Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label USA. Show all posts
USA
Cyber Breach Cyberattackks CyberCrime Cyberhackers Cybersecurity CyberThreat Investigation Mizuno USA

Two-Month Cyber Breach at Mizuno USA Under Investigation

 


Unauthorized access to Mizuno USA's network has resulted in a compromise of sensitive customer information, which has caused Mizuno USA to notify its customers about the breach. In a letter to affected individuals, the sports gear manufacturer shared information regarding the breach with the Maine Office of the Attorney General, including details about it. 

There was suspicious activity detected on the company's systems on November 6, 2024, which prompted an immediate investigation. The investigation concluded that an unknown threat actor gained access to certain network systems, as well as exfiltrating files without authorization, for an extended period from August 21 to October 29, 2024. 

As one of the leading sporting goods manufacturers worldwide, Mizuno USA, one of the subsidiary companies of Mizuno Corporation, has confirmed an instance of unauthorized access to sensitive files by unauthorized persons between August and October 2024, resulting in the theft of those sensitive files. Mizuno USA is a North American company with headquarters in Peachtree Corners, Georgia, specializing in the manufacture and distribution of sports equipment, apparel, and footwear across a wide range of sports disciplines, such as golf, baseball, volleyball, and tennis. 

The company announced in its filing to the Maine Office of the Attorney General on Thursday that they had noticed suspicious activity on the company's network as early as November 6, 2024, and that they had subsequently conducted an investigation into the matter in the following days. It was found that unknown attackers had taken advantage of certain systems and accessed data containing personal information about an undisclosed number of individuals by hacking into them. 

In response to the breach, Mizuno USA has taken steps to increase its cybersecurity defences and has notified individuals who have been impacted by the breach. Mizuno USA continues to work with security experts to address the impact and prevent further incidents from taking place. As a result of the breach, Mizuno USA has taken steps to minimize the risk to its customers. The company is in the process of improving its cybersecurity measures and is working with security professionals to minimize future incidents. 

All customers affected by the breach have been notified, and they have been advised how to take protective measures to ensure the privacy and security of their personal information will be maintained. There was a recent cyber-attack on Mizuno USA that resulted in sensitive personal and financial information being compromised, however, the company isn't sure exactly how many people have been affected as a result of this attack. 

There is a lot of information that has been stolen, including names, Social Security numbers, details of financial accounts, and information about driver's licenses and passports. According to Mizuno USA, as a result of the breach, all individuals who were affected will be able to enjoy free monitoring of their credit records as well as free identity theft protection services for one year. As well as this, the company has also advised affected individuals to continue paying attention to their financial accounts so that they are protected from potential fraud. 

There has been no official announcement by Mizuno USA as to who has been responsible for the attack, but cyber security reports indicate that the BianLian ransomware gang claimed responsibility in November 2024 for the attack. As outlined by cybersecurity researcher HackManac on the X blog, the threat group is alleged to have exfiltrated a wide array of sensitive customer and business information, including financial records, Human Resources documents, confidential contracts, vendor and partner information, trade secrets, patents, and internal email communications. 

Currently, Mizuno USA is still assessing the full effect of the breach, and as a result, is taking steps to enhance its cybersecurity defences to prevent future breaches in the future. There have been further increases in the extortion tactics used by the BianLian ransomware gang as a result of the cyberattack that targeted Mizuno USA. Mizuno has recently been updated on the attackers' dark web leak site. There, they posted a screenshot of a spreadsheet allegedly detailing the company's expenses related to the ransomware attempt that occurred in 2022 and additional documents purportedly stolen from Mizuno's system in 2024. 

Known as BianLian, the company has been active since June 2022 and has mainly targeted international entities involved in critical infrastructure and private enterprises. In January 2023, the Avast ransomware team released the free decryptor to obtain back access to the ransomware, which prompted them to focus their attention on extortion attacks, relying on stolen information and pressure to get victims to pay for the ransomware. 

