Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label USA. Show all posts
USDoD
Data Breach Data Leak DOD Hackers Information Security Sensitive data Social Security Number USA USDoD

Massive Data Breach Exposes Social Security Numbers of 2.9 Billion People

 


A significant data breach has reportedly compromised the personal information of 2.9 billion people, potentially affecting the majority of Americans. A hacking group known as USDoD claims to have stolen this data, which includes highly sensitive information such as Social Security numbers, full names, addresses, dates of birth, and phone numbers. This development has raised alarm due to the vast scope of the breach and the critical nature of the information involved. The breach was first reported by the Los Angeles Times, which revealed that the hacker group is offering the stolen data for sale. 

The breach allegedly stems from National Public Data, a company that collects and stores personal information to facilitate background checks. The company has not formally confirmed the breach but did acknowledge purging its entire database. According to National Public Data, they have deleted all non-public information, although they stopped short of admitting that the data had been compromised. In April, the hacking group USDoD claimed responsibility for the breach, stating that it had obtained the personal information of billions of people. This led to a class-action lawsuit against National Public Data, as victims sought redress for the potential misuse of their sensitive information. 

The lawsuit has intensified scrutiny on the company’s data security practices, particularly given the critical nature of the information it manages. The potential consequences of this breach are severe. The stolen data, which includes Social Security numbers, could be used for a variety of malicious activities, including identity theft, fraud, and other forms of cybercrime. The scale of the breach also highlights the ongoing challenges in safeguarding personal information, particularly when it is collected and stored by third-party companies. As investigations continue, the breach underscores the urgent need for stronger data protection measures. 

Companies that handle sensitive information must ensure that they have robust security protocols in place to prevent such incidents. The breach also raises questions about the transparency and responsibility of organizations when dealing with personal data. In the meantime, consumers and businesses are on high alert, awaiting further developments and the potential fallout from one of the largest data breaches in history. The incident serves as a stark reminder of the risks associated with data storage and the critical importance of cybersecurity.
Read more »
USA
Chinese Hackers CloudSorcerer Cyber Attacks Technology Threats USA

Chinese Hacking Groups Target Russian government, IT firms

At the end of July 2024, a series of targeted cyberattacks began, aimed at Russian government organizations and IT companies. These attacks have been linked to Chinese hacker groups APT31 and APT27. The cybersecurity firm Kaspersky uncovered this activity and named the campaign "EastWind."  

The attackers used an updated version of the CloudSorcerer backdoor, which was first seen in a similar campaign back in May 2024 that also targeted Russian government entities. 
However, CloudSorcerer has not only been used in attacks on Russia; in May 2024, Proofpoint identified a related attack on a U.S.-based think tank. 

To check if a system has been compromised, look for DLL files larger than 5MB in the 'C:\Users\Public' directory, unsigned 'msedgeupdate.dll' files, and a running process named 'msiexec.exe' for each logged-in user. 

The initial stage of the attack involved phishing emails. These emails carried RAR archive attachments that were named after the target. Once opened, the archive used a technique called DLL side loading to drop a backdoor on the system, while simultaneously opening a document to distract the victim. 

The backdoor allowed attackers to explore the victim’s filesystem, execute commands, steal data, and deploy additional malware. The attackers used this backdoor to introduce a trojan called 'GrewApacha,' which has been linked to APT31. 

The latest version of GrewApacha, compared to previous versions from 2023, has been improved to use two command servers instead of one. These servers' addresses are stored in base64-encoded strings on GitHub profiles, which the malware accesses. Another tool loaded by the backdoor is a refreshed version of CloudSorcerer. 

This version uses a unique encryption mechanism to ensure it only runs on the targeted system. If run on a different machine, the encryption key will differ, causing the malware to fail. The updated CloudSorcerer now fetches its command-and-control (C2) server addresses from public profiles on Quora and LiveJournal instead of GitHub. 

A third piece of malware introduced during the EastWind attacks is called PlugY. This is a previously unknown backdoor with versatile capabilities, including executing commands, capturing screens, logging keystrokes, and monitoring the clipboard. 

Researchers found that the code used in PlugY has similarities with attacks by the APT27 group and a specific library for C2 communications found in PlugY is also used in other Chinese threat actor tools.
Read more »
USA
AI Online Abuse Tech Discrimination Tech Threats Technology USA

California Advances AI Regulation to Tackle Discrimination and Privacy Concerns

 

California lawmakers are making significant strides in regulating artificial intelligence (AI) technologies, with a series of proposals aimed at addressing discrimination, misinformation, privacy concerns and prohibiting deepfakes in the contexts of elections and pornography, advancing in the legislature last week. 

These proposals must now gain approval from the other legislative chamber before being presented to Governor Gavin Newsom. Experts and lawmakers warn that the United States is falling behind Europe in the race to regulate AI. The rapid development of AI technologies poses significant risks, including potential job losses, the spread of misinformation, privacy violations, and biases in automated systems. 

Governor Newsom has championed California as a frontrunner in both the adoption and regulation of AI. He has outlined plans for the state to deploy generative AI tools to reduce highway congestion, enhance road safety, and provide tax guidance. Concurrently, his administration is exploring new regulations to prevent AI discrimination in hiring practices. Speaking at an AI summit in San Francisco on Wednesday, Newsom revealed that California is considering at least three additional AI tools, including one designed to address homelessness. 

Tatiana Rice, deputy director of the Future of Privacy Forum, a nonprofit organization that advises lawmakers on technology and privacy issues, said that California's strong privacy laws position it more favorably than other states with significant AI interests, such as New York, for enacting effective regulations. Rice further emphasized that California is well-equipped to lead in the development of impactful AI governance. 

Some companies, including hospitals, are using AI for hiring, housing, and medical decisions with little oversight. The U.S. Equal Employment Opportunity Commission reports that up to 83% of employers use AI in hiring, but the workings of these algorithms are mostly unknown. California is proposing an ambitious measure to regulate these AI models. 

This measure would require companies to disclose their use of AI in decision-making and inform those affected. AI developers would need to regularly check their models for bias. The state attorney general would have the power to investigate discriminatory AI models and issue fines of $10,000 per violation. 

