Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label United States. Show all posts
Wiretaps
Chinese Hackers Cyber Espionage Campaign Data Breach United States Wiretaps

Chinese Hackers Breach US Telco Networks to Access US Court Wiretap Systems

 

A Wall Street Journal report claims that Chinese hackers gained access to systems used for court-authorized wiretaps by breaking into the networks of major US telecommunications companies. 

The breach, which targeted companies such as Verizon Communications, AT&T, and Lumen Technologies, may have allowed the attackers to go unnoticed for months while gathering critical details regarding government requests for communications data. 

The hackers, who are believed to be affiliated with a state-sponsored Chinese group, were able to breach the system that telecom firms use to handle wiretaps authorised by the government. This breach may have given the perpetrators access to sensitive US internet traffic, allowing them to monitor communications under surveillance orders. 

The attack was recently identified, and it is believed that the hackers may have had long-term access to these networks, gathering intelligence. US investigators have dubbed the group responsible for the breach "Salt Typhoon" The incident is part of a larger pattern of cyber espionage actions attributed to Chinese hackers. 

Earlier this year, US law enforcement shut down another significant Chinese hacking campaign known as "Flax Typhoon," a group suspected of widespread cyber-espionage. These operations are believed to be aimed at gathering intelligence for the Chinese government. 

China's denial

The Chinese foreign ministry responded to the charges by rejecting any involvement in the cyber operation. In a statement, they claimed they were unaware of the attack mentioned in the report and accused the US of fabricating a "false narrative" to blame China. 

The ministry also criticised the US for impeding global cybersecurity cooperation and communication, describing the charges as a roadblock to international efforts to confront cybersecurity concerns. Beijing has always refuted all allegations of state-sponsored hacking, including those made by the US government.

In this instance, China's foreign ministry mentioned details provided by their own cybersecurity agency, claiming that "Volt Typhoon," another supposed Beijing-linked gang, was actually the work of a global ransomware organisation.
Read more »
United States
Data Breach MC2 data National Public Data Sensitive data United States

Massive Data Breach Exposes Personal Info of Millions of Americans

 



One-third of all the Americans' information has been leaked by a background check company in the United States due to a disturbing data breach report. MC2 Data, which is one of the largest providers of background checks in the US, has left an enormous database unchecked online, putting millions of people's sensitive information at risk.

According to a Cybernews report from 23 September, this was first found out when MC2 Data left 2.2 TB of personal data open for anyone on the internet. This translates to over 106 million records about individual entities, which it claims may have affected the privacy of more than 100 million individuals. More than 2.3 million users' record details are also compromised; they had also asked for background checks, and their details were now open to the public.


Potential Effects of the Leaks

Comments by Aras Nazarovas, Cybernews security researcher: "These leaks are quite concerning, thinking of all the possible aftermaths which will not only result in extra problems always connected with identity theft, but may also involve numerous communities and organisations in battles-the cybercrime attackers commonly draw on background checks for such detailed personal information to prepare for attacks on individuals or groups.".

Background check services, intended to enhance security, have themselves not gone scot-free from cyber attacks and threats. The magnitude of the leakage can form a treasure trove of malicious users who can now access sensitive information more easily while still incurring less risk in perpetuating cyber attacks. Such leakage may underlie long-term trends in which personal data will be insecure in a society that increasingly digitalizes.


A Persisting Industry Problem

To the dismay of privacy advocates, this is not the first major breach involving a background check company. In August 2024, National Public Data, another giant in the background check sector, disclosed that it had suffered a breach exposing 2.7 billion public records. The compromised data included sensitive details such as names, social security numbers, email addresses, phone numbers, and birth dates.

It was reported that the leak at National Public Data started in December 2023, but the leaked data was published in April 2024. Cybersecurity specialists warn that such sensitive information being free for all to access increases the risk of more cyber attacks on people whose sensitive data have been leaked.

 

Consumer Watchdogs Raise the Alarm

In light of such repeated breaches, the consumer watchdog director for the U.S. Public Interest Research Group, Teresa Murray, said that this is indeed an extremely serious issue. Talking to ASIS International, Murray pointed out that due to its scale, what happened in the National Public Data breach makes it even more frightening compared to similar breaches. She said that people should view this as a "five-alarm wake-up call" to start taking their data security seriously.

Both those breaches are harsh reminders about the vulnerabilities that exist in the background check industry and the necessity of further security measures. Individuals are encouraged to monitor their personal information on a regular basis and take proactive steps about protecting them from identity theft and other forms of cybercrime.


What Needs to Be Done

Amid this swelling tide of data breaches, companies involved in handling sensitive information - such as firms conducting background checks - must be more attentive to their cybersecurity. Better data protection practices and more robust encryption and authentication systems can minimise this risk very well. In addition, individuals need to be vigilant as well. They must monitor each suspicious activity related to their personal information at regular intervals.

These breaches underscore the need for better regulations and also more oversight of operations that house large amounts of personal data. Unless further security is achieved, millions of Americans will remain vulnerable to danger from poor data protection.

Most recently, information fraud related to MC2 Data and National Public Data placed the identities of millions of Americans at risk of identity theft and other cybercrimes. Therefore, such cases occur frequently, and it is time for the business world and consumers to take data security seriously to prevent sensitive information from falling into the wrong hands.


Read more »
Water System
CISA Cyber Security Kansas United States Water System

Kansas Water Plant Switches to Manual Operations Following Cyberassault

 

The top cybersecurity agency in the United States has released a new advisory, stating that nation-states and cybercriminals remain a threat to government-run water systems. 

The Cybersecurity and Infrastructure Security Agency (CISA) issued the notification two days after Arkansas City, Kansas, reported a cybersecurity vulnerability that required it to switch to manual operations. 

