Purported State-Backed Iranian Ransomware Attack Strikes H&M Israel
Swiss Cloud Computing hit with a ransomware attack, Darktrace soars in its debut, Researchers discover flaws in What3Words, New Spectre vulnerabilities found in Intel, Advanced Micro chips, more
Gain access to our archives and special content by becoming a premium subscriber today!
Purported Iranian hackers launched a ransomware attack against H&M Israel and are threatening to publicize customer data, according to media reports. An Iran state-backed group identified as N3tw0rm warned it could release 110 gigabytes of H&M Israel’s data unless its demands, which neither the group nor H&M specified, were met.
Several other Israeli companies, including Veritas Logistic, have recently been targeted in similar cyberattacks, reports said. In that case, the hackers demanded 3 bitcoin ($170,000) in ransom. Israeli authorities say N3tw0rm is affiliated with the Iran-linked Pay2Key, which has in the past claimed to breach the Israel Aerospace Industries and Israeli cybersecurity company Portnox. (Times of Israel)
Switzerland-based cloud hosting provider Swiss Cloud Computing AG said it was hit with a ransomware attack on Tuesday, April 27, forcing the company to disrupt operations while restoring affected servers from existing backups.
The attack did not impact the company’s entire server infrastructure but affected server availability for more than 6,500 customers. One of the company’s highest-profile customers is Sage, a company that provides payroll and HR software for German-speaking countries. (Catalin Cimpanu / The Record)
Shares in British cybersecurity company Darktrace soared after the company made its debut on the London Stock Exchange.
Darktrace began conditional trading on Friday at 250p a share, with enthusiastic investors immediately pushing up its stock by 40% to 350p a share and sending its market value up from £1.7bn to almost £2.4bn. (Mark Sweney / The Guardian)
Thomas Brewster @iblametomNew - Darktrace shares off to a good start, value (market cap) rising to over $3 billion on first morning of trading https://t.co/yM6dOPByEB
Andrew Tierney of Pen Test Partners discovered a weakness in the algorithms used by What3Words (W3W) which gives each square in a digital addressing system a unique three-word address. W3W is used to help pinpoint individuals’ locations, and 100 UK emergency services use the app.
Separately, Aaron Toponce, a systems administrator at XMission, received a letter on Thursday from a law firm representing What3Words, requesting that he delete tweets related to the open-source alternative, WhatFreeWords. (Jane Wakefiled / BBC News)
Aaron Toponce ⚛️ @AaronToponceI've been served legal threats by @what3words. Both via email and post. I am complying with all their demands. This is not a battle worth fighting. Just let it be known however, they are evil.
Researchers from the University of Virginia and the University of California at San Diego have discovered three new Spectre vulnerabilities in the micro-op cache, a feature found in modern central processing units.
Micro-op cache has been present in Advanced Micro Devices Inc. processors since 2017 and Intel Corp. processors since 2011. “Due to the relatively small size of the micro-op cache, an attack is significantly faster than existing Spectre variants that rely on priming and probing several cache sets to transmit secret information,” the researchers said. (Duncan Riley / Silicon Angle)
U.K. Prime Minister Boris Johnson's personal mobile phone number has been available on the internet for years after it was included in a 2006 press release, raising national security concerns according to some observers because it exposes the Prime Minister to security threats such as SMS phishing.
"This is extremely worrying with massive security implications,” said Labour MP Kevan Jones, a member of the intelligence and security committee and a former defense minister. “It needs to be investigated as a matter of urgency ... It leaves the prime minister very vulnerable.” (EMILIO CASALICCHIO AND JULES DARMANIN / Politico EU)
Representatives from the National Network to End Domestic Violence (NNEDV), a leading nonprofit to end violence against women, say that Apple’s recently introduced AirTags could become a worrisome surveillance tool that an abuser could leverage to track a partner discreetly.
In response, Apple said that it takes customer safety very seriously and is committed to AirTag’s privacy and security. Moreover, Apple says that AirTag is designed with a set of proactive features to discourage unwanted tracking. (Mark Wilson / Fast Company)