Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label United States. Show all posts
United States
Data Breach Military Operations National Security Security Breach Signal app United States

Experts Warn Trump Officials Using Signal for War Plans Risk Massive Leaks

 

Reports that senior Trump administration officials discussed classified military operations using the encrypted texting app Signal have raised serious security concerns. Although Signal provides encryption, lawmakers and cybersecurity specialists have warned that it is still susceptible to hacking and should never be used for private government communications. 

When journalist Jeffrey Goldberg of The Atlantic was accidentally included in a Signal group discussion where senior Trump officials were discussing military operations in Yemen, the issue became apparent. Goldberg called the conversation an act of "shocking recklessness" and said it included "precise information about weapons packages, targets, and timing.” 

Mark Montgomery, senior director of the Foundation for Defence of Democracies, criticised the decision, saying, "I guess Signal is a few steps above leaving a copy of your war plan at the Chinese Embassy—but it's far below the standards required for discussing any elements of a war plan.” 

Signal has become increasingly popular in Washington despite cybersecurity concerns after Chinese-affiliated hackers significantly compromised U.S. telecommunications networks. To safeguard against spying, officials recommend using encrypted services such as Signal. Experts warn that even while the app has robust encryption and deletes messages automatically, it is not approved for use in government-level sensitive communications. 

Lawmakers call for investigation

Top Democrats have slammed the use of Signal for military discussions, describing it as a significant security breach. Bennie Thompson (D-Miss.), the ranking member of the House Homeland Security Committee, criticised the Trump administration for failing to vet group chat users. “It should go without saying that administration officials should not be using Signal for discussing intelligence matters,” Thompson noted. 

House Foreign Affairs Committee Ranking Member Gregory Meeks (D-N.Y.) has requested a hearing, calling the episode "the most astonishing breach of our national security in recent history." Ranking member of the House Intelligence Committee, Jim Himes (D-Conn.), said he was "horrified" by the usage of an insecure app. He cautioned that lower-level officials might risk criminal charges for such a failure. 

Michael Waltz, Trump's National Security Adviser, admits to organising the Signal group chat, which inadvertently included writer Jeffrey Goldberg. Waltz first blamed a staff member, but later admitted that he founded the group himself. "It is embarrassing, definitely. We're going to get to the bottom of it," he added, adding that he was engaging Elon Musk on technical matters. 

In support of Waltz, Trump described him as a "good man" who had only "learnt a lesson." "The leak was the only glitch in two months, and it turned out not to be a serious one," he said, downplaying the breach as a small mistake. But there has been a quick pushback, with lawmakers and security experts voicing serious concerns.
Read more »
User Security
Data Breach Data Leak Ransomware attack Retirement Service Firm United States User Security

Ransomware Attack on Retirement Services Firm Exposes Thousands of US School Data

 

A ransomware assault targeting retirement service firm Carruth Compliance Consulting has resulted in a data breach affecting dozens of school districts and thousands of individuals in the US. Carruth Compliance Consulting (CCC) administers retirement savings accounts for public schools and non-profit organisations.

Carruth announced on its website on January 13, 2025, that it had detected suspicious activity on its computer systems on December 21, 2024. An investigation revealed that hackers gained access to company networks between December 19 and December 26, and stole some files. 

The company claims that private information such as name, Social Security number, financial account information, and, in specific circumstances, driver's license numbers, medical billing information, W-2 information, and tax filings were among the hacked files. Free identity restoration and credit monitoring services are being provided to affected consumers. 

A relatively new ransomware organisation called Skira claimed responsibility for the Carruth attack this week, claiming to have taken about 469 gigabytes of data, including databases, source code, and the data the company had included in their customer notification. Only four additional victims are listed on Skira's Tor-based leak website as of this writing; the first victim was revealed in December 2024. 

While Carruth has not disclosed the number of impacted organisations and individuals, dozens of school districts and institutions across multiple states have confirmed in recent weeks that they have been affected by the cybersecurity issue. School districts notified state attorneys general that Carruth was unable to identify affected individuals, and each educational institution is seeking to identify current and former employees whose personal information was provided with the retirement services provider. 

To date, nine school districts in Maine have reported identifying more than 20,000 individuals affected by a data breach, as mandated by the attorney general. The Carruth data breach comes just weeks after it was revealed that hackers may have stolen the personal information of millions of students and instructors in the United States and Canada after a cyberattack on education software and services company PowerSchool.
Read more »
United States
Cyber Fraud Data Breach DOJ Phobos Ransomware United States

Two Russian Hackers Arrested for Large-Scale Ransomware Attacks

 



Authorities in the United States have charged two Russian nationals with carrying out widespread cyberattacks using Phobos ransomware. The suspects, Roman Berezhnoy (33) and Egor Nikolaevich Glebov (39), were arrested in Thailand for allegedly orchestrating more than a thousand attacks worldwide.  

Cybercriminals Behind the Phobos Ransomware Attacks 

According to the U.S. Department of Justice (DoJ), both men were actively involved in cybercrime from 2019 to 2024. They were linked to two hacking groups known as "8Base" and "Affiliate 2803," which were responsible for spreading Phobos ransomware.  

Their method of attack involved infiltrating computer networks, stealing important files, and encrypting them using ransomware. Victims were then left with no access to their own data unless they paid a ransom. If payments were not made, the attackers allegedly threatened to leak sensitive information to the public or to the organizations’ clients and partners.  

Legal Charges and Possible Consequences

The two men now face multiple serious charges, including:  

1. Fraud involving online transactions  

2. Hacking into protected systems  

3. Intentional damage to computer networks  

4. Extortion through cyber threats  

If found guilty, the penalties could be severe. Wire fraud charges alone could lead to a 20-year prison sentence, while hacking-related crimes carry additional penalties of up to 10 years.  