Even though reports have been circulating about widespread attacks undertaken by this cybercrime group, there has been no ceasefire in its expansion, with recent attacks occurring against major companies, such as Air Canada, Northern Minerals, and Boston Children's Health Physicians. To ensure that Mizuno USA does not repeat the mistakes, the company continues to assess the full impact of the breach as well as strengthen its
Read more »
USA
Cyber Security cyberattacks trending news foreign cyber espionage News USA

U.S. Officials Sound Alarm Over Salt Typhoon Hack as Cybersecurity Becomes Political Flashpoint

 

U.S. Officials Urge Encryption Adoption Amid "Salt Typhoon" Cyberattack In an unprecedented response to the "Salt Typhoon" cyber intrusion, top cybersecurity and law enforcement officials in the U.S. are urging citizens to adopt encrypted messaging platforms. The attack, attributed to Chinese government-linked hackers, has infiltrated critical U.S. telecom systems, enabling monitoring of metadata and communications in Washington, D.C. Scope of the Salt Typhoon Attack Described as "the worst hack in our nation’s history" by Sen. Mark Warner of Virginia, the Salt Typhoon cyberattack has compromised various U.S. systems. Key details include:
  • The breach targeted telecom infrastructure, including systems handling court-ordered wiretaps.
  • While access to classified data remains unconfirmed, the intrusion has caused widespread alarm.
  • Hackers accessed metadata such as call times and locations, though encrypted platforms like Signal and Apple’s iMessage reportedly remained secure.
Global Advisory from Five Eyes Alliance In response, the Five Eyes intelligence alliance—which includes the U.S., UK, Canada, Australia, and New Zealand—has issued a joint advisory. Recommendations include:
  • Strengthening system defenses to mitigate similar threats.
  • Encouraging widespread adoption of encrypted communication platforms.
Political Context Complicates Encryption Discussions Domestically, political developments are influencing the discourse on encryption:
  • Former President Donald Trump is set to return to office in January 2025.
  • Concerns have emerged over potential misuse of federal surveillance tools.
  • Trump's nomination of Kash Patel to head the FBI has amplified fears due to Patel’s controversial statements about targeting political adversaries.
These dynamics have heightened calls for encrypted communication as a safeguard against both foreign and domestic surveillance. 
 
Historically, the FBI has opposed widespread encryption, citing its impact on investigations. However:
  • The FBI now advocates for "responsibly managed encryption," signaling a shift in approach.
  • The Salt Typhoon breach has underscored the vulnerabilities of unencrypted systems.
  • Even intercepted encrypted data is rendered unusable, highlighting encryption’s critical role in security.
The Growing Need for Encryption Salt Typhoon’s success in breaching non-encrypted communication systems serves as a wake-up call:
  • Hackers struggled with encrypted platforms, showcasing their effectiveness in protecting data.
  • Experts warn of more frequent and sophisticated cyberattacks amid rising geopolitical tensions.
For individuals, adopting encryption for personal communications has become indispensable. 

The dual threats of foreign cyber espionage and potential domestic overreach have aligned cybersecurity officials and privacy advocates on the importance of encryption. As the U.S. navigates these challenges, securing digital communications is essential for both national security and personal privacy.
Read more »
USA
bankruptcy Cyber Attacks Kentucky Owl Ransomware Stoli USA

Vodka Maker Stoli Files for Bankruptcy in US Following Ransomware Assault

 


Stoli Group's U.S. Subsidiaries File for Bankruptcy Amid Ransomware Attack and Russian Asset Seizure The U.S. subsidiaries of Stoli Group have declared bankruptcy following an August ransomware attack and the confiscation of the company's last distilleries in Russia by authorities. Impact of the Cyberattack Chris Caldwell, President and Global Chief Executive Officer of Stoli USA and Kentucky Owl, stated that the August cyberattack severely disrupted the company's IT systems, including its enterprise resource planning (ERP) platform. Key details include:
  • The ransomware attack forced manual operations across the company.
  • Critical processes, such as accounting, were significantly affected.
  • Full recovery of IT systems is not expected until early 2025.
“In August 2024, the Stoli Group's IT infrastructure suffered severe disruption in the wake of a data breach and ransomware attack," Caldwell noted. "The attack caused substantial operational issues throughout all companies within the Stoli Group, including Stoli USA and Kentucky Owl.” 
 