Additionally, a bipartisan coalition aims to prosecute those using AI to create child sexual abuse images, as current laws do not cover AI-generated images that are not of real people. Additionally, Democratic lawmakers are supporting a bill to combat election deepfakes. This bill was prompted by AI-generated robocalls mimicking President Joe Biden before New Hampshire’s presidential primary. 

The proposal would ban deceptive election-related deepfakes in mailers, robocalls, and TV ads 120 days before and 60 days after Election Day. Another proposal would require social media platforms to label any election-related posts created by AI. 

California's proactive stance may pave the way for broader federal regulations to address these emerging challenges.
Read more »
USA
Advanced Technology AI Risks AI Safety AI Systems AI technology Innovation NIST Technology USA

NIST Introduces ARIA Program to Enhance AI Safety and Reliability

 

The National Institute of Standards and Technology (NIST) has announced a new program called Assessing Risks and Impacts of AI (ARIA), aimed at better understanding the capabilities and impacts of artificial intelligence. ARIA is designed to help organizations and individuals assess whether AI technologies are valid, reliable, safe, secure, private, and fair in real-world applications. 

This initiative follows several recent announcements from NIST, including developments related to the Executive Order on trustworthy AI and the U.S. AI Safety Institute's strategic vision and international safety network. The ARIA program, along with other efforts supporting Commerce’s responsibilities under President Biden’s Executive Order on AI, demonstrates NIST and the U.S. AI Safety Institute’s commitment to minimizing AI risks while maximizing its benefits. 

The ARIA program addresses real-world needs as the use of AI technology grows. This initiative will support the U.S. AI Safety Institute, expand NIST’s collaboration with the research community, and establish reliable methods for testing and evaluating AI in practical settings. The program will consider AI systems beyond theoretical models, assessing their functionality in realistic scenarios where people interact with the technology under regular use conditions. This approach provides a broader, more comprehensive view of the effects of these technologies. The program helps operationalize the framework's recommendations to use both quantitative and qualitative techniques for analyzing and monitoring AI risks and impacts. 

ARIA will further develop methodologies and metrics to measure how well AI systems function safely within societal contexts. By focusing on real-world applications, ARIA aims to ensure that AI technologies can be trusted to perform reliably and ethically outside of controlled environments. The findings from the ARIA program will support and inform NIST’s collective efforts, including those through the U.S. AI Safety Institute, to establish a foundation for safe, secure, and trustworthy AI systems. This initiative is expected to play a crucial role in ensuring AI technologies are thoroughly evaluated, considering not only their technical performance but also their broader societal impacts. 

The ARIA program represents a significant step forward in AI oversight, reflecting a proactive approach to addressing the challenges and opportunities presented by advanced AI systems. As AI continues to integrate into various aspects of daily life, the insights gained from ARIA will be instrumental in shaping policies and practices that safeguard public interests while promoting innovation.
Read more »
USA
cyber attack Email Attacks email spam Fake Emails FBI USA

FBI Investigates Thousands of Fake Emails Warning of Cyber Threat You Must Do 1 Thing

 

Over the weekend, an alarming incident unfolded as thousands of fake emails flooded in, purportedly from the US Department of Homeland Security. The messages, titled "Urgent: Threat actor in systems," raised concerns about a cyber threat allegedly posed by a group called the Dark Overlord. According to reports, recipients were warned of a sophisticated chain attack targeting them, adding to the sense of urgency and anxiety. 

What made matters worse was the apparent authenticity of these emails, originating from FBI infrastructure. The scale of the operation was staggering, with over 100,000 of these deceptive emails sent out, causing widespread disruption and confusion among recipients. 

Additionally, it was discovered that the North Korean military intelligence agency, along with a hacking group called APT43 or Kimsuky, carried out a sophisticated cyber attack. They tricked people into giving away important information by pretending to be journalists, researchers, or academics through fake emails. To protect against this, experts suggest updating email security settings, like DMARC, which can help prevent such attacks. 

Let’s Understand Everything About DMARC

DMARC, DKIM, and SPF are like a triple defense system for emails. They work together to stop bad guys from pretending to send emails from places they should not. It is like having three guards at the gate, making sure only the right people get through. Picture your email as a package you are sending out into the world. DKIM and SPF are like seals of approval on the package, showing it is genuine and not tampered with. 

Now, DMARC is your extra security measure. It is like a set of instructions you attach to your package, telling the delivery person what to do if something seems fishy. "If the seal is broken, handle with care!" If you do not have DKIM, SPF, and DMARC set up properly, it is like sending out your package without those stamps and instructions. It might get lost, or worse, someone might try to copy your package and send out fake ones. 

So, by having these protections in place, you ensure your emails are delivered safely and are not mistaken for spam. This warning is a way to stop APT43 from stealing more data and giving it to North Korea. It is important for everyone to act fast and secure their email systems. These steps are crucial because cyber threats like this are always changing and can be really damaging. So, it is essential to stay alert and protect yourself from these kinds of attacks. 

Despite the gravity of the situation, the FBI has remained tight-lipped about further details, leaving many questions unanswered. As investigations unfold, concerns persist about the potential ramifications of such a large-scale deception. The incident serves as a stark reminder of the ever-present threat of cyber attacks and the importance of remaining vigilant in the face of such challenges. Stay tuned for updates as the investigation progresses.
Read more »
USA
Cyber Attacks FBI phishing Road Toll SMS Phishing USA

Nationwide Scam Targets Road Toll Users via SMS Phishing Scheme

 



The Federal Bureau of Investigation (FBI) has alerted the public to a widespread SMS phishing scam sweeping across the United States. The scam, which began in early March 2024, specifically targets individuals with fraudulent messages regarding unpaid road toll fees.

What Does The Scam Entails?

Thousands of Americans have already fallen victim to this harrowing scam, with over 2,000 complaints flooding the FBI's Internet Crime Complaint Center (IC3) from at least three states. The deceptive messages typically claim that the recipient owes money for outstanding tolls, urging them to click on embedded hyperlinks.

The perpetrators behind these attacks employ sophisticated tactics to deceive their targets. By impersonating legitimate toll services and altering phone numbers to match those of the respective states, they create a false sense of authenticity. However, the links provided within the messages lead to fake websites designed to extract personal and financial information from unsuspecting victims.

