News of the Cyber World

[kyonides]

Netflix Customers Could Face Criminal Charges For Sharing Their Password

The popular streaming service is planning to put an end to password sharing beginning in early 2023, according to The Wall Street Journal.

Netflix has been exploring ways to crack down on it for some time, and this is the first official notice that the changes will finally happen.

The company claimed that out of the 222 million households around the world with valid subscriptions, there were at least “100 million additional households” using their services via password sharing.

Households using Netflix through password sharing reportedly include more than 30 million households across the United States and Canada, Newsweek reported.

Netflix offers shared accounts with separate profiles and multiple streams in its plans, but only people living under the same roof apply.
...
However, revenue has been falling since the start of this year, as it faces its first drop in subscribers in a decade.

The company has introduced fees for people sharing accounts not living in the same household in order to fight a decline in subscribers.
...
Netflix’s terms of service had never allowed for multi-household sharing, which has read that it is the responsibility of “the member who created the Netflix account and whose payment method is charged” for any activity that occurs through the account.

 Well people, you have been warned about this changes in Netflix's policies for next year.

'Russian hackers' help two New York men game JFK taxi system

A pair of men living in New York, working with unnamed Russian nationals, hacked and manipulated the electronic taxis dispatch system at John F. Kennedy International Airport as part of a money-making scheme over a period of at least two years, federal prosecutors said Tuesday.

Starting in at least September 2019, Daniel Abayev and Peter Leyman ran a pay-to-play system for cabbies who could jump the line instead of idling in a holding lot until hailed by a dispatcher, prosecutors with the Southern District of New York said in a statement. Abayev and Leyman allegedly charged taxi drivers $10 for each time they skipped ahead and gave other drivers waivers from the $10 fee if they recruited more paying drivers.

The duo each face two counts of conspiracy to commit computer intrusions, which carry a maximum sentence of 10 years in prison.

As part of the scheme, the men worked with unidentified “hackers” in Russia to develop malware, prosecutors alleged in the indictment, which was unsealed Tuesday. The men bribed someone to insert a flash drive into computers connected to the system used to dispatch the taxis, the prosecutors said. They also gained unauthorized access to the dispatch system via a Wi-Fi connection, and stole computer tablets connected to the system, according to the indictment.

Russian hackers attempted to breach petroleum refining company in NATO country

The attempted intrusion, which appears to have been unsuccessful, occurred on Aug. 30 and was carried out through spear phishing emails using English-named files containing words like “military assistance,” according to the report, which provides an update on the activities since the start of the Russian invasion of Ukraine of a hacking group Palo Alto tracks as “Trident Ursa.”

The report on Trident Ursa’s latest movements comes on the heels of a warning from National Security Agency Cyber Director Rob Joyce that Russian state-backed hackers may target the energy sector in NATO countries in coming months.

These attacks, Joyce said, may have “spillover” impacts for Ukraine’s neighbors — like Poland, where Microsoft recently warned that Russian-backed hackers have stepped up attacks on the country’s logistics industry, a key enabler of the Ukrainian war effort.
...
The group has been heavily active since the start of the Ukraine war and has previously tried to phish Ukrainian entities.

The report from Unit 42 assesses that the likely goal of infiltrating a petroleum refining company was to increase “intelligence collection and network access against Ukrainian and NATO allies.”
...
The group utilizes geo-blocking to limit their attacks, only letting users in targeted countries download malicious files, which reduces the visibility of their attacks and makes their campaigns more difficult to identify.

The Russian hacking group also has some unique tendencies in picking domain names referencing pop culture. Some of the domains includes U.S. basketball teams, well-known rock bands such as Metallica and Papa Roach and names of characters from the popular TV show “The Big Bang Theory,” Unit 42’s researchers told CyberScoop.

The group also has a habit of trolling its opponents and attacking them online.

[kyonides]

Mysterious Government Agencies Participated in Suppressing Twitter Content

Mysterious government agencies were involved in censoring content along with Twitter Inc. on the social media platform, journalist Matt Taibbi said in newly-released Twitter Files.
...
In one email from June 29, 2020, FBI San Francisco Field Office official Elvis Chan asked Twitter executives if he could invite an “OGA” to attend an upcoming event.
...
“OGA Briefing” can also be frequently seen on the meeting agenda between Twitter and the Foreign Influence Task Force (TITF).

It was put under the “Russia Status” part of the meeting agenda.
...
It’s unclear which agencies OGA was referring to, though Taibbi claimed it to be the Central Intelligence Agency (CIA) citing several persons familiar with the agency.

