What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-03-15 13:37:00 | Scammers used compromised police accounts in extortion scheme, prosecutors say (lien direct) |
Two men broke into a federal law enforcement database and a Bangladeshi police officer's email account to conduct extortion schemes, U.S. law enforcement officials say. A federal court in New York [unsealed an indictment](https://www.justice.gov/usao-edny/pr/two-men-charged-breaching-federal-law-enforcement-database-and-posing-police-officers) Tuesday against 19-year-old Sagar Steven Singh and 25-year-old Nicholas Ceraolo, who are accused of illegally collecting personal information about specific people |
Threat | ★★★ | |
|
2023-03-15 12:17:00 | Ransomware gang exploited a zero-day in Microsoft security feature, Google says (lien direct) |
Financially motivated hackers are using a previously undocumented bug in Microsoft's SmartScreen security feature to spread the Magniber ransomware, according to a new report. The cybercriminals have been able to exploit the zero-day vulnerability in SmartScreen since December, researchers from Google's Threat Analysis Group (TAG) said. The Google team [reported](https://blog.google/threat-analysis-group/magniber-ransomware-actors-used-a-variant-of-microsoft-smartscreen-bypass/) its findings about the bug |
Ransomware Vulnerability Threat Threat | ★★ | |
|
2023-03-14 22:00:00 | Kremlin-backed hackers blamed in recent phishing attempts on EU agencies (lien direct) |
A Russian state-backed hacker group known as Nobelium is behind recent attempted cyberattacks on diplomatic entities and government agencies in the European Union, cybersecurity researchers say. In a campaign identified in early March, the hackers sent phishing emails with content related to diplomatic relations between Poland and the U.S., according to a report by cybersecurity |
Hack | APT 29 | ★★★ |
|
2023-03-14 20:36:00 | Hackers used Fortra zero-day to steal sales data from cloud management giant Rubrik (lien direct) |
Cloud data management giant Rubrik confirmed that hackers attacked the company using a vulnerability in a popular file transfer tool. The Clop ransomware group – which has been the primary force behind the [exploitation of a vulnerability](https://therecord.media/forta-goanywhere-mft-file-transfer-zero-day) affecting Fortra's GoAnywhere Managed File Transfer product – added Rubrik to its list of victims on Tuesday. A |
Ransomware Vulnerability Cloud | ★★ | |
|
2023-03-14 18:20:00 | New threat group hacked EU healthcare agency and embassies, researchers say (lien direct) |
A new hacking group is targeting European countries and organizations in an espionage campaign that began in June 2022, according to new research. Cisco's Talos cybersecurity team calls the new group “YoroTrooper” and said it has already successfully compromised accounts connected to a “critical” European Union healthcare agency and the World Intellectual Property Organization (WIPO). |
Threat | ★★★ | |
|
2023-03-14 18:10:00 | UK\'s largest state boarding school announces \'sophisticated cyberattack\' (lien direct) |
Wymondham College, the largest state boarding school in the United Kingdom, announced on Tuesday that it had been hit by a “sophisticated cyberattack”. The school, which has just over 1,200 students aged 11 to 18, did not explain the nature of the attack. Wymondham is the latest educational establishment in the country to face disruption |
★★★ | ||
|
2023-03-14 15:34:00 | CISA unveils ransomware warning pilot for critical infrastructure (lien direct) |
The Cybersecurity and Infrastructure Security Agency (CISA) on Monday unveiled an effort that will collect data about commonly exploited vulnerabilities in ransomware attacks and alert critical infrastructure operators of the risks. [The Ransomware Vulnerability Warning Pilot](https://www.cisa.gov/stopransomware/Ransomware-Vulnerability-Warning-Pilot) launched Jan. 30 and was mandated under the sweeping cyber incident reporting [legislation](https://therecord.media/biden-signs-cyber-incident-reporting-bill-into-law) President Joe Biden signed into law |
Ransomware Vulnerability | ★★★ | |
|
2023-03-14 14:11:00 | Hackers target South Asian government entities with KamiKakaBot malware (lien direct) |
Suspected government-backed hackers are attacking military and government organizations in South Asia with malware called KamiKakaBot that is designed to steal sensitive information. Researchers from Amsterdam-based cybersecurity firm EclecticIQ [attributed](https://blog.eclecticiq.com/dark-pink-apt-group-strikes-government-entities-in-south-asian-countries#A1) the attacks to the advanced persistent threat (APT) group Dark Pink. The group's previous victims include military, government, religious and non-profit organizations in Cambodia, Indonesia, |
Malware Threat | ★★ | |
|
2023-03-14 12:34:00 | Amazon-owned Ring denies \'ransomware event\' following darknet listing (lien direct) |
The smart doorbell and security camera company Ring has denied that it suffered a ransomware attack after the company was listed on a prominent ransomware gang's extortion site. The ALPHV ransomware group, also known as BlackCat, added the listing for Ring to its site late on Monday evening, adding: “There's always an option to let |
Ransomware | ★★★ | |
|
2023-03-14 12:01:00 | Medical device giant says cyberattack leaked sensitive data of 1 million people (lien direct) |
Medical device maker Zoll said a cyberattack in January exposed the sensitive information of more than 1 million people. In documents [provided](https://apps.web.maine.gov/online/aeviewer/ME/40/ab192c35-667d-4bc9-ad18-fa710bd10b15.shtml) to Maine's Attorney General, Zoll said the incident started on January 28 when they “detected unusual activity” on their internal network. The company added that information was accessed on February 2. Zoll said |
Medical | ★★★ | |
|
2023-03-13 23:02:00 | Analysts tracking $197 million theft from DeFi lender Euler Finance (lien direct) |
Hackers reportedly stole $197 million in cryptocurrency from the decentralized finance (DeFi) platform Euler Finance in the latest flash loan attack to target the industry. Euler Labs did not respond to requests for comment but [confirmed](https://twitter.com/eulerfinance/status/1635218198042918918) the attack on Monday morning. It released a second statement in the afternoon saying law enforcement has been contacted |
Threat | ★★★ | |
|
2023-03-13 18:25:00 | Death registry system in Hawaii had data breach, health department says (lien direct) |
Hawaii's Department of Health says it is sending out breach notification letters after a cyberattack in January gave hackers limited access to the state's death registry. Officials [warned Friday](https://health.hawaii.gov/news/newsroom/department-of-health-to-send-notifications-regarding-unauthorized-access-to-electronic-death-registry-system/) that although death certificates were not accessed, people who recently had a death in the family should “remain vigilant about any remaining unsettled matters such as |
