Hacking & Cyberwarfare News and Discussions

Nanotechandmorefuture
Posts: 478
Joined: Fri Sep 17, 2021 6:15 pm
Location: At the moment Miami, FL

Re: Hacking & Cyberwarfare News and Discussions

Post by Nanotechandmorefuture »

caltrek wrote: Wed Dec 14, 2022 9:27 pm NSA Says Chinese Hackers Are Exploiting a Zero Day Bug inn Popular Networking Gear
by Carly Page
December 14, 2022

Introduction:
(TechCrunch) The U.S. National Security Agency is warning that Chinese government-backed hackers are exploiting a zero-day vulnerability in two widely used Citrix networking products to gain access to targeted networks.

The flaw, tracked as CVE-2022-27518, affects Citrix ADC, an application delivery controller, and Citrix Gateway, a remote access tool, and are both popular in enterprise networks. The critical-rated vulnerability allows an unauthenticated attacker to remotely run malicious code on vulnerable devices — no passwords needed. Citrix also says the flaw is being actively exploited by threat actors.

“We are aware of a small number of targeted attacks in the wild using this vulnerability,” Peter Lefkowitz, chief security and trust officer at Citrix, said in a blog post. “Limited exploits of this vulnerability have been reported.” Citrix hasn’t specified which industries the targeted organizations are in or how many have been compromised. A Citrix spokesperson did not immediately respond to TechCrunch’s questions.

Citrix rushed out an emergency patch for the vulnerability on Monday and is urging customers using affected builds of Citrix ADC and Citrix Gateway to install the updates immediately.

Citrix didn’t share any further details about the in-the-wild attacks. However, in a separate advisory, the NSA said that APT5, a notorious Chinese hacking group, has been actively targeting Citrix ADCs in order to break into organizations without having to first steal credentials. The agency also provided threat-hunting guidance [PDF] for security teams and asked for intelligence sharing among the public and private sectors.
Read more here: https://techcrunch.com/2022/12/14/nsa- ... ing-gear/
The Chinese hackers probably are... the NSA. The amount of sometimes out of nowhere news that the gov hacks their own stuff and blames others that has come out is hilarious in itself. It could be the Chinese but after those articles were put out I just shake my head at things like this.
User avatar
caltrek
Posts: 6509
Joined: Mon May 17, 2021 1:17 pm

Re: Hacking & Cyberwarfare News and Discussions

Post by caltrek »

Italy Sounds Alarm on Large-scale Computer Hacking Attack
February 5, 2023

Introduction:
ROME (Reuters via MSN) -Thousands of computer servers around the world have been targeted by a ransomware hacking attack, Italy's National Cybersecurity Agency (ACN) said on Sunday, warning organisations to take action to protect their systems.

The hacking attack sought to exploit a software vulnerability, ACN director general Roberto Baldoni told Reuters, adding it was on a massive scale.

Italy's ANSA news agency, citing the ACN, reported that servers had been compromised in other European countries such as France and Finland as well as the United States and Canada.

Dozens of Italian organisations were likely to have been affected and many more had been warned to take action to avoid being locked out of their systems.

Telecom Italia customers reported internet problems earlier on Sunday, but the two issues were not believed to be related.
Read more here: https://www.msn.com/en-us/news/technol ... smsnnews11
Don't mourn, organize.

-Joe Hill
User avatar
caltrek
Posts: 6509
Joined: Mon May 17, 2021 1:17 pm

Re: Hacking & Cyberwarfare News and Discussions

Post by caltrek »

FBI Seizes Genesis Market, a Notorious Hacker Marketplace for Stolen Logins
by Carly Page
April 5, 2023

Introduction:
(Techcrunch) U.S. and international law enforcement agencies have seized Genesis Market, a notorious hacker marketplace used to acquire compromised credentials and digital browser fingerprints.

The FBI announced the takedown, dubbed “Operation Cookie Monster,” on Wednesday. Genesis Market domains now display a notice stating that U.S. law enforcement officials have executed a seizure warrant. “Genesis Market’s domains have been seized by the FBI pursuant to a seizure warrant issued by the United States District Court for the Eastern District of Wisconsin,” the message reads.

In addition to the FBI, the notice says the takedown involved law enforcement agencies from the United Kingdom, Europe, Australia, Canada, Germany, Poland and Sweden.