International Crackdown on Ransomware Operations

In a coordinated effort, Europol and other international agencies have shut down 27 servers used by the 8Base ransomware group. This action has significantly disrupted the cybercriminal network.  

Authorities also revealed that a previous arrest in Italy in 2023 helped law enforcement gather intelligence on Phobos ransomware operations. This intelligence allowed them to prevent over 400 potential cyberattacks and take down key infrastructure used by the hackers.  

What This Means for Cybersecurity

Phobos ransomware has been a major cyber threat since 2018, targeting businesses and organizations worldwide. While these arrests and crackdowns have weakened the group, it is uncertain whether this will fully eliminate their operations.  

This case highlights the growing efforts by global law enforcement agencies to combat cybercrime. Businesses and individuals are urged to remain cautious, implement strong security measures, and stay informed about evolving cyber threats.  


Read more »
United States
Data Breach Data Privacy K-12 Schools PowerSchool United States

PowerSchool Breach Compromises Student and Teacher Data From K–12 Districts

 

PowerSchool, a widely used software serving thousands of K–12 schools in the United States, has suffered a major cybersecurity breach.

The Breach has left several schools worried about the potential exposure of critical student and faculty data. With over 45 million users relying on the platform, the breach raises serious concerns about data security in the United States' educational system. 

PowerSchool is a cloud-based software platform used by several schools to manage student information, grades, attendance, and contact with parents. The breach reportedly occurred through one of its customer support portals, when fraudsters gained unauthorised access using compromised credentials. 

Magnitude of the data breach

According to PowerSchool, the leaked data consists mainly of contact details such as names and addresses. However, certain school districts' databases might have included more sensitive data, such as Social Security numbers, medical information, and other personally identifiable information.

The company has informed users that the breach did not impact any other PowerSchool products, although the exact scope of the exposure is still being assessed. 

"We have taken all appropriate steps to prevent the data involved from further unauthorised access or misuse," PowerSchool said in response to the incident, as reported by Valley News Live. “We are equipped to conduct a thorough notification process to all impacted individuals.”

Additionally, the firm has promised to keep helping law enforcement in their efforts to determine how the breach occurred and who might be accountable.

Ongoing investigation and response 

Cybersecurity experts have already begun to investigate the hack, and both PowerSchool and local authorities are attempting to determine the exact scope of the incident. 

As the investigation continues, many people are pushing for stronger security measures to protect sensitive data in the educational sector, especially as more institutions rely on cloud-based systems for day-to-day activities. 

According to Valley News Live, PowerSchool has expressed their commitment to resolving the situation, saying, "We are deeply concerned by this incident and are doing everything we can to support the affected districts and families.”
Read more »
United States
Chinese Hackers Cyber Security OFAC Telecom United States

Chinese Hackers Target U.S. Treasury Sanctions Office

 


A major cybersecurity breach has been reported against the U.S. Treasury Department, specifically its Office of Foreign Assets Control (OFAC). OFAC, which oversees trade and economic sanctions, was accessed by Chinese state-backed hackers in what officials have described as a "major incident."  

How the Attack Happened

The breach was through a vulnerability in BeyondTrust, a remote support software used by the Treasury. Hackers exploited this platform to gain unauthorized access to sensitive government systems. OFAC was their primary focus, likely because of its role in managing sanctions against foreign entities, including Chinese individuals and organizations.

OFAC was originally created in 1950 in the Korean War to block assets from China and North Korea. Today, it remains a very central part of U.S. sanctions enforcement. This makes OFAC a high-value target for espionage. 

Impact of the Breach

According to the reports, in addition to OFAC, the hackers accessed the Treasury's Office of Financial Research. Officials have so far confirmed that the compromised systems have been secured, and the hackers do not have access any longer. The extent of data stolen or misused is yet to be determined.  

The same hacking crew, which identified itself as the "Salt Typhoon," also has been identified with earlier incidents of hacking other major U.S. telecom firms, including Verizon and AT&T, whose breaches enabled illicit access to customers' communications-affecting contents such as sent text messages or calls, among others-as well as wiretaps conducted by police.

Salt Typhoon is not limited to the United States, as there have been reports of similar breaches in telecommunications networks of several countries. This has shown weaknesses in crucial communication infrastructure. 

In response to these incursions, U.S. officials have called for more stringent cybersecurity measures. CISA has suggested using encrypted messaging apps such as Signal to secure communications. Moreover, lawmakers are thinking of banning China Telecom's remaining operations in the U.S.

Senator Ron Wyden also introduced new legislation to ensure the US telecom system's security. All these steps are taken to avoid such breaches in the future and to prevent the sensitive data pertaining to the government and private institutions, which would have been accessed by the state-funded cyberattacks. This was a highly sophisticated cyber-espionage campaign, thus proving the explicit necessity for security measures.



Read more »
United States
Artivion Cyber Attacks Data Leak Medical Data Ransomware United States

Artivion Discloses Ransomware Attack, Disrupting Operations

 

Leading cardiac surgery medical device company Artivion has reported a ransomware attack that occurred on November 21, resulting in the encryption of certain systems and unauthorized data access. The incident forced the Atlanta-based company to take part of its operations offline while addressing the attack.

Artivion's Response

In its 8-K filing with the U.S. Securities and Exchange Commission (SEC), Artivion disclosed that it promptly initiated an investigation and engaged external advisors, including legal, cybersecurity, and forensics professionals. "The incident involved the acquisition and encryption of files. The Company is working to securely restore its systems as quickly as possible and to evaluate any notification obligations," the filing stated.