Screenshots of emails shared by Taibbi show various government agencies including the FBI and CIA participated in meetings with Twitter.
...
Baker was a general counsel at the FBI and a key figure in the Trump-Russia investigation.

Twitter was overwhelmed by requests from various agencies mostly coordinated by TITF and the FBI San Francisco Field Office before the 2020 election, Taibbi said.

“Email after email came from the San Francisco office heading into the election, often adorned with an Excel attachment,” he wrote. “There were so many government requests, Twitter employees had to improvise a system for prioritizing/triaging them.”
...
In another case, Yoel Roth, Twitter’s fired ex-head of trust and safety, concluded that some pro-Maduro accounts from Venezuela were not connected to Russia’s Internet Research Agency (IRA).

OGA stands for Other Government Agencies.
Fine. Some accounts were not driven by some unknown automaton, yet, that doesn't mean the account owners weren't part of some OTHER Russian group or some local team loyal to Maduro only. 

[kyonides]

New York City Public Schools Block AI Chatbot Over Cheating Concerns

The New York City Department of Education (NYCDOE) has blocked OpenAI’s ChatGPT service access on its networks and devices amid fears that students will use it to cheat on assignments and other school tasks.

ChatGPT is an artificial intelligence chatbot capable of producing content mimicking human speech. Accessible for free, the service can be used to generate essays, technical documents, and poetry, Chalkbeat New York reported. The program uses machine learning to pull and compile historical facts and even make logical arguments that sound convincing, all the while ensuring that the output remains grammatically correct.
...
However, if individual schools do need access to the site in case they wish to study the technology powering ChatGPT, they only need to put in a request, Lyle said.
...
In early December, Hick had asked his class to write a 500-word essay on philosopher David Hume and the paradox of horror. One of the submissions caught his eye as it featured a few hallmarks of having been created by AI.

“It’s a clean style. But it’s recognizable. I would say it writes like a very smart 12th grader,” Hick told the New York Post, adding that the bot uses “peculiar” and “odd wording.”

A problem with ChatGPT is that it is not always correct. OpenAI admits that ChatGPT “sometimes writes plausible-sounding but incorrect or nonsensical answers,” and that fixing the issue is a challenge. As such, the service cannot be used to source critical information, like medical advice.
...
“I have exposure to the very cutting edge AI, and I think people should be really concerned about it,” Musk told attendees of a National Governors Association meeting in July 2017.

White House Pushed Facebook to Censor
Tucker Carlson on COVID-19 Vaccines: AG Landry

The White House pressured Facebook to take action against Fox News host Tucker Carlson for supposedly saying COVID-19 vaccines “don’t work,” according to a document released by Louisiana’s Republican Attorney General Jeff Landry, who characterized the move as a request to censor the journalist.

Landry shared the document—an email exchange between White House Director of Digital Strategy Rob Flaherty and an unidentified Facebook employee—in a Jan. 7 post on Twitter, with the comment: “Rob Flaherty tells facebook to censor” Tucker Carlson.
...
“This is exactly why I want to know what ‘Reduction’ actually looks like—if ‘reduction’ means ‘pumping our most vaccine hesitant audience with [T]ucker Carlson saying it doesn’t work’ then … I’m not sure it’s reduction!” Flaherty continued, per the document shared by Landry.

Signaling action regarding the request, the unidentified Facebook employee then reportedly wrote: “Running this down now.”
...
Bailey shared a screenshot of an email from White House COVID-19 Digital Director Clarke E. Humphrey to an unidentified Twitter employee with the subject line “Flagging Hank Aaron misinfo” and requesting the Twitter staff to “get moving on the process for having it removed ASAP.”

In her request, Humphrey provided a link to a Twitter post by Robert F. Kennedy Jr., a known critic of the Biden administration’s narrative on COVID-19 vaccines.

The offending tweet links to an article on the website of the Children’s Health Defense, an activist group chaired by Kennedy Jr. that left-leaning Wikipedia labels as “one of the main sources of misinformation on vaccines.”
...
Besides requesting action on Kennedy Jr.’s tweet, Humphrey also added a request to “keep an eye out for tweets that fall in this same genre,” per the screenshot shared by Bailey.

Bailey also shared screenshots of several other messages that he said show collusion between Big Tech and the government to suppress free speech, including another message from Flaherty to an unidentified Facebook employee in which the White House official demands “assurances” that the social media company is taking actions “to ensure you’re not making our country’s vaccine hesitancy problem worse.”

