The Record is reporting Europol takes down VPNLab, a service used by ransomware gangs. An international law enforcement operation has seized the servers of VPNLab.net, a virtual private network provider that advertised its services on the criminal underground and catered to various cybercrime groups, including ransomware gangs. Europol said it seized 15 servers operated by the VPNLab team in Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the US, and the UK. VPNLab had been around since 2008, was built around the OpenVPN technology, used 2048-bit encryption, and offered double VPN anonymized connections for as little as…
ISBuzz Team
In a report released by Citizen Lab today, researchers analyzed the ‘My 2022’ Beijing Winter Olympics app and discovered the app is insecure when it comes to protecting the sensitive data of its users. The app’s encryption system carries a significant flaw that enables middle-men to access documents, audio and files in clear text form. Researchers found that the ‘My 2022’ app, which is required for all athletes, members of the press and the audience to have installed, is subject to censorship based on keywords and has an unclear privacy policy that doesn’t determine who receives and processes sensitive data,…
Italian luxury fashion giant Moncler confirmed that they suffered a data breach after files were stolen by the AlphV/BlackCat ransomware operation in December and published today on the dark web. The attack unfolded in the final week of 2021 when the luxury fashion brand announced an interruption in its IT services but assured that the attack would result in nothing more than a temporary outage. Ten days after that, the company released an update on the situation, reactivating its logistic systems and prioritizing e-commerce shipments that had been delayed in shipping. Today, in a statement shared with Bleeping Computer, Moncler confirmed that some data related…
In a blog published Saturday, Microsoft says it has discovered a destructive malware being used to corrupt systems of multiple organizations in Ukraine. Microsoft Threat Intelligence Center (MSTIC) first discovered the ransomware-like malware on January 13. In response to this blog, an expert with Gurucul has offered perspective.
The FCC has proposed more rigorous data breach reporting requirements for telecom carriers in response to breaches that recently hit the telecommunications industry. On Wednesday, Chairwoman Jessica Rosenworcel shared the proposal in the form of a Notice of Proposed Rulemaking (NPRM), the first step in changing the FCC’s rules for alerting federal agencies and customers of data breaches. “Customers deserve to be protected against the increase in frequency, sophistication, and scale of these data leaks, and the consequences that can last years after an exposure of personal information,” Chairwoman Rosenworcel said.
Ukrainian government websites were hit by cyber attacks over the weekend. According to this Reuters article, the Ukraine suspects UNC1151 (a group linked to Belarus intelligence) to be tied to this activity.
It has been reported that some UK banks are letting their customers down with poor authentication and web security issues, according to a consumer rights group. Which? once again teamed up with independent security consultants 6point6 to appraise the “front-end” security of 15 current account providers. It looked at four criteria: encryption and protection, login, account management and navigation.
It has been reported that sensitive data including COVID-19 vaccination statuses, social security numbers and email addresses have been exposed due to weak default configurations for Microsoft Power Apps, according to Upguard. Upguard Research disclosed multiple data leaks exposing 38 million data records via Microsoft Power Apps portals configured to allow public access. The data leaks impacted American Airlines, Microsoft, J.B. Hunt and governments of Indiana, Maryland and New York City. Upguard first discovered the issue involving the ODdata API for a Power Apps portal on May 24 and submitted a vulnerability report to Microsoft June 24.
It has been reported that Maryland officials confirmed on Wednesday that state’s Department of Health is dealing with a devastating ransomware attack, which has left hospitals struggling amid a surge of COVID-19 cases. In a statement released on Wednesday, Maryland Chief Information Security Officer Chip Stewart said the attack began on December 4 and crippled their systems.
A 19-year-old claims to have hacked into more than 25 Tesla cars in 13 countries, saying in a series of tweets that a software flaw allowed him to access the EV pioneer’s systems. David Colombo, a self-described information technology specialist, tweeted Tuesday that the software flaw allows him to unlock doors and windows, start the cars without keys and disable their security systems. Colombo noted that he could not drive the cars remotely. Colombo also claimed he can see if a driver is present in the car: https://www.bloomberg.com/news/articles/2022-01-12/teen-hacker-claims-to-have-taken-control-of-25-teslas-worldwide