The company also noted that disruptions to its corporate operations, order processing, and shipping were largely resolved. Despite having insurance coverage for incident response costs, Artivion anticipates additional expenses that will not be covered.

Impact on Operations

Artivion operates manufacturing facilities in Germany, Texas, and Georgia and employs over 1,250 people globally, with sales representatives in more than 100 countries. Although the immediate disruptions caused by the ransomware attack have been mitigated, the company is likely to face longer-term implications, including potential reputational damage and increased cybersecurity investments.

Healthcare Sector Under Siege

The ransomware attack on Artivion is part of a broader wave of cyberattacks targeting healthcare organizations. Recently, the BianLian cybercrime group attacked Boston Children's Health Physicians (BCHP), threatening to expose stolen files unless a ransom was paid. Similarly, UMC Health System and Anna Jaques Hospital faced significant disruptions due to ransomware assaults earlier this year.

These incidents highlight the growing vulnerabilities in the healthcare sector, where sensitive patient data and critical operations make organizations attractive targets for cybercriminals.

Lessons for the Healthcare Industry

The Artivion ransomware attack underscores the urgent need for the healthcare sector to adopt robust cybersecurity measures. Key takeaways include:

  • Proactive Defense: Implementing advanced threat detection and response mechanisms is critical to identifying and mitigating attacks before they cause significant damage.
  • Incident Response Planning: Having a comprehensive incident response plan can minimize disruptions and accelerate recovery efforts during cyberattacks.
  • Employee Awareness: Educating staff about phishing scams and other common attack vectors can help reduce vulnerabilities.

As cyber threats continue to evolve, healthcare organizations must prioritize cybersecurity to safeguard sensitive data and maintain trust in their services.

Read more »
United States
Cyber Security Cyber Threats NATO South Korea United States

South Korea’s Rising Influence in Global Cybersecurity

 


South Korea’s Expanding Role in Global Cybersecurity

South Korea is emerging as a pivotal player in the global cybersecurity landscape, particularly against the backdrop of escalating tensions between the United States and China in cyberspace. By participating in high-profile cybersecurity exercises and fostering international collaborations, the country is bolstering its reputation as a key ally in both regional and global cyber defense initiatives.

Recently, South Korea hosted the APEX cyberwarfare exercise, which gathered cybersecurity experts and defense personnel from over 20 nations. This exercise simulated cyberattacks on critical infrastructure, enabling participants to devise defensive strategies and exchange vital insights. South Korea has also actively participated in NATO-led events, such as the Locked Shields exercise, which focuses on testing and enhancing cyber resilience.

In addition, South Korea showcased its commitment to international cybersecurity efforts by attending the Cyber Champions Summit in Sydney. The country is set to host the next iteration of the summit, emphasizing its dedication to fostering global cooperation in addressing cyber threats.

Strategic Alliances and Emerging Trends

South Korea's advanced technological capabilities and strategic location have positioned it as a vital partner for the United States in addressing cyber threats, especially those originating from China. According to analysts, South Korea’s infrastructure serves as a communications hub for critical trans-Pacific submarine cables connecting major networks across Asia, including China. Experts have also suggested that the country may act as a base for US cyber operations, similar to its role in hosting the THAAD missile system in 2017.

China, meanwhile, has been enhancing its cyber capabilities in response to growing alliances among its rivals. In April 2024, China reorganized its People’s Liberation Army to include specialized units dedicated to cyber, information, and space operations. Despite these efforts, experts note that China’s cyber capabilities still lag behind those of the US and its allies.

South Korea’s increasing involvement in cybersecurity underscores its strategic importance in addressing modern cyber challenges. By collaborating with the US, NATO, and other allies, the nation is strengthening its cyber defenses while contributing to a broader security framework in the Indo-Pacific region. These initiatives are poised to shape the global cybersecurity landscape in the coming years.

Read more »
United States
Cyber Security Cyberespionage FBI Salt Typhoon Telecommunication United States

US Telecoms Warned of Chinese Cyber Espionage Threat

 


The White House recently brought together U.S. telecommunications executives to discuss a cyberespionage campaign attributed to Chinese-backed hackers. The attacks have been described by experts as the "worst telecom hack in U.S. history," compromising major telecom providers and targeting national security intelligence.

According to reports, the FBI said several breaches had occurred at telecommunications companies where attackers made off with sensitive data including call records and communications that the hackers could access due to government-mandated backdoors. The intrusion, according to reports, was done by a group code-named Salt Typhoon that has connections to China's Ministry of State Security. It is said to have engaged in espionage activities against officials from U.S. presidential campaigns.

The key telecom providers like AT&T, Verizon, and Lumen have been listed as victims of this cyberattack. Recently, T-Mobile has also revealed that its networks have been breached, though it claimed no customer data was compromised. The hackers did not only target U.S. companies but also stretched their reach to allied nations whose identities remain undisclosed.

Senator Mark Warner, chair of the Senate Intelligence Committee, called these attacks some of the most serious he's seen. He reported that the FBI had informed fewer than 150 people - mostly in Washington - whose communications were compromised. Some telecom companies are still working to get the attackers out of their networks, showing just how persistent these intrusions are. 


Techniques and Long-Term Goals

Salt Typhoon uses advanced tactics to infiltrate systems and maintain long-term access. They include vulnerability exploitation in common devices like Cisco routers and Microsoft Exchange servers. Researchers also found that this group uses legitimate tools to carry out their malicious activities, hence making it challenging to be detected.

Since at least 2020, this group has targeted not only the U.S. but also nations such as Brazil, India, and Taiwan. Their primary focus remains on gathering intelligence from telecommunications networks, government systems, and military organizations.