That means that Big Tech companies can no longer claim they're independent nor that their customers are responsible for their own contents because its Facebook, Twitter and others who make the decisions and not the average users. They've been abusing the power that Section 230 granted them ever since the Clinton administration back in 1996.

[kyonides]

Car hackers discover vulnerabilities that could let them hijack millions of vehicles

The vulnerabilities could let attackers remotely track, stop or control a car — even an entire fleet of emergency vehicles. Another could give hackers access to some 15.5 million automobiles, allowing them to send commands to control braking systems.

In total, a group of ethical car hackers discovered at least 20 vulnerabilities within the application programming interfaces, or APIs, that automakers rely on so technology inside cars can interact. The vulnerabilities affected Ford, Toyota, Mercedes, BMW, Porsche, Ferrari and others.
...
One significant issue is that some automakers are relying on third-party API software instead of building the technology in-house, he said. “A lot of it comes down to API’s: everything wants to connect with everything else. So there’s been a proliferation of API interfaces and a single mobile app can have dozens of API calls.”
...
Cybersecurity journalist Andy Greenberg demonstrated in 2015 that hackers could manipulate a Jeep Cherokee as he was driving.
...
But while hackers taking over a car while someone is driving it is a made-for-movie moment, vulnerabilities in GPS systems, motions sensors, keyless systems, and operating systems are becoming more of a privacy and security concern, say experts. What’s more, the software flaws could lead to vehicle theft. Some of the vulnerabilities that Curry and the other researchers discovered would allow a hacker change the ownership status of the car.

“[Vehicle Identification Numbers] are super public, you can walk up to a car to get a VIN number,” Curry said. “But with a lot of these APIs, if you have the VIN number it would just return the full name of the person or the battery level of the vehicle and you can just add it to you account.”

The researchers were able to use a VIN number to not only take complete control of an owners’ vehicle account, which included a significant amount of private information, they were also able to remotely lock and unlock, stop engines, locate vehicles for Kia, Honda, Infiniti, Nissan and Acura.

European regulators fine Meta over $400 million for targeted ad program

Irish regulators fined Meta 390 million euros, or roughly $414 million, Wednesday for allegedly forcing users into its targeted advertising program in violation of Europe’s landmark privacy law.

The decision is just the most recent in a string of rulings in Europe against Facebook’s parent company over its advertising, privacy and data tracking practices that have totaled well over $1 billion in fines.

The latest fines resulted from an investigation into two 2018 complaints alleging that Meta essentially forced users to consent to behavioral advertising by including a clause allowing the practice within an updated terms of service agreement, which is required for use of the platform. European investigators determined that the behavior violated the General Data Protection Regulation, which guides how companies handle the data of EU citizens.

Regulators ultimately fined Meta Ireland for 210 million euros for a complaint about Facebook and 180 million euros for a complaint about Instagram.

Meta now has three months to bring its practices into compliance with GDPR. The tech giant says it plans to appeal the decision, potentially resulting in a drawn-out legal battle.

Do you care about Ukraine?
 Then let me warn you about the next cyber-news article handling Ukraine and its enemy Russia.

Notorious Russian hacking group appears to resurface
with fresh cyberattacks on Ukraine

But one group — known as Turla and widely regarded as one of Russia’s most capable — has been conspicuously absent from the conflict, until now.

On Thursday, researchers at Mandiant disclosed they discovered Turla targeting Ukrainian systems using run-of-the-mill commodity malware and by piggybacking on infrastructure used in earlier criminal operations.

Turla’s attack on Ukrainian systems began before the invasion, in December 2021, when an infected USB stick was inserted into a Ukrainian system and kicked off the campaign, the researchers found.

The stick contained a 2013 version of the Andromeda malware — a commercially available malware family — which began sending beacons to Turla’s command-and-control infrastructure, according to Mandiant. Turla appears to have repurposed that infrastructure from an earlier criminal campaign. Relying on expired domains previously used as part of a likely criminal hacking campaign, Turla re-registered these domains for its own operation.
...
Since invading, Russia doesn’t appear to have carried out the type of large-scale cyberattacks in Ukraine that many observers had expected, but Ukrainian officials have described a high volume of attacks aimed at supporting the Russian war effort.

Thursday’s report from Mandiant serves as a reminder that there may be significant Russian activity in cyberspace occurring under the radar. The operation described by Mandiant began in December 2021 and was not discovered until September of this year [2022].

So are we talking about Russian spies still working in Ukraine!?
If they have been successful until now, why would they stop  infecting more and more USB drives and computers out of the  blue?