Cautionary Advice

Authorities are urging individuals who receive such messages to exercise caution and take immediate action. The Pennsylvania Turnpike, one of the affected toll services, has advised recipients not to click on any suspicious links and to promptly delete the messages. Similarly, the Pennsylvania State Police have issued warnings about the scam, emphasising the dangers of providing personal information to fraudulent sources.

To safeguard against falling prey to this scam, the FBI recommends several preventive measures. Victims are encouraged to file complaints with the IC3, providing details such as the scammer's phone number and the fraudulent website. Additionally, individuals should verify their toll accounts using the legitimate websites of the respective toll services and contact customer service for further assistance. Any suspicious messages should be promptly deleted, and if personal information has been compromised, immediate steps should be taken to secure financial accounts and dispute any unauthorised charges.

What Is Smishing?

Smishing, a blend of "SMS" and "phishing," is a form of social engineering attack wherein fraudulent text messages are used to deceive individuals into divulging sensitive information or downloading malware. In this instance, the scam preys on individuals' concerns regarding unpaid toll fees, exploiting their trust in official communication channels.

As the SMS phishing scam continues to proliferate, it is imperative for individuals to remain vigilant and sceptical of unsolicited messages. By staying informed and taking proactive measures to protect personal information, users can mitigate the risks posed by such malicious activities. Authorities are actively investigating these incidents, but it is crucial for the public to be proactive in safeguarding their financial and personal information from exploitation.


Read more »
USA
Data Privacy Federal Agencies Privacy surveillance Technology Threats USA

Controversial Reverse Searches Spark Legal Debate


In a growing trend, U.S. police departments and federal agencies are employing controversial surveillance tactics known as reverse searches. These methods involve compelling big tech companies like Google to surrender extensive user data with the aim of identifying criminal suspects. 

How Reverse Searches Operate 

Under Reverse Searches Enforce Agencies order digital giant companies such as Google to give them vast reservoirs of user data. Under this law, these agencies have the power to demand information related to specific events or queries which include: 

  • Location Data: Requesting data on individuals present in a particular place at a specific time based on their phone's location. 
  • Keyword Searches: Seeking information about individuals who have searched for specific keywords or queries. 
  • YouTube Video Views: A recent court order disclosed that authorities could access identifiable information on individuals who watched particular YouTube videos. 

In the past, when law enforcement needed information for an investigation, they would usually target specific people they suspected were involved in a crime. But now, because big tech companies like Google have so much data about people's activities online, authorities are taking a different approach. Instead of just focusing on individuals, they are asking for massive amounts of data from these tech companies. This includes information on both people who might be relevant to the investigation and those who are not. They hope that by casting a wider net, they will find more clues to help solve cases. 

Following the news, critics argue that these court-approved orders are overly broad and potentially unconstitutional. They raise concerns that such orders could force companies to disclose information about innocent people unrelated to the alleged crime. There are fears that this could lead to prosecutions based on individuals' online activities or locations. 

Also, last year an application filed in a Kentucky federal court disclosed that federal agencies wanted Google to “provide records and information associated with Google accounts or IP addresses accessing YouTube videos for a one-week period, between January 1, 2023, and January 8, 2023.” 

However, it did not end here, the constitutionality of these orders remains uncertain, paving the way for a probable legal challenge before the U.S. Supreme Court. Despite the controversy, federal investigators continue to push the boundaries of this contentious practice.
Read more »
Vulnerabilities and Exploits
cyber attack Cyberattacks Ivanti system hacked USA VPN Vulnerabilities Vulnerabilities and Exploits

Ivanti US Faces Security Crisis, Threatening Worldwide Systems


In a recent development, a critical server-side request forgery (SSRF) vulnerability has been discovered in Ivanti Connect Secure and Ivanti Policy Secure servers, marked as CVE-2024-21893. Security experts have confirmed that this vulnerability is being actively exploited by multiple attackers, raising concerns over the security of affected systems worldwide. 

Let's Understand SSRF and Its Impact 

SSRF vulnerabilities allow attackers to send crafted requests from the vulnerable server, potentially leading to unauthorized access to internal resources, sensitive data exposure, or even full system compromise. Imagine you have a key to open doors in a building. Now, imagine someone tricks you into using that key to open doors you are not supposed to. That is what happens in an SSRF attack. 

Normally, a website can only talk to the outside world through your web browser. But in an SSRF attack, the bad guys make the website talk to other places it is not supposed to, like secret internal parts of a company's network or even random outside websites. This can lead to big problems. 

For example, if the website connects to a secret part of a company's network, the bad guys might steal important information. Or if it connects to a random website, it might give away sensitive data, like your passwords or credit card numbers. 

Ivanti and the Vulnerabilities 

Ivanti raised the alarm about a critical flaw in the gateway's SAML components on January 31, 2024. This vulnerability, identified as CVE-2024-21893, was immediately classified as a zero-day exploit, indicating that hackers were already taking advantage of it. Initially, the impact seemed limited, affecting only a small number of customers. 

However, the exploitation of CVE-2024-21893 opened the door for attackers to sidestep authentication measures and gain unauthorized access to restricted resources on vulnerable devices, specifically those operating on versions 9.x and 22.x. 

Now, according to the threat monitoring service Shadowserver, the situation has escalated. They have detected numerous attackers capitalizing on the SSRF bug, with a staggering 170 unique IP addresses attempting to exploit the vulnerability. This widespread exploitation poses a significant threat to the security of affected systems and the data they hold. 

The disclosure of CVE-2024-21893 revealed a series of critical vulnerabilities affecting Ivanti Connect Secure and Policy Secure VPN appliances. Alongside CVE-2024-21893, two other zero-day vulnerabilities, CVE-2023-46805 and CVE-2024-21887, were also identified on January 10, 2024, prompting Ivanti to release temporary mitigations. 

These vulnerabilities were exploited by the Chinese espionage threat group UTA0178/UNC5221, resulting in the installation of webshells and backdoors on compromised devices. Despite initial mitigations, attackers managed to bypass defenses, compromising even device configuration files. 

What Measures Company is Taking? 

Ivanti postponed firmware patches scheduled for January 22 due to the sophisticated nature of the threat. Given the active exploitation of multiple critical zero-days, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) has mandated federal agencies to disconnect all Ivanti Connect Secure and Policy Secure VPN appliances. 

