CISA boss “swatted”, Subway investigates LockBit, Australia sanctions hacker
CISA boss targeted in “harrowing” swatting attack
CISA Director Jen Easterly has confirmed she was the subject of a swatting attempt on December 30 after a bogus report was made of a shooting at her home. Swatting involves a serious crime being falsely reported, causing heavily armed law enforcement officers to rush to the scene. These hoaxes are not only intimidating for victims but, in some cases, have turned deadly. Easterly described the incident as “harrowing” and added that harassment of public officials, including swatting incidents and personal threats, has become a troubling trend in recent years. CISA declined to answer questions about who was behind the crime or why Easterly was targeted.
(The Register and Dark Reading)
Subway puts a LockBit investigation on the menu
The Subway restaurant chain is investigating claims made by the infamous LockBit 3.0 ransomware gang on its Tor leak site that it exfiltrated hundreds of gigabytes of financial data from Subway’s systems. The data alleged includes extensive franchise financial details,? employee salaries, and royalty and commission payments. LockBit claims that it will put the information up for sale on February 2 unless their undisclosed ransom demand is met. If Lockbit’s claims are substantiated, it may signal a shift in their usual tactics of going after smaller targets that only average roughly $100 million in revenue.?
Australia sanctions REvil hacker behind Medibank data breach
Australia announced Tuesday, that it will leverage its new cyber sanctions against a Russian national allegedly responsible for the 2022 hack of Australian health insurance provider, Medibank. Aleksandr Gennadievich Ermakov, who is believed to be a member of the REvil ransomware group, leaked personal health information of nearly 10 million Medibank customers. Australian authorities worked with international partners to tie Ermakov to the hack. While Ermakov’s arrest is unlikely, Australia’s new sanctions (introduced in 2021) allow Australia to impose travel bans and asset freezes. Those who attempt to provide assets to Ermakov could also face imprisonment and heavy fines. Australian authorities are confident that simply naming Ermakov will cause significant harm to his cyber operations. The United States and United Kingdom also announced sanctions against Ermakov.
Water services giant Veolia hit by ransomware attack
Veolia North America has disclosed a ransomware attack that disrupted parts of its Municipal Water division and bill payment systems. The company said there is no evidence that the attack affected water or wastewater treatment operations. Upon detecting the attack, Veolia has implemented defensive measures, temporarily taking some systems offline to contain the breach. Veolia has discovered a limited number of individuals whose personal information may have been impacted during the breach. The company is working with a third-party forensics firm to further assess the extent of the attack’s impact.
领英推荐
Huge thanks to our sponsor, Conveyor
Apple reveals exploited zero-day in browser engine
Apple has patched a zero-day bug (CVE-2024-23222) in its WebKit browser engine for Safari that could be used to execute arbitrary code on affected systems. The bug stems from a type confusion error, which causes a system to incorrectly validate inputs it receives. On Monday, Apple said it is aware of a report that the issue may have been exploited. The company has released updated versions of iOS, iPadOS, macOS, and tvOS with additional validation checks to address the vulnerability.
Exploit released for Fortra GoAnywhere MFT bug
Researchers have released a proof of concept exploit for a critical authentication bypass vulnerability (CVE-2024-0204) in Fortra’s GoAnywhere MFT (Managed File Transfer) software. The bug allows attackers to create new admin users on unpatched instances via the administration portal. Fortra quietly patched the bug on December 7 with release 7.4.1 of GoAnywhere MFT. However, the company only publicly disclosed the issue on Tuesday offering limited information. Fortra did issue more detailed private advisories to customers back on December 4, urging them to secure their MFT services. Though Fortra said there have yet to be reports of exploitation, threat actors will now likely begin attacking any unpatched instances of the software.?
Apple’s anti-theft security slows down iPhone crooks
This week, Apple pushed out a brand-new Stolen Device Protection feature as part of the iOS 17.3 update for iPhone users. Stolen Device Protection requires users to authenticate with Face ID or Touch ID when the device is in an unfamiliar location before allowing access to sensitive features or device settings. For example, using stored passwords and payment info and erasing device content and settings. The intent is to slow down criminals who have the device’s passcode, giving time to users to secure their Apple accounts. In order to set up the new protections, the Apple users must have two-factor authentication enabled. The feature should be turned off before selling, trading, or giving away the iPhone.
X adds support for passkeys on iOS?
X, formerly Twitter, announced Tuesday that it will support the use of passkeys, which offer users a more secure login method than traditional passwords. Passkeys have already been adopted by Apple iOS? and by Google as well as a number of high-profile apps including PayPal, TikTok, and WhatsApp. Passkey technology uses biometric authentication like Face ID or Touch ID, a PIN, or a physical security authentication key to validate login attempts, therefore combining the benefits of two-factor authentication (2FA) into a single step. X’s move comes on the heels of high-profile Twitter account hacks including that of the U.S. Securities and Exchange Commission.?