[kyonides]

Supreme Court clears way for WhatsApp case against NSO Group
opening spyware firm to more lawsuits

The Supreme Court on Monday denied a petition from NSO Group, the Israeli spyware maker, to dismiss a lawsuit alleging the firm exploited the WhatsApp platform in 2019 to spy on 1,400 users.

The decision upholds a previous California federal court ruling that rejected NSO Group’s arguments that it qualified for foreign sovereign immunity because it had been acting on behalf of a foreign government to investigate terrorist activity at the time it deployed the software.

NSO Group filed its petition with the Supreme Court in April after a federal judge in California rejected an appeal in the case brought by Meta, WhatsApp’s parent company.
...
The Supreme Court previously called on the Biden administration to weigh in on the case and in November the Justice Department filed an amicus brief asking the court to deny the petition. The administration in 2021 added NSO Group and fellow Israeli spyware company Candiru to its entity list of companies that pose a national security risk.

The high court’s ruling comes amid growing concern from Washington about reining in the spyware industry.
...
The court’s decision could help bolster the standing of other lawsuits against the surveillance firm. The Knight Institute filed a lawsuit in U.S. federal court against NSO Group in December on behalf of members of the Salvadoran news outlet El Faro. The lawsuit alleges that the NSO Group violated U.S. hacking laws by deploying spyware against the journalists.

LastPass breach exposes how US breach notification laws
can leave consumers in the lurch

On Thursday, Dec. 22., as Americans prepared for the holidays and braced for massive winter storms, the password manager LastPass announced to its 33 million customers that it suffered a major security breach.
...
Based on the public notification from LastPass, the potential implications of the incident were anything but clear. Security experts immediately criticized LastPass’s announcement as misleading and difficult to understand. The company’s announcement seemed to imply that it would be difficult for the attacker to decrypt stolen passwords, but that would very much depend on a given user’s master password.
...
The U.S. famously does not have a federal privacy law — something that might determine the rights of consumers to know their personal data has been stolen. What it has instead are 50 different state laws governing breach notification. When a company realizes its systems have been breached and data inappropriately accessed, it must examine the affected users state by state and determine whether the data stolen and belonging to them qualifies for notification under each user’s state data-breach notification regime.
...
Beyond its difficult-to-parse post announcing the breach, LastPass has stayed silent regarding what exactly transpired on its systems ... Based on communications LastPass sent to some affected customers and obtained by CyberScoop, the company has informed some customers directly about the breach, but these notices have included few details to help customers understand the implications of the breach.
...
The use of a password manager represents a foundational component of improving security for ordinary consumers — but that also creates a juicy target for hackers looking to obtain passwords to a large number of accounts to enable other attacks.
...
In the case of the breach LastPass disclosed in December, one breach appears to have led to another. According to the company, “an unknown threat actor” accessed a cloud-based storage environment “leveraging information” that was, in turn, stolen from a breach disclosed in August.
...
LastPass has emphasized that while the attacker was able to steal encrypted password data, this data could not be decrypted without access to the master password, which only the user is in possession of. So long as a user picked a strong master password, the company claims, an attacker probably won’t be able to decrypt the stolen passwords — running a brute force attack to do so would simply take too long.

Take in consideration that guessing a master password is way easier than individually decrypting ALL passwords handled by that master password.

GitHub disables pro-Russian hacktivist DDoS pages

GitHub on Tuesday disabled accounts on the platform belonging to a pro-Russian hacktivist group linked to attacks on entities in NATO countries, including efforts to disrupt the websites of Denmark’s central bank and other financial institutions in the country, GitHub confirmed to CyberScoop.

The group, NoName057(16), used the software development platform to host its distributed denial of service (DDoS) tool website and code used in its attacks, researchers with SentinelOne said Thursday. The researchers reported the activity to Github, prompting the company to disable the group’s accounts earlier this week.
...
NoName057(16) distributes cryptocurrency to its top DDoS contributors. And while its DDoS attacks have been generally short-lived, the financial incentives offered by the group encourage “people to contribute more technical resources for a more powerful attack,” SentinelOne’s researchers note.

The group has shown a willingness to target a wide range of organizations across NATO, said Tom Hegel, a senior threat researcher with SentinelOne’s SentinelLabs. By offering a financial incentive, “individuals contributing to the attacks may have financial gain in mind, rather than politics—meaning there is a larger pool of potential contributors,” Hegel said.
...
NoName057(16) initially targeted Ukrainian news sites starting in March of this year but shifted to attacking various entities in NATO countries, in a bid to silence “what the group deems to be anti-Russian,” according to Hegel and Milenkoski.

