Hackers' Breach of Australian Regional Water Supplier Went Undetected for Nine Months
NSO CEO quits job before his start date, Grief ransomware group exposed a wealth of sensitive financial and personal from NRA hack, U.S. joins 80-nation cybersecurity agreement, much more
Australia’s Queensland's largest regional water supplier, Sunwater, says hackers targeted it in a cyber security breach that went undetected for nine months.
Last year, the hackers left suspicious files on a webserver to redirect visitor traffic to an online video platform. The breach occurred between August 2020 and May 2021 and involved unauthorized access to the entity's web server that stored customer information. Weaknesses in an older, more vulnerable Sunwater system had allowed the cyber breach to remain undetected for nine months.
Sunland said no financial or customer data had been compromised, and it took immediate steps to improve security once it detected the unauthorized access. The Sunwater revelation followed a Queensland's Audit Office report into the state's water authorities that did not name Sunwater. That report called for immediate action to fix "ongoing security weaknesses in information systems.” (Rory Callinan / ABC News)
Itzik Benvenisti, the former co-president of Israeli spyware company NSO Group who had been named CEO on October 31st, resigned from the company even before he assumed his new position.
Benevenisti informed the Chairman of the company that in light of the circumstances that had arisen and given that the company had been blacklisted in the United States, he decided that he could not enter the CEO position. The U.S. Commerce Department earlier this month blacklisted the company and accused it of harming the national interest. (Golan Gozani / Calcalist)
A ransomware group that operates under the name Grief but previously used the name Evil Corp has exposed sensitive personal and financial information in the latest round of guns advocacy group NRA internal document dumps.
The group also published the NRA’s bank account information and the social security numbers or home addresses for dozens of its staff members. Documents with details on NRA employees who’ve paid tax liens, child support, or had their wages garnished are included in the leak. Dozens of internal documents, including the 2021 directors and officers insurance policy and several reports detailing the group’s confidential cyber security protocols, were also included in the leaks. NRA was hit by the group’s ransomware attack in late October. (Steven Gutowski / The Reload)
Following a meeting with French President Emmanuel Macron, Vice President Kamala Harris announced that the United States has joined an 80-country agreement known as the Paris Call for Trust and Security in Cyberspace. The agreement condemns reckless behavior in cyberspace and seeks to mobilize resources to secure the software supply chain. The Trump administration declined to sign the agreement first begun by the French government in 2018.
The Paris Call agreement follows efforts by the Biden administration to look for international help in cracking down on Eastern European and Russian ransomware gangs that have hacked major US firms. (Sean Lyngaas / CNN)
Joseph Marks @Joseph_Marks_Inbox: In another cyber break with the Trump admin., @VP Harris delivered a U.S. endorsement of the Paris Call for Trust and Security in Cyberspace - basically a set of norms govs and other organizations pledge to uphold in cyberspace. https://t.co/D2bfGUf5PI
Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly plans to invite members of the private hacking community to join an advisory committee at the Cybersecurity and Infrastructure Security Agency.
The advisory committee would find and report vulnerabilities that the government would be obligated to address. “I want to make sure we are tapping into the brilliance and the goodness of those communities to help us identify and close those vulnerabilities. So please partner with us and bring it on,” Easterly said at a conference hosted by Wired. (Graham Hacia / Wired)
Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly said that her agency is working on establishing new directives for the water and chemical industries as part of a federal effort to protect critical infrastructure from increasing cyber threats.
Speaking at a Wired conference, Easterly said that she has been "spending a huge amount of time on that critical infrastructure mission, both working off some of the sprints that the White House has directed with the electricity sector, the pipeline sector, and soon-to-be the water and chemical sectors." (Chris Riotta / FCW)
Telnyx, a voice over Internet Protocol (VoIP) company that provides worldwide telephony services over the Internet, including in the Americas, EMEA, APAC, and Australia regions, is the latest victim of telco-targeted distributed denial-of-service (DDoS) attacks, causing worldwide outages in its network.
The attack started on November 9th at approximately 11 PM EST, causing all telephony services to fail or be delayed. The company’s status page says that it has concluded the migration of global network traffic routes behind CloudFlare's DDoS protection systems, and all services are now operational. (Lawrence Abrams / Bleeping Computer)
According to screenshots obtained by Motherboard, the hackers behind the breach of app-based broker Robinhood had access to an internal tool that presented them the option of tampering with user accounts, including removing specific users’ multi-factor authentication protections.
On top of providing the ability to tamper with user accounts, the tool provides notes on specific accounts generated by Robinhood’s fraud team; the devices used to log into Robinhood; the user’s IP addresses; whether the devices are trusted; their balances such as net cash as well as their buying power; and their phone number and whether that number is verified. Robinhood had not previously specified that some users' phone numbers might have been exposed. A source who presented themselves as a proxy for the hackers provided the screenshots. (Joseph Cox / Motherboard)
Researchers at Zimperium discovered an ongoing spyware campaign that steals user data dubbed PhoneSpy that targets South Korean users via a range of lifestyle apps that nest in the device and silently exfiltrate data.
The PhoneSpy spyware comes disguised as a Yoga companion app, the Kakao Talk messaging app, an image gallery browser, a photo editing tool, and more. The stolen data can be used to support almost any malicious activity, from spying on spouses and employees to conducting corporate cyber-espionage and blackmailing people. Zimperium reported their findings to the US and South Korean authorities, but the host that supports the C2 server is yet to be taken down. (Bill Toulas / Bleeping Computer)
According to public records obtained by the EFF, data broker Veraset shared billions of “highly sensitive” phone-location records with the D.C. government last year that revealed how people moved about the city.
According to internal emails, Veraset offered the city a free trial of its tracking services for covid-tracking purposes only and did not include people’s names and personal details. EFF calls the free trial a “covid-washing” effort in a bid to forge new relationships with government authorities. (Drew Harwell / Washington Post)
The Missouri Department of Elementary and Secondary Education (DESE) has apologized for a"data vulnerability incident” that exposed the personal data of 620,000 teachers, administrators, and other education personnel.
Missouri Governor Mike Parson previously and falsely pinned blamed for the exposure on a“hack” by St. Louis Post-Dispatch reporters. DESE did not, however, apologize to the reporters for the governor’s false allegation. The State of Missouri is offering 12 months of credit and identity theft monitoring resources through IDX to past and present certificated educators whose PII was contained in the DESE certification database. (Mike Masnick / Techdirt)
Related: Missouri Education Department
HPE revealed that a threat actor obtained an"access key" to compromise repositories for their Aruba Central network monitoring platform, enabling the malicious hacker to access collected data about monitored devices and their locations.
The exposed repositories contained two datasets, one for network analytics and the other for Aruba Central's 'Contract Tracing' feature. The threat actor had access for 18 days between October 9th, 2021, and October 27th, when HPE revoked the key. (Lawrence Abrams / Bleeping Computer)
Related: Aruba Networks
IT asset discovery platform company Lucidem announced it had raised $15 million in a Series A venture funding round.
Point72 Ventures led the round, which included investments from GGV Capital, Silicon Valley CISO Investments, and leading angel investors. (Business Wire)