A summary of news and events that happened this week with ransomware, data breaches, rapid response security, etc.
Chatgpt Triumphantly Returns To Italy After ……
Tech businesses and regulatory authorities must communicate and cooperate to resolve ChatGPT’s prohibition in Italy quickly. Innovation and consumer privacy must be balanced as AI enters our daily lives. OpenAI’s dedication to privacy and security shows a potential future that prioritizes user trust and collaboration. The ChatGPT narrative in Italy shows how cutting-edge technology and careful management may create a brighter, safer future for AI and its users in this changing setting. Read more.
Ukrainian Government Targeted with Fake Windows Update
Russian hackers are sending Ukrainian government entities fraudulent emails about upgrading Windows to prevent cyberattacks. According to CERT-UA, Russian state-sponsored hacking group APT28 (aka Fancy Bear) sent these emails and impersonated government system administrators. The attackers created @outlook.com emails using employee IDs. Malicious emails suggest PowerShell commands instead of Windows upgrades. This command downloads a PowerShell script and another payload in the background to impersonate a Windows update. Read more.
T-Mobile Data Breach, The Second ……
In its ninth data breach since 2018, T-Mobile US Inc. affected 1,000 subscribers instead of 37 million. March’s incident affected 836 customers. According to T-Mobile’s April 28 letter to affected customers, a bad actor accessed a small number of consumers’ data between late February and March. Full names, contact information, accounts, phone numbers, T-Mobile account PINs, Social Security numbers, government IDs, dates of birth, balance due, and T-Mobile service codes were stolen. Calls and finances were untouched. T-Mobile reset PINs and provided two years of free credit monitoring and identity theft services. In these circumstances, T-Mobile usually contacts law authorities and hires a third-party forensics firm. Read more.
Apple Puts First Rapid Security Response ……
Apple introduced iPhone, iPad, and Mac “Rapid Security Response” (RSR) updates during WWDC last year. The first system patch was issued recently. The patch installation initially said every iPhone was offline. The update was installed on available devices in 30 seconds once the installation process smoothed down. Security patches are added between major system upgrades in the RSR system to make security updates easier. Some devices can install these without rebooting. Users can also disable these updates or uninstall them if they cause problems. Read more.
Hackers Take Advantage Of TBK DVR Camera ……
Fortinet experts found TBK’s DVR camera system’s five-year-old vulnerability (CVE-2018-9995) exploited in April 2023. Camera error handling a malicious HTTP cookie triggers the high severity bug. Remote attackers can bypass authentication and get administrator privileges, allowing camera video stream access. Fortinet reported more than 50,000 attempted assaults on these devices with unique IPS detections last month in an Outbreak Alert published Monday. The company advises the cybersecurity industry on problems that potentially affect several enterprises. The notification was issued because the 2018 vulnerability may not have a patch. Read more.
PornHub Blocked In Utah State Due To SB287 …….
Pornhub has blocked Utah due to its age-verification requirement. Visitors to pornographic websites must show ID. The latest U.S. law began with Louisiana’s Act 440 on January 1, 2023. After that, Utah passed SB 287(opens in a new tab), requiring AVSs on websites with a lot of child-harming content. The Free Speech Coalition, a porn industry lobbying group, says SB 287 will take effect on May 3. Utah was previously blocked from Pornhub. FOX13 reported a 403 error and a Pornhub message. Read more.
FBI Uncovers 9 Crypto Exchanges In Ransomware Laundering
The FBI and Ukrainian authorities shut down nine “crypto exchanges” that laundered money for ransomware groups and cyber criminals in a dangerous operation. The audacious action is part of a coordinated effort to disrupt and destroy cybercriminals’ digital infrastructure. These unlawful exchanges allowed users to convert cryptocurrency into harder-to-track coinage, obfuscating the money trail and helping criminals to launder their money. Many of the shutdown sites provided live Russian and English support to various online criminal communities. According to the FBI, noncompliant virtual currency exchanges are crucial nodes in the cybercrime ecosystem and violate Title 18 Sections 1960 and 1956. Read more.