The group tends to shift targets depending on current events, the researchers note. In December, for instance, the group disrupted websites in Poland shortly after lawmakers there recognized Russia as a state sponsor of terrorism. In January, the group targeted the cargo and shipping sectors in Lithuania, before turning to targets in Denmark.
...
Attacking in retaliation for the Czech Republic’s role in training Ukrainian soldiers, NoName057(16) claimed to have taken down a website belonging to presidential candidate Tomas Zima.

Commands sent from NoName057(16)’s command and control server make it clear the group has attacked websites belonging to other candidates in the Czech presidential election, Hegel said, rendering some of them intermittently available over the course of Wednesday.

[kyonides]

Some of the following articles had been published in NOTW originally, but now it seems sort of clear that we are dealing with a massive CYBERATTACK hitting 3 NATO countries the very same day.

Failure of Crucial FAA System Software Grounds Thousands of Planes Across US

This prompted a nationwide ground stop to all flights in the morning hours of Jan. 11, which lasted about an hour-and-a-half before the FAA announced it was resuming flights at 8:50 a.m. (ET).
...
The FAA released a statement about eight hours after the ground stop ended saying they are investigating the problems that led to the malfunction of their safety program.

“We are continuing a thorough review to determine the root cause of the Notice to Air Missions (NOTAM) system outage,” the FAA said.

“Our preliminary work has traced the outage to a damaged database file. At this time, there is no evidence of a cyber attack. We are working diligently to further pinpoint the causes of this issue and take all needed steps to prevent this kind of disruption from happening again.”

However, the Department of Transportation has not ruled out “nefarious activity” as the reason behind the computer outage, as The Epoch Times previously reported.

The FAA reports it lasted for about an hour and a half, but people suffered the consequences of its recklessness for many more hours after they had sent the command to resume flights. 

Canada's air hazard notification system experiences brief disruption

The computer system that alerts airlines and pilots flying in Canadian airspace to potential hazards experienced a brief disruption on Wednesday.

The system, called the Notice to Air Missions (NOTAM) system, is operated by Nav Canada, a private non-profit that owns and operates Canada's air traffic control system.

Nav Canada said it began experiencing problems with the NOTAM entry system on Wednesday morning that left it unable to send new updates to airlines.

No flights were delayed as a result, said Nav Canada, and the system came back online in the early afternoon.
...
Later Wednesday evening, Nav Canada said it believed the issue was caused by a computer hardware failure. The agency ruled out the possibility that it was caused by a cyber attack.

A number of Canadian flights to and from the U.S. were disrupted Tuesday and Wednesday due to a breakdown in the U.S. NOTAM system.

And here comes the actual novelty!

Cyberattack halts Royal Mail's overseas post

If you’re looking to send letters or parcels outside of the UK using Royal Mail, you’ll want to hold off for a little while. Royal Mail is suffering from “severe disruption” after an unnamed cyber incident.

We are temporarily unable to despatch items to overseas destinations. We strongly recommend that you temporarily hold any export mail items while we work to resolve the issue. Items that have already been despatched may be subject to delays. We would like to sincerely apologise to impacted customers for any disruption this incident is causing.

Our import operations continue to perform a full service, with some minor delays. Parcelforce Worldwide export services are still operating to all international destinations though customers should expect delays of one to two days.

The date on the announcement is January 11, 2023. Those British never add the -th suffix. 

The attack is being investigated by third parties, but there’s no word currently with regard to how quickly the services will be back online. Royal Mail has told Bleeping Computer that domestic deliveries are unaffected, so for now people will just have to steer clear of anything overseas bound. 

This is an excerpt of Bleeping Computer's article:

A UK National Cyber Security Centre (NCSC) spokesperson said that the NCSC is "aware of an incident affecting Royal Mail Group Ltd and are working with the company, alongside the National Crime Agency, to fully understand the impact."

"Our teams are working around the clock to resolve this disruption and we will update you as soon as we have more information," Royal Mail also said on Wednesday.

Draw your own (ongoing) conclusions.

[kyonides]

FAA Reveals Alleged Cause of Nationwide System Going Down,
Causing All Flights to Be Grounded

the FAA issued a statement later on Jan. 11 indicating that the outage was caused by an internal system error.

“The FAA is continuing a thorough review to determine the root cause of the Notice to Air Missions (NOTAM) system outage,” the FAA said in the statement. “Our preliminary work has traced the outage to a damaged database file.”