On Thursday, CISA stated that it will "respond to active exploitation of internet-accessible operational technology (OT) and industrial control systems (ICS) devices, including those in the Water and Wastewater Systems (WWS) Sector.” “Exposed and vulnerable OT/ICS systems may allow cyber threat actors to use default credentials, conduct brute force attacks, or use other unsophisticated methods to access these devices and cause harm.” 

The cyber agency recommended operators to use previously released advice to secure systems. The attack on Arkansas City, which is home to approximately 11,000 people, began on Sunday morning. City Manager Randy Frazer declined to comment on whether the FBI and CISA were involved in the reaction to the attack, but stated that the water system remains completely safe and there has been no disruption in service.

Due to their significance, the more than 150,000 public water systems in the United States have been a focal point of dispute about the role of federal and state governments in cybersecurity protection. 

Despite a significant increase in the frequency of ransomware assaults and nation-state intrusions, water industry associations teamed up with Republican senators last year to halt federal measures to protect drinking water infrastructure.

Even after a series of attacks on U.S. water facilities last autumn by hackers apparently linked to the Iranian government, groups such as the American Water Works Association have claimed that they should be entitled to create their own cybersecurity regulations for the industry. 

Several cybersecurity specialists have reported an increase in assaults on industrial water systems, and they agree with CISA that one of the primary challenges is that numerous water systems continue to link industrial tools to the internet in order to remotely manage them. 

Waterfall Security Solutions CEO Lior Frenkel told Recorded Future News that in his extensive work with water system operators, many either don't know what tools are connected to the internet or believe the risks outweigh the advantages. 

“Systems that are connected to the internet can be shut down or manipulated or can impair the process that they are controlling,” Frenkel stated. “All of that should never be accessible from the internet unless there's such a need that you can say that need is stronger than the risk. But the default today is they are connected. We try to put them off the grid. The default should be everything is off the grid, and you connect only what's the bare necessity.”
Read more »
User Security
antivirus software Cyber Security Russian Firm United States User Security

Here’s Why UltraAV Replaced Kaspersky Antivirus Software

 

Late last week, cybersecurity firm Kaspersky began deleting its anti-malware software from PCs in the United States. As a replacement, the company downloaded antivirus software from UltraAV. 

If you use Kaspersky antivirus software, you may be aware that the Russian firm was added to the US government's Entity List early this year, resulting in a restriction on sales and upgrades in the US. As a result, the company informed BleepingComputer in July that it was closing its U.S. operations and laying off its American staff.

Although these developments are not a secret, it cannot be said that everyone was aware of them. Thus, many were taken aback by Kaspersky's abrupt and poorly justified decision to delete its software automatically. 

Customers were notified via email at the beginning of September that the company had partnered with UltraAV to offer security for them even after Kaspersky left the US. However, it was not made apparent in the emails that their computers would be automatically updated to include this ongoing security. The shift was even more of a surprise to those who, for whatever reason, missed the email.

Users on Reddit and other forums have expressed uncertainty about the situation, as well as distrust in the new UltraAV software. One poster was concerned that their desktop had been compromised when they woke to find their Kaspersky antivirus software gone and UltraAV in its place. 

This distrust is unsurprising given that nothing is known about the corporation other than its affiliation with other VPN companies such as UltraVPN, Hotspot Shield, and Betternet. According to online user reviews, many individuals are removing UltraAV because of this — and because it appeared on the devices in such a disruptive way. 

Following its withdrawal from the market, Kaspersky released an official statement in which it stated that it had taken this measure to ensure that its clients “would not experience a gap in protection.” The statement continued by stating that UltraAV's comparable features and product offerings to Kaspersky's led the organisation to select it. Users of Kaspersky's VPN service, for example, also had UltraVPN installed on their devices.

For many users, the explanation comes too late and is unlikely to stop them from replacing UltraAV with a more well-known antivirus software product.
Read more »
Wireless Provider
AT&T Cyber Outage Cyber Security United States Wireless Provider

AT&T Claims It Has Fixed Software Bug That Caused An Outage For Some Wireless Users

 

Some AT&T customers experienced a disruption in their wireless service earlier this week, which made it difficult for them to call 911 in an emergency. 

It was rectified in a few hours, with the company blaming a software fault, but it's only one of many issues the wireless provider has experienced in recent months, including outages and data breaches that have disrupted operations and left users in the dark.

Earlier this year in February, its network went down for 11 hours, preventing several of its clients in the United States from making calls, texting, or using the internet. AT&T stated that an initial investigation of the outage revealed that it might have been caused by an internal error rather than a cyberattack. 

A few weeks later, in March, a data dump containing private information for 73 million current and past customers was exposed onto the "dark web," raising security concerns. According to the company, the data was from 2019 or earlier and did not appear to include financial information or call history specifics. 

"It is unclear whether the data originated from AT&T or one of its vendors," the company stated at the time. Then, in June, another AT&T outage prevented some consumers from making phone calls between carriers. The issue was resolved within a few hours, but the firm did not disclose what triggered it.

Notably, this week's outage occurred just hours after the Federal Communications Commission announced a $950,000 settlement with AT&T to resolve an investigation into whether the company violated FCC rules by failing to deliver 911 calls and promptly notifying 911 call centres during a previous outage in August 2023. 

AT&T’s overflow 

Why does this keep occurring to AT&T? CNN spoke with a telecommunications expert who believes there are three main factors at play: software updates gone awry, numerous technological challenges, and congested networks in big cities. 

An outage map from Tuesday shows interruptions in New York, Charlotte, North Carolina, Houston, and Chicago. Alex Besen, founder and CEO of Besen Group, which analyses mobile phone carriers, believes it was a network overload issue. 