Level Finance Crypto Exchange Hacked, After Two Security Audits
In a dangerous operation, the FBI and Ukrainian authorities shut down nine “crypto exchanges” that laundered money for ransomware groups and cybercriminals. The bold move is part of a coordinated effort to disrupt and destroy fraudsters’ digital infrastructure. These illegal exchanges allowed users to shift cryptocurrency into coins that are harder to monitor, obfuscating the money trail and allowing criminals to launder their illicit riches. A number of online criminal communities used many of the sites that were shut down, which provided live Russian and English support. The FBI’s announcement states that noncompliant virtual currency exchanges are crucial nodes in the cybercrime ecosystem and violate Sections 1960 and 1956 of Title 18. Read more.
Dallas City Hit By Ransomware Assault Affects 2.6 Million People
Dallas City officials confirmed a ransomware attack on Dallas Police and other city agency servers on Wednesday. After the city’s security monitoring technologies detected a possible ransomware attack on multiple local computers, the DPD website was taken offline early Wednesday. Website operations resumed at 2:00 p.m. In an email, city spokesman Jenna Carpenter said the city and its contractors are attempting to isolate the ransomware, remove it from afflicted systems, and restore affected services. Carpenter advised Dallas residents to call 311 or 911 if city services are disrupted. CBS11 reported Wednesday afternoon that DPD’s CAD system failed. The station reported that dispatchers had to hand transcribe field cop commands. Police can only reply via phones and radios. Read more.
US Government Disengages Try2check Platform On The Dark Web
The US released a four-count indictment against the accused Russian operator of a prominent cybercrime service and declared victory. Cybercriminals used Try2Check to verify stolen cards they bought on dark web marketplaces. Since 2005, the site has handled tens of millions of cards and funded carding stores like Joker’s Stash, which generate hundreds of millions of dollars. Hackers Hacked as Underground Carding Site is Breached details these underground locations. Card transactions flooded the site. The website purportedly performed 17 million checks in the first 13 months starting in September 2021. Read more.
Meta Unravels Social Media Cyber Espionage Operations In South Asia
Meta reported on Wednesday that Pakistani government hackers had infected Indian and Pakistani military personnel’s personal devices with malware concealed in malicious apps and websites. Meta’s quarterly adversarial threat report includes this assault. The other two APT programs (Bahamut and Patchwork) appear to be intelligence collection. The organization did not name the Pakistani ensemble. Each of the three attacks “relied heavily on social engineering,” with hackers creating “elaborate fictitious personas with backstops across the internet” to deceive their victims and any platforms or researchers investigating. Meta stated that some accounts were disguised as recruiters, journalists, or military officials, while the Pakistan-based gang lured ladies hoping for love. Read more.
Google Implements Passkeys For Secured Sign-in To Google Accounts
Google used passwordless authentication for its accounts to improve internet security and eliminate the risks of weak passwords. Passwordless authentication is part of a multiyear effort to improve internet security and protect consumers from assaults. Passkeys employ physical keys or smartphones to authenticate users, making them more secure and handy than passwords. Passwordless authentication has uses beyond Google accounts. This online security solution may interest corporations and governments. As more organizations and individuals embrace passwordless authentication, the online community will be safer against weak passwords. Read more.
Cisco Issues Urgent Security Warning For End-of-Life Phone Adapters
Google used passwordless authentication for its accounts to improve internet security and eliminate the risks of weak passwords. Passwordless authentication is part of a multiyear effort to improve internet security and protect consumers from assaults. Passkeys employ physical keys or smartphones to authenticate users, making them more secure and handy than passwords. Passwordless authentication has uses beyond Google accounts. This online security solution may interest corporations and governments. As more organizations and individuals embrace passwordless authentication, the online community will be safer against weak passwords. Read more.
Constellation Struck By Ransomware Attack, ALPHV Lays Claim
Canadian software company hacked. Toronto-based Constellation Software Inc. disclosed a cyber-security problem affecting several IT infrastructure systems on Wednesday. Personal data was breached minimally. Constellation business partners lost minimal data. Constellation’s operating groups and companies directly contact such persons and commercial partners.” British Columbia Emsisoft threat analyst Brett Callow tweeted that AlphV ransomware targeted Constellation. The letter claims we’ve been on your network for a time and can evaluate your business. Stealing 1TB. If you reject the agreement, we will reveal your data. Constellation Software buys and builds software companies. It employs 25,000 people and generates US$4 billion. Read more.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.