Fidelity customers’ financial info feared stolen in suspected ransomware attack

 

source: the register.com (submitted by FAN, Steve Page)  |  image: pixabay.com

 

Criminals have probably stolen nearly 30,000 Fidelity Investments Life Insurance customers’ personal and financial information — including bank account and routing numbers, credit card numbers and security or access codes — after breaking into Infosys’ IT systems in the fall.

According to Fidelity, in documents filed with the Maine attorney general’s office, miscreants “likely acquired” information about 28,268 people’s life insurance policies after infiltrating Infosys.

“At this point, [Infosys] are unable to determine with certainty what personal information was accessed as a result of this incident,” the insurer noted in a letter [PDF] sent to customers. However, the US-headquartered firm says it “believes” the data included: names, Social Security numbers, states of residence, bank accounts and routing numbers, or credit/debit card numbers in combination with access code, password, and PIN for the account, and dates of birth.

In other words: Potentially everything needed to drain a ton of people’s bank accounts, pull off any number of identity theft-related scams — or at least go on a massive online shopping spree.

LockBit claimed to be behind the Infosys intrusion in November, shortly after the Indian tech services titan disclosed the “cybersecurity incident” affecting its US subsidiary, Infosys McCamish Systems aka IMS. It reported that the intrusion shuttered some of its applications and IT systems [PDF].

This was before law enforcement shut down at least some of LockBit’s infrastructure in December, although that’s never a guarantee that the gang will slink off into obscurity — as we’re already seen.

Russian Hackers Stole Microsoft Source Code—and the Attack Isn’t Over

source: wired.com  |  image: pexels.com

 

In January, Microsoft revealed that a notorious group of Russian state-sponsored hackers known as Nobelium infiltrated the email accounts of the company’s senior leadership team. Today, the company revealed that the attack is ongoing. In a blog post, the company explains that in recent weeks, it has seen evidence that hackers are leveraging information exfiltrated from its email systems to gain access to source code and other “internal systems.”

It is unclear exactly what internal systems were accessed by Nobelium, which Microsoft calls Midnight Blizzard, but according to the company, it is not over. The blog post states that the hackers are now using “secrets of different types” to breach further into its systems. “Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures.”

Nobelium is responsible for the SolarWinds attack, a sophisticated 2020 supply-chain attack that impacted thousands of organizations that downloaded a compromised software update, and led to the compromise of around 100 organizations, including major US government agencies like the Departments of Homeland Security, Defense, Justice, and Treasury.

According to Microsoft, it has found no evidence that its customer-facing systems were breached.

Communication devices found on Chinese-made cranes in US ports

 

source: newsnationnow.com (contributed by FAN, Steve Page)  | image: pixabay.com

 

A congressional investigation into Chinese-built cargo cranes at U.S. ports has uncovered concerns about potential national security risks.

According to a report from The Wall Street Journal, some of the cranes were found to contain communications equipment, including cellular modems, that could be accessed remotely.

Lawmakers worry about the threat of espionage and disruption posed by these cranes, which are predominantly manufactured by ZPMC, a Chinese company.

Continue reading “Communication devices found on Chinese-made cranes in US ports”

What to know about China’s cyber threats?

source: axios.com, contributed by FAN, Bill Amshey  |  image: pixabay.com

 

China has become the top hacking threat in 2024 with a recent series of attacks targeting critical U.S. infrastructure.

Why it matters: It’s rare for public officials to share as many details as they have in recent weeks about ongoing cyber threats — underscoring just how concerned the Biden administration is about a Beijing-backed cyberattack.

Driving the news: The U.S. Cybersecurity and Infrastructure Security Agency, the National Security Agency, and the FBI released an advisoryWednesday detailing how the Volt Typhoon hacking group is infiltrating the U.S.

The advisory presented a stark picture of the “persistent” threat, with China having access to some infrastructure for “at least five years.”

  • Typical malware detection tools can’t detect these hackers’ movements.
  • And in some cases, Volt Typhoon had enough access to tamper with basic essential services, like water and energy controls.

The big picture: This is just the latest example of Chinese hackers targeting not only U.S. infrastructure, but also American businesses in the last year.

  • But keeping tabs on everything going on — or even recalling what all has happened — has become a daunting task.

Continue reading “What to know about China’s cyber threats?”

China had “persistent” access to U.S. critical infrastructure

source: https://www.axios.com, contributed by FAN, Steve Page  |  image: pexels.com

 

China-backed hackers have had access to some major U.S. critical infrastructure for “at least five years,” according to an intelligence advisory released Wednesday.

Why it matters: The hacking campaign laid out in the report marks a sharp escalation in China’s willingness to seize U.S. infrastructure — going beyond the typical effort to steal state secrets.

  • The advisory provides the fullest picture to-date of how a key China hacking group has gained and maintained access to some U.S. critical infrastructure.