“To avoid any future outages, AT&T needs to increase the number of cell towers, implement advanced load-balancing techniques, use network optimization tools to manage traffic more effectively and prioritize services that can reduce congestion,” Besen stated.
Read more »
United States
Data Breach Data Firm Data Leak Lawsuit United States

Lawsuits Pile Up Against Florida-Based Data Firm After Security Breach

 

Given all of the major news events that have dominated headlines this summer, you'd be forgiven for missing yet another: reports that a massive data breach may have disclosed billions of details, including names, social security numbers, and addresses. 

National Public Data (NPD), a background-check data aggregator based in Coral Springs, Florida, recently admitted on its website that "a data security incident"—which was "believed to have involved a third-party bad actor" in December 2023—led to data leaks in April of this year. Bloomberg Law reports that 2.9 billion documents were leaked and then sold on the dark web for $3.5 million. 

Moreover, in recent days, it has become clear that the leak may be worse than previously thought. Brian Krebs, a cybersecurity investigative researcher, revealed on his KrebsOnSecurity website this week that National Public Data exposed its own credentials as part of the breach.

“KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today,” Krebs noted. 

While the breach seems to be getting worse, National Public Data says it is working with law authorities and recommends that users freeze their credit.

The breach was made public earlier this month, following the filing of a class-action lawsuit against National Public Data's parent business, Jerico Pictures, in federal court in Fort Lauderdale. There have also been numerous further lawsuits filed. Since early August, at least 14 complaints have been filed in federal court against National Public Data, according to a Justia database search. 

To get an understanding of what these lawsuits are alleging, in one such filing, filed on August 19, lawyers argue that National Public Data "breached its duties by, among other things, failing to implement and maintain reasonable security procedures and practices to protect individuals' PII [personally identifiable information] from unauthorised access and disclosure," and that "Defendant has not provided any notice to affected individuals, including Plaintiff, who only learnt that her SSN and other PII was posted on the dark web as a result of the Data Breach from LifeLock.” 

People who are concerned that their data has been compromised by fraudsters should freeze their credit and monitor their accounts as a first step. You can also use tools like npdbreach.com to see if your data is included in the repository of leaked information. There are other similar tools available, but they need you to enter your name or other information. 

This year is shaping up to be a significant one for cybercrime: The number of data breaches increased by 490% in the first half of 2024 when compared to the same period in 2023.
Read more »
United States
Cyber Fraud Financial Fraud North Dakota Real Estate Scam United States

Hackers are Employing Real Estate Fraud to Target North Dakota Citizens

 

The majority of Americans are taking preventative measures to safeguard themselves from those who aim to steal their money or private data as concerns over scams rise. Unfortunately, there are plenty of ways for crooks to trick individuals that they might not expect; but, few in North Dakota are as dangerous and unexpected as real estate scams. 

During the research on scam in the United States, SOAX analysts gathered data from the Internet Crime Complaint Centre on the number of persons affected by real estate scam in the previous year, as well as the amount they lost. After analysing the average loss per person in each state and comparing them, it became apparent that North Dakotans had suffered the most from these frauds, at least in terms of scale. 

According to the report, while North Dakota had the fewest people fall victim to real estate fraud in the previous year, each scam resulted in a large financial loss, making it just second to Alabama as the most dangerous in the country. In contrast to these extremely high figures, states such as West Virginia, Wyoming, and Nebraska, which each have more victims than North Dakota, indicate that scams are often narrower in scope, resulting in lower individual numbers per victim. 

"Around $12.5 billion was lost in 2023 due to cybercrimes in America," revealed SOAX CEO and Co-Founder Stepan Solovev, "with 521,652 complaints registered—more than 79 times more than in neighbouring Canada." Individuals are advised to be careful and protect their personal information to avoid fraudsters from gaining significant leverage. Make sure you use strong, unique passwords for each site, and remember to change them on a regular basis to avoid repetition. Using a VPN when connecting to public Wi-Fi in airports, cafes, or anyplace else is also recommended to secure your device and personal data from cyber attacks. 

Email addresses and phone numbers are among the most common indicators of potential cybercrime. If you receive an unusual request from a colleague or a familiar firm, look at the real email address from which it was received and report it as spam if it is unknown. whether you receive a call from a phone number, simply perform a Google search to see whether it has been reported previously. Finally, trust your instincts, and if the interaction feels off or unusual, simply stop and refuse to disclose any private information.”
Read more »
User Privacy
Crypto Exchange Data Breach Third-party breach United States User Privacy

Crypto Exchange Gemini Confirms Third-Party Data Breach

 

Cryptocurrency exchange Gemini has issued a warning about a data breach incident that resulted from a cyberattack at its Automated Clearing House (ACH) service provider. The identity of the attacker was kept confidential. On June 26, 2024, the American cryptocurrency exchange started notifying the affected parties. 

However, a sample of the letters was sent to the California Attorney General's Office yesterday. The warning states that between June 3 and June 7, 2024, an unauthorised actor gained access to Gemini's vendor's systems, resulting in a third-party data breach. 

The incident impacted some of Gemini's customers' banking details, including their full name, bank account number, and routing number, which Gemini utilized for ACH fund transfers. 

According to the cryptocurrency exchange, the systems of the service provider did not host or compromise any additional information, including date of birth, physical address, social security number, email address, phone number, username, or password. 

The data breach incident has been contained, and an outside team of experts is assisting with the inquiry. But as of right now, no other details are available. Recipients of the notices are urged to watch out for any suspicious activity using any of the data disclosed and to be on the lookout for incoming messages. 

In order to safeguard against future hacks, users are also advised to activate multi-factor authentication on the bank accounts they gave Gemini and get in touch with their bank to request the implementation of additional safety precautions or a new account number.

If suspected or unauthorised activity is identified on the impacted bank account, notify the banks immediately. Gemini also suggests that letter recipients consider placing scam alerts or security freezes on their credit reports, but it has not provided any identity theft protection services to the affected individuals. Gemini issued a statement following publication, stating that the incident impacted 15,000 individuals. 

