Tag: Huge | SpinSafe

Hackers are threatening to publish a huge stolen sanctions and financial crimes watchlist

April 18, 2024/in Computer Security

A financially motivated criminal hacking group says it has stolen a confidential database containing millions of records that companies use for screening potential customers for links to sanctions and financial crime.

The hackers, which call themselves GhostR, said they stole 5.3 million records from the World-Check screening database in March and are threatening to publish the data online.

World-Check is a screening database used for “know your customer” checks (or KYC), allowing companies to determine if prospective customers are high risk or potential criminals, such as people with links to money laundering or who are under government sanctions. The hackers told TechCrunch that they stole the data from a Singapore-based firm with access to the World-Check database, but did not name the firm.

A portion of the stolen data, which the hackers shared with TechCrunch, includes individuals who were sanctioned as recently as this year.

Simon Henrick, a spokesperson for the London Stock Exchange Group, which maintains the database, told TechCrunch: “This was not a security breach of LSEG/our systems. The incident involves a third party’s data set, which includes a copy of the World-Check data file. This was illegally obtained from the third party’s system. We are liaising with the affected third party, to ensure our data is protected and ensuring that any appropriate authorities are notified.”

LSEG did not name the third-party company, but did not dispute the amount of data stolen.

The portion of stolen data seen by TechCrunch contains records on thousands of people, including current and former government officials, diplomats, and private companies whose leaders are considered “politically exposed people,” who are at a higher risk of involvement in corruption or bribery. The list also contains individuals accused of involvement in organized crime, suspected terrorists, intelligence operatives and a European spyware vendor.

The data varies by record. The database contains names, passport numbers, Social Security numbers, online crypto account identifiers and bank account numbers, and more.

World-Check is currently owned by the London Stock Exchange Group following…

Source…

Ransomware attack hits top chipmaker Nexperia, huge hoard of data set to be leaked

April 16, 2024/in Internet Security

Top chipmaker Nexperia suffered a ransomware attack last month which saw threat actors get away with a terabyte of sensitive corporate data.

“Nexperia has become aware that an unauthorized third party accessed certain Nexperia IT servers in March 2024,” the company said in a statement shared with BleepingComputer. “We promptly took action and disconnected the affected systems from the internet to contain the incident and implemented extensive mitigation.”

The company later brought in third-party security experts to determine the nature and the scope of the incident, and took “strong measures” to terminate the unauthorized access.

Dark Angels

In the meantime, a threat actor calling itself Dunghill Leak assumed responsibility for the attack, claiming they were in possession of a terabyte of confidential data. To prove its claims, the group shared a sample, which included microscope scans of electronic components, employee passports, non-disclosure agreements, and other information.

The group is now demanding an unknown ransom payment, and if Nexperia declines, they will allegedly leak:

371 GB of design and product data, including QC, NDAs, trade secrets, technical specifications, confidential schematics, and production instructions.
246 GB of engineering data, including internal studies and manufacturing technologies.
96 GB of commercial and marketing data, including pricing and marketing analysis.
41.5 GB of corporate data, including HR, employee personal details, passports, NDAs, etc.
109 GB of client and user data, including brands such as SpaceX, IBM, Apple, and Huawei.
121.1 GB of various files and miscellaneous data, including email storage files.

Nexperia is a subsidiary of Wingtech Technology, a major Chinese chipmaker that operates plants in Germany and the UK. It builds transistors, diodes, MOSFETs, and logic divides, it was said. Its annual revenue exceeds $2 billion.

In its writeup, BleepingComputer claims the Dunghill Leak site is linked to the Dark Angels ransomware group.

More from TechRadar Pro

Source…

Ukraine faces second day of huge phone and internet outage after suspected Russian cyberattack

December 16, 2023/in Computer Security

Ukraine on Wednesday entered the second day of limited communications after its largest mobile phone and internet provider was hit by a huge cyberattack, Ukrainian officials and the internet provider said Wednesday.

The company, Kyivstar, shut down all mobile and internet service Tuesday after experiencing what its CEO said was a Russian cyberattack.

The Kyivstar hack is one of the biggest cyberattacks on the civilian telecommunications industry in history, and one of the most influential of the Russia-Ukraine war. Kyivstar’s website is still inaccessible, but an archived version of it from November said it has more than 25 million customers nationwide, more than half the country’s population.

Kyivstar announced Wednesday it had begun to restore service, but Kentik, a company that tracks global internet connectivity, said Kyivstar was operating at a fraction of its normal traffic levels.

In addition to cutting off communications for millions of Ukrainians, the Kyivstar attack resulted in other critical services shutting down.

The head of Kyiv’s Regional Military Administration, Ruslan Kravchenko, said on Telegram that the outage disrupted air alert systems in multiple cities, forcing authorities to use backup alarms. Russia launched a missile attack Wednesday morning, Kyiv’s mayor said on his Telegram channel, resulting in 53 people being injured and 20 being hospitalized.

Ukraine’s largest bank, PrivatBank, announced that a lack of functioning internet connection had resulted in some ATMs and point-of-sale terminals not working.

In the city of Liviv, which uses internet-connected smart streetlights, the Kyivstar outage meant that the lights had to be disconnected manually, the City Council said on its website.

Ukrainian authorities, including communications officials and representatives from the Security Service of Ukraine, indicated in emailed statements Wednesday that the culprit was a unit within Russian military intelligence, the GRU, that Western governments and cybersecurity researchers have said is responsible for previous destructive attacks on Ukrainian infrastructure. Russia’s Ministry of Foreign Affairs didn’t respond to a request for comment.

Both the Security…

Source…

Update WinRAR right now to avoid a huge security exploit

October 19, 2023/in Computer Security

WinRAR, one of the most popular compression software options available on the planet, is currently at risk of a huge exploit. The app has been around for years, and while many have downloaded it, most probably don’t keep it updated to the latest version, as they only open it when compressing or uncompressing files.

If you use WinRAR, though, it’s recommended that you update it immediately to the latest version of the available software, as government-backed hackers in China and Russia have exploited a known vulnerability in outdated versions of the app. With over 500 million users, the pool of available victims for bad actors is massive.

Google’s Threat Analysis Group (TAG) revealed this week that it has observed a number of government-backed hacking campaigns that utilize the bug as far back as early 2023. Organizations and users running the popular compression software should update it immediately to avoid these issues, as the WinRAR exploit exists in all versions prior to version 6.23.

computer hack — A computer screen with a warning sign is shown. Image source: WhataWin/Adobe

“The cybercriminals are exploiting a vulnerability that allows them to spoof file extensions,” Andrey Polovinkin, a malware analyst with Group-IB shared in a blog post back in August. “They are able to hide the launch of malicious script within an archive masquerading as a ‘.jpg’, ‘.txt’, or any other file format.”

This is a huge issue and one that users will want to rectify immediately by updating WinRAR. WinRAR also shared a note when it released the latest version, thanking Group-IB and the Zero Day Initiative for making them aware of this long-standing vulnerability so that they could patch it.

Most users don’t update their software as regularly as updates are released, and while it isn’t always the case, this latest WinRAR exploit is a great reminder of why you should always make sure to update software, even if you don’t use it outside of very specific points. We’ve seen several new…

Source…

Tag Archive for: Huge

Tech. Entertainment. Science. Your inbox.