Details: The U.S. Cybersecurity and Infrastructure Security Agency, the National Security Agency and the Federal Bureau of Investigation released an advisory Wednesday to warn critical infrastructure operators about China’s ongoing hacking interests.

Continue reading “China had “persistent” access to U.S. critical infrastructure”

The Hacking Threat Rises

source:  CNN.com  | image: pexels.com

 

At The New Yorker last month, Sam Knight detailed the devastating consequences of a ransomware attack on the British Library in London: “The outage became an incident. The National Cyber Security Centre, a branch of G.C.H.Q., the British equivalent of the National Security Agency, got involved. On November 20th, a hacking group called Rhysida—after a genus of centipedes—offered 490,191 files stolen from the British Library for sale on the dark Web. United States cybersecurity officials describe Rhysida as a ‘ransomware-as-a-service’ provider—a gun for hire—part of an increasingly professional array of cyber-extortion organizations.” Knight also noted the widely international array of apparent victims of this group: “Since Rhysida surfaced, in May, its victims have included the Chilean Army, a medical-research lab in Australia, and Prospect Medical Holdings, a health-care company with hospitals in Pennsylvania, Rhode Island, Connecticut, and California. There are reports that its code contains fragments of Russian, and it appears not to have struck inside Russia or its close allies.”
Continue reading “The Hacking Threat Rises”

The surprising threat lurking even in your ‘secure’ work environment

source: fastcompany.com  |  image: pexels.com

 

When Netflix released The Most Hated Man on the Internet, we got an up-close glimpse of the harm that nefarious people can do by exposing the personal information of others online. The series illustrated how Hunter Moore used stolen or hacked images to populate a pornographic website, targeting women who did not consent for their images to be used—and introducing many people to the concept of “doxing.” 

Derived from 1990s hacker culture, doxing is a play on the word document or dossier, referring to compiling data on a person or company. It gained greater visibility in 2014 when a group released the private information of women who they perceived as receiving favoritism in the gaming journalism industry. The incident, titled GamerGate, exposed the dangers of being targeted by bad actors and the potential for negative psychological outcomes. Continue reading “The surprising threat lurking even in your ‘secure’ work environment”

This Cryptomining Tool Is Stealing Secrets

 

source: wired.com  |  image: pexels.com

 

As the Israel-Hamas war raged on this week and Israel expanded its ground invasion of the Gaza Strip, the territory’s compromised internet infrastructure and access to connectivity went fully dark on Friday, leaving Palestinians without access to ground or mobile data connections. Meanwhile, researchers are bracing for the fallout if Hamas makes good on its threats to distribute hostage execution videos online. And TikTokkers are using a niche livestreaming feature and exploiting the Israeli-Hamas conflict to collect virtual gifts from viewers, a portion of which goes to the social media company as a fee.

As the worst mass shooting in Maine’s history unfolded this week and the gunman remained at large, disinformation about the situation and the suspect flooded social media, adding to the already chaotic and horrific situation. Elon Musk, the owner of X (formerly Twitter) posted remarks earlier this month mocking Ukrainian president Vlodymr Zelensky that were met with a flood of support and enthusiasm from Russian trolls and accounts distributing pro-Russia propaganda.

Continue reading “This Cryptomining Tool Is Stealing Secrets”

Casino Breaches Expose Why Identity Management Is at a Crossroads

 

source: technewsworld.com  |  image: pexels.com

 

As cyberthreats become more prevalent, the tangible losses from identity access management-related breaches underline the critical need to reform this cornerstone of digital security.

By now, many have heard about the massive cyberattacks that affected casino giants MGM Resorts and Caesars, leaving everything from room keys to slot machines on the fritz. Like many recent breaches, it’s a warning to improve security around digital identities — because that’s where it all started.

The origin story of this breach is similar to many we have seen lately: social engineering and impersonation attacks.

Hackers called MGM’s IT department and tricked the help desk into resetting legitimate logins, which they then used to launch a ransomware attack. The same group allegedly staged a rash of similar attacks across various other sectors, including a breach at casino rival Caesars Entertainment, which reportedly paid $15 million to get its data back days before the MGM attack.

Continue reading “Casino Breaches Expose Why Identity Management Is at a Crossroads”

Fingerprint Theft Just a Shutter Click Away

source: technewsworld.com  |  image: pixabay.com

 

Ever since smartphone makers started incorporating fingerprint scanners as a means of unlocking mobile phones, the Chaos Computer Club has attacked the technology with vigor. 

Not long after Apple added Touch ID to its iPhones, the German hackers demonstrated how to lift prints from a surface and create a flexible pad containing the print that could be used to break into a phone.

Now the CCC hacker known as “Starbug” has used digital photography to perform the same trick without lifting any prints at all. At a recent cybersecurity conference, Starbug demonstrated how he created the thumb print of German Minister of Defense Ursula von der Leyen from several news photos.

“After this talk, politicians will presumably wear gloves when talking in public,” Starbug said.

Continue reading “Fingerprint Theft Just a Shutter Click Away”