"The incident at a third party involved information of approximately 15K Gemini customers," Gemini stated. "Although we notified the customers involved out of an abundance of caution, our analysis found no evidence of customer impact.”
Read more »
United States
Cyber Attacks Nation-State Attack North Korea Hackers Nuclear United States

Mandiant: North Korean Hackers Are Targeting Naval Tech

 

Google Cloud's Mandiant cyber researchers have upgraded Andariel, also known as Onyx Sleet, Plutonium, and Silent Chollima, to an official advanced persistent threat (APT) group, alerting that it is targeting extremely sensitive atomic secrets and technology as North Korea continues its nuclear weapons acquisition efforts.

APT45, which has been active since 2009 and may have some connection to the Lazarus hacking operation, is characterised as having a moderate level of sophistication in terms of both scope and technology. Like many North Korean groups, its main objective is to steal money to fund the failing, isolated regime. It is most likely under the control of North Korea's Reconnaissance General Bureau (RGB) 3rd Bureau and started out as a financially motivated operator. 

What sets it apart from other groups, though, is its suspected development and use of ransomware. Mandiant provided evidence of APT45 clusters using the Maui and Shatteredglass ransomware strains, while it hasn't been able to corroborate this claim with certainty. What is known with some certainty is that APT45's interest has recently shifted to other fields, such as crop science, healthcare, and pharmaceuticals, with much of its time being devoted to military affairs, according to Mandiant. 

“Many advances in North Korea’s military capabilities in recent years can directly be attributed to APT45’s successful espionage efforts against governments and defence organisations around the world,” stated Mandiant principal analyst Michael Barnhart. “When Kim Jong Un demands better missiles, these are the guys who steal the blueprints for him.” 

APT45's actions involve a combination of publicly available hacking tools and modified and secret malware variants. Its tool library appears to be distinct from those of other North Korean APTs, although its malware shares some traits, such as code reuse, unique custom encoding, and passwords. 

FBI operation 

Over the last few weeks, Mandiant has been "actively engaged" in an organised effort, operating alongside the FBI and other US agencies, to monitor APT45's efforts to gather defence and research intelligence from the US and other nations, including the UK, France, Germany, and South Korea, as well as Brazil, India, and Nigeria.

APT45 is believed to have targeted heavy and light tanks, self-propelled howitzers, light strike and ammo supply vehicles, littoral combat ships and combatant craft, submarines, torpedoes, and unmanned and autonomous underwater vehicles; modelling and simulation technology; fighter aircraft and drones; missiles and missile defence systems; satellites, satellite communications, and related technology; surveillance and phased-array radar systems; and manufacturing, including shipbuilding, robotics, 3D printing, casting, fabrication, moulding of metal, plastics and rubber, and machining processes. More worrisomely, the group has also been tracking facilities and research, nuclear power plants, waste and storage, and uranium enrichment and processing. 

“APT45 isn’t bound by ethical considerations and have demonstrated they’re willing and agile enough to target any entity to achieve their objectives, including hospitals,” added Barnhart. “A coordinated global effort involving both public and private sectors is necessary to counter this persistent and evolving threat.”
Read more »
User Privacy
Data Breach Data Safety Illegal spying Law Enforcement United States User Privacy

Law Enforcement is Spying on Thousands of U.S. Citizens' Mail

 

The Washington Post reported on Monday that federal law enforcement authorities have long received information about certain Americans' mail via a little-known U.S. Postal Service operation known as the "mail covers program.” While officials argue that the program is solely used to investigate criminal activities, it appears to be widely used, with some Americans claiming to have been targeted by the program despite having done nothing unlawful. 

The mail covers program prevents outside agencies from opening a person's mail, but it does allow them to look at the information printed on the outside of letters and packages. According to a previously leaked program document, a "mail cover" is an "investigative tool employed to record data appearing on the outside of a mailpiece." For obvious reasons, this could still provide quite a lot of information regarding an individual under surveillance. 

The FBI, IRS, Department of Homeland Security, and the Postal Service's own investigative department, the United States Postal Inspection Service, have all requested information. However, the Washington Post claims that "state and local police forces" have also used the program. The good news for investigators—and the bad news for the rest of us—is that accessing the contents of the mail label is not subject to a judge's approval or a court order.

How often is the program used? The answer is quite a lot. A recent audit of the program revealed that the Post Office authorised more than 158,000 information requests over a four-year period. Meanwhile, recent information provided to legislators who were intrigued about the programme revealed that police agencies made "an average of about 6,700 requests per year," the Post writes. Those same legislators, including Ron Wyden (D-Ore.) and Elizabeth Warren (D-Mass.), have taken it upon themselves to ask for further transparency and better controls on the program. 

The program pales in comparison to another well-known mail-tracking program, Mail Isolation Control and Tracking, which is believed to photograph the exteriors of every item of mail that passes through the United States Postal Service. This program is allegedly designed for routing and organisation, but it can also be utilised for law enforcement purposes.
Read more »
United States
American Medical Association Cyber Attacks Health Care Firm Threat Landscape United States

Cyberattack is Wreaking Havoc on US HealthCare Providers.

 

Following a cyberattack on the largest health insurer in the United States last month, health care providers are still scrambling as insurance payments and prescription orders continue to be disrupted, costing physicians an estimated $100 million each day. 

According to the American Medical Association, that estimate was generated by First Health Advisory, a cybersecurity company that focuses on the healthcare sector.

"This massive breach and its wide-ranging repercussions have hit physician practices across the country, risking patients' access to their doctors and straining the viability of medical practices themselves," AMA President Dr. Jesse Ehrenfeld stated in a news release. 

