Kremlin Insider Extradited to U.S. Reportedly Has Documents on Democratic Party Hack, Other GDR Operations
Twitter accounts of Israeli newspapers hacked on second anniversary of Soleimani's assassination, Hack on UK defense ministry had 'significant impact,' $2.2 million in Ape NFTs stolen, much more
Check out a piece I wrote for Cybersecurity Magazine on the importance of asset inventories for keeping IoT devices secure in organizations.
Vladislav Klyushin, who was extradited from Switzerland to the U.S. on December 18 to face charges he illegally made tens of millions of dollars trading on hacked corporate-earnings information, is a Kremlin insider who has access to documents relating to Russia’s campaign to hack Democratic Party servers during the 2016 U.S. election, sources say.
This cache would provide the U.S. for the first time with detailed documentary evidence of the alleged Russian efforts to influence the election. Three sources believe that Klyushin has access to secret records of other high-level GRU operations abroad because his IT firm, M-24, worked with the Russian government’s top echelons. The sources say U.S. and U.K. spy agencies approached Klyushin in the two years before his exit from Russia and that he received heightened levels of security in Switzerland. (Henry Meyer, Irina Reznik, and Hugo Miller / Bloomberg)
Pro-Iranian hackers targeted the Twitter accounts of Israeli newspapers Maariv and The Jerusalem Post with a photo of a model Dimona nuclear facility being blown up and the text "we are close to you where you do not think about it" in English and Hebrew placed on the Twitter and website.
The photo also showed a ballistic missile falling from what appears to be a representation of the hand of Islamic Revolutionary Guards Corps (IRGC) Quds Force commander Qasem Soleimani. The hacks occurred one day after the second anniversary of the US assassination of Soleimani in Baghdad in 2020. The attackers also edited the SEO keywords of the Jerusalem Post site to be "Israel, JPost, maariv, il, attack, hack [and] ransomware" during the attack. (Tzvi Joffre / Jerusalem Post)
Related: The Times of Israel, Devdiscourse News Desk, Reuters: World News, Sputnik News, The Persian Pasdaran, Associated Press, ibtimes.sg : Top News, Radio Free Europe / Radio Liberty, The Independent, Deutsche Welle, Al Bawaba, Arutz Sheva News, ynet - News, Gadgets Now, Reddit - cybersecurity, Al Arabiya, The Persian Pasdaran, UrduPoint, Presstv, TechDator, Reddit - cybersecurity, Asia One World, Devdiscourse News Desk, Reuters, Teller Report, Haaretz
A likely state-sponsored cyberattack that hit the academic arm of the UK's Ministry of Defence, discovered last March, had a "significant" impact, Air Marshal Edward Stringer, the officer in charge at the time, has revealed.
The incident prompted the Defence Academy to accelerate plans for its entire network to be rebuilt and made more resilient. Stringer said it was unlikely the attackers used the Defence Academy as a backdoor to penetrate much more secret parts of the MOD's IT systems. (Deborah Haynes / Sky News)
Related: The Guardian, The Sun, Telegraph, Independent
Chinese authorities go to great lengths to extend the government’s internet dragnet to unmask and silence those who criticize the country on Twitter, Facebook, and other international social media.
Chinese security forces use advanced investigation software, public records, and databases to find all their personal information and international social media presence and sometimes target those living beyond China’s borders to achieve their goals. (Muyi Xiao and Paul Mozur / New York Times)
Related: Chinanews.net
Jonathan Cheng @JChengWSJ
China is turning a major part of its internal Internet-data surveillance network outward, mining Western social media, including Facebook and Twitter, to equip its government agencies, military and police with information on foreign targets. @catecadell https://t.co/SP3bZWxX5tAccording to numerous reports from Microsoft Exchange admins worldwide, a bug in the FIP-FS anti-malware scanning engine is blocking email delivery with on-premise servers starting at midnight on January 1st, 2022.
The problem stems from Microsoft using a signed int32 variable to store the value of a date, which has a maximum value of 2,147,483,647. Dates in 2022 have a minimum value of 2,201,010,001, greater than the maximum value stored in the signed int32 variable, causing the scanning engine to fail and not release mail for delivery. Microsoft will have to release an update to fix the issue. Still, for on-premise Exchange Servers currently affected, admins have found that they can disable the FIP-FS scanning engine to allow email to start delivering again. (Lawrence Abrams / Bleeping Computer)
Related: iTnews , Six Colors, The Sun, Cyber Kendra, Neowin, Security Affairs, Slashdot, The Verge
U.S. online store PulseTV has disclosed a large-scale customer credit card compromise after first finding out about it from VISA on March 8, 2021, who informed them that unauthorized credit card transactions were taking place on the site.
