Security News This Week: The FBI Made a Crypto Coin Just to Catch Fraudsters

source: wired.com  |  image: fbi.gov

 
/ NexFundAI, the FBI’s Ethereum-based token, was used to investigate price manipulation in crypto markets.

The FBI created a cryptocurrency as part of an investigation into price manipulation in crypto markets, the government revealed on Wednesday. The FBI’s Ethereum-based token, NexFundAI, was created with the help of “cooperating witnesses.”

As a result of the investigation, the Securities and Exchange Commission charged three “market makers” and nine people for allegedly engaging in schemes to boost the prices of certain crypto assets. The Department of Justice charged 18 people and entities for “widespread fraud and manipulation” in crypto markets. Continue reading “Security News This Week: The FBI Made a Crypto Coin Just to Catch Fraudsters”

Experts Weigh In on Refusing or Paying After a Ransomware Attack

source: technewsworld.com |  image: pexels.com

 

Ransomware attacks have shown signs of decreasing in recent months. Yet they still pose enough threat for organizations to rethink whether a successful breach of their computers justifies paying a ransom demand in hopes attackers will not divulge their stolen content.

According to the NCC Group Threat Pulse Report released in May, the ransomware landscape remains turbulent despite fewer reported incidents since April. Industrials (34%) and Consumer Cyclicals (18%) remained the first and second-most targeted sectors.

There has been a significant shake-up among the top 10 ransomware actors since April. Hunters, one of the leading bad actors, moved from eighth to the second most active threat actor. It launched 61% more ransomware attacks in April than in March. RansomHub replaced RA Group in third place and saw a 42% increase in attacks over March.

The policy of not paying ransom, often called a “no concessions” policy, is a widely debated strategy in counterterrorism and hostage situations. Its effectiveness continues to be argued from multiple perspectives. Cybersecurity experts apply the same reasoning when deciding whether to make or not make ransomware payments. Continue reading “Experts Weigh In on Refusing or Paying After a Ransomware Attack”

China’s Satellites Are Dodging US Eyes In Space

source: defenseone.com  |  image: pixabay.com

 

The Pentagon doesn’t post location data for its secretive GSSAP satellites, but Chinese spacecraft are maneuvering to avoid their gaze.

The Pentagon has long been closed-mouthed about a family of U.S. spy satellites that since 2014 have kept an eye on foreign spacecraft in geosynchronous orbits. That hasn’t stopped Chinese satellites from dodging them.

U.S. officials declassified the Geosynchronous Space Situational Awareness Program a decade ago to show that they had eyes on high-Earth orbit, but they have rarely discussed the the six GSSAP satellites themselves, and they do not publish the standard location data meant to reduce collisions. Now, a new paper from the U.S. Air Force’s China Aerospace Studies Institute explores what the Chinese know about GSSAP—and what they’re doing about it. Continue reading “China’s Satellites Are Dodging US Eyes In Space”

New Targets, New Tools, Same Threat.

source: thecyberwire.com  |  image: pixabay.com

 

Listen to the podcase here

 

This week we are joined by Chester Wisniewski, Global Field CTO from SophosX-Ops team, to discuss their work on “Crimson Palace returns: New Tools, Tactics, and Targets.” Sophos X-Ops has observed a resurgence in cyberespionage activity, tracked as Operation Crimson Palace, targeting Southeast Asian government organizations.

After a brief lull, Cluster Charlie resumed operations in September 2023, using new tactics such as web shells and open-source tools to bypass detection, re-establish access, and map target network infrastructure, demonstrating ongoing efforts to exfiltrate data and expand their foothold.

The research can be found here:

European Government Air-Gapped Systems Breached Using Custom Malware

source: bleepingcomputer.com (contributed by FAN, Steve Page)  |  image: pexels.com

 

An APT hacking group known as GoldenJackal has successfully breached air-gapped government systems in Europe using two custom toolsets to steal sensitive data, like emails, encryption keys, images, archives, and documents.

According to an ESET report, this happened at least two times, one against the embassy of a South Asian country in Belarus in September 2019 and again in July 2021, and another against a European government organization between May 2022 and March 2024.

In May 2023, Kaspersky warned about GoldenJackal’s activities, noting that the threat actors focus on government and diplomatic entities for purposes of espionage.

Continue reading “European Government Air-Gapped Systems Breached Using Custom Malware”

Chinese Hacking “Typhoons” Threaten U.S. Infrastructure

source: axios.com (contributed by FAN, Bill Amshey)  |  image: pexels.com

 

The Chinese government is running another broad campaign to hack as many American organizations as possible — heightening the threat across critical infrastructure.

Why it matters: The new hacking campaign suggests China could hold more expansive power to turn off key U.S. infrastructure than previously thought.

Driving the news: FBI director Christopher Wray said at the Aspen Cyber Summit on Wednesday that the bureau and its partners hijacked thousands of devices last week that a Chinese hacking group had infected with malware.

  • Flax Typhoon, a new China-backed hacking team, infected home routers, firewalls, storage devices, and Internet of Things devices like cameras and video recorders.

