Taiwanese Websites Hit by Annoying DDoS Attacks Ahead of Pelosi's Visit
Hackers stole $8m from Solana wallets, Thousands of forked GitHub repo clones were altered to include malware, Robinhood find for cybersecurity violations, UK PM vote postponed by hacking fears, more
Metacurity is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.
Key Taiwanese websites, including those of President Tsai Ing-wen, the National Defense Ministry, the Foreign Affairs Ministry, and the country’s largest airport, Taiwan Taoyuan International, experienced intermittent outages due to DDoS attacks just ahead of House Speaker Nancy Pelosi’s arrival in Taiwan.
The source of the attacks is unclear, but they came at a time of China’s vehement opposition to Pelosi’s visit. (Kevin Collier / NBC News)
Related: VICE News, CNA ENGLISH NEWS, Gizmodo, Al Bawaba, New York Post, Cybersecurity| Reuters.com, Euro Weekly News Spain, PCMag.com, NBC News Technology, CTVNews.ca, Cybersecurity| Reuters.com, NDTV Gadgets360.com, USNI News, Radio Free Asia, RT News, Hong Kong Free Press HKFP, POLITICO, Tech Monitor, Cyberscoop, New Statesman Contents, MVox , KnowTechie, Washington Examiner, Mercury News, HackRead, Technology | The Hill, Cybersecurity 202, SANS Internet Storm Center
According to blockchain forensics firm Elliptic, hackers stole $5.2 million in crypto assets from more than 7,900 Solana ecosystem wallets. At the same time, security company PeckShield said four Solana wallet addresses drained approximately $8 million from victims.
Elliptic’s co-founder Tom Robinson said the theft is due to a flaw in certain wallet software rather than in the Solana blockchain itself. Solana spokesman Austin Federa noted that while there’s speculation the incident was a supply-chain attack, the nature of the exploit remains unclear. (Joanna Ossinger and Sidhartha Shukla / Bloomberg)
Related: Decrypt, CryptoSlate, Web3 is going just great, Blockworks, reddit TECH NEWS, U.Today, Bloomberg, Security News | Tech Times, iTech Post, TechCrunch, Startup Around, The Block, CryptoPotato, The Tech Outlook, Mashable
Software developer Stephen Lacy discovered that thousands of GitHub repositories were forked (copied) with their clones altered to include malware.
Contrary to what Lacy’s original tweet suggests, however, "35,000 projects" on GitHub have not been affected or compromised in any manner but are copies (forks or clones) of legitimate projects purportedly made by threat actors to push malware. Developer James Tucker pointed out that cloned repositories containing the malicious URL not only exfiltrated a user's environment variables but additionally contained a one-line backdoor. GitHub purged most malicious repositories after receiving the engineer's report. (Ax Sharma / Bleeping Computer)
In its first action related to cryptocurrency, the New York State Department of Financial Services (NYDFS) imposed a $30 million fine on online brokerage Robinhood's cryptocurrency trading unit for alleged anti-money-laundering violations and cybersecurity regulations.
The financial regulator said Robinhood Crypto failed to maintain and certify compliant anti-money-laundering and cybersecurity programs. As part of the consent order, Robinhood also will be required to retain an independent consultant to evaluate its compliance with NYDFS’s regulations and its remediation efforts. The NYDFS said Robinhood’s cybersecurity program failed to address the company’s operational risks, and its policies didn’t comply with the regulator’s cybersecurity and virtual currency regulations. (Mengqi Sun / Wall Street Journal)
Related: Finextra Research news, DFS.NY.gov, CNBC Technology, Cointelegraph.com, The Block, protocol, Finbold, Wall Street Journal, CryptoSlate, Decrypt, The Drum, CNBC Technology, Gizmodo, Protocol, Barron's, Business Insider, Bitcoinist.com, Blockworks, Invezz, CryptoPotato, Startups News | Tech News, BeInCrypto, Protocol, NDTV Gadgets360.com, PYMNTS, Finextra Research news, Forbes, Reuters: World News, ABC News: U.S., The Register, Gadgets Now, DataBreachToday.com, The Register, Databreachtoday, iTech Post, WRAL Tech Wire, Blockworks, Engadget, geekinteger
Voting for the next UK prime minister has been delayed after the country’s intel agency GCHQ warned that hackers could change people’s ballots.