To mitigate such attacks, the FBI and CISA have been offering technical support to victims. U.S. Cyber Command has amplified operations aimed at disrupting the ability of Chinese cyber actors globally and, consequently, reducing the incidence and impact of such attacks.

This has also raised fears about broader objectives, including possible disruption of Western infrastructure in case tensions over Taiwan or any other issue are to rise further. According to FBI Director Christopher Wray, "China's hacking capabilities are larger than those of any other nation and present a significant challenge to our nation's cybersecurity defenses.".

In response to the growing threats, the Senate has scheduled a classified briefing in December to discuss further measures. The meeting underlines the urgent need to strengthen cybersecurity across critical sectors.


Read more »
Wiretaps
Chinese Hackers Cyber Espionage Campaign Data Breach United States Wiretaps

Chinese Hackers Breach US Telco Networks to Access US Court Wiretap Systems

 

A Wall Street Journal report claims that Chinese hackers gained access to systems used for court-authorized wiretaps by breaking into the networks of major US telecommunications companies. 

The breach, which targeted companies such as Verizon Communications, AT&T, and Lumen Technologies, may have allowed the attackers to go unnoticed for months while gathering critical details regarding government requests for communications data. 

The hackers, who are believed to be affiliated with a state-sponsored Chinese group, were able to breach the system that telecom firms use to handle wiretaps authorised by the government. This breach may have given the perpetrators access to sensitive US internet traffic, allowing them to monitor communications under surveillance orders. 

The attack was recently identified, and it is believed that the hackers may have had long-term access to these networks, gathering intelligence. US investigators have dubbed the group responsible for the breach "Salt Typhoon" The incident is part of a larger pattern of cyber espionage actions attributed to Chinese hackers. 

Earlier this year, US law enforcement shut down another significant Chinese hacking campaign known as "Flax Typhoon," a group suspected of widespread cyber-espionage. These operations are believed to be aimed at gathering intelligence for the Chinese government. 

China's denial

The Chinese foreign ministry responded to the charges by rejecting any involvement in the cyber operation. In a statement, they claimed they were unaware of the attack mentioned in the report and accused the US of fabricating a "false narrative" to blame China. 

The ministry also criticised the US for impeding global cybersecurity cooperation and communication, describing the charges as a roadblock to international efforts to confront cybersecurity concerns. Beijing has always refuted all allegations of state-sponsored hacking, including those made by the US government.

In this instance, China's foreign ministry mentioned details provided by their own cybersecurity agency, claiming that "Volt Typhoon," another supposed Beijing-linked gang, was actually the work of a global ransomware organisation.
Read more »
United States
Data Breach MC2 data National Public Data Sensitive data United States

Massive Data Breach Exposes Personal Info of Millions of Americans

 



One-third of all the Americans' information has been leaked by a background check company in the United States due to a disturbing data breach report. MC2 Data, which is one of the largest providers of background checks in the US, has left an enormous database unchecked online, putting millions of people's sensitive information at risk.

According to a Cybernews report from 23 September, this was first found out when MC2 Data left 2.2 TB of personal data open for anyone on the internet. This translates to over 106 million records about individual entities, which it claims may have affected the privacy of more than 100 million individuals. More than 2.3 million users' record details are also compromised; they had also asked for background checks, and their details were now open to the public.


Potential Effects of the Leaks

Comments by Aras Nazarovas, Cybernews security researcher: "These leaks are quite concerning, thinking of all the possible aftermaths which will not only result in extra problems always connected with identity theft, but may also involve numerous communities and organisations in battles-the cybercrime attackers commonly draw on background checks for such detailed personal information to prepare for attacks on individuals or groups.".

Background check services, intended to enhance security, have themselves not gone scot-free from cyber attacks and threats. The magnitude of the leakage can form a treasure trove of malicious users who can now access sensitive information more easily while still incurring less risk in perpetuating cyber attacks. Such leakage may underlie long-term trends in which personal data will be insecure in a society that increasingly digitalizes.


A Persisting Industry Problem

To the dismay of privacy advocates, this is not the first major breach involving a background check company. In August 2024, National Public Data, another giant in the background check sector, disclosed that it had suffered a breach exposing 2.7 billion public records. The compromised data included sensitive details such as names, social security numbers, email addresses, phone numbers, and birth dates.

It was reported that the leak at National Public Data started in December 2023, but the leaked data was published in April 2024. Cybersecurity specialists warn that such sensitive information being free for all to access increases the risk of more cyber attacks on people whose sensitive data have been leaked.

 

Consumer Watchdogs Raise the Alarm

In light of such repeated breaches, the consumer watchdog director for the U.S. Public Interest Research Group, Teresa Murray, said that this is indeed an extremely serious issue. Talking to ASIS International, Murray pointed out that due to its scale, what happened in the National Public Data breach makes it even more frightening compared to similar breaches. She said that people should view this as a "five-alarm wake-up call" to start taking their data security seriously.

Both those breaches are harsh reminders about the vulnerabilities that exist in the background check industry and the necessity of further security measures. Individuals are encouraged to monitor their personal information on a regular basis and take proactive steps about protecting them from identity theft and other forms of cybercrime.


What Needs to Be Done

Amid this swelling tide of data breaches, companies involved in handling sensitive information - such as firms conducting background checks - must be more attentive to their cybersecurity. Better data protection practices and more robust encryption and authentication systems can minimise this risk very well. In addition, individuals need to be vigilant as well. They must monitor each suspicious activity related to their personal information at regular intervals.