The incident had far-reaching consequences:
  • Stoli's U.S. subsidiaries were unable to provide financial reports to lenders.
  • Lenders claimed the subsidiaries defaulted on a $78 million loan.
Seizure of Russian Assets In July 2024, just a month before the cyberattack, Russian authorities seized the group’s last two distilleries in the country, valued at $100 million. The seizures were linked to:
  • Yuri Shefler, the founder of Stoli Group, and the company being designated as "extremists."
  • Humanitarian relief efforts and marketing initiatives to support Ukrainian refugees amid the ongoing conflict in Ukraine.
Long-Running Legal Disputes Stoli Group has spent tens of millions of dollars battling a legal case with Russian state firm FKP Sojuzplodoimport over rights to the Stolichnaya and Moskovskaya vodka trademarks. This legal struggle has spanned 23 years and multiple jurisdictions, including the United States.
  • The dispute originated from a March 2000 executive order by President Vladimir Putin to "reinstate and protect the state's rights" in vodka trademarks.
  • The trademarks were acquired by private enterprises during the 1990s.
Political Repercussions Yuri Shefler faced political fallout for his criticism of the Putin regime:
  • In 2002, Shefler fled Russia due to politically motivated charges.
  • He later gained asylum in Switzerland and British citizenship after Russia's extradition demands were dismissed in the 2010s.
The Stoli Group's challenges highlight the intersection of cybersecurity vulnerabilities, geopolitical conflicts, and long-standing legal disputes. As the company navigates the aftermath of these events, its future remains uncertain amidst ongoing global and operational pressures.
Read more »
USDoD
Data Breach Data Leak DOD Hackers Information Security Sensitive data Social Security Number USA USDoD

Massive Data Breach Exposes Social Security Numbers of 2.9 Billion People

 


A significant data breach has reportedly compromised the personal information of 2.9 billion people, potentially affecting the majority of Americans. A hacking group known as USDoD claims to have stolen this data, which includes highly sensitive information such as Social Security numbers, full names, addresses, dates of birth, and phone numbers. This development has raised alarm due to the vast scope of the breach and the critical nature of the information involved. The breach was first reported by the Los Angeles Times, which revealed that the hacker group is offering the stolen data for sale. 

The breach allegedly stems from National Public Data, a company that collects and stores personal information to facilitate background checks. The company has not formally confirmed the breach but did acknowledge purging its entire database. According to National Public Data, they have deleted all non-public information, although they stopped short of admitting that the data had been compromised. In April, the hacking group USDoD claimed responsibility for the breach, stating that it had obtained the personal information of billions of people. This led to a class-action lawsuit against National Public Data, as victims sought redress for the potential misuse of their sensitive information. 

The lawsuit has intensified scrutiny on the company’s data security practices, particularly given the critical nature of the information it manages. The potential consequences of this breach are severe. The stolen data, which includes Social Security numbers, could be used for a variety of malicious activities, including identity theft, fraud, and other forms of cybercrime. The scale of the breach also highlights the ongoing challenges in safeguarding personal information, particularly when it is collected and stored by third-party companies. As investigations continue, the breach underscores the urgent need for stronger data protection measures. 

Companies that handle sensitive information must ensure that they have robust security protocols in place to prevent such incidents. The breach also raises questions about the transparency and responsibility of organizations when dealing with personal data. In the meantime, consumers and businesses are on high alert, awaiting further developments and the potential fallout from one of the largest data breaches in history. The incident serves as a stark reminder of the risks associated with data storage and the critical importance of cybersecurity.
Read more »
USA
Chinese Hackers CloudSorcerer Cyber Attacks Technology Threats USA

Chinese Hacking Groups Target Russian government, IT firms

At the end of July 2024, a series of targeted cyberattacks began, aimed at Russian government organizations and IT companies. These attacks have been linked to Chinese hacker groups APT31 and APT27. The cybersecurity firm Kaspersky uncovered this activity and named the campaign "EastWind."  

The attackers used an updated version of the CloudSorcerer backdoor, which was first seen in a similar campaign back in May 2024 that also targeted Russian government entities. 
However, CloudSorcerer has not only been used in attacks on Russia; in May 2024, Proofpoint identified a related attack on a U.S.-based think tank. 

To check if a system has been compromised, look for DLL files larger than 5MB in the 'C:\Users\Public' directory, unsigned 'msedgeupdate.dll' files, and a running process named 'msiexec.exe' for each logged-in user. 

The initial stage of the attack involved phishing emails. These emails carried RAR archive attachments that were named after the target. Once opened, the archive used a technique called DLL side loading to drop a backdoor on the system, while simultaneously opening a document to distract the victim. 