No specific threat from a hostile state, and concerns were instead raised over the “vulnerability of the voting process.” Under the party’s original system, members could vote and then change their decision while the ballot remained open. Given the hacking concerns, a unique code will be provided, allowing only one unchangeable vote. (Ben Riley-Smith / The Telegraph)
Consumer groups such as Electronic Frontier Foundation are concerned that under the American Data Privacy Protection Act (ADPPA), the Federal Communications Commission (FCC) would no longer have the authority to enforce its privacy regulations for common carriers such as AT&T and Verizon that handle the vast majority of Americans’ phone calls and text conversations.
Under the ADPPA, privacy enforcement for common carriers would go to the Federal Trade Commission, which critics argue isn’t capable of matching the FCC’s enforcement powers and agency expertise. Other agencies with privacy statutes, such as Health and Human Services, are not preempted by ADPPA. State data breach laws are also not overridden. (Tonya Jo Riley / Cyberscoop)
Related: The Hill
German power electronics manufacturer Semikron disclosed that it was hit by a ransomware attack that partially encrypted the company's network.
The company said the perpetrators have claimed to have stolen data from its system and that the attack led to partial encryption of its IT systems and files. According to an alert issued by the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik), the ransomware operators are blackmailing the company and threatening to leak allegedly stolen data. (Sergiu Gatlan / Bleeping Computer)
According to lawsuits filed in the Northern District of California in June and July, Facebook’s parent company Meta and major U.S. hospitals violated medical privacy laws with a tracking tool that sends health information to Facebook.
An investigation by The Markup in early June found that 33 of the top 100 hospitals in the United States use a Facebook tracking tool called Meta Pixel on their websites. The tool sent information about patient health conditions, doctor appointments, and medication allergies to Facebook. (Nicole Wetsman / The Verge)
Researchers at Cisco Talos observed a new post-exploitation attack framework used in the wild, named Manjusaka, which can be deployed as an alternative to the widely abused Cobalt Strike toolset or parallel to it for redundancy.
Its remote access trojan (RAT) implants support command execution, file access, network reconnaissance, and more, so hackers can use it for the same operational goals as Cobalt Strike. RAT supports arbitrary command execution via “cmd.exe,” collects credentials stored in web browsers, WiFi SSID, and passwords, and discovers network connections (TCP and UDP), account names, local groups, etc. It can steal Premiumsoft Navicat credentials, capture screenshots of the current desktop, list running processes, and even check hardware specs and thermals. (Bill Toulas / Bleeping Computer)
A former owner of a T-Mobile retail store in California, Argishti Khudaverdyan, has been found guilty of a $25 million scheme where he illegally accessed T-Mobile's internal systems to unlock and unblock cell phones.
Khudaverdyan allegedly ran a scheme between 2014 and 2019 where he unlocked devices from the cellular networks of their vendors and enabled people to use them with other telecommunication providers. The sentence of Khudaverdyan is to be decided on October 17, 2022. (Bill Toulas / Bleeping Computer)
A bipartisan group of 106 national security experts, former government officials, and industry leaders sent the Senate Foreign Relations Committee a letter Tuesday endorsing Nate Fick to serve as the State Department’s first ambassador at large for cyberspace and digital policy.
Signatories include Keith Alexander, the former director of the National Security Agency; Dmitri Alperovitch, chairman, Silverado Policy Accelerator; Robert J. Butler, a former deputy assistant secretary at the Defense Department; Richard Danzig, former secretary of the Navy; Paula Dobriansky, a former undersecretary at the State Department; and several cybersecurity company officials, among many others. (Suzanne Smalley / Cyberscoop)
Related: Voice of America
The Spanish National Research Council was hit by a cyberattack that national authorities suspect had its origin in Russia.
The ministry said that the cyberattack was similar to others carried out against NASA in the United States and the Max Planck Institute in Germany. A preliminary analysis by Spain’s cybersecurity authorities said that it appears that no sensitive or confidential information was extracted. (Associated Press)
After last week’s shutdown of the proxy service 911[.]re, underground cybercrime forums are now awash in pleas from people desperately seeking a new supplier of abundant, cheap, and reliably clean proxies to restart their businesses.
Among the more frequently recommended alternatives to 911 is SocksEscort[.]com, a malware-based proxy network that has existed since at least 2010. But faced with a deluge of new signups in the wake of 911’s implosion, SocksEscort was among the remaining veteran proxy services that opted to close its doors to new registrants. (Brian Krebs / Krebs on Security)
Cybersecurity training platform Cybrary raised $25 million in a Series C venture funding round.
BuildGroup and Gula Tech Adventures led the round. (Kyle Wiggers / TechCrunch)