These breaches underscore the need for better regulations and also more oversight of operations that house large amounts of personal data. Unless further security is achieved, millions of Americans will remain vulnerable to danger from poor data protection.

Most recently, information fraud related to MC2 Data and National Public Data placed the identities of millions of Americans at risk of identity theft and other cybercrimes. Therefore, such cases occur frequently, and it is time for the business world and consumers to take data security seriously to prevent sensitive information from falling into the wrong hands.


Read more »
Water System
CISA Cyber Security Kansas United States Water System

Kansas Water Plant Switches to Manual Operations Following Cyberassault

 

The top cybersecurity agency in the United States has released a new advisory, stating that nation-states and cybercriminals remain a threat to government-run water systems. 

The Cybersecurity and Infrastructure Security Agency (CISA) issued the notification two days after Arkansas City, Kansas, reported a cybersecurity vulnerability that required it to switch to manual operations. 

On Thursday, CISA stated that it will "respond to active exploitation of internet-accessible operational technology (OT) and industrial control systems (ICS) devices, including those in the Water and Wastewater Systems (WWS) Sector.” “Exposed and vulnerable OT/ICS systems may allow cyber threat actors to use default credentials, conduct brute force attacks, or use other unsophisticated methods to access these devices and cause harm.” 

The cyber agency recommended operators to use previously released advice to secure systems. The attack on Arkansas City, which is home to approximately 11,000 people, began on Sunday morning. City Manager Randy Frazer declined to comment on whether the FBI and CISA were involved in the reaction to the attack, but stated that the water system remains completely safe and there has been no disruption in service.

Due to their significance, the more than 150,000 public water systems in the United States have been a focal point of dispute about the role of federal and state governments in cybersecurity protection. 

Despite a significant increase in the frequency of ransomware assaults and nation-state intrusions, water industry associations teamed up with Republican senators last year to halt federal measures to protect drinking water infrastructure.

Even after a series of attacks on U.S. water facilities last autumn by hackers apparently linked to the Iranian government, groups such as the American Water Works Association have claimed that they should be entitled to create their own cybersecurity regulations for the industry. 

Several cybersecurity specialists have reported an increase in assaults on industrial water systems, and they agree with CISA that one of the primary challenges is that numerous water systems continue to link industrial tools to the internet in order to remotely manage them. 

Waterfall Security Solutions CEO Lior Frenkel told Recorded Future News that in his extensive work with water system operators, many either don't know what tools are connected to the internet or believe the risks outweigh the advantages. 

“Systems that are connected to the internet can be shut down or manipulated or can impair the process that they are controlling,” Frenkel stated. “All of that should never be accessible from the internet unless there's such a need that you can say that need is stronger than the risk. But the default today is they are connected. We try to put them off the grid. The default should be everything is off the grid, and you connect only what's the bare necessity.”
Read more »
User Security
antivirus software Cyber Security Russian Firm United States User Security

Here’s Why UltraAV Replaced Kaspersky Antivirus Software

 

Late last week, cybersecurity firm Kaspersky began deleting its anti-malware software from PCs in the United States. As a replacement, the company downloaded antivirus software from UltraAV. 

If you use Kaspersky antivirus software, you may be aware that the Russian firm was added to the US government's Entity List early this year, resulting in a restriction on sales and upgrades in the US. As a result, the company informed BleepingComputer in July that it was closing its U.S. operations and laying off its American staff.

Although these developments are not a secret, it cannot be said that everyone was aware of them. Thus, many were taken aback by Kaspersky's abrupt and poorly justified decision to delete its software automatically. 

Customers were notified via email at the beginning of September that the company had partnered with UltraAV to offer security for them even after Kaspersky left the US. However, it was not made apparent in the emails that their computers would be automatically updated to include this ongoing security. The shift was even more of a surprise to those who, for whatever reason, missed the email.

Users on Reddit and other forums have expressed uncertainty about the situation, as well as distrust in the new UltraAV software. One poster was concerned that their desktop had been compromised when they woke to find their Kaspersky antivirus software gone and UltraAV in its place. 

This distrust is unsurprising given that nothing is known about the corporation other than its affiliation with other VPN companies such as UltraVPN, Hotspot Shield, and Betternet. According to online user reviews, many individuals are removing UltraAV because of this — and because it appeared on the devices in such a disruptive way. 

Following its withdrawal from the market, Kaspersky released an official statement in which it stated that it had taken this measure to ensure that its clients “would not experience a gap in protection.” The statement continued by stating that UltraAV's comparable features and product offerings to Kaspersky's led the organisation to select it. Users of Kaspersky's VPN service, for example, also had UltraVPN installed on their devices.

For many users, the explanation comes too late and is unlikely to stop them from replacing UltraAV with a more well-known antivirus software product.
Read more »
Wireless Provider
AT&T Cyber Outage Cyber Security United States Wireless Provider

AT&T Claims It Has Fixed Software Bug That Caused An Outage For Some Wireless Users

 

Some AT&T customers experienced a disruption in their wireless service earlier this week, which made it difficult for them to call 911 in an emergency. 

It was rectified in a few hours, with the company blaming a software fault, but it's only one of many issues the wireless provider has experienced in recent months, including outages and data breaches that have disrupted operations and left users in the dark.

Earlier this year in February, its network went down for 11 hours, preventing several of its clients in the United States from making calls, texting, or using the internet. AT&T stated that an initial investigation of the outage revealed that it might have been caused by an internal error rather than a cyberattack. 

A few weeks later, in March, a data dump containing private information for 73 million current and past customers was exposed onto the "dark web," raising security concerns. According to the company, the data was from 2019 or earlier and did not appear to include financial information or call history specifics. 