The FAA didn’t disclose why the database file was damaged.

“At this time, there is no evidence of a cyber attack,” the statement reads. “The FAA is working diligently to further pinpoint the causes of this issue and take all needed steps to prevent this kind of disruption from happening again.”
...
“Pete Buttigieg couldn’t organize a one-car funeral,” Sen. Tom Cotton (R-Ark.) wrote on Twitter. “He was never remotely qualified for this role.”
...
“Today the FAA (Federal Aviation Administration) grounded all flights because of a failure in their old, outdated system,” Crenshaw wrote. “So what was [Buttigieg] doing behind-the-scenes to prevent outages like this from happening?”

Buttigieg was “making acronyms more ‘inclusive’ by renaming the NOTAM system from ‘Notice to Airmen’ to ‘Notice to Air Missions,'” Crenshaw wrote in a subsequent Twitter post.
...
the FAA has long struggled to modernize some long-standing parts of air traffic control. A 2021 Transportation Department Office of Inspection General (OIG) report repeatedly cited challenges in the FAA’s multibillion-dollar Next Generation Air Transportation System infrastructure project.

The OIG said that its work “has shown that FAA has struggled to integrate key NextGen technologies and capabilities due to extended program delays that caused ripple effect delays with other programs.”

 The official statement sounds extremely laughable after knowing what took place in both Canada and the UK the very same day. Plus, they should always have some backups or backup systems, that's something any wise IT guy should know very well by now.

Internal Twitter Documents Show Prominent Democrats Pushed Russiagate Lie

The 14th installment of the Twitter Files was released on Jan. 12 by journalist Matt Taibbi, who explained in a series of posts that, at a key moment in the Trump-Russia investigation, Democrats alleged that “Russian bots” were spreading an explosive report from then-Chairman of the House Intelligence Committee Rep. Devin Nunes (R-Calif.).
...
“Twitter officials were aghast, finding no evidence of Russian influence,” Taibbi continued.

In support of this take, Taibbi shared screenshots of correspondence from Twitter executives to several Congressional Democrats, including Rep. Adam Schiff (D-Calif.) and Sen. Dianne Feinstein (D-Calif.), confirming that Twitter had “not identified any significant activity connected to Russia with respect to Tweets posting original content to this [#ReleaseTheMemo] hashtag.”
...
The memo showed how the FBI under the Obama administration used unverified opposition research—the infamous “Steele Dossier” funded by Hillary Clinton’s presidential campaign and the Democratic National Committee—to obtain a FISA warrant to spy on Trump campaign volunteer Carter Page as part of an investigation into alleged Russian interference in the 2016 presidential election.

The claims made in the Nunes memo were confirmed by Justice Department Inspector-General Michael Horowitz in his report, released on Dec. 9, 2019.
...
Just days later, on Jan. 23, 2018, Democrat lawmakers, including Feinstein and Schiff, wrote an open letter to then-Twitter CEO Jack Dorsey and Facebook CEO Mark Zuckerberg to investigate allegations of “Russian bots and trolls surrounding the #ReleaseTheMemo online campaign.”
...
Sen. Richard Blumenthal (D-Conn.) to himself issue a letter later that day that also alleged the hashtag was a part of Russian disinformation campaigns.

“We find it reprehensible that Russian agents have so eagerly manipulated innocent Americans,” he wrote in a letter issued later that day—even though before the letter’s issuance, Twitter’s staff told the senator’s staffers they did not believe Russian bots were behind the hashtag, Taibbi reported.

Here are the controversial memo and the hashtag letter mentioned above.

[kyonides]

Back in January 19th...

T-Mobile investigates yet another data breach, this one affecting 37 million accounts

T-Mobile...disclosed in a financial filing Thursday that the company is investigating another breach that impacted as many as 37 million users.

A malicious actor was able to gain access to an internal system allowing them to steal account information including names, billing addresses, emails, phone numbers, dates of birth and account numbers. The bad actor was not able to access Social Security numbers, driver’s licenses, passwords/PINs, or other financial information, according to the filing.
...
The bad actor appeared to first breach an application programming interface around Nov. 25, 2022, and T-Mobile discovered the intrusion on Jan. 5. The company states that it has notified federal agencies about the incident and is working with federal law enforcement.
...
This is T-Mobile’s sixth major breach since 2018. T-Mobile suffered a breach of 50 million accounts in 2021, sparking an investigation by the FCC. The results of that investigation have not been made public, but it could lead to significant fines for the company.