Only devices that have been factory reset and updated to the latest firmware should be reconnected. However, older versions without a patch remain vulnerable. While this directive is not compulsory for private organizations, they are strongly advised to assess the security status of their Ivanti deployments and overall environment, considering the potential risks posed by these vulnerabilities. 

About the Company 

Ivanti is a company based in Utah, USA, that makes different kinds of computer software for things like keeping your computer safe, managing IT services, tracking IT assets, managing all your devices from one place, controlling who has access to what, and managing the supply chain. It was created in 2017 when two companies, LANDESK and HEAT Software, joined together. Later, they also bought another company called Cherwell Software. Ivanti became more famous because of some big problems with the security of the VPN hardware they sell.
Read more »
USA
cyber attack Cyber Attacks Cyber Concerns Hospital Information System Ransom Threats to Hospitals USA

Cybersecurity Crisis on US Healthcare Sector Children Hospital in Alarms

 

In a recent and alarming development, Lurie Children's Hospital, a distinguished pediatric care facility in Chicago, has been forced to disconnect its network due to a pressing "cybersecurity matter." This precautionary step is a response to the escalating cyber threats targeting healthcare systems nationwide, causing concern among experts and regulatory bodies. 

The decision to take the network offline emphasizes the severity of the situation, highlighting the hospital's firm commitment to protecting patient data and maintaining operational integrity. Cybersecurity experts are issuing warnings, emphasizing the urgent need for heightened vigilance across the healthcare sector, as potential vulnerabilities pose a significant threat on a national scale. 

Lurie Children’s Hospital, utilizing Epic System’s electronic health record software, has affirmed its proactive response to the ongoing cybersecurity issue. The hospital is actively engaged in collaboration with experts and law enforcement to address the situation, underscoring the gravity of the threat. 

While the Illinois-based medical facility remains operational, it has proactively disabled phone lines, email services, and the electronic medical system. These necessary precautions have, unfortunately, led to disruptions, impacting scheduled surgeries and creating communication challenges for families attempting to reach doctors, CBSNews reported that these disruptions began on Wednesday. 

This incident further amplifies the growing concerns voiced by regulators and experts about the expanding landscape of cybersecurity threats in the healthcare sector. 

In response to a 2023 report warning of "dramatic increases" in cyber attacks impacting US hospitals, the Department of Health and Human Services has released voluntary cybersecurity objectives for the health sector. The report underscored the potential compromise of hospital operations and financial extortion, emphasizing the crucial need for heightened vigilance and proactive measures within the healthcare industry. Moreover, the health sector witnessed an unprecedented surge in data breaches last year, affecting a staggering 116 million patients, as reported by STAT

This significant increase is primarily attributed to the rise in hacking and IT incidents, more than doubling the impact compared to the preceding year, prompting a plea for strengthened cybersecurity measures to safeguard patient information. 

The concerning trend goes beyond data breaches, as evidenced by surpassing the record-breaking breaches of 2015 last year, impacting over 112 million individuals. The current year continues to witness a worrisome escalation, with numerous health organizations reporting breaches related to hacking or IT incidents. 

A recent incident at Chicago's Saint Anthony Hospital, involving an "unknown actor" copying patient data, further underscores the vulnerabilities in the healthcare sector. Ransomware attacks have surged, fueled by the widespread adoption of connected medical devices, cloud services, and remote work systems. 

John Riggi, the American Hospital Association's national cybersecurity and risk advisor, highlights the national security implications of these attacks, advocating for heightened cybersecurity measures. Riggi condemns attacks on children's hospitals, considering it a "new low" that directly impacts vulnerable patients. 

Nitin Natarajan from the federal Cybersecurity & Infrastructure Security Agency notes that health organizations are viewed as "target rich, cyber poor," making them attractive targets for adversaries. The broader spectrum of cybersecurity threats extends beyond healthcare, as FBI Director Christopher Wray alerts Congress to state-sponsored Chinese hackers targeting U.S. infrastructure. 

However, there is currently no indication that the Lurie incident is related to such a national security threat. The healthcare sector is now at a pivotal moment, necessitating immediate and robust responses to mitigate the growing risks posed by cyber threats.
Read more »
USA
Akira Ransomware Canada cyber attack Cyber Attacks Ransomware ransomware attacks USA

Akira Ransomware Unleashes Cyber Storm: Targets North American Companies

In the continually changing realm of cyber threats, organizations find themselves urgently needing to strengthen their cybersecurity measures to combat the increasing complexity of ransomware attacks. The focus is on Akira, a recently discovered ransomware family, highlighting a group of cyber adversaries armed with advanced tactics and led by highly skilled individuals. 

In a recent analysis of blockchain and source code data, the Akira ransomware has surged to prominence, rapidly establishing itself as one of the fastest-growing threats in the cyber landscape. This surge is attributed to its adept utilization of double extortion tactics, adoption of a ransomware-as-a-service (RaaS) distribution model, and the implementation of unique payment options. 

Who are the Targets? 

The Akira ransomware made its debut in March 2023, and its sights are set on companies in the United States and Canada. But what is really catching attention is its unique Tor leak site, which, as per Sophos' report, brings back vibes of "1980s green-screen consoles." Users need to type specific commands to navigate through this throwback-style interface. 

What is even more intriguing is that, despite sharing the same .akira file extension for encrypted files, the new Akira is nothing like its 2017 counterpart when it comes to the code under the hood. This twist highlights the ever-evolving nature of cyber threats, where old names come back with a new style and a fresh set of tricks. 

The Akira encryptor 

The Akira ransomware was found by MalwareHunterTeam, and they shared a part of it with BleepingComputer. When it starts working, Akira does something serious – it deletes Windows Shadow Volume Copies on the device. It uses a special command to do this: 

powershell.exe -Command "Get-WmiObject Win32_Shadowcopy | Remove-WmiObject" 
 
Furthermore, linkages between the Akira ransomware group and the now-defunct Conti ransomware gang have come to light, indicating a potential affiliation. Conti, renowned as one of the most notorious ransomware families in recent history, is believed to have evolved from the highly targeted Ryuk ransomware, marking a lineage of prolific cyber threats. The intricate connections between these ransomware entities underscore the evolving nature of cyber threats and the persistence of criminal organizations in adapting and expanding their malicious operations.
Read more »
USA
Cyber Security GSRA Security Law security measures USA

US Government Surveillance Reform Act (GSRA), What It Will Change?

