Tag Archive for: Posts

Security Firm Unciphered Posts a Video Showing a Hack of Trezor T Wallet – 24/7 Wall St.


Investing

Unciphered, a cybersecurity firm specializing in cryptocurrency recovery, posted a video in which it claims to be able to extract the seed phrase from Satoshi Labs’ Trezor T hardware wallet. The hack, however, requires both the physical possession of the wallet and specialized equipment.

Unciphered Showcases New Vulnerability of Trezor T Hardware Wallet

This Wednesday, a cybersecurity firm called Unciphered posted a video in which it claims to showcase a successful hack of Satoshi Labs’ Trezor T wallet. In the video, the company dismantles the hardware before successfully extracting the mnemonic seed phrase.

Unciphered also claims that there is no way to fix the vulnerability used for the hack other than a recall of all Trezor T wallets. The hack, however, requires the physical possession of the hardware wallet, as well as a set of specialized tools.

The demonstration sparked some speculation that Unciphered merely rediscovered a vulnerability that has been known for years, but the company denied it stating that said issue was patched in 2019. According to the firm, the vulnerability, as well as the method to exploit it have been developed “in-house”.

Hardware Wallet Security Increasingly In Question

Considering that they are designed to keep cryptocurrencies and access codes away from the internet—and, by extension, away from would-be thieves—hardware wallets have long been considered among the safest ways to store digital assets. This reputation even saw them surge in popularity as investors fled from major centralized cryptocurrency firms in the immediate aftermath of the collapse of FTX.

Recent weeks have, however, put a dent in hardware wallets’ reputation for safety. The most high-profile event that caused the new trend has been the announcement of Ledger’s new feature—Ledger Recover. The new feature coming from one of the largest hardware wallet companies sparked fears that they may ultimately have critical vulnerabilities and enable thieves to access investors’ cryptocurrency.

The…

Source…

Tolland Posts Updated Meeting Rules Policy After Recent Hack


March 27, 2023

After a debrief with staff related to last Thursday’s meeting and a careful review of the best security practices, we feel ready to continue with our standard hybrid format for our town meetings when appropriate.We are compiling a list of best practices and some resources for training for meeting hosts. While it is impossible to stop all types of sophisticated IT attacks, we feel confident we can defend the type of attack we endured last week. We are thankful for those who have assisted us in this effort.On Friday we worked with CSP Trooper’s to continue their investigation with the assistance of the CSP Computer Crimes detectives, their investigation is ongoing.


This press release was produced by the Town of Tolland. The views expressed here are the author’s own.

Source…

Has Amazon’s Ring Been Hacked? Ransomware Gang Posts Data Leak Threat


A ransomware group known as ALPHV claims to have breached the doorbell and security camera company, threatening to publish Ring’s data.

The ALPHV ransomware gang, known to be behind a spate of BlackCat ransomware attacks and operating a ransomware-as-a-service operation, has claimed to have successfully breached Ring, the Amazon owned doorbell and security camera company.

As first reported by Vice, the ransomware group website has published a threat, next to the Ring company logo, to “leak your data.” The group behind the BlackCat ransomware malware has created a searchable database of victims who do not pay, accessible by affiliate groups.

VX-Underground, one of the largest online collections of malware source code, has confirmed in a 13 March tweet that the claim has been published by ALPHV.

Currently, it is not known what, if any, data has been breached by ALPHV. Therefore, there is no advice for Ring users as to what they should do at this time. Ring devices support end-to-end encryption (E2EE) in most countries, and if enabled, means that neither Amazon nor law enforcement, or ransomware groups for that matter, could access uploaded footage. However, if this ransomware attack proves to be confirmed, it is possible that the cybercriminals have exfiltrated corporate or customer data rather than video.

I have reached out to both Amazon and Ring for a statement, and a Ring spokesperson told me this morning, that: “We currently have no indications that Ring has experienced a ransomware event.”

This story is still developing, however, and if that statement evolves I will update this article in due course. Meanwhile, Vice reports that an internal Amazon Slack channel, updated following the publication of its story, warned: “Do not discuss anything about this. The right security teams are engaged.” It is those security teams that have likely determined, at least for now, that ALPHV has not perpetrated a successful BlackCat ransomware deployment.

MORE FROM FORBESWhy You Should Stop Using LastPass After New Hack Method Update
Follow me on Twitter or LinkedInCheck out my website or some of my other work 

Source…

Ransomware group posts nude photos of cancer patients online – New York Daily News


A ransomware gang with Russian ties is accused of posting nude photos of cancer patients online after a Pennsylvania health care group declined to meet its demands.

Lehigh Valley Health Network called the cyberattack an “unconscionable criminal act” that exploits patients undergoing treatment for cancer, according to Lehigh Valley Live.

On Sunday, a Twitter feed that tracks malware said the hacker group ALPHV, also known as BlackCat, was “exploiting and sexualizing breast cancer.”

The tweet included a note, seemingly from ALPHV, telling the health care provider that its patients’ “passports, personal data, questionnaires, nude photos and the like” had been stolen. The hacker group said it was prepared to publish these materials online, and warned such a disclosure would “cause significant damage to [the provider’s] business.”

Lehigh Valley Health Network announced Thursday that it is building a new hospital in Carbon County.

In a statement, Lehigh Valley Health Network said the information hacked from its systems included a trio of screenshots containing clinically appropriate images of patients undergoing radiation oncology treatment at a facility in Scranton, Pa. The breach also reportedly included seven documents with personal information about patients.

It’s unclear how much money ALPHV was demanding. The organization is reportedly known to have asked for payments of up to $1.5 million.

Lehigh Valley Health Network said last month it experienced a cyberattack that did not interrupt operations, but warned the incursion targeted images like the ones published over the weekend. Law enforcement was made aware of the situation.

ALPHV is said to target health care and academic institutions.

Georgia station WMAZ reported Monday that a Houston County-based health care group that treats 300,000 patients a year was targeted by a ransomware attack last week, causing the health care workers to implement “back up processes.”

Further details of that attack have not been made public.

Source…