Cybercriminals scam two federal agencies via remote desktop tool, CISA warns

Cybercriminals duped federal employees into downloading remote monitoring and management software and then used it to execute scams to steal money from victims’ bank accounts, top cybersecurity officials said Wednesday.

In an alert warning agencies about the malicious use of remote management software, in this case ConnectWise Control and AnyDesk, officials said that while the specific activity “appears to be financially motivated and targets individuals, the access could lead to additional malicious activity against the recipient’s organization—from both other cybercriminals and [advanced persistent threat] actors.”
...
Additionally, the alert said help desk-themed phishing emails were sent since at least June 2022 to multiple federal civilian agencies. CISA detailed the two instances of suspected malicious activity discovered in October using the federal intrusion detection program known as EINSTEIN. In mid-June, a federal civilian agency received a phishing email and the victim called a phone number contained in the message and led them to a malicious domain. In mid-September, CISA identified traffic flowing between an agency network and a malicious domain.

The campaign continued until at least early November, the alert said. The hackers impersonated help desk services such as Geek Squad Services, general tech support owned by Best Buy, as well as Norton, Amazon, McAfee and PayPal in order to dupe victims. Once the hackers had access to the victims’ machines, they could potentially sell any network access to other cyber criminals or APT groups, according to the alert.
...
The report warned that, generally, remote management software does not trigger antivirus or anti-malware defenses and that hackers can use legitimate RMM software in a portable executable which can “bypass administrative privilege requirements and software management control policies.”

FBI seizes Hive ransomware group infrastructure after lurking in servers for months

fter seven months spent lurking inside a notorious ransomware group’s networks, swiping decryption keys for its victims, the FBI and international partners seized infrastructure behind Hive ransomware attacks.

Since June 2021, Hive has targeted more than 1,500 victims globally, including disrupting health care providers during the height of the COVID-19 pandemic. Victims paid more than $100 million in ransom to the group, which attacked a U.S. victim in Florida as recently as 15 days ago, according to Attorney General Merrick Garland.

The successful international operation against the group, considered a top-five ransomware threat by the FBI, is a major victory for the ongoing and frustrating battle against the scourge or ransomware that costs victims hundreds of million of dollars annually.

While staking out Hive’s network, the FBI disrupted multiple attacks, including ones against a Louisiana hospital, a food services company and a Texas school district. The investigation led to two servers in Los Angeles that FBI agents took down with a court order Wednesday night. Law enforcement from the Netherlands and Germany contributed to the operation.

Normally, the North Koreans wouldn't hit the news at all, but this time it's  game related!

North Korean cryptocurrency hackers expand target list

North Korean hackers known for cryptocurrency heists are expanding their targets to include education, government and healthcare, according to researchers tracking the group. The activity could be a sign that the group, which is suspected in two high-profile cryptocurrency hacks in 2022, may have even bigger plans for 2023.

Researchers at the cybersecurity firm Proofpoint observed in early December a massive wave of phishing emails from a cluster of North Korea-related hacking activity linked to TA444, the firm’s name for the group. The latest campaign, which blasted more emails than researchers attributed to that group in all of 2022, tried to entice users to click a URL that redirected to a credential harvesting page.
...
To help avoid phishing detection tools, TA444 uses email marketing tools to engage with targets.
...
TA444 has overlapped with Lazarus, a group of North Korean hackers to which the FBI attributed a record $600 million dollar cryptocurrency attack on Ronin Bridge, the infrastructure that connected the Axie Infinity video game with the Ethereum blockchain. The FBI on Monday attributed a separate $100 million hack of the Harmony Bridge to the group after the hackers recently tried to launder $60 million worth of currency stolen in the heist.

[kyonides]

Vulnerabilities could let hackers remotely shut down EV chargers, steal electricity

Two vulnerabilities in a commonly used networking protocol for electric vehicle chargers could allow hackers to remotely shut down charging stations or manipulate docking stations to recharge for free, according to a report from cybersecurity firm Saiflow.
...
A fix for the vulnerabilities is available, but Tiberg-Shachar pointed out that the burgeoning EV industry has been slow to deploy the update. The discovery of the flaws and the market’s uneven response suggests cybersecurity could be a growing concern as Washington has made building infrastructure for electric cars a priority. The 2021 bipartisan infrastructure law gave states $7.5 billion over five years to install electric vehicle charging stations. Last September, the administration launched an initiative to build out charging networks along 75,000 miles of interstate highways.