"It is unclear whether the data originated from AT&T or one of its vendors," the company stated at the time. Then, in June, another AT&T outage prevented some consumers from making phone calls between carriers. The issue was resolved within a few hours, but the firm did not disclose what triggered it.

Notably, this week's outage occurred just hours after the Federal Communications Commission announced a $950,000 settlement with AT&T to resolve an investigation into whether the company violated FCC rules by failing to deliver 911 calls and promptly notifying 911 call centres during a previous outage in August 2023. 

AT&T’s overflow 

Why does this keep occurring to AT&T? CNN spoke with a telecommunications expert who believes there are three main factors at play: software updates gone awry, numerous technological challenges, and congested networks in big cities. 

An outage map from Tuesday shows interruptions in New York, Charlotte, North Carolina, Houston, and Chicago. Alex Besen, founder and CEO of Besen Group, which analyses mobile phone carriers, believes it was a network overload issue. 

“To avoid any future outages, AT&T needs to increase the number of cell towers, implement advanced load-balancing techniques, use network optimization tools to manage traffic more effectively and prioritize services that can reduce congestion,” Besen stated.
Read more »
United States
Data Breach Data Firm Data Leak Lawsuit United States

Lawsuits Pile Up Against Florida-Based Data Firm After Security Breach

 

Given all of the major news events that have dominated headlines this summer, you'd be forgiven for missing yet another: reports that a massive data breach may have disclosed billions of details, including names, social security numbers, and addresses. 

National Public Data (NPD), a background-check data aggregator based in Coral Springs, Florida, recently admitted on its website that "a data security incident"—which was "believed to have involved a third-party bad actor" in December 2023—led to data leaks in April of this year. Bloomberg Law reports that 2.9 billion documents were leaked and then sold on the dark web for $3.5 million. 

Moreover, in recent days, it has become clear that the leak may be worse than previously thought. Brian Krebs, a cybersecurity investigative researcher, revealed on his KrebsOnSecurity website this week that National Public Data exposed its own credentials as part of the breach.

“KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today,” Krebs noted. 

While the breach seems to be getting worse, National Public Data says it is working with law authorities and recommends that users freeze their credit.

The breach was made public earlier this month, following the filing of a class-action lawsuit against National Public Data's parent business, Jerico Pictures, in federal court in Fort Lauderdale. There have also been numerous further lawsuits filed. Since early August, at least 14 complaints have been filed in federal court against National Public Data, according to a Justia database search. 

To get an understanding of what these lawsuits are alleging, in one such filing, filed on August 19, lawyers argue that National Public Data "breached its duties by, among other things, failing to implement and maintain reasonable security procedures and practices to protect individuals' PII [personally identifiable information] from unauthorised access and disclosure," and that "Defendant has not provided any notice to affected individuals, including Plaintiff, who only learnt that her SSN and other PII was posted on the dark web as a result of the Data Breach from LifeLock.” 

People who are concerned that their data has been compromised by fraudsters should freeze their credit and monitor their accounts as a first step. You can also use tools like npdbreach.com to see if your data is included in the repository of leaked information. There are other similar tools available, but they need you to enter your name or other information. 

This year is shaping up to be a significant one for cybercrime: The number of data breaches increased by 490% in the first half of 2024 when compared to the same period in 2023.
Read more »
United States
Cyber Fraud Financial Fraud North Dakota Real Estate Scam United States

Hackers are Employing Real Estate Fraud to Target North Dakota Citizens

 

The majority of Americans are taking preventative measures to safeguard themselves from those who aim to steal their money or private data as concerns over scams rise. Unfortunately, there are plenty of ways for crooks to trick individuals that they might not expect; but, few in North Dakota are as dangerous and unexpected as real estate scams. 

During the research on scam in the United States, SOAX analysts gathered data from the Internet Crime Complaint Centre on the number of persons affected by real estate scam in the previous year, as well as the amount they lost. After analysing the average loss per person in each state and comparing them, it became apparent that North Dakotans had suffered the most from these frauds, at least in terms of scale. 

According to the report, while North Dakota had the fewest people fall victim to real estate fraud in the previous year, each scam resulted in a large financial loss, making it just second to Alabama as the most dangerous in the country. In contrast to these extremely high figures, states such as West Virginia, Wyoming, and Nebraska, which each have more victims than North Dakota, indicate that scams are often narrower in scope, resulting in lower individual numbers per victim. 

"Around $12.5 billion was lost in 2023 due to cybercrimes in America," revealed SOAX CEO and Co-Founder Stepan Solovev, "with 521,652 complaints registered—more than 79 times more than in neighbouring Canada." Individuals are advised to be careful and protect their personal information to avoid fraudsters from gaining significant leverage. Make sure you use strong, unique passwords for each site, and remember to change them on a regular basis to avoid repetition. Using a VPN when connecting to public Wi-Fi in airports, cafes, or anyplace else is also recommended to secure your device and personal data from cyber attacks. 

Email addresses and phone numbers are among the most common indicators of potential cybercrime. If you receive an unusual request from a colleague or a familiar firm, look at the real email address from which it was received and report it as spam if it is unknown. whether you receive a call from a phone number, simply perform a Google search to see whether it has been reported previously. Finally, trust your instincts, and if the interaction feels off or unusual, simply stop and refuse to disclose any private information.”
Read more »
User Privacy
Crypto Exchange Data Breach Third-party breach United States User Privacy

Crypto Exchange Gemini Confirms Third-Party Data Breach

 

Cryptocurrency exchange Gemini has issued a warning about a data breach incident that resulted from a cyberattack at its Automated Clearing House (ACH) service provider. The identity of the attacker was kept confidential. On June 26, 2024, the American cryptocurrency exchange started notifying the affected parties. 

