The CDC and U.S. Army Removed Apps From Russian Company That Posed as U.S. Firm
FTX suffers $663 million heist, Security risks dominate Twitter as turmoil and mismanagement subsume the platform, FBI pushed to deploy NSO spyware, Oz gov't plans to outlaw ransom payments, more
Metacurity is now on Mastodon! Please follow us there at @email@example.com.
The Centers for Disease Control and Prevention (CDC) and the U.S. Army said they had been deceived into believing applications company Pushwoosh, which is actually Russian, was based in the U.S. capital and subsequently removed Pushwoosh software from public-facing apps, citing security concerns.
According to company documents publicly filed in Russia, Pushwoosh is headquartered in the Siberian town of Novosibirsk and registered as a software company that also carries out data processing. However, on social media and in U.S. regulatory filings, Pushwoosh presents itself as a U.S. company based at various times in California, Maryland, and Washington, D.C.
On its website, Pushwoosh says it does not collect sensitive information. However, Russian authorities have compelled local companies to hand over user data to domestic security agencies. Company founder Max Konev said the company "has no connection with the Russian government of any kind" and stores its data in the United States and Germany. However, cybersecurity experts said keeping data overseas would not prevent Russian intelligence agencies from compelling a Russian firm to cede access to that data.
Pushwoosh code was installed in the apps of a wide array of international companies, influential non-profits, and government agencies,s from global consumer goods company Unilever and the Union of European Football Associations (UEFA) to the U.S. gun lobby, the National Rifle Association (NRA), and Britain's Labour Party. Pushwoosh code has been embedded into almost 8,000 apps in the Google and Apple app stores. Pushwoosh's business with U.S. government agencies and private companies could violate contracting and U.S. Federal Trade Commission (FTC) laws or trigger sanctions, legal experts maintain. (James Pearson and Marisa Taylor / Reuters)
A massive heist pulled more than 663 million dollars worth of funds out of the already collapsing FTX cryptocurrency exchange hours after it filed for bankruptcy, prompting the world's crypto tracers to closely track where that loot ends up and look for any clues that reveal the thief to be an FTX insider or just an opportunistic hacker.
Exactly how FTC might have been breached or “hacked,” as one administrator in FTX's Telegram channel said, is unclear. However, the crypto-tracing and blockchain analysis firm Elliptic revealed that the $663 million outflow seemed to be a combination of FTX's movement of coins into its own storage wallets and a mysterious theft. Whatever happened, it will be tough for the thieves to abscond with their profits in a spendable form without being identified.
The hunt for the missing funds might help put to rest the suspicion that the company's Bahamas-based CEO, Sam Bankman-Fried, who resigned Friday, is somehow responsible for the lost funds. According to an unconfirmed report, he and two other FTX executives are “under supervision” in the Bahamas, preventing them from leaving the country. Another report suggests that Bankman-Fried possessed a "back door" built into FTX's compliance system, allowing him to withdraw funds without alerting others at the company. (Andy Greenberg / Wired and Angus Berwick / Reuters)
Related: Coindesk, Elliptic, Cointelegraph, Financial Times, CNBC, Coingape, Korea Times News, CBC, The Block, Benzinga, The Daily Hodl, The Verge, Reuters, Reuters, Digital Journal, AFP, Gizmodo, Sydney Morning Herald, Bloomberg, Crowdfund Insider, Benzinga, The Tribune India, Voice of America, Bitcoin News, Semafor, Decrypt, Heavy.com, Forkast, Voice of America, Tech-Economic Times, Forkast, Startup Daily, Reuters.com, Bitcoin News, SlashGear » security, The Defiant, The Ankler
Crypto.com's CEO Kris Marszalek confirmed that his platform accidentally sent 320,000 ETH ($416 million) to another crypto exchange, Gate.io, a few weeks ago.
Gate.io returned the funds around five to seven days later. Marszalek said, "It was supposed to be a move to a new cold storage address, but was sent to a whitelisted external exchange address. We worked with Gate team and the funds were subsequently returned to our cold storage." (Molly White / Web3 Is Going Just Great)
Related: The Verge
Massive turmoil continues to afflict Twitter under new owner Elon Musk’s leadership, whose quixotic moves and dramatic staff cuts have undercut the social media service’s security posture.
Twitter’s ability to fend off threats is heading out the door with its security brass at the exact moment the new “verification” program is multiplying threats on the platform, said Rachel Tobac, chief executive officer of SocialProof Security, a social engineering-focused cybersecurity firm. On Friday, Twitter appeared to halt its “Blue” subscription service, which had gone live earlier this week. Meanwhile, Twitter resurrected “official” gray check marks for some prominent companies and publishers – a program that Musk had abruptly killed just two days ago.
The mass exodus of top security and compliance personnel raises serious questions about the company’s ability to fend off hackers, a difficult task for any high-profile social media platform and one that Twitter was already falling short on, according to a whistleblower complaint filed by the former head of security Peiter Zatko earlier this year.