Those EV chargers are connected to a management system platform, usually on the cloud, that allows operators to track the infrastructure stability, energy management, EV charge requests and handles billing. Most chargers use the open charge point protocol (OCPP) — a popular open-source communication standard — to communicate between electric vehicle charging stations and management systems.
...
With that access, a hacker can shut down that group of chargers that use OCPP, whether those are installed in a private home or at a highway gas station. They can also use other identifiers to steal energy from those chargers. Even more, the vulnerability gives some access to the surrounding components, said Tiberg-Shachar.

Those related systems could include “battery management systems, like energy management systems, like smart meters that are connected and in some cases, the distributed energy resources, components that are connected to these networks,” he said.
...
He said that their company is working with some of the major EV charger players to mitigate the risks.

IF you ever thought that your home car charger was safe, you better think it 1 million times because it isn't.
Make sure to get somebody you can trust to patch it properly.

[kyonides]

Sanctioned Iranian hackers behind Charlie Hebdo breach, Microsoft says

An Iranian cybersecurity company sanctioned by the U.S. government for meddling in U.S. elections was responsible for stealing and attempting to sell subscriber data from the French satirical magazine Charlie Hebdo, Microsoft researchers said Friday.

The hackers, believed to be affiliated with the sanctioned Iranian cybersecurity company Emennet Pasargad, breached Charlie Hebdo’s systems after the publication announced in December a contest for caricatures of  Supreme Leader Ayatollah Ali Khamenei, whom it described as a “symbol of backward-looking, narrow-minded, intolerant religious power.”

On January 4, a user identifying themselves as “Holy Souls” posted a notice to a popular hacking forum claiming that it had obtained the personal information of 230,000 Charlie Hebdo customers — including names, emails, phone numbers, addresses and financial information. The user claimed to have obtained an additional 250,000 other documents, including invoices, tax reports and “Classified documents.”

The user wanted 20 bitcoins — worth roughly $340,000 at the time — in exchange for the data. The user’s post included screenshots purporting to show the data, and the French newspaper Le Monde verified with several victims the veracity of the data contained in the sample.

In 2015, Islamic State militants attacked the offices of Charlie Hebdo, leaving 12 people dead. The magazine, with a long history of publishing inflammatory satire, landed in the crosshairs of extremist militants in large part due to its history of publishing cartoons of the Prophet Muhammad.

Microsoft researchers cautioned that the hack may put the magazine’s subscribers in danger. “The release of the full cache of stolen data — assuming the hackers actually have the data they claim to possess — would essentially constitute the mass doxing of the readership of a publication that has already been subject to extremist threats (2020) and deadly terror attacks (2015),” the researchers said.
...
Ahead of the 2022 midterm elections, the FBI issued a bulletin warning that Emennet Pasargad had been using false-flag campaigns under multiple personas” to target Israeli organizations with hack-and-leak campaigns and could use them against targets in the United States.

UK MP Asks Expert About Risks of AI and Is Told ‘It Could Kill Everyone’

At a hearing of Parliament’s Science and Technology Committee, Conservative MP Tracey Crouch asked Michael Cohen, a doctoral candidate in Engineering Science at Oxford University, to “expand on some of the risks you think are posed by AI systems to their end users.”

Cohen replied, “There is a particular risk … which is that it could kill everyone.”

He explained by using an allegory of training a dog with the use of treats as a reward.

Cohen said: “It will learn to pick actions that lead to getting treats, and we can do similar things with AI. But if the dog finds the treat cupboard it can get the treats itself without doing what we want it to do.”

He added, “If you imagine going into the woods to train a bear with a bag of treats, by selectively withholding and administering treats depending on whether it’s doing what you want it to do, what they will probably actually do is take the treats by force.”

Cohen warned of a paradigm shift where AI was capable of “taking over the process.”
...
He said: “AI can cover prediction and it can cover planning mainly, and for things that are only doing prediction this is not an outcome that I think we should expect. It’s distinctly possible to develop regulation that prevents the sorts of dangerous AI that I’m talking about, while leaving open an enormous set of economically-valuable forms of AI.”
...
Cohen said the “economic output of horses” collapsed after the combustion engine was developed in the early part of the 20th century, but he said AI was not yet ready to replace humans as cars replaced horse-driven wagons and stagecoaches.

“Because AI isn’t at the level where it can do what we do,” Cohen said.

 I guess it'd be far easier to simply stop any advance use of AI than developing such "regulations" that a hacker can modify at will anyway. It's not like they'll become real life Daleks, right?