"Against the backdrop of persistent Medicare cuts, rising practice costs and spiraling regulatory burdens, this unparalleled cyberattack and disruption threatens the viability of many practices, particularly small practices and those in rural and underserved areas," he added. "This is an immense crisis demanding immediate attention.” 

How did the crisis start? 

First discovered on February 21, the security breach occurred at Change Healthcare, a division of Optum Inc., which is owned by UnitedHealth Group. 

UnitedHealth Group informed government officials that it had been compelled to cut off portions of Change Healthcare's extensive digital network from its clients in a report that was submitted to the U.S. Securities and Exchange Commission on that same day. Not every one of those services has been able to be restored yet.

Change Healthcare stated that it is aiming to restore the provider payment systems by the middle of March in its most recent report regarding the attack. 

"UnitedHealth Group continues to make substantial progress in mitigating the impact to consumers and care providers of the unprecedented cyberattack on the U.S. health system and the Change Healthcare claims and payment infrastructure," the company noted in a statement.

The federal government intervened to provide assistance two weeks following the attack. The U.S. Department of Health and Human Services unveiled a number of support initiatives for impacted healthcare providers on March 5. 

"The government is trying to create some support for health care systems -- not directly supporting patients, but the systems," Dr. Céline Gounder, an editor-at-large for public health at KFF Health News and a CBS News medical contributor, stated. "This is because without revenue coming in through the billing process, you don't have money to make payroll to be able to pay your doctors and your nurses and your janitors and all the staff that you need to run a health care system.”

Unfortunately, this incident will probably not be the last. According to federal officials, big healthcare data breaches have nearly doubled between 2018 and 2022. 
Read more »
United States
China Confidential Data Cyber Crime cyber espionage Data Leak United States

Former Google Employee Charged with Stealing AI Secrets

 

A former Google software engineer has been charged with stealing the company's artificial intelligence trade secrets while surreptitiously working for two Chinese companies, the Justice Department announced Wednesday. 

Linwei Ding, a Chinese national, was arrested in Newark, California, for four charges of federal trade secret theft, each punishable by up to ten years in prison. 

Attorney General Merrick Garland announced the case against Ding, 38, at an American Bar Association conference in San Francisco. Garland, along with other law enforcement leaders, has repeatedly warned about the threat of Chinese economic surveillance as well as the national security concerns posed by developments in artificial intelligence and other novel technologies.

“Today’s charges are the latest illustration of the lengths affiliates of companies based in the People’s Republic of China are willing to go to steal American innovation,” FBI Director Christopher Wray noted in a statement. “The theft of innovative technology and trade secrets from American companies can cost jobs and have devastating economic and national security consequences.” 

Google said it came to the conclusion that the employee had stolen "numerous documents" and had referred the case to law enforcement. 

“We have strict safeguards to prevent the theft of our confidential commercial information and trade secrets,” Google spokesman Jose Castaneda explained. “After an investigation, we found that this employee stole numerous documents, and we quickly referred the case to law enforcement. We are grateful to the FBI for helping protect our information and will continue cooperating with them closely.”

Artificial intelligence is the primary battleground for high-tech competitors, and who dominates can have far-reaching commercial and security repercussions. In recent weeks, Justice Department leaders have warned that foreign foes may use AI technologies to target the United States. 

Deputy Attorney General Lisa Monaco stated in a speech last month that the administration's multi-agency Disruptive Technology Strike Force would prioritise AI enforcement, and Wray told a conference last week that AI and other novel technologies had made it easier for attackers to try to interfere with the American political process. 

The indictment, unsealed Wednesday in the Northern District of California, alleges that Ding, who was hired by Google in 2019 and had access to sensitive information regarding the firm's supercomputing data centres, began uploading hundreds of files to a personal Google Cloud account two years ago. 

According to prosecutors, Ding was offered the post of chief technology officer at an early-stage technology business in China that advertised its use of AI technology and gave him a monthly salary of around $14,800, plus an annual bonus and company stock, just weeks after the theft started. The indictment says Ding travelled to China to attend investor meetings and seek funding for the company. 

In January, the FBI filed a search warrant at Ding's house and seized his electronic equipment, followed by an additional warrant for the contents of his personal accounts, which contained more than 500 distinct files of classified data that investigators claim he stole from Google.
Read more »
United States
Cyber Attacks Data Privacy Healthcare Breach Ransomware Gang United States

BlackCat Ransomware Linked to UnitedHealth Subsidiary Optum Hack

 

A cyberattack against Optum, a UnitedHealth Group company, was linked to the BlackCat ransomware gang and resulted in an ongoing outage that impacted the Change Healthcare payment exchange platform. 

Customers were notified by Change Healthcare earlier this week that due to a cybersecurity incident, some of its services are unavailable. The cyberattack was orchestrated by alleged "nation-state" hackers who gained access to Change Healthcare's IT systems, according to a statement made by UnitedHealth Group in an SEC 8-K filing a day later. 

Since then, Optum has been posting daily incident updates on a dedicated status page, alerting users to the fact that most services are temporarily unavailable due to Change Healthcare's systems being offline to contain the breach and prevent future damage. 

"We have a high level of confidence that Optum, UnitedHealthcare and UnitedHealth Group systems have not been affected by this issue," Optum stated. "We are working on multiple approaches to restore the impacted environment and will not take any shortcuts or take any additional risk as we bring our systems back online.” 

Links to BlackCat 

Change Healthcare has been holding Zoom calls with partners in the healthcare sector to share information regarding the cyberattack since it affected its systems

One of the individuals involved in these calls informed a local media source that forensic experts participating in the incident response had linked the attack to the BlackCat (ALPHV) ransomware gang (Reuters first reported the Blackcat link on Monday).