Threat | ★★★ | |
|
2023-03-13 13:01:00 | UK launches new agency to tackle state-sponsored threats to business (lien direct) |
The British government has announced a new body to help businesses and organizations to defend themselves against national security threats, including Chinese attempts at intellectual property theft. The National Protective Security Authority (NPSA) which is part of MI5 - the U.K.'s domestic intelligence service - will offer advice to businesses on “state-sponsored attempts at stealing |
Legislation | ★★★ | |
|
2023-03-13 12:10:00 | Hospital in Brussels latest victim in spate of European healthcare cyberattacks (lien direct) |
A university hospital in Brussels has become the latest institution targeted in a spate of cyberattacks against European hospitals. Ambulances were diverted from the Centre Hospitalier Universitaire (CHU) Saint-Pierre this weekend following the attack in the early hours of Friday morning. Details about the attack and the perpetrators have not yet been disclosed. CHU Saint-Pierre's |
★★★ | ||
|
2023-03-13 10:43:00 | Estonian official says parliamentary elections were targeted by cyberattacks (lien direct) |
Estonia's parliamentary elections this month were unsuccessfully targeted by cyberattacks, one of the country's leading cybersecurity officials told The Record. The elections marked the first time that the majority of Estonians cast ballots using the country's [internet voting system](https://www.youtube.com/watch?v=uz9CUK0Ii6Q). While officials in countries like the United Kingdom have domestically warned that such systems introduce risks |
Threat Guideline | ★★★ | |
|
2023-03-10 12:00:00 | Ransomware tracker: the latest figures [March 2023] (lien direct) |
* Note: this Ransomware Tracker is updated on the 10th day of each month to stay current * Unlike past years, cybercriminals didn't take a break over the winter holidays. The number of victims posted on ransomware extortion sites rose more than 20% in December to 241 organizations - the highest monthly count since April, |
Ransomware | ★★ | |
|
2023-03-09 20:15:00 | Canadian military: Ransomware attack on contractor didn\'t touch defense systems (lien direct) |
Canada's defense department confirmed Thursday that its systems were not affected by a ransomware attack on engineering giant Black & McDonald. Black & McDonald did not respond to repeated requests for comment, but a spokesperson for Canada's Department of National Defence told The Record that it was aware of a ransomware attack on the company. |
Ransomware | ★★★ | |
|
2023-03-09 19:27:00 | Congressman says he was target of \'wrongful\' data searches by FBI (lien direct) |
The lawmaker spearheading the House Intelligence Committee's effort to reauthorize powerful surveillance tools revealed on Thursday that he had been the target of data searches by the FBI. Rep. Darin LaHood (R-IL) [made the disclosure](https://twitter.com/RepLaHood/status/1633886835154796544) while questioning FBI Director Christopher Wray during the panel's annual worldwide threats hearing. He [was tasked last year](https://therecord.media/house-gop-intel-group-prepping-for-surveillance-renewal-fight) to helm |
★★★ | ||
|
2023-03-09 18:15:00 | DC healthcare exchange breach leaked sensitive data of Congress members, staff (lien direct) |
A data breach involving Washington, D.C.'s healthcare exchange platform includes sensitive information of Congress members and staff, the legislative body was informed on Wednesday. According to a letter from Catherine Szpindor, the House's chief administrative officer, the breach leaked the personal information from enrollees on the DC Health Link website. The Daily Caller first obtained |
Data Breach | ★★ | |
|
2023-03-09 12:45:00 | NYC aims to diversify cybersecurity field with new internship program (lien direct) |
A new internship program backed by the city government of New York is launching to diversify the cybersecurity talent pipeline. Run through the New York City Economic Development Corporation (NYCEDC), the internship program is aiming to increase the number of women and people of color in the cybersecurity field by serving as a conduit between |
★★★ | ||
|
2023-03-08 20:00:00 | Supporters of surveillance law must \'lean in\' to transparency, Sen. Warner says (lien direct) |
The chair of the Senate Intelligence Committee on Wednesday repeatedly urged U.S. intelligence leaders to show “courage” in their campaign to renew an expiring surveillance law, warning that a lack of transparency with the American public and dubious policymakers could sink the effort. Last week the Biden administration [launched its push for reauthorization](https://therecord.media/senior-doj-official-warns-lapse-of-surveillance-law-would-harm-cyber-investigations) of Section |
Guideline | ★★ | |
|
2023-03-08 18:35:00 | TSA issues emergency cybersecurity orders for airports and aircraft operators (lien direct) |
The Transportation Security Administration handed down new emergency cybersecurity protocols for airports and aircraft operators that require them to have pre-approved implementation plans for increased security measures. The TSA said it was issuing the cybersecurity amendments “because of persistent cybersecurity threats against U.S. critical infrastructure, including the aviation sector” but did not respond to requests |
★★★ | ||
|
2023-03-08 15:55:00 | Ransomware group says it stole student data from Minneapolis Public Schools (lien direct) |
The ransomware group behind an [attack on Minneapolis Public Schools](https://therecord.media/minneapolis-public-schools-still-investigating-what-caused-encryption-event) posted a public video allegedly showing screenshots of stolen data after the school district said it was using backups to recover from the incident. The school district – which serves about 34,500 students – faced disruptions last week after a ransomware attack damaged some systems. |
Ransomware | ★★ | |
|
2023-03-08 13:15:00 | Australian official demands Russia bring criminal hackers \'to heel\' (lien direct) |
A senior official in Australia criticized the Russian government on Wednesday for failing to properly police cybercriminals based in its jurisdiction. Michael Pezullo, a public servant rather than a politician - currently serving as the secretary of the Department of Home Affairs - said the Russian Federation hosted “the greatest density of cybercriminals, particularly those |
General Information | ★★ | |
|
2023-03-07 21:32:00 | Bipartisan Senate bill would allow for US ban of TikTok (lien direct) |
Twelve U.S. senators introduced bipartisan legislation Tuesday that would give the Commerce Department the ability to ban technology that is deemed a risk to national security.
