norms ignorance become more and more serious. For instance, in case a company doesn’t comply with a regulator’s requirements, it has to pay fines, which, in turn, are also permanently increased.

The main problem is that implementation of information security measures requires significant financial expenditures and takes time. Nevertheless, law requirements and data leak risks must not be ignored anyway. That is why it is strictly important to address risks properly and deal at least with main vulnerabilities and security “holes”.

First of all, let’s identify where to expect threats to occur.

Who poses a threat to your organization’s…

Source…

Ransomware criminals are dumping kids’ private files online after school hacks

/in


The confidential documents stolen from schools and dumped online by ransomware gangs are raw, intimate and graphic. They describe student sexual assaults, psychiatric hospitalizations, abusive parents, truancy — even suicide attempts.

“Please do something,” begged a student in one leaked file, recalling the trauma of continually bumping into an ex-abuser at a school in Minneapolis. Other victims talked about wetting the bed or crying themselves to sleep.

Complete sexual assault case folios containing these details were among more than 300,000 files dumped online in March after the 36,000-student Minneapolis Public Schools refused to pay a $1 million ransom. Other exposed data included medical records, discrimination complaints, Social Security numbers and contact information of district employees.

Rich in digitized data, the nation’s schools are prime targets for far-flung criminal hackers, who are assiduously locating and scooping up sensitive files that not long ago were committed to paper in locked cabinets. “In this case, everybody has a key,” said cybersecurity expert Ian Coldwater, whose son attends a Minneapolis high school.

Often strapped for cash, districts are grossly ill-equipped not just to defend themselves but to respond diligently and transparently when attacked, especially as they struggle to help kids catch up from the pandemic and grapple with shrinking budgets.

Months after the Minneapolis attack, administrators have not delivered on their promise to inform individual victims. Unlike for hospitals, no federal law exists to require this notification from schools.

The Associated Press reached families of six students whose sexual assault case files were exposed. The message from a reporter was the first time anyone had alerted them.

“Truth is, they didn’t notify us about anything,” said a mother whose son’s case file has 80 documents.

Even when schools catch a ransomware attack in progress, the data are typically already gone. That was what Los Angeles Unified School District did last Labor Day weekend, only to see the private paperwork of more than 1,900 former students — including psychological evaluations and medical records — leaked online….

Source…

5 Hacks by Dallas Ransomware Attackers

/in


Federal intelligence agencies say that Royal, a Russia-based hacking group, has pulled off more than a dozen ransomware attacks since February. During these attacks, the hackers will infiltrate computer systems of schools, hospitals or municipalities, and lock up all the data until a ransom is paid.

Royal is behind the recent ransomware attack against the city of Dallas. The hack has disrupted services across the board. But the group was busy before this most recent attack, both in and out of Dallas, targeting governments and organizations.

Simon Taylor, founder and CEO of the data backup company HYCU, told the Observer that it’s not a matter of if a ransomware attack will happen, but when, and that local governments should be prepared. “We’re seeing this more and more often. These cities and municipalities are being targeted by ransomware terrorists,” Taylor said. “The severity of an attack like this can be really really extreme.”

Silverstone Circuit
One of the higher-profile attacks was launched last November. When Royal pulls off a hack, the group posts about it on its blog. On Nov. 8, 2022, the group announced that it hacked Silverstone Circuit, one of the most popular racing circuits in the United Kingdom, according to techcrunch.com.

“The end of the the Second World War had left Britain with no major racetrack but plenty of airfields,” the group wrote in its post about the Silverstone Circuit hack. “On Oct. 2, 1948, the Royal Automobile Club hosted the first British Grand Prix at Silverstone, a former RAF base. An estimated 100,000 people flocked to see Luigi Villoresi beat 22 others in his Maserati [on a track] marked by bales, ropes and canvas barriers. Silverstone racing history has begun.”

The group also posted the number of employees in the circuit, 89, and its revenue, $57 million. Another attack, this time in Dallas, would come the same month.

Dallas Central Appraisal District
A Nov. 8, 2022, attack took down the systems, servers, email and website of the Dallas Central Appraisal District (DCAD). The agency is responsible for appraising Dallas County properties for tax purposes. It said at the time that staff was working around the clock to restore…

Source…