Cyber Ninjas Is Shutting Down in the Face of $50,000 Daily Fines
Amnesty Int'l confirms NSO's Pegasus spyware was used against Polish senator, Chinese national pleads guilty to stealing Monsanto algorithm, China fines Walmart for alleged vulnerabilities, more
Cyber Ninjas, the so-called cybersecurity firm that led a partisan review of 2020 ballots in Arizona, is closing down following a scathing report by election officials and the threat of $50,000 a day in fines.
Maricopa County Superior Court Judge John Hannah said he would impose a $50,000 fine against Cyber Ninjas every day until it hands over documents related to the so-called audit after the Arizona Republic newspaper filed a public records request. County officials released a report earlier this week concluding that eighty claims made by Cyber Ninjas in its report on voting problems in the county were misleading or false. (Dartunorro Clark / NBC News)
Amnesty International said it has independently confirmed that Pegasus software made by Israeli spyware maker NSO Group was used to hack a Polish senator multiple times in 2019 when he was running the opposition’s parliamentary election campaign.
The University of Toronto’s Citizen Lab found that the senator, Krzysztof Brejza, and two other Polish government critics were hacked with NSO’s Pegasus spyware. (Vanessa Gera / Associated Press)
A Chinese national who worked as an imaging scientist for agrochemical and agricultural biotechnology company Monsanto, Haitao Xiang, pleaded guilty to stealing a trade secret when he worked for Monsanto and one of its subsidiaries in Missouri.
When Xiang attempted to fly to China in 2017, investigators found that one of Xiang’s electronic devices contained copies of an algorithm called the Nutrient Optimizer, which the companies considered a trade secret and intellectual property. A grand jury indicted Xiang on eight charges in 2019. Prosecutors say that Xiang transferred the trade secret to a memory card and then attempted to take it to China for the benefit of the Chinese government. (Associated Press)
Chinese authorities fined Walmart for allegedly violating cybersecurity laws, local media reported.
The authorities ordered the retail giant to rectify the problems after police in the southern Chinese city of Shenzhen discovered 19 "vulnerabilities" in Walmart's network system in late November and accused it of being slow to fix the loopholes. However, it’s unclear what the fine amount is or what the vulnerabilities are. (Sophie Yu and Brenda Goh / Reuters)
Fertility Centers of Illinois, a chain of security clinics in Northern Illinois, suffered a data breach following an unspecified cyberattack that resulted in the theft of 79,943 current and former patients’ personal information.
Although the attack was detected on February 1, 2021, the company didn’t inform the U.S. Department of Health and Human Services of the breach until December 27. (Duncan Riley / Silicon Angle)
Accounts of more than three million users of the U.S.-based FlexBooker appointment scheduling service were stolen in an attack before the holidays and are now being traded on hacker forums. According to the data breach notification service Have I Been Pwned, the FlexBooker attack compromised more than 3.7 million accounts involving email addresses, names, and partial credit card data, passwords, and phone numbers.
The same attackers, who seem to be a group calling themselves Uawrongteam, also offer databases from racing media organization Racing.com and Redbourne Group’s rediCASE case management software, both from Australia. (Ionut Ilascu / Bleeping Computer)
A ransomware attack on FinalSite, a cloud-based web hosting provider specializing in school and educational websites, crippled the school portals and web services of more than 8,000 schools across more than 110 countries.
The attack occurred on January 4. FinalSite said it has taken affected systems offline and has already recovered and restored most affected websites. However, many districts still complain about their inability to notify parents by email or through messages posted on their main sites. (Catalin Cimpanu / The Record)
Ravkoo, a US Internet-based pharmacy service notorious for fulfilling prescriptions for bogus COVID-19 treatments such as ivermectin and hydroxychloroquine, sent data breach notification letters to 105,000 customers saying a security incident may have led to personal and health information being accessed.
Ravkoo is offering affected customers a free online identity monitoring service from Kroll Information Assurance to allow them to resolve identity theft issues linked to this data breach. (Sergiu Gatlan / Bleeping Computer)
Researchers at Chainanalysis say 2021 was a record year for illegal cryptocurrency payments, with illicit addresses tracked by the firm receiving $14 billion in deposits throughout 2021, almost double the amount they collected in 2020.
Illicit revenue from scams rose by 82% in 2021 to $7.8 billion worth of cryptocurrency. (Tonya Riley / Cyberscoop)
Researchers at Avanan say that hackers increasingly use Google Docs' productivity features to slip malicious content past spam filters and security tools.
The hack works when the malicious actors add a comment to a Google Doc with an @ that is automatically sent to that person's inbox. The full comment, including bad links, is sent by Google without showing the email address. (Jonathan Greig / ZDNet)