The Restricting the Emergence of Security Threats that Risk Information and Communications Technology (RESTRICT) Act was devised as a legal apparatus to facilitate the banning of TikTok, one of the biggest social media platforms in the world and one used by more than 100 million U.S. residents.
The app is owned and run by ByteDance, a Chinese company that has faced backlash for several privacy-related controversies in recent years, including the revelation in December that employees [inappropriately obtained](https://www.nytimes.com/2022/12/22/technology/byte-dance-tik-tok-internal-investigation.html) the data of U.S. TikTok users.
The bill's chief sponsor, Sen. Mark Warner (D-Va), argued that it was necessary to combat potential legal challenges to an outright ban of the app by any arm of the U.S. government. He called it a “rules-based” approach, noting that the legislation would apply not only tech from China, but also from adversaries such as Russia, Iran and North Korea.
“We need a comprehensive, risk-based approach that proactively tackles sources of potentially dangerous technology before they gain a foothold in America, so we aren't playing Whac-A-Mole and scrambling to catch up once they're already ubiquitous,” said Warner, who is chairman of the chamber's Intelligence Committee.
During a press conference, Warner compared TikTok to other Chinese technology giants like Huawei and ZTE as well as Russia's Kaspersky Lab. All three are on a [U.S. government list](https://www.fcc.gov/supplychain/coveredlist) of companies that present “unacceptable risk” to U.S. national security.
On Tuesday U.S. National Security Agency Director Paul Nakasone [testified](https://www.reuters.com/world/us/us-nsa-director-concerned-by-tiktok-data-collection-use-influence-operations-2023-03-07/) that he and others are concerned about not only the data from U.S. citizens collected by ByteDance but also its potential use for influence operations. The app Americans see is also vastly different from the one allowed in China.
In a statement to The Record, TikTok spokeswoman Brooke Oberwetter referenced the long-running negotiations between the U.S. Commerce Department and TikTok, arguing that the RESTRICT Act was unnecessary because the White House can simply approve the deal that was negotiated over two years “that it has spent the last six months reviewing."
"We appreciate that some members of Congress remain willing to explore options for addressing national security concerns that don't have the effect of censoring millions of Americans,” Oberwetter said. “A U.S. ban on TikTok is a ban on the export of American culture and values to the billion-plus people who use our service worldwide."
### 'Systematic framework'
On behalf of the White House, national security adviser Jake Sullivan released a statement backing the legislation, saying it would “address the threats we face today, and also prevent such risks from arising in the future.”
“This bill presents a systematic framework for addressing technology-based threats to the security and safety of Americans,” Sullivan said. “This legislation would provide the U.S. government with new mechanisms to mitigate the national security risks posed by high-risk technology businesses operating in the United States.”
FBI Director Christopher A. Wray previously listed a range of concerns about the popular app, including the possibility that it could be used by the Chinese government to control data collection on millions of users or control the recommendation algorithm.
He also warned Congress that it could be used for influence operations or “to control software on millions |
★★ | ||
|
2023-03-07 19:05:00 | Acer says server for repair technicians accessed by hackers (lien direct) |
Taiwanese computer maker Acer has confirmed that it suffered a breach involving the leak of technician documents related to staff manuals, product model documentation and more.
In a statement Tuesday to The Record, the company said there is “no indication that any consumer data was stored on that server.”
“We have recently detected an incident of unauthorized access to one of our document servers for repair technicians,” the company said, noting that the investigation is ongoing.
The statement comes after someone offered 160GB of data for sale on a hacker forum that they claimed came from Acer.
The person selling the database said it had "confidential presentations,” manuals and binaries as well as information on phones, tablets and laptops. The post also says replacement digital product keys and more are included in the database.
Acer has faced several data breaches in recent years, including a headline-grabbing ransomware attack in 2021 that involved a [$50 million ransom demand](https://therecord.media/ransomware-gang-demands-50-million-from-computer-maker-acer) from the REvil cybercrime group. The attack hit the company's back-office network.
The hardware giant also suffered breaches in [2021](https://therecord.media/acer-confirms-second-security-breach-this-year) and [2012](https://www.databreaches.net/acer-india-hacked-20000-user-credentails-leaked/) that involved customer details and login information for Indian retailers and distributors as well as 20,000 user credentials.
Acer is the sixth-largest personal computer maker in the world, with a market share of roughly 6% of all global sales. The company reported [total revenue](https://www.prnewswire.com/news-releases/acer-reports-december-consolidated-revenues-at-nt-22-89-billion-up-21-1-month-on-month-301716400.html#:~:text=9%2C%202023%20%2FPRNewswire%2F%20%2D%2D,ended%20at%20NT%24275.43%20billion.) of about $9 billion in 2022. |
Ransomware | ★★★★ | |
|
2023-03-07 17:55:00 | Northern Essex Community College remains shuttered after cyberattack (lien direct) |
A Massachusetts community college has closed its doors for a second day after a cyberattack took down significant parts of its network.