Twitter may be unable to overcome the damage created by its $8 Blue subscription service that was widely abused by impersonator accounts. Advertisers are fleeing the service due to the brand damage the new Twitter poses after panic erupted inside drug company Eli Lilly after a fake account tweeted, “We are excited to announce insulin is now free.” Company officials scrambled to contact Twitter representatives and demanded they kill the viral spoof, worried it could undermine their brand’s reputation or push false claims about people’s medicine. Twitter, its staffing cut in half, didn’t react for hours. Eli Lilly has halted all advertising on Twitter as a consequence. (John Sakellariadis / Politico and Drew Harwell / Washington Post)
Related: Denver Post, Business Insider, BeInCrypto, TechJuice, Spiceworks Tech, New on MIT Technology Review, IWCsync News, Raw Story, The Conversation, New Statesman Contents, DeviceSecurity.io, RT News, Digital Information World, AndroidHeadlines.com, Tech Monitor, Metro.co.uk, Watcher Guru, TIME, The Tab, geekinteger, Technology | The Hill, Engadget, Mashable, The Register, Business Insider, The New Arab, Raw Story, Candid.Technology, Verdict, Washington Free Beacon, TechCrunch, Techradar, IWCsync News, PCMag.com, Times of India, SlashGear » security, CNBC Technology, The Verge, Ars Technica, Bloomberg, Benzinga, The Mary Sue
Dozens of internal F.B.I. documents and court records produced in response to a Freedom of Information Act lawsuit show that F.B.I. officials made a push in late 2020 and the first half of 2021 to deploy Pegasus spyware made by Israeli spyware firm NSO in its own criminal investigations despite FBI Director Christopher Wray’s closed-door Senate testimony that the F.B.I. had bought a license for Pegasus, but only for research and development.
Bureau officials developed advanced plans to brief the bureau’s leadership and drafted guidelines for federal prosecutors about how the F.B.I.’s use of hacking tools would need to be disclosed during criminal proceedings. The F.B.I. eventually decided not to deploy Pegasus in criminal investigations in July 2021 amid a flurry of stories about how governments had abused the hacking tool across the globe. Despite the F.B.I. decision not to use Pegasus, court documents indicate the bureau remains interested in potentially using spyware in future investigations. (Mark Mazzetti and Ronen Bergman / New York Times)
Australia's Home Affairs Minister Clare O'Neil said the government would consider making illegal the paying of ransoms to cyber hackers, following recent cyber attacks affecting millions of Australians after she formalized a new cyber-policing model between the Australian Federal Police (AFP) and the Australian Signals Directorate to do "new tough policing" on cybercrime.
Around 100 officers would be part of the new partnership between the two federal agencies, acting as a joint standing operation against cyber criminals. The AFP said Russia-based hackers were behind the attack on health insurance giant Medibank, which compromised data from around 10 million current and former customers. The ransomware attackers have continued to release sensitive information obtained during the hack after Medibank refused to pay the reported $10 million ransom. (Sam McKeith / Reuters)
Related: Sydney Morning Herald, Financial Review, JURIST – News, TRT World, SBS, SBS, News.com.au Sydney Morning Herald, The Register - Security, Teiss, The Register - Security, PUPUWEB, The Register - Security, Daily Mail, News.com.au, DeviceSecurity.io, The New Daily, Teiss, News.com.au, The Register - Security, PerthNow, The West Australian, The Mandarin, IT News, CyberNews
The Russian Foreign Ministry said it had banned 200 U.S. citizens from entering Russia, including relatives of President Joe Biden, in response to personal sanctions from Washington over Moscow’s ongoing unprovoked invasion of Ukraine.
Included in the list of banned persons are several cybersecurity luminaries, including former CISA Director Chris Krebs, current CISA Director Jen Easterly, Crowdstrike founder, and current Silverado Policy Accelerator Chairman Dmitry Alperovich.
The Computer Emergency Response Team of Ukraine (CERT-UA) confirmed that Russian hacktivists had infected multiple organizations in Ukraine with a new ransomware strain called Somnia, encrypting their systems and causing operational problems.
CERT-UA attributed the attacks to From Russia with Love (FRwL), also known as Z-Team, whom they track as UAC-0118. The group previously disclosed creating the Somnia ransomware on Telegram and even posted evidence of attacks against tank producers in Ukraine. The hacking group uses fake sites that mimic the Advanced IP Scanner software to trick Ukrainian organization employees into downloading an installer.
The installer infects the system with the Vidar stealer, which steals the victim's Telegram session data to take control of their account. The threat actors abuse the victim's Telegram account in some unspecified manner to steal VPN connection data (authentication and certificates). If the stolen connections are not protected by multi-factor authentication, the hackers use them to gain unauthorized access to the victims’ employer's corporate networks. (Bill Toulas / Bleeping Computer)
A likely ransomware attack hit Canadian food retail giant Sobeys, which has been experiencing IT issues for over a week.
Sobeys' parent company Empire revealed that while its grocery stores were still open, some services were impacted by this company-wide IT issue. According to employee reports, all computers were locked out in affected Sobeys stores, with point-of-sale (POS) and payment processing systems still online and working since they're set up to work on a separate network.
Based on ransom notes and negotiation chats, the attackers deployed Black Basta ransomware payloads to encrypt systems on Sobeys' network. (Sergiu Gatlan / Bleeping Computer)
Metacurity is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.
U.S. intelligence officials concluded the United Arab Emirates meddled in the American political system, including by hacking into computers in the United States.
This revelation serves as a reminder that the UAE has sought to become a force in cyberspace and has made questionable use of cyberweapons, including by siphoning ex-U.S. officials into surveillance work against the United States itself. Three former officials accused of providing hacking help to the UAE, Marc Baier, Ryan Adams, and Daniel Gericke, have admitted to the charges. They were part of a covert UAE program dubbed Project Raven.
The UAE has repeatedly been connected with spyware known as Pegasus, a product of the NSO Group. There’s evidence that the UAE was involved in targeting Hanan Elatr, the wife of murdered Washington Post journalist Jamal Khashoggi. (John Hudson / Washington Post and Tim Starks and Aaron Schaffer / Washington Post)