Welcome back to our blog! Here’s the latest in cybersecurity news.
The US Department of Justice is conducting an investigation into a cyber intrusion involving the federal court records management system. The breach occurred in early 2020. House Judiciary Committee Chair Jerrold Nadler (D-N.Y.) told fellow lawmakers on Thursday that “three hostile foreign actors” attacked the U.S. Courts’ document filing system as part of a breach in early 2020 causing a “system security failure.” Nadler said the committee learned in March about the “startling breadth and scope” of the breach. This incident is unrelated to the SolarWinds hack, which took place towards the end of 2020.
The former CSO of Uber is facing some serious charges, including that he allegedly covered up a pretty big hack and at the company in 2016. Authorities say that Joe Sullivan concealed the hack, which involved the records of 57 million passengers and drivers. To make matters worse, they accuse him of secretly paying off the hackers with funds that were supposedly earmarked for Uber’s bug bounty program. Uber kept the incident under wraps, meaning that anyone impacted was never informed at the time. Ouch!
Twitter, which has not been in the news enough lately (if only), is investigating claims that a software vulnerability has been exploited to obtain the phone numbers and email addresses of more than 5 million users. Someone who goes by the handle “devil” claims to have siphoned the information, and listed it for sale on a cyber-crime forum. The digital privacy advocacy group RestorePrivacy first reported the security breach. The information supposedly belongs to both high value names such as celebrities, companies and other accounts.
Police in Spain arrested two hackers believed to be responsible for cyberattacks on the country’s radioactivity alert network (RAR).The incidents occurred between March and June 2021. The people arrested are former employees of a company contracted by the General Directorate of Civil Protection and Emergencies (DGPGE) to maintain the RAR system. Police allege the pair gained illegitimate access to DGPGE’s network and attempted to delete the RAR management web application in the control center. Police say the pair also launched individual attacks against sensors, taking down 300 out of 800 spread across Spain, essentially breaking their link to the control center and disrupting the data exchange.
That’s a wrap on the week’s top stories. Have a great weekend.
Top Global Security News
Computing (July 29, 2022) US DoJ probing ‘incredibly significant’ breach of federal records
The US Department of Justice is conducting an investigation into a cyber intrusion involving the federal court records management system.
The incident was a “significant concern,” Matt Olsen, chief of the Justice Department’s National Security Division (NSD), told the House Judiciary Committee. He said the NSD was working “very closely” with the Judicial Conference and judges around the nation to resolve the problem.
Committee chair Jerrold Nadler (D-NY) told fellow lawmakers that “three hostile foreign actors” had hacked the document filing system, resulting in a “system security failure.”
The breach happened in the early part of 2020 and was unrelated to the SolarWinds hack.
Security Week (July 28, 2022) Crackdown on BEC Schemes: 100 Arrested in Europe, Man Charged in US
Authorities in Hungary have arrested close to a hundred individuals as part of two operations meant to crack down on invoice fraud, Europol announced this week.
Also referred to as business email compromise (BEC), invoice fraud involves impersonating or compromising email addresses of employees at one organization and then sending fake invoices to partner companies, to request fund transfers.
The emails are typically sent to executives or individuals authorized to make payments and carry legitimate-looking invoices that ask the recipient to make a payment to a bank account owned by the attackers.
Bleeping Computer (July 27, 2022) Spain arrests suspected hackers who sabotaged radiation alert system
The Spanish police have announced the arrest of two hackers believed to be responsible for cyberattacks on the country’s radioactivity alert network (RAR), which took place between March and June 2021.
The two arrested individuals are former workers of a company contracted by the General Directorate of Civil Protection and Emergencies (DGPGE) to maintain the RAR system, so they had a deep knowledge of its operation and how to deliver an effective cyberattack.
The two arrested individuals gained illegitimate access to DGPGE’s network and attempted to delete the RAR management web application in the control center. In parallel, the duo launched individual attacks against sensors, taking down 300 out of 800 spread across Spain, essentially breaking their link to the control center and disrupting the data exchange.
Graham Cluely (July 27, 2022) Uber’s former head of security faces fraud charges after allegedly covering up data breach
The former Chief Security Officer of Uber is facing wire fraud charges over allegations that he covered up a data breach that saw hackers steal the records of 57 million passengers and drivers.
This tangled story reaches back to 2016, when two hackers discovered that Uber software engineers had carelessly exposed the login credentials they used to access an Amazon Web Services account which resulted in the theft of sensitive data related to Uber customers and drivers. Names, email addresses and phone numbers, as well as driving license details, were stolen in the heist.
The hackers contacted Uber’s security team, demanding a $100,000 Bitcoin payment be made for the secure erasure of the data.
Beta News (July 26, 2022) Cybercriminals go phishing for data in the social media pool
The latest quarterly report from NortonLifeLock’s global research team, Norton Labs, looks at how cybercriminals are using social media phishing attacks to steal private information.
Based on analysis of a full year of phishing attacks on the top social media platforms, it finds plenty of fake login pages designed to trick victims into inputting their login credentials, but also a diversity and complexity of lures going far beyond that one technique.
Tactics use include fake account lockouts — making it seem that a victim’s account has been locked luring victims to reveal login credentials — or getting users to install malware on the promise of increasing follower count. The report also highlights the use of verified badge scams — prompting users to login to obtain, or not to lose, their verified status on the platform.
InfoSecurity (July 26, 2022) Lockbit Ramps Up Attacks on Public Sector
The prolific Lockbit ransomware gang appears to have claimed another two scalps in recent days: the Canadian town of St Marys and the Italian tax agency.
The local administration at St Marys explained in an update on Friday that the attack occurred last Wednesday, locking an internal server and encrypting data on it.
“Upon learning of the incident, staff took immediate steps to secure any sensitive information, including locking down the town’s IT systems and restricting access to email. The town also notified its legal counsel, the Stratford Police Service and the Canadian Centre for Cyber Security,” a statement read.
Security Week (July 25, 2022) Senators Introduce Bipartisan Quantum Computing Cybersecurity Bill
A bipartisan bill that seeks to strengthen national security against quantum-computing threats has been introduced in the US Senate. Co-sponsored by Senators Rob Portman (R-OH) and Maggie Hassan (D-NH), the bill was introduced in the House in April and passed in July.
The Quantum Computing Cybersecurity Preparedness Act addresses federal agencies’ preparedness for quantum computing and requires them to adopt proper defenses against quantum-computing-enabled data breaches.
The bill underlines the need to migrate federal agencies’ information technology systems to post-quantum cryptography and mandates that the Office of Management and Budget (OMB) will supervise the migration process.
The Register (July 25, 2022) Twitter launches probe after miscreants claims to have swiped 5.4m users’ details
Twitter is investigating claims that a near-seven-month-old vulnerability in its software has been exploited to obtain the phone numbers and email addresses of a reported 5.4 million users.
A miscreant using the handle “devil” claims to have siphoned the details and is selling it all on a cyber-crime forum, according to RestorePrivacy, a digital privacy advocacy group that first reported the security breach. It’s said that the info belongs to celebrities, companies, ordinary netizens, and accounts with highly desirable usernames.
“We are reviewing the latest data to verify the authenticity of the claims and ensure the security of the accounts in question,” a Twitter spokesperson wrote in an email to The Register.
Other Thought Provoking Stories
*** This is a Security Bloggers Network syndicated blog from Blog Feed authored by Blog Feed. Read the original post at: https://www.globalsign.com/en/blog/cybersecurity-news-round-week-july-25-2022