Northern Essex Community College serves more than 6,000 students across Massachusetts and southern New Hampshire, with campuses in Haverhill and Lawrence.
A spokesperson for the school told The Record that they did not know if the attack was ransomware, and claimed they “do not have evidence of any personal data being compromised.” On Tuesday, the school confirmed it would not open for the day.
“The college will remain closed for business on Tuesday, March 7, 2023. We are still working through details and continuing to put protections in place. We are aiming to be operative by Wednesday, March 8, 2023,” the school [said](https://northernessex.cc/2023/03/necc-update-march-6-2023/?fbclid=IwAR3RRdDFTarOk8sFesOBBOdaJs2bR3YAnuaEsArHPpDLVQDoFuMRqCI5ktI) on a temporary website created after the cyberattack.
“All employees with a NECC laptop should cease using their laptops and are asked to bring their computers in as soon as possible and leave them in your office so that our IT team can install protection-clients and perform forensics.”
The statement adds that remote work will be suspended for the rest of the week due to issues with VPN access, but employees of the college will be required to come to their offices. Microsoft Office 365, Zoom and some web-based services are still functioning, the college said.
On Sunday, the college [said](https://northernessex.cc/2023/03/necc-announcement-mar-5-2023/) it became aware of unauthorized access to its network on or around March 1 and later noticed that several systems were no longer working.
The college contacted law enforcement and cybersecurity experts to help with an investigation. They urged students and employees to regularly change passwords and said anyone whose information may have been accessed will be contacted with guidance.
The attack is the latest in a run of incidents affecting colleges across the U.S. The year started with Massacusets-based Bristol Community College informing students that it was [struggling to recover](https://therecord.media/massachusetts-school-district-community-college-dealing-with-fallout-from-ransomware-attack) from a damaging cyberattack in late December.
Since then, Emsisoft ransomware expert Brett Callow said at least 10 colleges have been hit with ransomware or cyberattacks, including last week's attacks on colleges in Tennessee and Louisiana.
Callow noted that the number of reported ransomware incidents affecting post-secondary schools and K-12 school districts in the U.S. is slightly worse than in previous years, with 13 ransomware incidents reported by the end of February 2021 and 15 attacks [by the end of February 2022](https://www.emsisoft.com/en/blog/43258/the-state-of-ransomware-in-the-us-report-and-statistics-2022/).
“By the end of February this year, there were 19 incidents. The yearly numbers have remained very similar too, having remained within the range of 84 - 89 incidents per year since 2019,” Callow told The Record.
“It's clear that we're not getting a handle on ransomware in the education sector. In fact, the problem may even be getting worse.” |
Ransomware | ★★ | |
|
2023-03-07 15:45:00 | Hacking group defaces Faroe Islands tourist website, but kept out of government systems (lien direct) |
A hacking group defaced the tourist website for the Faroe Islands – a self-governing territory of the Kingdom of Denmark - and claimed it stole employee data and other sensitive information.
The archipelago of 18 islands has a population of 54,000 and is situated between Norway, Iceland and Scotland's Shetland Islands.
An IT security specialist with Gjaldstovan – an arm of the island's Ministry of Finance in charge of public IT, finance and digitalisation – told The Record that the “Visit Faroe Islands” website is not run by the government but is supported by government funding.
The spokesperson said the company that runs the site was breached by the SeigedSec hacking group
“Mainly website modules and programming tools for the tourist company were breached, so it's not related to a governmental site,” the spokesperson said. “But they do have ties to the government with regard to funding. In addition to the modules and CMS, there was also some personal data that was accessed. The names and emails of the persons that have subscribed to newsletters on the website.”
The spokesperson added that they have advised the company to inform relevant European Union Data Protection Authorities about the incident as well as data privacy authorities in the Faroe Islands.
Other agencies are already investigating the incident, according to the spokesperson. The company did not respond to requests for comment.
Despite confirming the breach of the tourist website, the IT security specialist shot down claims by SeigedSec that they hacked any government systems of the Faroe Islands, calling the group's post “untrue.”
On [Telegram](https://t.me/SiegedSec/102), SeigedSec claimed it breached “one of the main websites for the Faroe Islands” and stole personal data alongside the source code for the “Visit Faroe Islands” website.
They shared screenshots of the website's backend and more. The group previously [claimed it hacked the state governments](https://therecord.media/kentucky-arkansas-say-abortion-ban-leaks-used-publicly-available-data) of Kentucky and Arkansas last year after the states [banned abortion](https://www.washingtonpost.com/politics/2022/06/24/abortion-state-laws-criminalization-roe/) following the Supreme Court decision to [overturn Roe v. Wade](https://www.nytimes.com/2022/06/24/briefing/roe-v-wade-abortion-supreme-court-guns.html). But state officials later confirmed that the group simply downloaded publicly available record data.
SeigedSec's post on Telegram was shared by GhostSec, another hacking group that [falsely said](https://therecord.media/maine-govt-says-state-systems-were-not-breached-despite-hacking-groups-claims) last month it stole 40 GB of data from Maine's government websites. The data taken in that incident was later revealed to have been downloaded public-facing information that was available on Maine's Department of Environmental Protection (DEP) website. |
★★★ | ||
|
2023-03-07 14:40:00 | One leader for Cyber Command, NSA has \'substantial benefits,\' report says (lien direct) |
The head of U.S Cyber Command and the National Security Agency testified Tuesday that the two entities should continue to share a leader, citing the conclusions in a recent high-level review that has yet to be shared with the public.