 

A cross-party group of U.S. legislators has put forth fresh legislation aimed at limiting the extensive surveillance authority wielded by the FBI. They argue that the bill addresses the gaps that currently enable officials to access Americans' data without obtaining a warrant. This move comes after over ten years of discussions surrounding the surveillance powers granted in the aftermath of September 11, 2001. 

These powers permit domestic law enforcement to conduct warrantless scans of the immense volumes of data collected by America's foreign surveillance systems. If the Surveillance Reform Act (GSRA), gets approved, would compel law enforcement agencies to secure a legitimate warrant prior to conducting searches under Section 702 of the Foreign Intelligence Surveillance Act (FISA)

Opponents argue that the present absence of a warrant prerequisite for accessing the 702 database represents an unconstitutional circumvention of Americans' Fourth Amendment safeguards. This proposed legislation arrives as the culmination of a year-long, intense struggle over the fate of profoundly contentious surveillance practices, scheduled to conclude on December 31. 

Section 702 was enacted in 2008, it was originally presented as a tool for foreign surveillance, primarily aimed at tracking terrorists. However, due to antiquated and inadequately defined language in the policy, intelligence agents and law enforcement have been provided with a covert means to amass extensive volumes of U.S. communications. 

Subsequently, these private exchanges are routinely subjected to surveillance without the need for a warrant, and in certain instances, are even utilized as evidence in criminal proceedings. This creates a significant policy gap, allowing law enforcement to gather personal communications of American citizens that would typically be safeguarded by the Fourth Amendment. 

The paramount objective of the 206-page GSRA bill's proposed reforms is to bring about a modernization and enhancement of U.S. surveillance capabilities. This aims to align privacy safeguards and basic rights with the rapid technological progress that has significantly streamlined data acquisition processes. 

"We're introducing a bill that protects both Americans' security and Americans' liberty," Senator Ron Wyden - a Democrat and a longtime critic of government surveillance reported at a press conference on Tuesday. 

Officials in the executive branch have consistently emphasized the importance of the expiring surveillance authority, asserting its critical role in combatting foreign espionage and terrorism. They have actively advocated for its reauthorization.
Read more »
USA
cyber attack Cyber Attacks Dallas Country Data Theft Ransomware USA

Dallas County Departments Hit by the Play Gang

 

On Monday, an official confirmed that Dallas County experienced a cybersecurity incident earlier this month, which impacted segments of its network. Dallas County Judge Clay Lewis Jenkins stated in a release to Recorded Future News that an active investigation is underway in response to assertions made by a ransomware group that surfaced over the weekend. 

"We are currently in the process of thoroughly reviewing the data in question to determine its authenticity and potential impact. Our investigation into the incident remains ongoing and we continue to work closely with law enforcement and our cybersecurity experts to address this situation,” Jenkins said. 

On Tuesday morning, the Play ransomware group, known for orchestrating high-profile attacks this year, publicly disclosed the information it purports to have exfiltrated. The group stated that it had released 5 gigabytes of data and hinted at the possibility of disclosing additional information if there is no response. However, they have not specified the total amount of data they managed to acquire. 

What departments have been affected? 

The attack specifically targeted the computer-assisted dispatch system (CAD) of the Dallas Police Department. This forced dispatch call takers to resort to manual note-taking for field officer instructions, limiting their communication to phones and radios. According to city spokesperson Catherine Cuellar, the systems were successfully brought back online on May 6, ensuring continuous operation of emergency dispatch services. 

The ransomware attack affected Dallas Water Utilities, preventing customers from making online payments and disrupting meter readings. The utility has since recovered from the attack and both systems are now operational. 

The court was closed for the majority of the month after the cyberattack. There were no hearings, trials, or jury duty during that time, and the city could not accept nearly any form of citation payment. 

Additionally, The library’s reservation system has not been brought back online yet. Staff are still manually tracking the availability of borrowed items. Residents can still check those items out but are being advised not to return them until the system is fully functional again. 

The cyberattack on Dallas County was initially detected on October 19. With a population of 2.6 million residents, Dallas County is the second-most populous county in Texas. Notably, it encompasses Dallas, the ninth-largest city in the United States, which has already grappled with a ransomware attack earlier in 2023.
Read more »
USA
American Airlines Cyber attack Threat Cyber Attacks Ransomware USA

American Airlines Pilot Union Hit with Ransomware


On Monday, the Allied Pilots Association (APA), the preeminent labour union representing 15,000 dedicated pilots of American Airlines, revealed that its systems fell victim to a ransomware attack. Established in 1963, the APA stands as the foremost independent trade union for pilots globally. 

With a membership exceeding 15,000 pilots within the airline, the union made an announcement on its official website, disclosing the initial detection of the cyberattack on October 30. Engaging an undisclosed cybersecurity firm for a thorough examination, it was confirmed that the union had indeed fallen prey to a ransomware assault. This investigation revealed that certain systems had been subjected to encryption. 

"As a result, the restoration of those systems has entailed a methodical and time-consuming process for our IT team and outside experts. As we work to recover from backups, we are also continuing to assess potential impacts to data, including member data. Investigations of this nature often take time to complete,” the experts said.  

Collaborating closely with external specialists, the organization's IT team is diligently engaged in the process of restoring their systems. Encouragingly, they reported that these efforts are steadily advancing, indicating that they are on track to reinstate certain services online in the near future. 

“Once the initial restoration is in place, we will continue to restore additional services over the coming hours and days, placing a priority on pilot-facing products and tools. We are working diligently to be fully operational as soon as possible while keeping the security of our systems front and center, the union explained," the company added.

Taking to social media channels, the union relayed that the cybersecurity incident was initiated in the early hours of October 30. While a portion of essential services has been reinstated over the course of the week, the organization has committed to keeping stakeholders informed with regular updates on their ongoing efforts. 