After an initial investigation failed to pinpoint any problem, PulseTV hired a third-party specialist. The investigator discovered on November 18, 2021, “that the website had been identified as a common point of purchase for a number of unauthorized credit card transactions for MasterCard." PulseTV claims that their investigations did not reveal a breach on their systems. (Bill Toulas / Bleeping Computer)
Related: BankInfoSecurity, Security Affairs, Office of the Maine Attorney General
The Lapsus$ ransomware gang hacked and is currently extorting Impresa, the largest media conglomerate in Portugal and the owner of SIC and Expresso, the country’s largest TV channel and weekly newspaper, respectively.
The attack hit the company’s online IT server infrastructure. Websites for the Impressa group, Expresso, and SIC TV channels are offline. The Lapsus$ group took credit for the attack by defacing all of Impressa’s sites with a ransom note. The message also claims that the group has gained access to Impresa’s Amazon Web Services account. (Catalin Cimpanu / The Record)
Related: DataBreaches.net
Roughly $2.2 million worth of Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) non-fungible tokens (NFTs) were stolen from NFT collector Todd Kramer.
Moreover, some reports suggest that the NFT marketplace Opensea froze the collectibles, and crypto advocates complain about the lack of decentralization. (Jamie Redman / Bitcoin.com)
Related: Cointelegraph, Cryptobriefing, The Sun, Decrypt
Investment banking and financial giant Morgan Stanley agreed to pay $60 million to settle a class-action lawsuit by customers who said the Wall Street bank exposed their data when it twice failed to retire some of its older information technology properly.
Under the settlement, customers would receive at least two years of fraud insurance coverage, and each can apply for reimbursement of up to $10,000 in out-of-pocket losses. (Jonathan Stempel / Reuters)
Related: Business Wire, Econotimes, PYMNTS.com, CIO News, DataBreaches.net
A group that calls itself the Powerful Greek Army hacked the Twitter account of the NASA Director and Sr Technologist for Air Transporation System Parimal Kopardekar.
The group said it hacked Kopardekar’s account because they were looking for someone who works at NASA. They said their goal was to demonstrate that “that nobody is safe online.” (Pierluigi Paganini / Security Affairs)
Related: Greek City Times
The Broward Health hospital system in Florida said it suffered a data breach in October where a hacker accessed patients and staff's personal and medical information.
The intruder accessed names, birthdays, addresses, banking information, social security numbers, drivers’ license numbers, patient histories, and treatment and diagnosis records, among other information. The U.S. Justice Department asked the hospital not to immediately make the breach public to preserve an ongoing law enforcement investigation. (Associated Press)
Related: DataBreaches.net, Slashdot, The Hill
An Indian Supreme Court committee issued a public notice seeking details from people who felt NSO Group’s Pegasus spyware might have infected their mobile devices.
The panel asked Pegasus victims to send the information before noon on January 7, 2022. The court asked an independent expert technical committee supervised by a retired top court judge, Justice R.V. Raveendran, to probe the Pegasus snooping allegations. (IB Times India)
Related: The Hindu - Technology, Outlook India, Devdiscourse News Desk, The Wire
Security researcher and bug bounty hunter Seif Elsallamy discovered a vulnerability in Uber's email system that allows just about anyone to send emails on behalf of Uber.
Elsallamy warns that threat actors can abuse the vulnerability to email 57 million Uber users and drivers whose information was leaked in the 2016 data breach. Uber is aware of the flaw but has not fixed it yet. (Ax Sharma / Bleeping Computer)
Related: TechDator
According to a story first published by Ottawa-based Blackrock’s Reporter, the Public Health Agency of Canada said it accessed location data from 33 million mobile devices to monitor people’s movement during the COVID-19 lockdown.
The Agency awarded a contract to the Telus Data For Good program to provide “de-identified and aggregated data” of movement trends in Canada. The Agency is planning to track population movement for roughly the next five years, including to address other public health issues, such as “other infectious diseases, chronic disease prevention, and mental health,” according to an agency spokesperson. (Swikar Oli / National Post)
Related: Slashdot, New York Post, Blacklock’s Reporter
Photo by Diego Delso, CC BY-SA 4.0 via Wikimedia Commons