Hacking & Cyberwarfare News and Discussions

User avatar
wjfox
Site Admin
Posts: 8730
Joined: Sat May 15, 2021 6:09 pm
Location: London, UK
Contact:

Re: Hacking & Cyberwarfare News and Discussions

Post by wjfox »

Cyber security: Global food supply chain at risk from malicious hackers

By Claire Marshall & Malcolm Prior
BBC Rural Affairs Team

Published 3 days ago

Modern "smart" farm machinery is vulnerable to malicious hackers, leaving global supply chains exposed to risk, experts are warning.

It is feared hackers could exploit flaws in agricultural hardware used to plant and harvest crops.

Agricultural manufacturing giant John Deere says it is now working to fix any weak spots in its software.

A recent University of Cambridge report said automatic crop sprayers, drones and robotic harvesters could be hacked.

The UK government and the FBI have warned that the threat of cyber-attacks is growing.

https://www.bbc.co.uk/news/science-environment-61336659


Image
Credit: CLAIRE MARSHALL
User avatar
caltrek
Posts: 6509
Joined: Mon May 17, 2021 1:17 pm

Re: Hacking & Cyberwarfare News and Discussions

Post by caltrek »

Costa Rica Chaos a Warning that Ransomware Threat Remains
by Alan Suderman and Ben Fox
June 17, 2022

Introduction:
WASHINGTON (AP via Courthouse News) — Teachers unable to get paychecks. Tax and customs systems paralyzed. Health officials unable to access medical records or track the spread of COVID-19. A country’s president declaring war against foreign hackers saying they want to overthrow the government.

For two months now, Costa Rica has been reeling from unprecedented ransomware attacks disrupting everyday life in the Central American nation. It’s a situation raising questions about the United States’ role in protecting friendly nations from cyberattacks when Russian-based criminal gangs are targeting less developed countries in ways that could have major global repercussions.

“Today it’s Costa Rica. Tomorrow it could be the Panama Canal,” said Belisario Contreras, former manager of the cybersecurity program at the Organization of American States, referring to a major Central American shipping lane that carries a large amount of U.S. import and export traffic.

Last year, cybercriminals launched ransomware attacks in the U.S. that forced the shutdown of an oil pipeline that supplies the East Coast, halted production of the world’s largest meat-processing company and compromised a major software company that has thousands of customers around the world.

The Biden administration responded with a whole of government action that included included diplomatic, law enforcement and intelligence efforts designed to put pressure on ransomware operators.
Read more here: https://www.courthousenews.com/costa- ... -remains/

caltrek’s comment: Meanwhile, the Republican response seems to be to join forces with these hacker-prone hostile powers in order to hasten our enslavement.
Don't mourn, organize.

-Joe Hill
User avatar
Time_Traveller
Posts: 2090
Joined: Sun May 16, 2021 4:49 pm
Location: Clermont, Indiana, USA, October 7th 2019 B.C.E

Re: Hacking & Cyberwarfare News and Discussions

Post by Time_Traveller »

Could the Russian cyber attack on Lithuania draw a military response from NATO?
Tuesday 28 June 2022

A NATO member is under attack.

Normally the meaning of this would be frighteningly clear, but this is an attack with a difference: not a physical attack, but a cyber attack; and working out what a cyber attack means is never simple.

The NATO member in question is the Baltic state of Lithuania, which was targeted on Monday by Russian hackers. According to the hackers, the attack is still going on.

Transport and media websites have been hit, as have the websites of various state institutions such as the Lithuanian tax service, which had to pause its operations yesterday.

A Russian hacker group known as Killnet claimed responsibility for the attacks, claiming on its Telegram channel that the attack was retaliation for Lithuania's decision to stop the transit of some goods to the Russian territory of Kaliningrad on the Baltic coast.
https://news.sky.com/story/could-the-ru ... o-12641986
"We all have our time machines, don't we. Those that take us back are memories...And those that carry us forward, are dreams."

-H.G Wells.
User avatar
caltrek
Posts: 6509
Joined: Mon May 17, 2021 1:17 pm

Re: Hacking & Cyberwarfare News and Discussions

Post by caltrek »

A Small Canadian Town is Being Extorted by a Global Ransomware Gang
by Corin Faife
July 22, 2022

Introduction:
(The Verge) The Canadian town of St. Marys, Ontario, has been hit by a ransomware attack that has locked staff out of internal systems and encrypted data.

The small town of around 7,500 residents seems to be the latest target of the notorious LockBit ransomware group. On July 22nd, a post on LockBit’s dark web site listed townofstmarys.com as a victim of the ransomware and previewed files that had been stolen and encrypted.

In a phone call, St. Marys Mayor Al Strathdee told The Verge that the town was responding to the attack with the help of a team of experts.

“To be honest, we’re in somewhat of a state of shock,” Strathdee said. “It’s not a good feeling to be targeted, but the experts we’ve hired have identified what the threat is and are walking us through how to respond. Police are interested and have dedicated resources to the case ... there are people here working on it 24/7.”