The backdoor allowed attackers to explore the victim’s filesystem, execute commands, steal data, and deploy additional malware. The attackers used this backdoor to introduce a trojan called 'GrewApacha,' which has been linked to APT31. 

The latest version of GrewApacha, compared to previous versions from 2023, has been improved to use two command servers instead of one. These servers' addresses are stored in base64-encoded strings on GitHub profiles, which the malware accesses. Another tool loaded by the backdoor is a refreshed version of CloudSorcerer. 

This version uses a unique encryption mechanism to ensure it only runs on the targeted system. If run on a different machine, the encryption key will differ, causing the malware to fail. The updated CloudSorcerer now fetches its command-and-control (C2) server addresses from public profiles on Quora and LiveJournal instead of GitHub. 

A third piece of malware introduced during the EastWind attacks is called PlugY. This is a previously unknown backdoor with versatile capabilities, including executing commands, capturing screens, logging keystrokes, and monitoring the clipboard. 

Researchers found that the code used in PlugY has similarities with attacks by the APT27 group and a specific library for C2 communications found in PlugY is also used in other Chinese threat actor tools.
Read more »
USA
AI Online Abuse Tech Discrimination Tech Threats Technology USA

California Advances AI Regulation to Tackle Discrimination and Privacy Concerns

 

California lawmakers are making significant strides in regulating artificial intelligence (AI) technologies, with a series of proposals aimed at addressing discrimination, misinformation, privacy concerns and prohibiting deepfakes in the contexts of elections and pornography, advancing in the legislature last week. 

These proposals must now gain approval from the other legislative chamber before being presented to Governor Gavin Newsom. Experts and lawmakers warn that the United States is falling behind Europe in the race to regulate AI. The rapid development of AI technologies poses significant risks, including potential job losses, the spread of misinformation, privacy violations, and biases in automated systems. 

Governor Newsom has championed California as a frontrunner in both the adoption and regulation of AI. He has outlined plans for the state to deploy generative AI tools to reduce highway congestion, enhance road safety, and provide tax guidance. Concurrently, his administration is exploring new regulations to prevent AI discrimination in hiring practices. Speaking at an AI summit in San Francisco on Wednesday, Newsom revealed that California is considering at least three additional AI tools, including one designed to address homelessness. 

Tatiana Rice, deputy director of the Future of Privacy Forum, a nonprofit organization that advises lawmakers on technology and privacy issues, said that California's strong privacy laws position it more favorably than other states with significant AI interests, such as New York, for enacting effective regulations. Rice further emphasized that California is well-equipped to lead in the development of impactful AI governance. 

Some companies, including hospitals, are using AI for hiring, housing, and medical decisions with little oversight. The U.S. Equal Employment Opportunity Commission reports that up to 83% of employers use AI in hiring, but the workings of these algorithms are mostly unknown. California is proposing an ambitious measure to regulate these AI models. 

This measure would require companies to disclose their use of AI in decision-making and inform those affected. AI developers would need to regularly check their models for bias. The state attorney general would have the power to investigate discriminatory AI models and issue fines of $10,000 per violation. 

Additionally, a bipartisan coalition aims to prosecute those using AI to create child sexual abuse images, as current laws do not cover AI-generated images that are not of real people. Additionally, Democratic lawmakers are supporting a bill to combat election deepfakes. This bill was prompted by AI-generated robocalls mimicking President Joe Biden before New Hampshire’s presidential primary. 

The proposal would ban deceptive election-related deepfakes in mailers, robocalls, and TV ads 120 days before and 60 days after Election Day. Another proposal would require social media platforms to label any election-related posts created by AI. 

California's proactive stance may pave the way for broader federal regulations to address these emerging challenges.
Read more »
USA
Advanced Technology AI Risks AI Safety AI Systems AI technology Innovation NIST Technology USA

NIST Introduces ARIA Program to Enhance AI Safety and Reliability

 

The National Institute of Standards and Technology (NIST) has announced a new program called Assessing Risks and Impacts of AI (ARIA), aimed at better understanding the capabilities and impacts of artificial intelligence. ARIA is designed to help organizations and individuals assess whether AI technologies are valid, reliable, safe, secure, private, and fair in real-world applications. 