In [written testimony](https://www.cybercom.mil/Media/News/Article/3320195/posture-statement-of-general-paul-m-nakasone/) to a Senate panel, Army Gen. Paul Nakasone directly quoted the review of the “dual hat” leadership structure, which has existed since Cyber Command was established in 2010.
The report found “'substantial benefits that present compelling evidence for retaining the existing structure,'” according to Nakasone, who took over both organizations in 2018. Momentum for splitting the roles increased during the Trump administration.
The Record first reported that the Biden administration had tapped former Joint Chiefs of Staff Chairman Joseph F. Dunford Jr. to lead the review. The team [concluded without a policy recommendation](https://therecord.media/review-of-nsa-cyber-command-leadership-structure-ends-without-official-recommendation) on maintaining or splitting the arraignment, but it leaned heavily toward keeping the two conjoined, despite long-held concerns that the positions are too much for a single person.
Nakasone also wrote that the review “highlighted” CYBERCOM and NSA's work defending U.S. elections from foreign interference, fighting ransomware operators and bolstering the military's other combatant commands as reasons to keep the two together.
Nakasone, one of Cyber Command's original architects, said publicly last year that he met with Dunford's study group and “had an opportunity to share my views.”
“Success in protecting the national security of the United States in cyberspace would be more costly and less decisive with two separate organizations under two separate leaders,” Nakasone wrote in his testimony for the Senate Armed Services Committee.
“The enduring relationship is vital for both organizations to meet the strategic challenges of our adversaries as they mature their capabilities against the United States,” he added.
|
Ransomware Guideline | ★★★ | |
|
2023-03-07 14:30:00 | Internal documents show Mexican army used spyware against civilians, set up secret military intelligence unit (lien direct) |
_Two digital rights groups, Mexico's R3D and the University of Toronto's Citizen Lab, have just released an update to their “[Ejército Espía](https://ejercitoespia.r3d.mx/)” (“Spying Government”) report from late last year. In October 2022, they revealed that the Mexican army bought spyware and deployed it against at least two Mexican journalists and a human rights advocate between 2019 and 2021. While they had compelling circumstantial evidence, there was no smoking gun. The newly-released internal classified documents appear to prove it._
_Luis Fernando Garcia, a lawyer and executive director of R3D, told Click Here in an interview that a roster of freedom of information requests and internal Ministry of Defense documents – released as part of last year's massive hack-and-leak operation by the hacktivist group Guacamaya – connect officials at the highest levels of the Mexican army to the purchase of Pegasus spyware. R3D found a 2019 acceptance letter that links the military to a company with the exclusive right to sell licenses for the NSO Group's Pegasus spyware in Mexico._
_NSO Group created Pegasus in 2011 and it has been linked to everything from the capture of the drug lord El Chapo to the murder of journalist Jamal Khashoggi. Pegasus' super power is its ability to infect smartphones without a user knowing - the phone becomes a spy in their pocket, capturing their location, their communications, and information on their friends._
_Among the new revelations are documents from the Mexican Secretariat of National Defense , or SEDENA, that discuss a previously unknown military intelligence agency in charge of the nation's surveillance programs. The leaked files show the agency, referred to as CMI or the Military Intelligence Center, spied on a human rights advocate named Raymundo Ramos who has been investigating a suspected extrajudicial killing by the Army that occurred in July 2020 in a border town called Nuevo Laredo._
_The interview has been edited for space and clarity. A fuller version of the story can be heard on the [Click Here](https://podcasts.apple.com/us/podcast/click-here/id1225077306) podcast._
**CLICK HERE: For people who don't know, can you explain the mission of R3D (The Digital Rights Defense Network)?**
**LUIS FERNANDO GARCIA:** The Digital Rights Defense Network is a NGO that works on issues related to human rights and technology. Since the beginning we've been working to uncover and to investigate and pushback against the surveillance apparatus in Mexico.
**CH: You started your latest investigation into government surveillance in collaboration with the University of Toronto's Citizen Lab in early 2022. What did the initial investigation [[published last October](https://ejercitoespia.r3d.mx/)] reveal?**
**LG:** We started checking phones of human rights defenders, journalists, trying to see if we could find forensic evidence of Pegasus in Mexico. We started to document cases of people who were infected in 2019, 2020, and 2021, which means [it was deployed] during the current government, not the previous government.
A week or maybe less from our publication date, something really important happened. The army's email system was hacked and an activist group called Guacamaya was offering access to those emails to media organizations and to human rights organizations. And this gave us like the missing key that we needed to actually point the finger at the army and say we found these Pegasus cases [and connected them to the military].
**CH: Can you talk about some of the specific things you discovered in the Guacamaya documents?**
**LG:** We were able to find a kind of acceptance letter from the army, directed to the secretary, which is the head of the army - the General Secretary of National Defense in Mexico. And here it talks about a contract with Comercializadora Antsua |
Hack | ★★★★★ | |
|
2023-03-07 13:05:00 | Israel blames state-sponsored Iranian hackers for ransomware attack on university (lien direct) |
Israeli cybersecurity officials on Tuesday blamed hackers sponsored by the Iranian government for a ransomware attack on the country's leading technology university.
The attack in February forced the Israel Institute of Technology, also known as Technion, to postpone exams and shut down its IT systems. The incident followed what Israeli defense officials said were dozens of attempted Iranian cyberattacks over the past year.
Hackers from a previously unknown group calling itself DarkBit claimed responsibility in a note left on Technion's systems demanding 80 bitcoins ($1.7 million at the time) to enable the university to recover its files.