Over the past half-year, the aviation sector has been confronting a relentless wave of cyberattacks. Just this week, a major airport in Mexico, known for its high traffic volume, fell victim to a cyber intrusion. Additionally, Boeing, a prominent aircraft manufacturer, acknowledged its active response to a cyberattack affecting its parts and distribution operations, underscoring the persistent threat faced by the industry. 
Read more »
USA
Caesars Enterntain Cyberattack threats Data Breach Data Theft USA

Caesars Takes Action After Cyberattack on Loyalty Program Data

 

Caesars Entertainment, a leading resort chain with ownership of more than 50 hotels and casinos worldwide, officially disclosed a cyberattack on their systems. The U.S. Securities and Exchange Commission received notification on Thursday, indicating that the company has experienced a substantial loss of sensitive customer data due to the breach. In a recent development, Caesars Entertainment detected unusual activity within their IT network. 

According to the filed Form 8-K, this incident stemmed from a social engineering attack targeting an external IT vendor employed by the prominent hotel chain. After conducting an extensive internal inquiry, it was revealed that on September 7th, the database housing sensitive information of members in the Caesars Entertainment loyalty program, including details such as social security numbers and driver's license numbers, had been compromised. 

The company stated in its notice that they are currently in the process of probing the full scope of any supplementary personal or otherwise sensitive data obtained by the unauthorized party. At present, there is no indication to suggest that any personal banking or payment details were also accessed. The cyberattack has not affected the operations of physical properties, online platforms, or mobile gaming. 

These aspects continue to function seamlessly without any disruption. Caesars Entertainment has refrained from specifying the exact count of affected loyalty members, only indicating a "significant amount." As per Caesars' Informational website, the company maintains constant vigilance over the web, yet has found no trace of the compromised data being disseminated, disclosed, or put to any illicit use. 

While Caesars Entertainment has taken measures to initiate the erasure of the pilfered data, they are unable to provide an absolute assurance that it has been completely expunged, as stated in the notice. Concurrently, the company remains vigilant in its web monitoring efforts to ascertain whether the compromised data has been divulged or subjected to illicit utilization. 

As an extra precautionary measure, all members of the loyalty program will be extended credit monitoring and identity theft protection services. Caesars Entertainment intends to personally inform those affected in the ensuing weeks.
Read more »
USA
Abortion Data Leak Data Privacy Laws Healthcare Data Privacy Sensitive Data Leak USA

Growing Surveillance Threat for Abortions and Gender-Affirming Care

Experts have expressed alarm about a worrying trend in the surveillance of people seeking abortions and gender-affirming medical care in a recent paper that has received a lot of attention. The research, released by eminent healthcare groups and publicized by numerous news sites, focuses light on the possible risks and privacy violations faced by vulnerable individuals when they make these critical healthcare decisions.

The report, titled "Surveillance of Abortion and Gender-Affirming Care: A Growing Threat," brings to the forefront the alarming implications of surveillance on patient confidentiality and personal autonomy. It emphasizes the importance of safeguarding patient privacy and confidentiality in all healthcare settings, particularly in the context of sensitive reproductive and gender-affirming services.

According to the report, surveillance can take various forms, including electronic monitoring, data tracking, and unauthorized access to medical records. This surveillance can occur at different levels, ranging from individual hackers to more sophisticated state-sponsored efforts. Patients seeking abortions and gender-affirming care are at heightened risk due to the politically sensitive nature of these medical procedures.

The report highlights that such surveillance not only compromises patient privacy but can also have serious real-world consequences. Unwanted disclosure of sensitive medical information can lead to stigmatization, discrimination, and even physical harm to the affected individuals. This growing threat has significant implications for the accessibility and inclusivity of reproductive and gender-affirming healthcare services.

The authors of the report stress that this surveillance threat is not limited to any specific region but is a global concern. Healthcare providers and policymakers must address this issue urgently to protect patient rights and uphold the principles of patient-centered care.

Dr. Emily Roberts, a leading researcher and co-author of the report, expressed her concern about the findings: "As healthcare professionals, we have a duty to ensure the privacy and safety of our patients. The increasing surveillance of those seeking abortions or gender-affirming care poses a grave threat to patient autonomy and trust in healthcare systems. It is crucial for us to implement robust security measures and advocate for policies that protect patient privacy."

The research makes a number of suggestions for legislators, advocacy groups, and healthcare professionals to address the growing issue of monitoring. To ensure the secure management of patient information, it urges higher funding for secure healthcare information systems, stricter data security regulations, and better training for healthcare staff.

In reaction to the findings, a number of healthcare organizations and patient advocacy groups have banded together to spread the word about the problem and call on lawmakers to take appropriate action. They stress the significance of creating a healthcare system that respects patient autonomy and privacy, irrespective of the medical treatments they require.

As this important research gets more attention, it acts as a catalyst for group effort to defend patient rights and preserve the privacy of those seeking abortions and gender-affirming care. Healthcare stakeholders may cooperate to establish a more egalitarian, secure, and compassionate healthcare environment for all patients by tackling the growing surveillance threat.

Read more »
USA
Cyber Security FBI Hive Ransomware security measures Technology Threats USA

How the FBI Hacked Hive and Saved Victims

Earlier this year, the FBI achieved a significant milestone by dismantling Hive, a notorious cybercrime group, employing an unconventional approach. Instead of apprehending individuals, the agency focused on outsmarting and disrupting the hackers remotely. This marks a notable shift in the FBI's strategy to combat cybercrime, recognizing the challenges posed by international borders where many cybercriminals operate beyond the jurisdiction of U.S. law enforcement. 

In the past, Hive gained infamy as a highly active criminal syndicate, renowned for its acts of disrupting American schools, businesses, and healthcare institutions by disabling their networks and subsequently demanding ransoms for restoration. However, FBI field agents based in Florida successfully dismantled the group using their cyber expertise. 

They initially gained unauthorized access to Hive's network in July 2022 and subsequently countered the syndicate's extortion activities by aiding the targeted organizations in independently regaining access to their systems. 

According to Adam Hickey, a former Deputy Assistant Attorney General in the Justice Department's national security division during the Hive operation, the FBI's method proved effective and saved victims worldwide approximately $130 million. After conducting thorough investigations, the FBI discovered that Hive had rented its primary attack servers from a Los Angeles data center. 

Acting swiftly, the FBI seized the servers within two weeks and subsequently announced the takedown. This rapid action was motivated by the agency's recognition of an opportunity to halt Hive's activities, which had previously been difficult to preempt. However, while the announcement marked a significant milestone, Special Agent Smith and Director Crenshaw emphasized that the case is far from over. 