The operation also saw about 120 people arrested and 200 searches carried out globally. The U.K.’s National Crime Agency said it arrested 19 suspected site users, including two men aged 34 and 36, who are being held on suspicion of fraud and computer misuse. A senior FBI official told TechCrunch that arrests have also been made in the United States, but exact numbers were not confirmed.

“This is the biggest operation of its kind. We’re not just going after administrators or taking sites down; we’re going after users on a global scale,” the official said.
Read more here: https://techcrunch.com/2023/04/05/fbi- ... n-logins/
Don't mourn, organize.

-Joe Hill
User avatar
caltrek
Posts: 6509
Joined: Mon May 17, 2021 1:17 pm

Re: Hacking & Cyberwarfare News and Discussions

Post by caltrek »

Secretary Mayorkas Announces New Measures to Tackle A.I., PRC Challenges at First State of Homeland Security Address
April 21 , 2023

Introduction:
(Department of Homeland Security) DHS Unveils First Task Force Dedicated to Artificial Intelligence and a 90-Day Sprint to Counter PRC Threats at Council on Foreign Relations Event

WASHINGTON – Secretary of Homeland Security Alejandro N. Mayorkas today announced two new groundbreaking initiatives to combat evolving threats during his first address on the State of the Homeland Security. Focused on two trends that will shape what President Biden has called a “decisive decade” for the world” - the revolution created by generative artificial intelligence (AI) and the multi-faceted threat posed by the People’s Republic of China (PRC) - the Secretary unveiled the Department’s first-ever AI Task Force and a Department-wide 90-day sprint to counter PRC threats.

The address, delivered at the Council on Foreign Relations in Washington, DC, also highlighted the mission areas detailed in the Quadrennial Homeland Security Review delivered to Congress yesterday, which include combatting a range of evolving threats like cybersecurity, targeted violence, and crimes of exploitation. The Secretary’s remarks offered an insightful look at how the homeland security environment has changed since the Department was founded 20 years ago, and the modern approach driving it into its third decade.

“The profound evolution in the homeland security threat environment, changing at a pace faster than ever before, has required our Department of Homeland Security to evolve along with it,” said Secretary of Homeland Security Alejandro N. Mayorkas. “We must never allow ourselves to be susceptible to ‘failures of imagination,’ which, as the 9/11 Commission concluded nearly 20 years ago, held us back from connecting the dots and preparing for the destruction that was being planned on that tragic day. We must instead look to the future and imagine the otherwise unimaginable, to ensure that whatever threats we face, our Department – our country – will be positioned to meet the moment.”

The initiatives announced today draw on the entirety of the capabilities and expertise that the more than 260,000 personnel of DHS bring to bear every day in the protection of our homeland. Secretary Mayorkas also participated in a fireside chat with CBS “Face the Nation” moderator and chief foreign affairs correspondent Margaret Brennan, which included questions from the audience of members of the independent foreign policy think tank.

Read more here: https://www.dhs.gov/news/2023/04/21/se ... rst-state
Don't mourn, organize.

-Joe Hill
User avatar
caltrek
Posts: 6509
Joined: Mon May 17, 2021 1:17 pm

Re: Hacking & Cyberwarfare News and Discussions

Post by caltrek »

Reddit Hackers Demand $4.5 Million Ransom and API Pricing Changes
by Mia Sato
June 19, 2023

Introduction:
(The Verge) A ransomware group is claiming responsibility for a hack on Reddit’s systems earlier this year — and demanding not just money but policy changes.

BlackCat, a ransomware group, says it was behind the February phishing attack on Reddit, as previously reported by Bleeping Computer. In a post shared by researcher Dominic Alvieri, BlackCat claims to have stolen 80GB of data from Reddit and threatens to release it publicly if demands aren’t met. The group wants a $4.5 million payout in exchange for the data and also demands Reddit roll back its planned API pricing changes that spurred user and moderator protests last week.

At the time of the hack, Reddit said hackers had used a “sophisticated and highly-targeted” phishing attack to get access to internal documents and data, including contact information for employees and advertisers. The company maintained that the hackers hadn’t accessed user data that wasn’t public.

Reddit declined to comment on the record about the hack. Bleeping Computer reports that the BlackCat hack and the incident disclosed by Reddit in February are the same.