Strathdee said that after systems were locked, the town had received a ransom demand from the LockBit ransomware gang but had not paid anything to date. In general, the Canadian government’s cybersecurity guidance discouraged the paying of ransoms, Strathdee said, but the town would follow the incident team’s advice on how to engage further.
Read more here: https://www.theverge.com/2022/7/22/23 ... incident
Don't mourn, organize.

-Joe Hill
User avatar
caltrek
Posts: 6509
Joined: Mon May 17, 2021 1:17 pm

Re: Hacking & Cyberwarfare News and Discussions

Post by caltrek »

Cybersecurity Vendor Entrust Tells Customers Data Was Stolen During a June Cyberattack
by Carly Page
July 27, 2022

Introduction:
(TechCrunch) Minneapolis-based cybersecurity giant Entrust has confirmed it was hit by a cyberattack last month.

Entrust, which describes itself as a global leader in identities, payments and data protection, told TechCrunch that an “unauthorized party” was able to access parts of its system that are used for the internal operations on June 18.

“We promptly began an investigation with the assistance of a leading third-party cybersecurity firm and have informed law enforcement,” Ken Kadet, vice president of communications at Entrust, said in a statement. “While our investigation is ongoing, we have found no indication to date that the issue has affected the operation or security of our products and services, which are run in separate, air-gapped environments from our internal systems and are fully operational.”

Cybersecurity researcher Dominic Alvieri obtained and published a July 6 notice sent to Entrust customers, which cited Entrust CEO Todd Wilkinson saying that “some files were taken from our internal systems.”

“As we continue to investigate the issue, we will contact you directly if we learn information that we believe would affect the security of the products and services we provide to your organization,” Wilkinson added in its note to customers.
Read more here: https://techcrunch.com/2022/07/27/entr ... erattack/
Don't mourn, organize.

-Joe Hill
User avatar
caltrek
Posts: 6509
Joined: Mon May 17, 2021 1:17 pm

Re: Hacking & Cyberwarfare News and Discussions

Post by caltrek »

U.S. Issues Rare Security Alert as Montenegro Battles Ongoing Ransomware Attack
Carly Page
August 31, 2022

Introduction:
(TechCrunch) The U.S. Embassy in Montenegro has warned Americans that an ongoing ransomware attack in the country could cause widespread disruption to key public services and government services.

The ransomware attack, first confirmed by Montenegro’s Agency for National Security (ANB) last week, targeted government systems and other critical infrastructure and utilities, including electricity, water systems and transportation. At the time of writing, the official website of the government of Montenegro is unavailable and reports suggest that several power plants have switched to manual operations as a result of the attack.

Officials in Montenegro claimed no data was stolen and claimed that no permanent damage was done as a result of the attack.

However, Montenegro’s ANB declared that the country was “under a hybrid war,” and blamed “coordinated Russian services” for the attack. Relations between the two countries have remained strained since Montenegro joined the NATO alliance of Western countries in 2017, after which Russia threatened retaliatory action.

The U.S. Embassy in Montenegro has since published its own notice, writing that the government was facing a “persistent and ongoing” cyberattack. “The attack may include disruptions to the public utility, transportation (including border crossings and airport), and telecommunication sectors,” the Embassy warned. It advised citizens residing in the Balkan state to limit travel, review personal security plans, and “be aware of your surroundings.”


Read more here: https://techcrunch.com/2022/08/31/mont ... -warning/

Image
Montenegro
Don't mourn, organize.

-Joe Hill
User avatar
caltrek
Posts: 6509
Joined: Mon May 17, 2021 1:17 pm

Re: Hacking & Cyberwarfare News and Discussions

Post by caltrek »

Uber Investigating Cybersecurity Incident After Hacker Breaches Its Internal Network
by Carly Page
September 16, 2022

Introduction:
(Techcrunch) Uber confirmed on Thursday that it’s responding to a cybersecurity incident after reports claimed a hacker had breached its internal network.

The ride-hailing giant discovered the breach on Thursday and has taken several of its internal communications and engineering systems offline while it investigates the incident, according to a report by The New York Times, which broke news of the breach.

Uber said in a statement given to TechCrunch that it’s investigating a cybersecurity incident and is in contact with law enforcement officials, but declined to answer additional questions.

The sole hacker behind the beach, who claims to be 18 years old, told the Times that he compromised Uber because the company had weak security. The attacker reportedly used social engineering to compromise an employee’s Slack account, persuading them to hand over a password that allowed them access to Uber’s systems. This has become a popular tactic in recent attacks against well-known companies, including Twilio, Mailchimp and Okta.

Shortly before the Slack system was taken offline on Thursday afternoon, Uber employees received a message that read, “I announce I am a hacker and Uber has suffered a data breach,” the Times reports. The hacker also reportedly said that Uber drivers should receive higher pay.
Read more here: https://techcrunch.com/2022/09/16/uber ... ork-hack/

Here is an update on that item:
Washington (CNN Business)Uber has linked the cybersecurity incident it disclosed last week to hackers affiliated with the Lapsus$ gang, a group accused of numerous high-profile corporate data breaches. The company also said the attackers were able to download or access company Slack messages and invoice-related data from an internal tool.
Read more here:https://www.cnn.com/2022/09/19/tech/ube ... index.html
Last edited by caltrek on Mon Sep 19, 2022 8:48 pm, edited 2 times in total.
Don't mourn, organize.