This initiative follows several recent announcements from NIST, including developments related to the Executive Order on trustworthy AI and the U.S. AI Safety Institute's strategic vision and international safety network. The ARIA program, along with other efforts supporting Commerce’s responsibilities under President Biden’s Executive Order on AI, demonstrates NIST and the U.S. AI Safety Institute’s commitment to minimizing AI risks while maximizing its benefits. 

The ARIA program addresses real-world needs as the use of AI technology grows. This initiative will support the U.S. AI Safety Institute, expand NIST’s collaboration with the research community, and establish reliable methods for testing and evaluating AI in practical settings. The program will consider AI systems beyond theoretical models, assessing their functionality in realistic scenarios where people interact with the technology under regular use conditions. This approach provides a broader, more comprehensive view of the effects of these technologies. The program helps operationalize the framework's recommendations to use both quantitative and qualitative techniques for analyzing and monitoring AI risks and impacts. 

ARIA will further develop methodologies and metrics to measure how well AI systems function safely within societal contexts. By focusing on real-world applications, ARIA aims to ensure that AI technologies can be trusted to perform reliably and ethically outside of controlled environments. The findings from the ARIA program will support and inform NIST’s collective efforts, including those through the U.S. AI Safety Institute, to establish a foundation for safe, secure, and trustworthy AI systems. This initiative is expected to play a crucial role in ensuring AI technologies are thoroughly evaluated, considering not only their technical performance but also their broader societal impacts. 

The ARIA program represents a significant step forward in AI oversight, reflecting a proactive approach to addressing the challenges and opportunities presented by advanced AI systems. As AI continues to integrate into various aspects of daily life, the insights gained from ARIA will be instrumental in shaping policies and practices that safeguard public interests while promoting innovation.
Read more »
USA
cyber attack Email Attacks email spam Fake Emails FBI USA

FBI Investigates Thousands of Fake Emails Warning of Cyber Threat You Must Do 1 Thing

 

Over the weekend, an alarming incident unfolded as thousands of fake emails flooded in, purportedly from the US Department of Homeland Security. The messages, titled "Urgent: Threat actor in systems," raised concerns about a cyber threat allegedly posed by a group called the Dark Overlord. According to reports, recipients were warned of a sophisticated chain attack targeting them, adding to the sense of urgency and anxiety. 

What made matters worse was the apparent authenticity of these emails, originating from FBI infrastructure. The scale of the operation was staggering, with over 100,000 of these deceptive emails sent out, causing widespread disruption and confusion among recipients. 

Additionally, it was discovered that the North Korean military intelligence agency, along with a hacking group called APT43 or Kimsuky, carried out a sophisticated cyber attack. They tricked people into giving away important information by pretending to be journalists, researchers, or academics through fake emails. To protect against this, experts suggest updating email security settings, like DMARC, which can help prevent such attacks. 

Let’s Understand Everything About DMARC

DMARC, DKIM, and SPF are like a triple defense system for emails. They work together to stop bad guys from pretending to send emails from places they should not. It is like having three guards at the gate, making sure only the right people get through. Picture your email as a package you are sending out into the world. DKIM and SPF are like seals of approval on the package, showing it is genuine and not tampered with. 

Now, DMARC is your extra security measure. It is like a set of instructions you attach to your package, telling the delivery person what to do if something seems fishy. "If the seal is broken, handle with care!" If you do not have DKIM, SPF, and DMARC set up properly, it is like sending out your package without those stamps and instructions. It might get lost, or worse, someone might try to copy your package and send out fake ones. 

So, by having these protections in place, you ensure your emails are delivered safely and are not mistaken for spam. This warning is a way to stop APT43 from stealing more data and giving it to North Korea. It is important for everyone to act fast and secure their email systems. These steps are crucial because cyber threats like this are always changing and can be really damaging. So, it is essential to stay alert and protect yourself from these kinds of attacks. 

Despite the gravity of the situation, the FBI has remained tight-lipped about further details, leaving many questions unanswered. As investigations unfold, concerns persist about the potential ramifications of such a large-scale deception. The incident serves as a stark reminder of the ever-present threat of cyber attacks and the importance of remaining vigilant in the face of such challenges. Stay tuned for updates as the investigation progresses.
Read more »
Subscribe to: Posts (Atom)