The note was unusually ideological, criticizing “an apartheid regime” and stating: “They should pay for their lies and crimes, their names and shames. They should pay for occupation, war crimes against humanity, killing the people (not only Palestinians' bodies, but also Israelis' souls) and destroying the future and all dreams we had.”
Israel's National Cyber Directorate on Tuesday attributed the attack to a threat group tracked as MuddyWater, which last year U.S. Cyber Command linked to the Iranian Ministry of Intelligence and Security.
British and American authorities subsequently issued a warning about the hacking group, saying it was targeting a “range of government and private-sector organizations across sectors - including telecommunications, defense, local government, and oil and natural gas - in Asia, Africa, Europe, and North America.”
While Israel and Iran have never been in a declared war against each other, the countries have repeatedly blamed each other for cyberattacks targeting civilian infrastructure, including a steel plant in Iran. Iranian hackers have been blamed for attacks on water systems in Israel.
The attack on the university in Haifa is not the first time that Iranian state-sponsored hackers have been linked to ransomware incidents. A French-Venezuelan cardiologist called Moises Luis Zagala Gonzalez was charged by the U.S. Department of Justice last year with developing the Thanos ransomware and allegedly boasting about it being used by Iranian government-linked hackers.
Another advisory issued in 2022 by cyber authorities in the United Kingdom, United States, Australia and Canada - members of the Five Eyes intelligence alliance - warned that “cyber actors affiliated with Iran's Islamic Revolutionary Guard Corps are exploiting vulnerabilities to launch ransomware operations against multiple sectors.” |
Ransomware Threat Guideline | ★★ | |
|
2023-03-07 01:00:00 | African fintech giant Flutterwave denies reports that it was hacked (lien direct) |
One of Nigeria's most prominent startups is denying media reports that hackers stole millions of dollars from its platform.
On Sunday, the website Techpoint.africa [reported](https://techpoint.africa/2023/03/05/hackers-have-stolen-2-9-billion-from-flutterwave/) that about $6.3 million was stolen from the digital payments services startup Flutterwave. The fintech firm is typically used by small businesses to make and receive payments, and has raised nearly half a billion dollars in investor funding.
The outlet cited court filings from a purported Flutterwave lawyer requesting that more than 100 accounts at 27 financial institutions be frozen. In [a filing](https://www.scribd.com/document/629702409/Flutterwave-C-O-P-v-Access-Bank-26-Others-Ex-Parte-Motion) from February 19, the lawyer writes: “About two weeks ago … there was a breach of Our Client's internet security resulting to an account takeover by internet hackers.
“Before we could get the accounts frozen … some commercial banks allowed the monies to be moved to other beneficiary accounts thus widening the net of the culpable and fraudulent account holders.”
Flutterwave responded to reports of the breach on Sunday, [denying](https://www.google.com/url?q=https://flutterwave.com/gb/blog/statement-on-claims-regarding-flutterwaves-security&sa=D&source=docs&ust=1678154611282025&usg=AOvVaw355-A1SIbshQfKPFKxhnBK) that hackers had gained any access to the platform.
You may have recently heard some claims on Flutterwave's security. We want to assure you that Flutterwave has not been hacked, and no customer funds were lost.Thank you for choosing us Read more here: https://t.co/a27ZIy0w1k pic.twitter.com/o3KfChucJ9 |
★★★ | ||
|
2023-03-06 14:03:00 | Vice Society ransomware group claims German university as latest victim (lien direct) |
The Vice Society ransomware group added the Hamburg University of Applied Sciences (HAW Hamburg) to its leak site this weekend following an attack that the institution said took place late last year.
HAW Hamburg is one of several German-speaking institutions with a focus on applied sciences to be targeted by ransomware gangs in recent months.
In [a statement](https://www.haw-hamburg.de/fileadmin/PK/PDF/Infos_Art._34_DS-GVO_final.pdf) sent to all employees and students, the university said the attack was on December 29, describing a ransomware incident without using the term itself. The school has about 16,000 students.
“The attackers worked their way manually from decentralized IT systems via the network to the central IT and security components of HAW Hamburg. They also gained administrative rights to the central storage systems via this attack path and thus compromised the central data storage,” the statement explained.
“With the administrative rights obtained, the encryption of various virtualized platforms and the deletion of saved backups were finally started,” it added.
The university warned that “significant amounts of data from various areas” were copied, including usernames and “cryptographically secured” passwords, email addresses and mobile phone numbers.
Despite describing the compromised passwords as “cryptographically secured” the IT team recommended that students and staff change their passwords “for all internal university applications,” adding “in particular, change your password for Microsoft Teams and avoid using passwords that you have already used before.”
The university said it had to rebuild its IT systems, including the existing Microsoft cloud environment, and was “trying to restore a backup of the email data from the old mail server as of December 14.”
Following the attack, HAW Hamburg's IT security said it had “received several reports from students about attempts to log on to Internet portals such as Amazon and eBay by unauthorized third parties.”
“After reviewing all previous reports, and taking into account the attacker group's previous approach, it can be ruled out that the login attempts are related to the security incident at HAW Hamburg or the attacker group,” the team added.
Back in January the Vice Society ransomware group [claimed responsibility](https://therecord.media/vice-society-ransomware-gang-claims-attack-on-one-of-germanys-largest-universities/) for a November attack against the University of Duisburg-Essen in Germany.
Then in February the University of Zurich, Switzerland's largest university, announced it was the target of a “serious cyberattack,” which a spokesperson described to The Record as “part of a current accumulation of attacks on educational and health institutions.”