Last week, another source informed BleepingComputer that one indicator of attack is a critical ScreenConnect auth bypass vulnerability (CVE-2024-1709), which is being actively used in ransomware attacks against unpatched servers. 

Tyler Mason, vice president of UnitedHealth Group, stated that 90% of the impacted pharmacies had put new electronic claim procedures in place to deal with Change Healthcare issues, but he did not confirm if BlackCat was the root of the attack. 

"We estimate more than 90% of the nation’s 70,000+ pharmacies have modified electronic claim processing to mitigate impacts from the Change Healthcare cyber security issue; the remainder have offline processing workarounds," Mason stated. "Both Optum Rx and UnitedHealthcare are seeing minimal reports, including less than 100 out of more than 65 million PBM members not being able to get their prescriptions. Those patients have been immediately escalated and we have no reports of continuity of care issues.” 

8,000 hospitals and other care facilities, as well as more than 1.6 million doctors and other healthcare professionals, are under contract with United Health Group (UHG), a health insurance provider with operations in all 50 states of the United States. With 440,000 employees globally, UHG is the largest healthcare corporation in the world by sales ($324.2 billion in 2022).
Read more »
United States
bankruptcy Crypto Firm digital currency Technology United States

Crypto Firm Terraform Labs Files for Chapter 11 Bankruptcy in US

 

Following the 2022 collapse of its cryptocurrencies, Singapore-based Terraform Labs (TFL), the firm behind digital assets TerraUSD (UST) and Luna, filed for Chapter 11 bankruptcy in Delaware. 

The Chapter 11 bankruptcy protection petition was confirmed by Terraform Labs, which noted it as a strategic move that will allow it to sustain its operations and support litigation ongoing in Singapore and U.S. litigation involving the Securities and Exchange Commission. The group stated it wouldn't need more funding in order to "meet all financial obligations to employees and vendors during the Chapter 11 case.”

In a court filing earlier this week, Terraform Labs' estimated assets and liabilities are between $100 million and $500 million, with between 100 and 199 creditors. 

Terraform Labs stated that it intends to keep growing its web3 business. The startup launched Station v3, a cryptocurrency wallet, earlier this month and just acquired Pulsar Finance, a cross-chain portfolio manager and data vendor. 

“The Terra community and ecosystem have shown unprecedented resilience in the face of adversity, and this action is necessary to allow us to continue working toward our collective goals while resolving the legal challenges that remain outstanding,” stated Chris Amani, CEO of Terraform Labs.

Founded in 2018, Terraform Labs collapsed the cryptocurrency market in May 2022, wiping out at least $40 billion in market value. The announcement of bankruptcy was made four days after the U.S. SEC decided to move the civil trial against Do Kwon, a co-founder of Terraform Labs, and the company for an alleged $40 billion cryptocurrency scam from January 29 to March 25. 

Kwon is being held in detention in Montenegro for leaving the nation in March using forged travel documents. The co-founder of Terraform Labs could be extradited to the United States or South Korea in March following the extradition decision, which is entirely up to the justice minister of Montenegro. 

Last year in February, the U.S. SEC charged Kwon and Terraform Labs with scamming the U.S. investors who purchased the digital assets Terra USD and Luna. As per the court petition, Kwon holds a 92% ownership in Terraform Labs, while Daniel Shin, another co-founder of the company, holds an 8% investment in TFL.
Read more »
User Privacy
Apple Devices Apple Watch Cyber Security iOS Smart Watch Tech Industry United States User Privacy

Apple Watch Series 9: Pulse Oximetry Ban Saga

The IT community is in uproar as the Apple Watch Series 9 Ultra 2 has been taken off of shops and online marketplaces in an unexpected development. The debate peaked when an American judge temporarily banned Apple Watch sales due to worries over the device's pulse oximetry capability. Let's examine the major incidents that transpired and comprehend the ramifications.

The controversy erupted when the Apple Watch Series 9 Ultra 2 faced a sudden halt in online sales and in-store availability. The move left consumers puzzled, prompting a search for answers. It was revealed that the pulse oximetry feature, designed to measure blood oxygen levels, was at the storm's center. The ban was initially instated due to concerns about the accuracy of this health monitoring function.

Pulse oximetry plays a crucial role in monitoring respiratory health, especially during a time when health-conscious consumers are increasingly relying on wearables for real-time data. The ban raised questions about the efficacy and reliability of this feature in the Apple Watch Series 9 Ultra 2, leaving both users and tech enthusiasts eager for clarity.

However, the controversy took an unexpected turn when an appeals court decided to put the sales ban on hold, providing temporary relief for Apple. This decision indicated a willingness to revisit the case and evaluate whether the concerns about pulse oximetry were well-founded. The court's intervention highlighted the complexity of regulating health-related features in consumer electronics and the importance of thorough scrutiny before imposing sales restrictions.

Tech specialists and analysts offered their opinions on the matter as the court case developed. The Verge published an article expressing concerns about the possible effects on Apple's sales and reputation. According to reports, the appeals court decided to postpone the prohibition, highlighting the importance of the case for Apple and the wearable technology sector.

The Apple Watch Series 9 Ultra 2 dispute highlights how wearable technology is developing and how difficult it is to incorporate cutting-edge health capabilities. Even though Apple has received a temporary reprieve, talks about how technology, health, and regulatory control intersect continue to center around this case.

The debate surrounding the Apple Watch Series 9 Ultra 2 serves as a timely reminder of the precarious balance that exists in the digital industry between innovation and regulation. Users and industry watchers are waiting for a decision to guarantee the dependability and security of wearable health monitoring features while the legal proceedings are ongoing.

Read more »
United States
cyber espionage Cyber Security Data Privacy Surveillance Bill United States

New Surveillance Reform Bill Raises Concerns Regarding Americans Data Privacy

 

Spies might be made out of regular employees at US companies if the recently proposed and approved legislation by the House Intelligence Committee greatly expands the federal government's surveillance powers, experts warn. 