Hickey, who is now a partner at Mayer Brown law firm, stated that relying solely on arrests to combat cyber threats would be an oversimplified approach. He emphasized the need for a broader perspective and alternative strategies to address the evolving cyber threat landscape. 

The FBI initially became aware of Hive in July 2021 when the group, which was still relatively unknown at the time, targeted and encrypted the computer network of an undisclosed organization in Florida. This occurred during a period when prominent ransomware groups were carrying out severe attacks on gas pipelines and meat processors in the United States. 

In the following 18 months, Hive conducted more than 1,500 attacks worldwide, resulting in the collection of approximately $100 million in cryptocurrency from the victims, as estimated by U.S. law enforcement. The group's rapid expansion can be attributed, in part, to its strategic utilization of ruthlessness as a catalyst for growth. 

They targeted organizations, including hospitals and healthcare providers, that other cybercriminals had refrained from attacking. Data gathered by researcher Allan Liska, reveals that despite the FBI's covert presence within Hive, the group continued to carry out attacks at a consistent rate. 

On a hidden website where Hive disclosed the identities and sensitive details of victims who refused to pay, they listed seven victims in August, eight in September, seven in October, nine in November, and 14 in December. These numbers remained similar to the group's attack patterns before the FBI's infiltration. 

Hive members are still at large, and the seized servers could potentially aid in exposing the network of affiliates who collaborated with Hive during the 18-month period. As a result, the takedown has the potential to lead to additional arrests in the future.
Read more »
USA
Clop Ransomware Gang malware MOVEit Transfer USA

Massive Data Breach: Clop Ransomware Gang Targets MOVEit Transfer, Millions of Driver's Licenses at Risk

 

A significant data breach that took place last month has raised concerns about the potential vulnerability of individuals from Louisiana and Oregon, particularly in relation to identity theft and various cyberattacks. Americans residing in these states may face an increased risk of becoming victims to these malicious activities as a result of the breach. 

Recently discovered zero-day vulnerability (CVE-2023-34362) in the widely-used file transfer software MOVEit Transfer has caught the attention of the notorious Clop ransomware gang. They have wasted no time in exploiting this vulnerability. 

Considering the extensive adoption of MOVEit Transfer by major corporations spanning diverse industries such as finance, education, energy, IT, healthcare, and government organizations, the global repercussions of this data breach are already being experienced. 

In light of recent cyberattacks targeting MOVEit Transfer, a file transfer software used by significant entities such as the Louisiana Office of Motor Vehicles (OMV) and the Oregon Driver & Motor Vehicles Services, concerning revelations have emerged. 

Authorities in Louisiana and Oregon have issued warnings, indicating that the Clop ransomware gang managed to acquire a substantial volume of driver's licenses and other state-issued documents through these attacks. 

The breach's scale is estimated to affect millions of individuals in both states. At present, there is no evidence to indicate that the hackers responsible for the breach have made any use of, sold, shared, or released stolen data. 

Surprisingly, the Clop ransomware gang has publicly stated that they have deleted the pilfered government data in a post-breach announcement. However, the certainty of whether or not the group will fulfill its promise to delete the stolen government data remains unknown. 

To safeguard your personal data in the aftermath of the MOVEit data breach, here are important precautions to consider, particularly if you reside in Louisiana or Oregon: 

• Proceed with the assumption of data compromise: Operate under the assumption that your data may have been stolen by the Clop ransomware gang. 

• Stay vigilant with financial monitoring: Regularly review your bank statements, credit card transactions, and credit reports for any signs of a suspicious activity or potential identity theft. 

• Remain cautious of phishing attacks: Be alert to targeted phishing attempts that may leverage the stolen data to deceive you or extract personal information. Exercise caution when interacting with emails, links, and attachments, especially if they seem suspicious. 

• Evaluate identity theft protection services: If you were a subscriber to reputable identity theft protection services before the MOVEit breach, they may offer assistance in recovering your identity and mitigating financial losses resulting from fraud. 

• Enhance security measures: Update passwords for your online accounts regularly, using strong and unique combinations. Whenever possible, enable two-factor authentication to provide an additional layer of security. 

• Exercise discretion with personal information: Be mindful of sharing personal information online and limit it to trusted and secure platforms or organizations. Use discretion when providing sensitive details. 

• Educate yourself about identity theft prevention: Familiarize yourself with best practices for preventing identity theft, such as avoiding the sharing of personal information over unsecured networks, being cautious with social media sharing, and protecting physical documents containing sensitive data. 

• Stay informed through reliable sources: Keep yourself updated on any announcements or updates from relevant authorities or organizations regarding the breach. Rely on trusted sources of information to stay informed about the situation and recommended actions to take. 

Remember, these recommendations provide general guidance, and seeking advice from professionals or relevant authorities based on your specific circumstances is advisable. 

Additionally, it is advisable to read the following articles to gain a better understanding of the Clop ransomware gang and the impact of the attack on MOVEit Transfer software.





Read more »
USA
Cyber Security Data Theft Hacker group Kimsuky international hacking NK SK USA

U.S. and South Korea Issue Warning on North Korean Hacker Group Linked to Satellite Launch

On Friday, the United States and South Korea released a joint cybersecurity advisory, addressing a North Korean hacker group allegedly responsible for stealing technology utilized in North Korea's recent unsuccessful satellite. South Korea's Foreign Ministry announced unilateral sanctions against the hacker organization, identified as Kimsuky. 

In their joint statement, the United States and South Korea revealed that the Kimsuky group specializes in gathering intelligence related to national security and foreign policy matters concerning the Korean Peninsula. They further alleged that the group shares this intelligence with North Korea while assisting the isolated nation in its purported development of "satellites," which the allies suspect are actually disguised missile tests. 

The statement emphasized that Kimsuky engages in the theft of space and weapons technologies, providing vital support to the regime's ongoing defiance of international sanctions imposed on its nuclear and missile initiatives. In addition to this, the group is also recognized as Velvet Chollima and Black Banshee. The U.S. Cybersecurity and Infrastructure Security Agency has predicted that Kimsuky has likely been operating since 2012. 