The week before, the [Harz University of Applied Sciences](https://www.n-tv.de/regionales/sachsen-anhalt/Hochschule-Harz-nach-digitalem-Angriff-offline-article23885755.html) in Saxony-Anhalt, [Ruhr West University](https://www.hochschule-ruhr-west.de/hrwoffline/), and the [EU/FH European University of Applied Sciences](https://www.eufh.de/hochschule/pressemitteilung) all announced being impacted by cyberattacks.
|
Ransomware Guideline Cloud | ★★ | |
|
2023-03-06 14:02:00 | Thousands of appointments canceled after ransomware hits major Barcelona hospital (lien direct) |
A ransomware attack on the city of Barcelona's main hospital has forced thousands of appointments to be canceled, officials announced Monday.
The Hospital Clinic de Barcelona was attacked Saturday, with computers across the institutions' numerous laboratories, clinics and emergency room shut down. Its website was unavailable on Monday.
Officials said that 150 non-urgent operations were canceled on Monday alongside up to 3,000 patient checkups, including radiotherapy visits, because staff can't access patients' clinical records, reported the [El País newspaper](link).
The Ransom House gang - which lists semiconductor company AMD as a previous victim, claiming to have sold data stolen by its "partners" - was responsible for the attack, according to the regional Catalonian Cybersecurity Agency. The gang itself claims on its leak site to “have nothing to do with any breaches” and doesn't “produce or use any ransomware.” It describes itself as a “professional mediators community.”
Segi Marcén, telecommunications secretary for the regional Catalonia government, said that no extortion demand had yet been received but that the hospital would not be making a ransom payment even if one was.
“We will not pay a cent,” Marcén said. Ransomware gangs typically threaten to release stolen data publicly if an extortion payment doesn't come by a certain deadline. As of Monday, nothing from the hospital was on Ransom House's leak site.
Marcén added that the regional government was “focusing on recovering the information” impacted by the attack, although it was not yet clear whether the hospital's data backups were also compromised, El País reported.
Staff at the hospital have been forced to write on paper and do not have access to electronic patient data-sharing systems. The facility's press department announced that urgent cases are being diverted to other hospitals.
“We can't make any prediction as to when the system will be back up to normal,” the hospital's director, Antoni Castells, told journalists, adding that there was a contingency plan to keep services functioning for several days although he hoped the system would be fixed sooner.
Tomàs Roy, the general director of the Catalan Cybersecurity Agency, said the attackers “have used new attack techniques,” but didn't specify what they were.
Recovering from the attack will be “gradual,” reported El País, as IT staff will need to ensure that systems aren't restored while the attackers maintain some access to the system. |
Ransomware | ★★ | |
|
2023-03-06 14:01:00 | Ransomware gang posts breast cancer patients\' clinical photographs (lien direct) |
The ALPHV ransomware group, also known as BlackCat, is attempting to extort a healthcare network in Pennsylvania by publishing photographs of breast cancer patients.
These clinical images, used by Lehigh Valley Health Network as part of radiotherapy to tackle malignant cells, were described as “nude photos” on the criminals' site.
Lehigh Valley Health Network disclosed on February 20 that it had been attacked by the BlackCat gang, which it described as linked to Russia, and stated that it would not pay a ransom.
“Based on our initial analysis, the attack was on the network supporting one physician practice located in Lackawanna County. We take this very seriously and protecting the data security and privacy of our patients, physicians and staff is critical,” said the network's president and chief executive, Brian Nester.
Nester added that the incident involved “a computer system used for clinically appropriate patient images for radiation oncology treatment and other sensitive information.”
At the time of the original statement, Nester said Lehigh Valley Health Network's services - including a cancer institute and a children's hospital - were not affected.
However the network's website is currently inaccessible. The Record was unable to contact the network for further comment following its listing on the ALPHV [.onion](https://en.wikipedia.org/wiki/Tor_(network)) website.
Onlookers have been revolted by the attempt to leverage the sensitivities around cancer treatment and intimate images to extort the organization.
Max Smeets, an academic at ETH Zurich - a public research university - and the director of the European Cyber Conflict Research Initiative, [wrote](https://twitter.com/Maxwsmeets/status/1632654116320075776): “This makes me so angry. I hope these barbarians will be held accountable for their heinous actions.”
"A new low. This is sickening," [wrote](https://twitter.com/rj_chap/status/1632465294580133888) malware analyst Ryan Chapman, while Nicholas Carroll, a cybersecurity professional, [said](https://twitter.com/sloppy_bear/status/1632468646873165824) the gang was “trying to set new standards in despicable.”
ALPHV itself celebrated the attack and the attention it brought.
“Our blog is followed by a lot of world media, the case will be widely publicized and will cause significant damage to your business. Your time is running out. We are ready to unleash our full power on you!”
Numerous healthcare organizations have been attacked by ransomware gangs in recent months. The criminal industry persists because of victims who pay, sometimes because their businesses face an existential threat, and sometimes to avoid the negative publicity.
Medibank, one of Australia's largest health insurance providers, stated last November that it would not be making a [ransom payment](https://therecord.media/medibank-says-it-will-not-pay-ransom-in-hack-that-impacted-9-7-million-customers/) after hackers gained access to the data of 9.7 million current and former customers, including 1.8 million international customers living abroad.
The information included sensitive healthcare claims data for around 480,000 individuals, including information about drug addiction treatments and abortions. Outrage at the attack prompted the government to [consider banning](https://therecord.media/australia-to-consider-banning-ransomware-payments/) ransomware payments in a bid to undermine the industry.
