cyberattack
Latest
Huge cyberattack against country of Georgia knocks out 15,000 websites
The country of Georgia is reeling from a particularly vicious cyberattack. Officials are investigating after intruders striking on October 28th defaced over 15,000 websites hosted on local provider Pro-Service, including those for the President of Georgia's administration, mayoral offices, the courts and private companies like newspapers. In each case, the defacement left a picture of former President Mikheil Saakashvili (shown above) with the English text "I'll be back." The attack hit three TV stations and even forced two, TV Imedi and TV Maestro, to go off the air.
Microsoft: Iranian cyberattack targeted a US presidential campaign
Iran has apparently been engaged in a large-scale cyberattack bent on compromising American politics. Microsoft reported that Phosphorous, a known group it believes is linked to the Iranian government, attacked 241 email accounts in a 30-day period between August and September, including those for a US presidential campaign as well as current and former US officials, journalists covering world politics as well as "prominent" expatriate Iranians. Four of these accounts were compromised, though this didn't include the presidential run or any officials.
Sites stealing iPhone data reportedly targeted Uyghur Muslims
The websites stealing data from iPhones might have been used for particularly sinister purposes. TechCrunch sources claim the sites were part of a state-sponsored campaign, presumably from China, targeting the country's Uyghur Muslim population. The pages would have let China swipe sensitive info like messages and passwords, not to mention track their locations. Apple quietly fixed the issue with iOS 12.1.4 in February, but it's possible that thousands of Uyghurs' phones were compromised before then.
US officials brace for ransomware attacks against election systems
It's no secret that many American officials are worried about hacks targeting the 2020 election, but there's one fear this time around that wasn't present in 2016: ransomware. Reuters has learned that Homeland Security's Cybersecurity Infrastructure Security Agency (CISA) is worried election databases could be targeted by the same kind of ransomware attacks that have plagued cities like Atlanta and Baltimore. Accordingly, it's teaming with election officials and relevant companies to both safeguard their databases and prepare responses for possible attacks.
Ransomware attack in Texas targets local government agencies
Ransomware attacks against local governments are still a clear problem, and Texas is discovering this first hand. The state has revealed that 23 government entities reported a ransomware attack on the morning of August 16th. Most of these were "smaller local governments," the Department of Information Resources said, and State of Texas networks and systems weren't hit.
Government hackers reportedly broke into Russian search company Yandex
According to a Reuters report, hackers working for Western intelligence agencies reportedly broke into Yandex, the company often referred to as "Russia's Google." The hackers were allegedly looking for technical information that would indicate how Yandex authenticates user accounts. That information could help a spy agency impersonate Yandex users and obtain access to their private messages.
EA patched Origin security flaws that put millions of users at risk
EA patched flaws in its Origin platform that could have enabled hackers to hijack and exploit millions of users' accounts. The vulnerabilities were spotted by Check Point Research and CyberInt, and once exploited, they could have allowed player account takeover and identity theft. The cybersecurity companies alerted EA, which was quick to take action.
US cyberattack reportedly knocked out Iran missile control systems
The US may have withheld a physical military response to Iran shooting down a drone, but it might not have shown similar restraint with a digital campaign. Washington Post sources say the President greenlit a long-in-the-making cyberattack that took down Iranian missile control computers on the night of June 20th. The exact impact of the Cyber Command operation isn't clear, but it was described as "crippling" -- Iran couldn't easily recover, one tipster said.
Baltimore ransomware attack will cost the city over $18 million
Fresh off dealing with chaos caused by last month's ransomware attack, the city of Baltimore has a new problem to deal with -- the $18 million in damages that came with it.
Ransomware attacks in US cities are using a stolen NSA tool
The ransomware attacks in Baltimore and other US cities appear to have a common thread: they're using NSA tools on the agency's home soil. In-the-know security experts talking to the New York Times said the malware in the cyberattacks is using the NSA's stolen EternalBlue as a "key component," much like WannaCry and NotPetya. While the full list of affected cities isn't available, San Antonio and the Pennsylvania city of Allentown have reportedly been victims of EternalBlue-based campaigns.
Israel is the first to respond to a cyberattack with immediate force
It's no longer novel for militaries to respond to cyberattacks with physical force (the US used a drone strike in 2015), but now they're being treated with the same urgency as real-world bullets and missiles. Israel Defense Forces have launched an airstrike on a Gaza Strip building believed to house Hamas digital warfare operatives after the militant group reportedly failed in an attempted "cyber offensive." Details of the virtual attack weren't available, but the IDF said it was "ahead of them all the time."