Its primary objective is conducting espionage by targeting various entities including South Korean think tanks, industries, nuclear power operators, and the Ministry of Unification. In recent times, Kimsuky has broadened its scope and extended its operations to include nations such as Russia, the United States, and several European countries. 

The group has been "directly or indirectly involved in the development of North Korea's so-called 'satellites' by stealing advanced technologies related to weapons development and satellites and space from all over the world," the statement reads. 

On Wednesday, North Korea launched the Malligyong-1 military reconnaissance satellite, as per their claims. However, during the separation of its first stage, the rocket experienced a loss of thrust and ultimately plunged into the Yellow Sea. 

However, both Seoul and Washington assert that the launch was actually aimed at enhancing the country's ballistic missile capabilities. This action by Pyongyang violates United Nations Security Council resolutions, which prohibit the use of such technology. Despite the unsuccessful outcome of Wednesday's attempt, North Korea is reportedly preparing for a second launch shortly.

Following the incident, Seoul and Washington jointly unveiled new sanctions targeting North Korean information technology workers and organizations suspected of financing the regime's nuclear and missile initiatives. South Korea specifically identified seven North Korean individuals and three entities involved in overseeing the earnings and money laundering activities of these workers. 

The sanctions aim to disrupt the financial networks supporting North Korea's illicit programs. According to the Kimsuky attacks records, in March 2015, South Korea accused Kimsuky of stealing data from Korea Hydro & Nuclear Power. In August 2019, it was revealed that Kimsuky had launched an unprecedented attack targeting retired South Korean diplomats, government officials, and military personnel. 

In September 2020, reports surfaced suggesting that Kimsuky had made an attempted hack on 11 officials associated with the United Nations Security Council, and in May 2021, a lawmaker from the People Power Party disclosed that Kimsuky had been discovered within the internal networks of the Korea Atomic Energy Research Institute.
Read more »
USA
Cyber Security Cyber Threats Index for cybersecurity Technology USA

Absolute's 2023 Resilience Index: America's Cybersecurity

Recently, the White House has come up with a new national cybersecurity strategy called ‘Absolute's 2023 Resilience Index’, it will hold software companies responsible for products’ security. The document unveiled by the government includes regulations for vulnerable critical infrastructure firms and software liability for exploitable vulnerabilities. 

Following this, the administration said that it is collaborating with Congress to create a new law that can combat cybersecurity matters effectively. This index has been proposed after hacking incidents that threatened major public services during the first year of the Biden administration. 

In addition to this, the federal government is also planning to use its regulatory and purchasing power to encourage software manufacturing companies that are crucial to the economy and national security to improve their cybersecurity measures. 

Jen Easterly, director of CISA, has urged technology companies to take responsibility for the cybersecurity of their products, which are crucial to society. Further, she questioned why the blame for security breaches falls on companies for not patching vulnerabilities, rather than on the manufacturers who created the technology requiring multiple patches. 

“We often blame a company today that has a security breach because they didn’t patch a known vulnerability. What about the manufacturer that produced the technology that required too many patches in the first place?” Easterly added. 

The administration is considering ways to make the tech sector accountable for the digital safety of critical US industries, with a forthcoming cybersecurity strategy expected to demand increased security investments from industries supporting sectors like energy, water, and healthcare. 

In recent years, the White House has already released important guidelines for improving cybersecurity, such as the Executive Order on Improving the Nation’s Cybersecurity, which was issued in May 2021 and mandated zero trust as a best practice for modern cybersecurity programs across sectors. Additionally, in a memo issued in January 2022, the U.S. Office of Management and Budget identified zero trust as a critical element of a modern cybersecurity strategy. 

However, the main obstacles to achieving cybersecurity success today are the same as they were 12 months ago. Bad actors are continuously evolving, developing new variants and methods. Consequently, a narrowly scoped or static approach to cybersecurity is unlikely to be effective in protecting critical infrastructure.
Read more »
World Critical Infrastructure
CISA Critical Infrastructure threats Cyber Security Data protection USA World Critical Infrastructure

Challenges in Securing Critical Infrastructure: Modern Solutions Required

Critical infrastructure refers to physical and digital assets that are crucial for national security, economy, public health, or safety. It can be government or privately owned and includes not only power plants or electricity but also monetary systems. 

Cyber attacks on critical infrastructure have become a preferred target due to their significant impact, with examples including attacks on Ukraine's power grid (2015), Kansas's nuclear plant (2018), the SWIFT network, and Colonial Pipeline. 

These attacks may be motivated by various factors such as testing capabilities, financial gains, data theft, remote access, or service disruption. Perpetrators could be nation-states, cybercriminals, or hacktivists. 

Securing critical infrastructure, which includes industrial control systems (ICS) like SCADA, is crucial due to the potential for wide-scale compromise in vital systems such as transportation, oil and gas, electricity, water, and wastewater. 

Interdependencies between infrastructure sectors mean that a single failure can have a negative impact on multiple sectors. The financial implications of cyberattacks on ICS are significant, with potential costs of downtime ranging from $5,000 to $10,000 per minute. 

Cybercriminals and nation-states can extract substantial ransoms and demonstrate their cyberwarfare capabilities. For example, the Colonial Pipeline and JBS USA Holdings Inc. attacks resulted in $15 million in paid ransom. Attackers are increasingly targeting critical infrastructure and investing in improving their capabilities to compromise these organizations. 

Several types of attacks are commonly used against critical infrastructure, including distributed denial-of-service (DDoS) attacks, ransomware attacks through spear phishing, vulnerability exploitation, and supply chain attacks. 

Etay Maor noted that some of these techniques are particularly challenging to prevent as they target humans rather than technologies. To protect critical infrastructure, it's important to use effective and streamlined cybersecurity measures, rather than relying solely on numerous security products which can create friction and inefficiencies. 

The Cybersecurity and Infrastructure Security Agency (CISA) plays a crucial role in the US by providing support and assistance to critical infrastructure sectors. They coordinate cyber incident information, secure important domains, assist in protecting critical infrastructure, and offer cybersecurity education and training through programs like the Cybersecurity Advisor Program. This includes evaluating risks, promoting best practices, raising awareness, and providing incident support and lessons learned.
Read more »
Subscribe to: Posts (Atom)