Back in January, the hospital technology giant [NextGen Healthcare](https://therecord.media/electronic-health-record-giant-nextgen-dealing-with-cyberattack/) said it was responding to a cyberattack after ALPHV added the company to its list of victims. |
Ransomware Malware | ★★★ | |
|
2023-03-04 13:00:00 | A year of wipers: How the Kremlin-backed Sandworm has attacked Ukraine during the war (lien direct) |  Last November, several Ukrainian organizations were targeted by a new type of ransomware called RansomBoggs. Its operators sent infected computers a ransom note written on behalf of James P. Sullivan - the main protagonist of the animated film Monsters, Inc. In the note Sullivan, whose job in the movie was to scare kids, asked for [… |
Ransomware | ★★★ | |
|
2023-03-03 20:56:38 | Chick-fil-A: 71,000 customers had financial information stolen during cyberattack (lien direct) |  Fast food giant Chick-fil-A said more than 71,000 of its customers had their financial information stolen from their website during a breach lasting from December to February. In documents filed with the attorney general offices of Maine, Montana and California, Chick-fil-A said it began an investigation after discovering “suspicious login activity” connected to an unknown [… |
★★ | ||
|
2023-03-03 19:57:24 | U.S. government warns of Royal ransomware attacks against critical infrastructure (lien direct) |  The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory Thursday warning vulnerable organizations of an increased threat posed by Royal ransomware. The guidance is the second warning the U.S. government has issued about Royal ransomware in recent months. In December, the U.S. Department of Health and Human Services (HHS) warned hospitals [… |
Ransomware Threat | ★★★ | |
|
2023-03-03 19:09:13 | Online travel giant says it was not compromised through recently-discovered vulnerability (lien direct) |  Online travel agency giant Booking.com said Friday that it was not compromised through a vulnerability on the platform that was recently discovered by researchers. Several publications on Thursday reported that researchers from Salt Security said they found several critical security flaws on Booking.com and its sister company Kayak. The flaws involved the tool that allows [… |
Tool Vulnerability | ★★★ | |
|
2023-03-03 17:16:28 | Cybercrime site shows off with a free leak of 2 million stolen card numbers (lien direct) |  A recent payment-card leak by the dark web shop BidenCash might be mostly a marketing ploy, experts say, but there are still dangers |
★★ | ||
|
2023-03-03 17:11:07 | Oakland officials say ransomware group may release personal data on Saturday (lien direct) |  The government of Oakland acknowledged on Friday that the ransomware group responsible for the cyberattack on city systems is planning to publish the information it stole. On Thursday evening, the Play ransomware group said it was behind the wide-ranging attack, writing on its leak site that it planned to publish sensitive stolen data on Saturday. [… |
Ransomware | ★★ | |
|
2023-03-03 16:00:03 | EPA takes steps to address cybersecurity weaknesses at water utilities (lien direct) |  The U.S. Environmental Protection Agency (EPA) is asking states to include cybersecurity in its audits of public water systems in a measure designed to address a spate of attacks on the sector. In a memorandum released Friday, EPA officials said several public water systems have not adopted even basic cybersecurity best practices - leaving them [… |
★★★ | ||
|
2023-03-02 20:51:38 | Poland blames Russian hackers for cyberattack on tax service website (lien direct) |  Poland’s tax service website was hit by a cyberattack believed to have been carried out by Russian hackers, according to the country's top cybersecurity official. The distributed denial-of-service (DDoS) attack occurred on Tuesday, causing the website to crash for approximately one hour and blocking users’ access to the online tax filing system. In an interview [… |
★★★ | ||
|
2023-03-02 20:29:15 | Tennessee State, Southeastern Louisiana universities hit with cyberattacks (lien direct) |  Tennessee State and Southeastern Louisiana are struggling with cyberattacks that have crippled campus services |
★★ | ||
|
2023-03-02 19:21:33 | In mixed response to White House cyber strategy, House Republicans focus on regulations (lien direct) |  Republican leaders on the House Homeland Security Committee questioned the White House’s desire for more cyber regulations after the release of the National Cybersecurity Strategy on Thursday. Committee Chairman Mark Green and Cybersecurity Subcommittee Chairman Andrew Garbarino did praise aspects of the plan, namely the focus on threats from Russia and China as well as [… |
Guideline | ★★ | |
|
2023-03-02 19:02:16 | A key post-quantum algorithm may be vulnerable to side-channel attacks (lien direct) |  As companies and governments around the world work on creating usable quantum computers, security researchers are also devising ways to protect data once those machines are available. Quantum computers have the potential to crack the cryptographic algorithms in use today, which is why “post-quantum” cryptographic algorithms are designed to be so strong that they can [… |
★★★ | ||
|
2023-03-02 17:03:07 | Secret Service, ICE carried out illegal stingray surveillance, government watchdog says (lien direct) |  U.S. federal agencies failed to secure required court orders to conduct phone tracking surveillance, according to a recently redacted memorandum from a government watchdog. The report, written by the Office of the Inspector General (OIG) and dated February 23, provided details of an audit of the use of cell-site simulators (CSS) - a law enforcement [… |
Legislation | ★★★ | |
|
2023-03-02 12:59:55 | Retailer WH Smith reports cyberattack, says employee data compromised (lien direct) |  U.K.-based retailer WH Smith told regulators that a cyberattack exposed data of current and former employees |
★★ | ||
|
2023-03-02 11:31:26 | National Cyber Strategy to push mandatory regulations, more offensive cyber action (lien direct) |  The White House unveiled its long-awaited National Cybersecurity Strategy on Thursday, laying out a holistic approach to improving digital security across the country. The plan is built around five basic pillars: Minimum cybersecurity requirements for critical infrastructure; Offensive cyber actions against hackers and nation states; Shifting liability onto software manufacturers; Diversifying and expanding the cyber [… |
★★ | ||
|
2023-03-01 20:46:22 | Canadian book giant says employee data was stolen during ransomware attack (lien direct) |  Toronto-based Indigo now says that employee data was accessed in a ransomware incident last month. The LockBit gang claims it was the perpetrator |
Ransomware | ★★ |
To see everything:
Our RSS (filtrered)