However, a sample of the letters was sent to the California Attorney General's Office yesterday. The warning states that between June 3 and June 7, 2024, an unauthorised actor gained access to Gemini's vendor's systems, resulting in a third-party data breach. 

The incident impacted some of Gemini's customers' banking details, including their full name, bank account number, and routing number, which Gemini utilized for ACH fund transfers. 

According to the cryptocurrency exchange, the systems of the service provider did not host or compromise any additional information, including date of birth, physical address, social security number, email address, phone number, username, or password. 

The data breach incident has been contained, and an outside team of experts is assisting with the inquiry. But as of right now, no other details are available. Recipients of the notices are urged to watch out for any suspicious activity using any of the data disclosed and to be on the lookout for incoming messages. 

In order to safeguard against future hacks, users are also advised to activate multi-factor authentication on the bank accounts they gave Gemini and get in touch with their bank to request the implementation of additional safety precautions or a new account number.

If suspected or unauthorised activity is identified on the impacted bank account, notify the banks immediately. Gemini also suggests that letter recipients consider placing scam alerts or security freezes on their credit reports, but it has not provided any identity theft protection services to the affected individuals. Gemini issued a statement following publication, stating that the incident impacted 15,000 individuals. 

"The incident at a third party involved information of approximately 15K Gemini customers," Gemini stated. "Although we notified the customers involved out of an abundance of caution, our analysis found no evidence of customer impact.”
Read more »
United States
Cyber Attacks Nation-State Attack North Korea Hackers Nuclear United States

Mandiant: North Korean Hackers Are Targeting Naval Tech

 

Google Cloud's Mandiant cyber researchers have upgraded Andariel, also known as Onyx Sleet, Plutonium, and Silent Chollima, to an official advanced persistent threat (APT) group, alerting that it is targeting extremely sensitive atomic secrets and technology as North Korea continues its nuclear weapons acquisition efforts.

APT45, which has been active since 2009 and may have some connection to the Lazarus hacking operation, is characterised as having a moderate level of sophistication in terms of both scope and technology. Like many North Korean groups, its main objective is to steal money to fund the failing, isolated regime. It is most likely under the control of North Korea's Reconnaissance General Bureau (RGB) 3rd Bureau and started out as a financially motivated operator. 

What sets it apart from other groups, though, is its suspected development and use of ransomware. Mandiant provided evidence of APT45 clusters using the Maui and Shatteredglass ransomware strains, while it hasn't been able to corroborate this claim with certainty. What is known with some certainty is that APT45's interest has recently shifted to other fields, such as crop science, healthcare, and pharmaceuticals, with much of its time being devoted to military affairs, according to Mandiant. 

“Many advances in North Korea’s military capabilities in recent years can directly be attributed to APT45’s successful espionage efforts against governments and defence organisations around the world,” stated Mandiant principal analyst Michael Barnhart. “When Kim Jong Un demands better missiles, these are the guys who steal the blueprints for him.” 

APT45's actions involve a combination of publicly available hacking tools and modified and secret malware variants. Its tool library appears to be distinct from those of other North Korean APTs, although its malware shares some traits, such as code reuse, unique custom encoding, and passwords. 

FBI operation 

Over the last few weeks, Mandiant has been "actively engaged" in an organised effort, operating alongside the FBI and other US agencies, to monitor APT45's efforts to gather defence and research intelligence from the US and other nations, including the UK, France, Germany, and South Korea, as well as Brazil, India, and Nigeria.

APT45 is believed to have targeted heavy and light tanks, self-propelled howitzers, light strike and ammo supply vehicles, littoral combat ships and combatant craft, submarines, torpedoes, and unmanned and autonomous underwater vehicles; modelling and simulation technology; fighter aircraft and drones; missiles and missile defence systems; satellites, satellite communications, and related technology; surveillance and phased-array radar systems; and manufacturing, including shipbuilding, robotics, 3D printing, casting, fabrication, moulding of metal, plastics and rubber, and machining processes. More worrisomely, the group has also been tracking facilities and research, nuclear power plants, waste and storage, and uranium enrichment and processing. 

“APT45 isn’t bound by ethical considerations and have demonstrated they’re willing and agile enough to target any entity to achieve their objectives, including hospitals,” added Barnhart. “A coordinated global effort involving both public and private sectors is necessary to counter this persistent and evolving threat.”
Read more »
User Privacy
Data Breach Data Safety Illegal spying Law Enforcement United States User Privacy

Law Enforcement is Spying on Thousands of U.S. Citizens' Mail

 

The Washington Post reported on Monday that federal law enforcement authorities have long received information about certain Americans' mail via a little-known U.S. Postal Service operation known as the "mail covers program.” While officials argue that the program is solely used to investigate criminal activities, it appears to be widely used, with some Americans claiming to have been targeted by the program despite having done nothing unlawful. 

The mail covers program prevents outside agencies from opening a person's mail, but it does allow them to look at the information printed on the outside of letters and packages. According to a previously leaked program document, a "mail cover" is an "investigative tool employed to record data appearing on the outside of a mailpiece." For obvious reasons, this could still provide quite a lot of information regarding an individual under surveillance. 

The FBI, IRS, Department of Homeland Security, and the Postal Service's own investigative department, the United States Postal Inspection Service, have all requested information. However, the Washington Post claims that "state and local police forces" have also used the program. The good news for investigators—and the bad news for the rest of us—is that accessing the contents of the mail label is not subject to a judge's approval or a court order.