BlackCat’s new demands around API pricing changes follow a contentious back-and-forth between Reddit leadership and some of its most engaged users. After Reddit announced it would begin charging developers of third-party apps — potentially to the tune of millions of dollars a year — many top subreddits went dark in response, limiting new posts and closing public access. In an interview with The Verge, Reddit CEO Steve Huffman said the platform was “never designed” to support third-party apps and that the company wouldn’t pull back from its proposed changes.

Read more here: https://www.theverge.com/2023/6/19/237 ... -huffman
Don't mourn, organize.

-Joe Hill
User avatar
caltrek
Posts: 6509
Joined: Mon May 17, 2021 1:17 pm

Re: Hacking & Cyberwarfare News and Discussions

Post by caltrek »

Two of The World's Most Advanced Telescopes Remain Closed Following Cyberattack
by Mike McCrae
August 31, 2023

Introduction:
(Science Alert) Weeks after a cybersecurity incident was detected by researchers at the US National Science Foundation (NSF), a number of telescopes remain offline.

The Gemini North telescope in Hawaii and the Gemini South telescope in Chile, as well as a number of smaller telescopes on the mountains of Cerro Tololo in Chile, were shut down out of "an abundance of caution", and there is currently no word on when they will return to operation.

On the morning of August 1, IT staff at NSF's NOIRLab detected suspicious activity in its computer systems, prompting a decision to shut down operations at its giant, 8.1-meter diameter optical infrared telescopes on Hawaii's Maunakea to be safe.

The telescope's southern 'twin' in the in the Chilean Andes was already being prepared for maintenance, requiring little action.

While it's not clear what danger – if any – the telescopes themselves might have faced, the threat is a reminder of the fact that science is a costly business, with astronomical research facilities requiring annual budgets that easily run into the millions.
Read more here: https://www.sciencealert.com/two-of-th ... erattack
Don't mourn, organize.

-Joe Hill
User avatar
caltrek
Posts: 6509
Joined: Mon May 17, 2021 1:17 pm

Re: Hacking & Cyberwarfare News and Discussions

Post by caltrek »

How the FBI Took Down the Notorious Qakbot Botnet
by Carly Page and Zack Whittaker
September 1, 2023

Introduction:
(TechCrunch) A global law enforcement operation this week took down and dismantled the notorious Qakbot botnet, touted as the largest U.S.-led financial and technical disruption of a botnet infrastructure.

Qakbot is a banking trojan that became infamous for providing an initial foothold on a victim’s network for other hackers to buy access and deliver their own malware, such as ransomware. U.S. officials said Qakbot has helped to facilitate more than 40 ransomware attacks over the past 18 months alone, generating $58 million in ransom payments.

The law enforcement operation, named “Operation Duck Hunt,” saw the FBI and its international partners seize Qakbot’s infrastructure located in the United States and across Europe. The U.S. Department of Justice, which ran the operation alongside the FBI, also announced the seizure of more than $8.6 million in cryptocurrency from the Qakbot cybercriminal organization, which will soon be made available to victims.

In Tuesday’s announcement, the FBI said it carried out an operation that redirected the botnet’s network traffic to servers under the U.S. government’s control, allowing the feds to take control of the botnet. With this access, the FBI used the botnet to instruct Qakbot-infected machines around the world into downloading an FBI-built uninstaller that untethered the victim’s computer from the botnet, preventing further installation of malware through Qakbot.

The FBI said its operation had identified approximately 700,000 devices infected with Qakbot as of June — including more than 200,000 located in the United States. During a call with reporters, a senior FBI official said that the total number of Qakbot victims is likely in the “millions.”
Read more here: https://techcrunch.com/2023/09/01/fbi- ... ck-hunt/
Don't mourn, organize.

-Joe Hill
User avatar
Time_Traveller
Posts: 2090
Joined: Sun May 16, 2021 4:49 pm
Location: Clermont, Indiana, USA, October 7th 2019 B.C.E

Re: Hacking & Cyberwarfare News and Discussions

Post by Time_Traveller »

Russian cyber-attacks ‘relentless’ as threat of WW3 grows, expert warns
2 hours ago

Cyberattacks by the UK’s enemies are becoming “relentless” as we enter a “new era” of global conflict, an expert has warned.