The legislation, called H.R. 6611 or the "HPSCI bill," is said to be aimed at updating Section 702 of the FISA Amendments Act of 2008. Section 702 was enacted to empower the National Security Agency (NSA) to intercept data related to suspected terrorists abroad. Such surveillance, however, has resulted in the widespread acquisition of domestic data as well. Without a warrant, agencies such as the FBI used data gathered under 702 to target Americans. Rep. Mike Turner (R-Ohio) and Rep. Jim Himes (D-Conn.) introduced the bill, which was approved by committee on December 7. 

Elizabeth Goitein, co-director of the non-profit Brennan Centre for Justice's Liberty and National Security Programme, was among many who raised concerns about the so-called reform after a section representing "the biggest expansion of surveillance inside the United States since the Patriot Act" was discovered. 

“Through a seemingly innocuous change to the definition of ‘electronic service communications provider,’ the bill vastly expands the universe of U.S. businesses that can be conscripted to aid the government in conducting surveillance,” Goitein stated. 

Currently, Section 702 allows the government to compel businesses with direct access to communications—like emails, phone calls, or texts—to share data. However, Goitein notes that under Section 504 of the HPSCI bill, any organisation having access to devices that store or transfer communications would likewise have to abide by requests for surveillance. 

“Hotels, libraries, coffee shops, and other places that offer wifi to their customers could be forced to serve as surrogate spies,” Goitein continued. “They could be required to configure their systems to ensure that they can provide the government access to entire streams of communications.” 

Goitein went on to say that even a repairman trying to fix your home internet router might be forced into spying on you. 

The bill's advocates have vehemently denied that Section 504 would be enforced so loosely. Senator Mike Lee (R-Utah), however, even criticised the bill on his meme account. “If this bill were to pass, and you went to McDonald’s and used the McDonald’s wifi service, the NSA could go to McDonald’s and obtain that wifi data—without a warrant,” Lee wrote. 

Goitein claims that despite the sponsors of the bill's assurances, the government's past performance shows that it cannot be trusted with such authority.
Read more »
United States
Cyber Security Municipalities Ransomware Threat Landscape United States

As Ransomware Spreads, Municipalities Fight a Never-Ending Battle

 

A new wave of ransomware attacks is hitting American and international municipalities; even major towns like Dallas are falling victim to gang activity. The ongoing wave of assaults emphasises how desperately a historically unprepared sector has to deploy effective cybersecurity defences and solutions.

One of the best examples of the trend was when, on November 7, the Play ransomware group threatened to disclose additional details if they did not receive the money they wanted to post information they said they had taken from Dallas County in an alleged ransomware attack. The county gave a cybersecurity update that same day, mentioning an ongoing investigation and cooperation with law enforcement. 

"Dallas County is aware of an unauthorized party posting data claimed to be taken from our systems in connection with our recent cybersecurity incident," the update reads. "We are currently in the process of thoroughly reviewing the data in question to determine its authenticity and potential impact.”

Surge in ransomware attacks 

Unfortunately, this was not a one-time occurrence. The potential compromise comes just months after the city of Dallas was struck by a different cyberattack that impacted municipal services such as 311 calls, libraries, animal shelters, safety departments, and online payment systems. This was not the first time the attacker, the Royal ransomware organisation, had hit the city. 

Another example of the conflict between ransomware groups and governments occurred on September 29 when Rock County, Wisconsin, witnessed a cyberattack against its Public Health Department, crippling its computer systems. The Cuba ransomware gang claimed responsibility for the attack and stated that the stolen data comprised financial papers and tax information. 

The trend isn't restricted to the United States: On October 30, 70 towns in Germany were struck by a ransomware outbreak after a service provider was forced to block access to prevent malware propagation. Prior to that, schools in Hungary and Slovakia were targeted by ESXiArgs ransomware. The Florida Supreme Court, Georgia Institute of Technology, and Rice University have all been targeted. 

"There is an uptick in ransomware attacks across almost all industries and organization types in the past 12 months," says Erich Kron, security awareness advocate at KnowBe4, "with record-breaking amounts of ransomware attacks, financial impact from ransomware, and a variety of ransomware-enabling tools and ransomware-as-a-service (RaaS) providers on the market." 

According to a Sophos study on ransomware attacks, "the rate of ransomware attacks in state and local government has increased from 58% to 69% year on year, contrary to the global cross-sector trend, which has remained constant at 66% in our 2023 and 2022 surveys." However, since the potential of ransomware attacks on municipalities remains significant, security safeguards for these targets remain limited.
Read more »
United States
Cyber Security Nation-State Attack North Korea Hackers Threat Landscape U.S. Treasury United States

U.S. Treasury Sanctions Eight Foreign-Based Agents and North Korean Kimsuky Attackers

 

"The Office of Foreign Assets Control (OFAC) of the US Department of Treasury recently announced that it has sanctioned the cyberespionage group Kimsuky, also known as APT43, for gathering intelligence on behalf of the Democratic People's Republic of Korea (DPRK). 

Sanctions imposed by the United States are technically in response for a North Korean military reconnaissance satellite launch on Nov. 21, but they are also intended to deprive the DPRK of revenue, materials, and intelligence needed to sustain its weapons of mass destruction development programme, according to the Treasury's sanctions announcement. 

The Lazarus Group and its subsidiaries Andariel and BlueNoroff were subject to similar sanctions by the OFAC in September 2019—more than four years ago. Kimsuky is the target of these sanctions as it gathers intelligence to support the regime's strategic goals. 

Kimsuky is a well-known cyber espionage group that primarily targets governments, nuclear organisations, and foreign relations entities in order to gather intelligence that serves North Korea's interests. It is also known by the names APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (formerly known as Thallium), Nickel Kimball, and Velvet Chollima.