How often is the program used? The answer is quite a lot. A recent audit of the program revealed that the Post Office authorised more than 158,000 information requests over a four-year period. Meanwhile, recent information provided to legislators who were intrigued about the programme revealed that police agencies made "an average of about 6,700 requests per year," the Post writes. Those same legislators, including Ron Wyden (D-Ore.) and Elizabeth Warren (D-Mass.), have taken it upon themselves to ask for further transparency and better controls on the program. 

The program pales in comparison to another well-known mail-tracking program, Mail Isolation Control and Tracking, which is believed to photograph the exteriors of every item of mail that passes through the United States Postal Service. This program is allegedly designed for routing and organisation, but it can also be utilised for law enforcement purposes.
Read more »
United States
American Medical Association Cyber Attacks Health Care Firm Threat Landscape United States

Cyberattack is Wreaking Havoc on US HealthCare Providers.

 

Following a cyberattack on the largest health insurer in the United States last month, health care providers are still scrambling as insurance payments and prescription orders continue to be disrupted, costing physicians an estimated $100 million each day. 

According to the American Medical Association, that estimate was generated by First Health Advisory, a cybersecurity company that focuses on the healthcare sector.

"This massive breach and its wide-ranging repercussions have hit physician practices across the country, risking patients' access to their doctors and straining the viability of medical practices themselves," AMA President Dr. Jesse Ehrenfeld stated in a news release. 

"Against the backdrop of persistent Medicare cuts, rising practice costs and spiraling regulatory burdens, this unparalleled cyberattack and disruption threatens the viability of many practices, particularly small practices and those in rural and underserved areas," he added. "This is an immense crisis demanding immediate attention.” 

How did the crisis start? 

First discovered on February 21, the security breach occurred at Change Healthcare, a division of Optum Inc., which is owned by UnitedHealth Group. 

UnitedHealth Group informed government officials that it had been compelled to cut off portions of Change Healthcare's extensive digital network from its clients in a report that was submitted to the U.S. Securities and Exchange Commission on that same day. Not every one of those services has been able to be restored yet.

Change Healthcare stated that it is aiming to restore the provider payment systems by the middle of March in its most recent report regarding the attack. 

"UnitedHealth Group continues to make substantial progress in mitigating the impact to consumers and care providers of the unprecedented cyberattack on the U.S. health system and the Change Healthcare claims and payment infrastructure," the company noted in a statement.

The federal government intervened to provide assistance two weeks following the attack. The U.S. Department of Health and Human Services unveiled a number of support initiatives for impacted healthcare providers on March 5. 

"The government is trying to create some support for health care systems -- not directly supporting patients, but the systems," Dr. Céline Gounder, an editor-at-large for public health at KFF Health News and a CBS News medical contributor, stated. "This is because without revenue coming in through the billing process, you don't have money to make payroll to be able to pay your doctors and your nurses and your janitors and all the staff that you need to run a health care system.”

Unfortunately, this incident will probably not be the last. According to federal officials, big healthcare data breaches have nearly doubled between 2018 and 2022. 
Read more »
United States
China Confidential Data Cyber Crime cyber espionage Data Leak United States

Former Google Employee Charged with Stealing AI Secrets

 

A former Google software engineer has been charged with stealing the company's artificial intelligence trade secrets while surreptitiously working for two Chinese companies, the Justice Department announced Wednesday. 

Linwei Ding, a Chinese national, was arrested in Newark, California, for four charges of federal trade secret theft, each punishable by up to ten years in prison. 

Attorney General Merrick Garland announced the case against Ding, 38, at an American Bar Association conference in San Francisco. Garland, along with other law enforcement leaders, has repeatedly warned about the threat of Chinese economic surveillance as well as the national security concerns posed by developments in artificial intelligence and other novel technologies.

“Today’s charges are the latest illustration of the lengths affiliates of companies based in the People’s Republic of China are willing to go to steal American innovation,” FBI Director Christopher Wray noted in a statement. “The theft of innovative technology and trade secrets from American companies can cost jobs and have devastating economic and national security consequences.” 

Google said it came to the conclusion that the employee had stolen "numerous documents" and had referred the case to law enforcement. 

“We have strict safeguards to prevent the theft of our confidential commercial information and trade secrets,” Google spokesman Jose Castaneda explained. “After an investigation, we found that this employee stole numerous documents, and we quickly referred the case to law enforcement. We are grateful to the FBI for helping protect our information and will continue cooperating with them closely.”

Artificial intelligence is the primary battleground for high-tech competitors, and who dominates can have far-reaching commercial and security repercussions. In recent weeks, Justice Department leaders have warned that foreign foes may use AI technologies to target the United States. 

Deputy Attorney General Lisa Monaco stated in a speech last month that the administration's multi-agency Disruptive Technology Strike Force would prioritise AI enforcement, and Wray told a conference last week that AI and other novel technologies had made it easier for attackers to try to interfere with the American political process. 

The indictment, unsealed Wednesday in the Northern District of California, alleges that Ding, who was hired by Google in 2019 and had access to sensitive information regarding the firm's supercomputing data centres, began uploading hundreds of files to a personal Google Cloud account two years ago. 

According to prosecutors, Ding was offered the post of chief technology officer at an early-stage technology business in China that advertised its use of AI technology and gave him a monthly salary of around $14,800, plus an annual bonus and company stock, just weeks after the theft started. The indictment says Ding travelled to China to attend investor meetings and seek funding for the company. 

In January, the FBI filed a search warrant at Ding's house and seized his electronic equipment, followed by an additional warrant for the contents of his personal accounts, which contained more than 500 distinct files of classified data that investigators claim he stole from Google.
Read more »
Subscribe to: Posts (Atom)