Zoom in: As of June, Flax Typhoon’s botnet included more than 260,000 malware-infected devices across North America, South America, Europe, Africa, Southeast Asia and Australia, according to a U.S. government advisory.

  • Half of the hijacked devices were located in the U.S., Wray said in his remarks.
  • Security researchers at Black Lotus Labs said in a coinciding report that hackers have used the botnet to target U.S. and Taiwanese organizations in the military, government, higher education, telecommunications, defense and IT sectors.
  • The FBI also alleged that the Flax Typhoon hackers worked for Integrity Technology Group, a Chinese tech company that does contract work for Beijing’s intelligence agencies.
  • The FBI also said that Integrity Technology Group operated and controlled the botnet. Continue reading “Chinese hacking “typhoons” threaten U.S. infrastructure”

Check if Your Social Security Number Is Included in the National Public Data Hack

source: cnet.com (contributed by FAN, Steve Page)  |  image: pexels.com

 

Check if your Social Security number was stolen in the massive data theft and what to do to secure your personal information.

If your Social Security number or other personal information was stolen in the December 2023 National Public Data breach, you can take steps to protect yourself. Here’s how. A reported 2.7 millionto 2.9 billion records from 170 million people were stolen, including full names and phone numbers along with Social Security numbers. 

According to an August statement from National Public Data — a data broker that sells personal information to private investigators, consumer public record sites, human resources and staffing agencies — “a third-party bad actor” hacked into the data and leaked the stolen information on the dark web. National Public Data obtained the information by scraping nonpublic sources without consent, according to a proposed class action lawsuit. A House of Representatives committee has opened an investigation in response.

Here are steps you can take to see if your information was stolen and then what to do if your Social Security number and other personal data were leaked in the massive data hack. For more information, here are the best identity theft protection services and how to freeze your credit. For more on Social Security, here’s when to expect your Social Security check to arrive this month and four ways you can lose your Social Security benefits.

How was my personal information stolen in the National Public Data hack?

National Public Data said it obtains personal information from public record databases, court records, state and national databases and other repositories nationwide.

According to a National Public Data statement in August, “The incident is believed to have involved a third-party bad actor that was trying to hack into data in late December 2023, with potential leaks of certain data in April 2024 and summer 2024.” Continue reading “Was YOUR SSN Included In This Hack?”

Safeguarding Secrets From Quantum Spying

source: axios.com (contributed by FAN, Bill Amshey)  |  image: pexels.com

 

The National Institute of Standards and Technology has released its highly anticipated standards for protecting encrypted data from future quantum technologies.

Why it matters: China and other foreign foes are likely already collecting encrypted U.S. secrets with the hopes of breaking into them once quantum computing technology catches up.

What’s happening: NIST this week formally approved three post-quantum cryptography standards, marking an important first step in protecting government and critical services from encryption-breaking quantum.

  • IBM researchers developed two of the three standards in collaboration with industry and academic partners.
  • The third standard was developed by a researcher who has since joined IBM.
  • Apple, Meta, Google and some other companies are already implementing these standards.

What’s next: These standards will serve as a blueprint for governments and private-sector organizations around the world.

Go deeper.

How Telegram Became a Destination for Criminals

source: axios.com (contributed by FAN, Bill Amshey)  |  image: pexels.com

 

Telegram has long been a hotbed for cybercriminal gangs boasting about their attacks and looking to recruit new members.

Why it matters: Billionaire Telegram CEO Pavel Durov’s arrest over the weekend has put a spotlight on what policies Telegram does — and doesn’t — have to deter cybercriminals and extremist groups who use its platform.

The big picture: Telegram’s relaxed content moderation policies and encrypted service offerings have made it an attractive destination for cybercriminals, terrorism organizations and drug dealers.

  • Terrorist organizations, including ISIS, have used Telegram to publicly claim responsibility for attacks.
  • Politically motivated hackers — including those tied to the war in Ukraine and the Israel-Hamas war — also post about their crimes in public Telegram forums.

Experts say Telegram has unique features that — taken in combination — hackers have been able to abuse in an effort to hide their activities.

  • Secret Chats allows users to turn on end-to-end encryption.
  • That means Telegram has no way of seeing what’s discussed in Secret Chat conversations. Users also can’t forward these messages, which can self-destruct — making it even harder for third parties to intercept their contents.
  • Apple Messages and WhatsApp messages are also encrypted by default, but neither allows users to sign up with a virtual phone number.
  • Telegram accounts don’t need to be linked to a SIM card, Taisiia Garkava, an intelligence analyst at Intel 471, told Axios.

Continue reading “How Telegram Became a Destination for Criminals”

Ticketmaster warns customers to take action after hack

source: bbc.com (contributed by FAN, Steve Page)  |  image: pixabay.com

 

Ticketmaster customers in North America have been sent emails warning them to take action after the company was hacked in May.

Emails were sent overnight to Canadian customers, urging them to “be vigilant and take steps to protect against identity theft and fraud.”

The company has not commented on the notification process – however similar emails have reportedly been sent to victims in the US and Mexico.

The personal details of 560 million Ticketmaster customers worldwide were stolen in the hack – with cyber criminals then attempting to sell that information online.