Ecuador says it faced 40 million cyberattacks after giving up Assange
Ecuador's government may be facing virtual retaliation for its decision to allow Julian Assange's arrest. The country's deputy minister for information and communication technologies, Patricio Real, claimed that its institutions' websites had faced 40 million cyberattacks in the days since it effectively turned Assange in. The denial of service attacks flooded a number of major targets, including President Moreno's office, the internal revenue service and the central bank.
Iranian hackers stole terabytes of data from software giant Citrix
Citrix is best-known for software that runs behind the scenes, but a massive data breach is putting the company front and center. The FBI has warned Citrix that it believes reports of foreign hackers compromising the company's internal network, swiping business documents in an apparent "password spraying" attack where the intruders guessed weak passwords and then used that early foothold to launch more extensive attacks. While Citrix didn't shed more light on the incident, researchers at Resecurity provided more detail of what likely happened in a conversation with NBC News.
Cyber Command put the kibosh on Russian trolls during the midterms
The US military has reportedly retaliated against Russian attempts to interfere in elections. Cyber Command took the notorious Internet Research Agency offline on 2018 midterm election day in November, officials told the Washington Post.
Internet gatekeeper warns of 'ongoing and significant' DNS attacks
If you ask one key organization, part of the internet's very backbone is under assault. ICANN, the company vital to managing many internet addresses, has warned of "ongoing and significant" risks to the Domain Name System infrastructure. There have been escalating reports of attacks on DNS, ICANN said, including hijacking attempts that point domain visitors to rogue servers. Some of these appear to have been state-sponsored attacks from Iran, while others have targeted the US as well as friendlier countries like Lebanon and the UAE.
Sennheiser's headphone software could allow attackers to intercept data
Sennheiser's HeadSetup and HeadSetup Pro software poses a cybersecurity risk, according to a vulnerability disclosure from Germany's Secorvo Security Consulting. The headphone-maker is now urging users to update to new versions of the software after researchers revealed it was installing a root certificate, along with an encrypted private key, into the Trusted Root CA Certificate store, which could enable man-in-the-middle (MITM) attacks.
Uber fined £385,000 in the UK for 2016 cyber-attack
Uber has been fined £385,000 ($491,000) by the UK's privacy watchdog for "failing to protect" the personal info of around 2.7 million UK users during a cyber attack in 2016. The figure isn't far off from the maximum penalty of £500,000 ($638,000) handed down to Facebook by the Information Commissioner's Office (ICO) over its Cambridge Analytica-related failures.
Pentagon preps cyberattack in case Russia interferes with elections
There may not be any immediate evidence of Russia directly meddling with the US midterm elections, but the Department of Defense is apparently ready to strike back if it happens. Anonymous officials talking to the Center for Public Integrity and the Daily Beast say the Pentagon and intelligence agencies have agreed on the core terms of a retaliatory cyberattack in the event Russia tries a bold move. The exact nature of the attack is unsurprisingly a secret, but hackers have reportedly received authority to breach key Russian systems in advance to make sure any attack moves quickly.
Here’s how to see if you were affected by Facebook’s breach
Today, Facebook provided additional information on the data breach it disclosed last month. Whereas it initially said up to 50 million users might have been affected, it now reports that 30 million were impacted by the breach. By exploiting a system vulnerability, attackers were able to steal digital keys called access tokens from those 30 million users, and Facebook has now laid out how those users were affected. The company is also notifying those impacted, but if you don't want to wait to be notified, you can check if your account was affected through this link.
Facebook says recent data breach wasn't 'related to the midterms'
Even though the number of users affected by Facebook's most recent hack was lowered to 29 million, from 50 million, it's still safe to say the attack was worse than originally thought. That's because we now know that the breach, which Facebook revealed a couple of weeks ago, exposed very detailed information of 14 million of those users, including their username, birthdate, gender, location, relationship status, religion, hometown, self-reported current city, education, work, the devices they used to access Facebook and the last 10 places they checked into (or were tagged in) on the site. The attackers, whose identities Facebook won't reveal because of an ongoing FBI investigation, were also able to view which people/Pages were followed by these 14 million users, as well as their 15 most recent searches on Facebook.