"The group combines moderately sophisticated technical capabilities with aggressive social engineering tactics, especially against South Korean and U.S.-based government organisations, academics, and think tanks focused on Korean peninsula geopolitical issues," Mandiant, which is owned by Google, stated in October 2023. 

Similar to the Lazarus Group, it is a part of the Reconnaissance General Bureau (RGB), which is in charge of intelligence gathering operations and is North Korea's main foreign intelligence service. At least since 2012, it has been known to be active. 

"Kimsuky employs social engineering to collect intelligence on geopolitical events, foreign policy strategies, and diplomatic efforts affecting its interests by gaining illicit access to the private documents, research, and communications of their targets," the Treasury stated.

The agency also named Choe Song Chol and Im Song Sun for managing front companies that made money by exporting skilled workers; Kang Kyong Il, Ri Sung Il, and Kang Phyong Guk for serving as weapons sales representatives; and So Myong, Choe Un Hyok, and Jang Myong Chol for participating in illegal financial transfers to acquire materials for North Korea's missile programmes.
Read more »
United States
Cloud Service Firm Credit Union Cyber Attacks IT Provider United States

Dozens of Credit Unions Experiencing Disruptions Due to Ransomware Attack on Popular Tech Provider

 

Owing to a ransomware attack on a popular technology provider, about 60 credit unions are experiencing disruptions. 

A spokesperson for the National Credit Union Administration (NCUA), Joseph Adamoli, stated that the ransomware attack was directed towards Ongoing Operations, a cloud services provider that is owned by Trellance, a credit union technology company. 

Adamoli stated that incident reports were sent to the NCUA, the federal agency in charge of regulating credit unions, by multiple credit unions claiming that Ongoing Operations had sent a message stating that the company had been infected with ransomware on November 26. 

“Upon discovery, we took immediate action to address and investigate the incident, which included engaging third-party specialists to assist with determining the nature and scope of the event. We also notified federal law enforcement,” Ongoing Operations told impacted credit unions. 

“At this time, our investigation is currently ongoing, and we will continue to provide updates as necessary. Please know that at this time, we have no evidence of any misuse of information, and we are providing notice in an abundance of caution to ensure awareness of this event.” 

Adamoli revealed that nearly sixty credit unions are currently facing some level of outage as a result of a ransomware assault at a third-party service provider. 

"The NCUA is coordinating with affected credit unions." "Member deposits at affected federally insured credit unions are insured up to $250,000 by the National Credit Union Share Insurance Fund," he explained.

He went on to say that they had informed the US Department of Treasury, the Federal Bureau of Investigation, and the Cybersecurity and Infrastructure Security Agency about the incident. Trellance did not respond to requests for comment. 

The attack is having a larger impact on other credit union technology providers, including FedComp, a company that provides data processing solutions to credit unions. 

FedComp did not respond to requests for comment, but according to a notice on its website, "the FedComp Data Centre is experiencing technical difficulties and is experiencing a nationwide outage.” 

Rise in attacks 

In August, the NCUA issued a warning, citing a rise in cyberattacks targeting credit unions, credit union service organisations (CUSO), and other outside suppliers of financial services goods. 

The cyberattack on the MOVEit file transfer software earlier this year impacted several credit unions, and over the last three years, dozens of organisations have reported data breaches to Maine regulators.

Jefferson Credit Union was added to the list of victims by the ransomware group RansomHouse in 2022, and Envision Credit Union disclosed a cyberattack involving the LockBit ransomware group last year. 

In 2020, there was also an incident at Ardent Credit Union. New regulations that mandate a federally insured credit union to report a cyberattack to the NCUA within 72 hours were approved by the NCUA in February. On September 1, the regulation went into force.
Read more »
User Privacy
Confidential Data Data Breach Data protection Healthcare Data Protocols unauthorised access United States User Data User Privacy

Welltok Data Breach: 8.5 Million U.S. Patients' Information Compromised

The personal data of 8.5 million American patients was at risk due to a data breach that occurred recently at Welltok, a well-known supplier of healthcare solutions. Since cybersecurity specialists found the intrusion, the organization has been attempting to resolve the issue and minimize any possible harm.

According to reports from Bleeping Computer, the breach has exposed a vast amount of sensitive data, including patients' names, addresses, medical histories, and other confidential information. This breach not only raises concerns about the privacy and security of patient data but also highlights the increasing sophistication of cyber threats in the healthcare sector.

Welltok has promptly responded to the incident, acknowledging the breach through a notice posted on their official website. The company has assured affected individuals that it is taking necessary steps to investigate the breach, enhance its security measures, and collaborate with law enforcement agencies to identify the perpetrators.

The impact of this breach extends beyond the United States, as reports from sources suggest that the compromised data includes patients from various regions. This global reach amplifies the urgency for international cooperation in addressing cyber threats and fortifying data protection measures in the healthcare industry.

Cybersecurity analysts estimate that the breach may have affected up to 11 million patients, emphasizing the scale and severity of the incident. The potential consequences of such a breach are far-reaching, ranging from identity theft to unauthorized access to medical records, posing serious risks to individuals' well-being.

This incident underscores the critical need for organizations, especially those handling sensitive healthcare data, to continuously assess and strengthen their cybersecurity protocols. As technology advances, so do the methods employed by malicious actors, making it imperative for companies to stay vigilant and proactive in safeguarding the privacy and security of their users.

The ongoing risks to the healthcare sector are brought home sharply by the Welltok data hack. The company's efforts to stop the breach and safeguard the impacted parties serve as a reminder of the larger difficulties businesses encounter in preserving the confidentiality of sensitive data in the increasingly linked digital world.

Read more »
Subscribe to: Posts (Atom)