-Joe Hill
User avatar
caltrek
Posts: 6509
Joined: Mon May 17, 2021 1:17 pm

Re: Hacking & Cyberwarfare News and Discussions

Post by caltrek »

LockerGoga Ransomware Victims Can Now Recover Their Files for Free
by Carly Page
September 19, 2022

Introduction:
(TechCrunch) Victims of the LockerGoga ransomware can now recover their stolen files for free, thanks to a new decryptor released by Romanian cybersecurity firm Bitdefender and the NoMoreRansom Initiative.

The LockerGoga ransomware family, known for its attacks against industrial organizations, first emerged in 2019.The file-encrypting malware was infamously used in an attack against Norsk Hydro in March 2019, forcing the Norwegian aluminum manufacturer to stop production for almost a week at a cost of more than $50 million. It was also used in attacks against Altran Technologies, a French engineering consultancy, and U.S.-based chemical companies Hexion and Momentive.

According to the Zurich Public Prosecutor’s Office, which also participated in the development of the decryptor along with Europol, the operators of LockerGoga were involved in ransomware attacks against more than 1,800 individuals and institutions in 71 countries, causing more than $100 million in damage.

The group behind the LockerGoga ransomware has been inactive since October 2021, when U.S. and European law enforcement agencies arrested 12 alleged members. Following the arrests, police spent months examining the data collected during the raid and discovered the group’s encryption keys to unlock data from LockerGoga ransomware attacks, the Zurich Public Prosecutor’s Office said.

“Decryption of data is normally possible when we either identify a vulnerability in the ransomware code or when individual decryption keys become available,” Bogdan Botezatu, director of threat research and reporting at Bitdefender, told TechCrunch. “This decryptor relies on the keys seized in the 2021 arrests, which have been shared with us privately as per our collaboration with the involved law enforcement authorities.”
Read more here: https://techcrunch.com/2022/09/19/lock ... cryption/
Don't mourn, organize.

-Joe Hill
User avatar
caltrek
Posts: 6509
Joined: Mon May 17, 2021 1:17 pm

Re: Hacking & Cyberwarfare News and Discussions

Post by caltrek »

India’s Central Depository Services Limited (CDSL) Says Malware Compromised Its Network
by Jagmeet Singh
November 18, 2022

Introduction:
(TechCrunch) India’s leading central securities depository, Central Depository Services Limited, or CDSL, says its systems have been compromised by malware.

On Friday, the securities depository said in a filing with India’s National Stock Exchange that it detected malware affecting “a few of its internal machines.”

“As a matter of abundant caution, the company immediately isolated the machines and disconnected itself from other constituents of the capital market,” the filing said.

CSDL said it continues to investigate, and that it has so far “no reason to believe that any confidential information or the investor data has been compromised” due to the incident.

CDSL has not yet revealed the exact details of the malware. At the time of writing, the company’s website was down. The company declined to say if the two are related
Read more here: https://techcrunch.com/2022/11/18/cdsl ... -systems/
Don't mourn, organize.

-Joe Hill
User avatar
caltrek
Posts: 6509
Joined: Mon May 17, 2021 1:17 pm

Re: Hacking & Cyberwarfare News and Discussions

Post by caltrek »

NSA Says Chinese Hackers Are Exploiting a Zero Day Bug inn Popular Networking Gear
by Carly Page
December 14, 2022

Introduction:
(TechCrunch) The U.S. National Security Agency is warning that Chinese government-backed hackers are exploiting a zero-day vulnerability in two widely used Citrix networking products to gain access to targeted networks.

The flaw, tracked as CVE-2022-27518, affects Citrix ADC, an application delivery controller, and Citrix Gateway, a remote access tool, and are both popular in enterprise networks. The critical-rated vulnerability allows an unauthenticated attacker to remotely run malicious code on vulnerable devices — no passwords needed. Citrix also says the flaw is being actively exploited by threat actors.

“We are aware of a small number of targeted attacks in the wild using this vulnerability,” Peter Lefkowitz, chief security and trust officer at Citrix, said in a blog post. “Limited exploits of this vulnerability have been reported.” Citrix hasn’t specified which industries the targeted organizations are in or how many have been compromised. A Citrix spokesperson did not immediately respond to TechCrunch’s questions.

Citrix rushed out an emergency patch for the vulnerability on Monday and is urging customers using affected builds of Citrix ADC and Citrix Gateway to install the updates immediately.

Citrix didn’t share any further details about the in-the-wild attacks. However, in a separate advisory, the NSA said that APT5, a notorious Chinese hacking group, has been actively targeting Citrix ADCs in order to break into organizations without having to first steal credentials. The agency also provided threat-hunting guidance [PDF] for security teams and asked for intelligence sharing among the public and private sectors.
Read more here: https://techcrunch.com/2022/12/14/nsa- ... ing-gear/
Don't mourn, organize.

-Joe Hill
Post Reply