It comes after Russian hackers allegedly acquired top secret security information on some of the country’s most sensitive military sites, including the HMNB Clyde nuclear submarine base on the west coast of Scotland and the Porton Down chemical weapon lab.

The “potentially very damaging” attack last month by hacking group LockBit, which has known links to Russian nationals, saw thousands of pages of data leaked onto the dark web after private security firm Zaun was targeted, the Sunday Mirror newspaper reported.

The company, which provides security fencing for sites related to the Ministry of Defence, said it had been the victim of a “sophisticated cyber attack”.

Responding to the news, Kevin Curran, professor of cyber security at Ulster University, told the PA news agency that LockBit’s attack was “serious” as we approach a potential “World War Three” following Russia’s invasion of Ukraine.
https://www.independent.co.uk/news/uk/k ... 04118.html
"We all have our time machines, don't we. Those that take us back are memories...And those that carry us forward, are dreams."

-H.G Wells.
User avatar
caltrek
Posts: 6509
Joined: Mon May 17, 2021 1:17 pm

Re: Hacking & Cyberwarfare News and Discussions

Post by caltrek »

A New Technique to Protect Sensitive AI-based Applications from Attackers
September 16, 2023

Introduction:
(Press Release from the University of Tokyo) Most artificially intelligent systems are based on neural networks, algorithms inspired by biological neurons found in the brain. These networks can consist of multiple layers, with inputs coming in one side and outputs going out of the other. The outputs can be used to make automatic decisions, for example, in driverless cars. Attacks to mislead a neural network can involve exploiting vulnerabilities in the input layers, but typically only the initial input layer is considered when engineering a defense. For the first time, researchers augmented a neural network’s inner layers with a process involving random noise to improve its resilience.

Artificial intelligence (AI) has become a relatively common thing; chances are you have a smartphone with an AI assistant or you use a search engine powered by AI. While it’s a broad term that can include many different ways to essentially process information and sometimes make decisions, AI systems are often built using artificial neural networks (ANN) analogous to those of the brain. And like the brain, ANNs can sometimes get confused, either by accident or by the deliberate actions of a third party. Think of something like an optical illusion — it might make you feel like you are looking at one thing when you are really looking at another.

The difference between things that confuse an ANN and things that might confuse us, however, is that some visual input could appear perfectly normal, or at least might be understandable to us, but may nevertheless be interpreted as something completely different by an ANN.

A trivial example might be an image-classifying system mistaking a cat for a dog, but a more serious example could be a driverless car mistaking a stop signal for a right-of-way sign. And it’s not just the already controversial example of driverless cars; there are medical diagnostic systems, and many other sensitive applications that take inputs and inform, or even make, decisions that can affect people.

As inputs aren’t necessarily visual, it’s not always easy to analyze why a system might have made a mistake at a glance. Attackers trying to disrupt a system based on ANNs can take advantage of this, subtly altering an anticipated input pattern so that it will be misinterpreted, and the system will behave wrongly, perhaps even problematically.
Read more here: https://www.u-tokyo.ac.jp/focus/en/pre ... 311.html
Don't mourn, organize.

-Joe Hill
User avatar
caltrek
Posts: 6509
Joined: Mon May 17, 2021 1:17 pm

Re: Hacking & Cyberwarfare News and Discussions

Post by caltrek »

Fidelity National Financial Shuts Down Network In Wake of Cybersecurity Incident
by Lorenzo Franceschi-Bicchierai
November 22, 2023

Introduction:
(TechCrunch) Fidelity National Financial, or FNF, a Fortune 500 company that provides title insurance and settlement services for the mortgage and real estate industries, announced on Tuesday that it was the victim of a “cybersecurity incident that impacted certain FNF systems.”

The company filed a report with the Securities and Exchange Commission (SEC) saying that it has launched an investigation, hired “leading experts” to help, alerted law enforcement and “implemented certain measures to assess and contain the incident.”

“Among other containment measures, we blocked access to certain of our systems, which resulted in disruptions to our business,” the report read, adding that this affected services related to title insurance, escrow, other title-related services and mortgage transactions.

“Based on our investigation to date, FNF has determined that an unauthorized third party accessed certain FNF systems and acquired certain credentials. The investigation remains ongoing at this time,” the report read.
Read more here: https://techcrunch.com/2023/11/22/fide ... ncident/
Don't mourn, organize.

-Joe Hill
Post Reply