BlackCat malware attacks US defense IT service provider • The Register

Shortly The BlackCat ransomware gang, also known as ALPHV, has allegedly broken into IT firm NJVC, which provides services to US civilian government agencies and the Department of Defense.

DarkFeed, which monitors the dark web for ransomware intelligence, tweeted this week added BlackCat NJVC on its victim list, along with sharing an alleged screenshot from ALPHV’s blog informing NJVC that it stole data during its intrusion.

“We strongly recommend that you contact us to discuss your situation. Otherwise, the sensitive data in our possession will be gradually released every 12 hours. There’s a lot of material,” ALPHV said, per the screenshot.

Interestingly, according to a, ALPHV’s website went offline shortly after the security breach was proven tweet by malware watchers VX-Underground.

According to other sources, BlackCat’s website has since come back online, with NJVC’s entry conspicuously absent. Maybe someone realized that releasing US Department of Defense data was a bad long-term career move? Or an agreement was reached.

BlackCat, which is also the name of the group’s signature malware coded in Rust, appears to have attacked 60 organizations around the world since it first emerged in late 2021. BlackCat, the ransomware, was a widespread part of the ransomware-as-a-service economy in its year of operation, Microsoft said, due to its programming language choice.

“By using modern language for its payload, this ransomware attempts to evade detection, particularly by traditional security solutions,” Microsoft said. BlackCat has been seen targeting Windows, Linux and VMware installations, Redmond said.

Cold War US spies hid Russian bugs Where?

A stack of KGB documents from the 1980s, obtained by a US journalist, offers an interesting insight into spy technology during the height of the Cold War.

Zach Dorfman, writing for Project Brazen’s The Brush Pass, which reports spy news, said the wealth of documents and photos reveals the sheer number of surveillance bugs that US spies have hidden in Soviet diplomatic facilities, vacation homes, apartments and cars – and their creativity.

“The bugs were everywhere,” Dorfman said, and the list is exhaustive. Some of the more creative places include drilling into concrete blocks and threading into window frames, plastering into walls, and even tucking away in a building’s foundation.

Intelligence officials that Dorfman spoke to, who all asked to remain anonymous, said the number of bugs indicated years of operation, but with some serious technical limitations that meant someone would likely need to physically access the bugs on a regular basis, to preserve the information they store and replace batteries.

According to Dorfman’s sources, battery technology was the greatest historical constraint on miniaturization of Cold War technology. A US official Dorfman spoke to said the CIA’s battery technology remains one of its best-kept secrets and described it as one of the most classified work done by the US spy service.

So why keep all these found bugs secret instead of holding them up as a demonstration of US Cold War duplicity? The likely explanation, Dorfman said, is that the KGB knew the US could throw just as much back at them.

Amazon is wrong about turning data breaches into family fun, rights groups say

In case you missed it, Amazon is gearing up to unveil a new version of America’s Funniest Home Videos, but with a twist: it’ll feature hilarious clips captured by its Ring home cameras — a premise that’s fueled criticism of privacy and civil rights groups is ripe.

Forty such organizations signed an open letter to MGM, which is owned by Amazon and distributes the show, urging them to cancel the Ring Nation show before it premieres in late September. In it, signatories argued that the program was trying to “put a happy face on a dangerous product,” and in their Cancel Ring Nation petition, claimed the series was “a transparent attempt to normalize surveillance and fabricate a PR miracle for scandals.” “. Amazon ridden.”

Earlier this year, Amazon admitted it sometimes leaks Ring recordings to US law enforcement agencies without asking device owners’ permission, and did so 11 times in the first half of 2022.

AWS parent company said at the time that while it generally does not allow police to view footage without owner consent, it waives that requirement when served with relevant court orders and emergency requests.

Cyber ​​attackers at a Los Angeles school demand ransom

The unidentified thugs who broke into the systems of the Los Angeles Unified School District (LAUSD) last month were demanding ransom, officials said Tuesday.

“There was no response to the demand,” LAUSD Superintendent Alberto Carvalho said. Carvalho did not specify how much the extortionists were asking or what data they may have stolen and stored, but said there had been no new security breaches since the incident, which was discovered in the United States over Labor Day weekend.

LAUSD, which is believed to have more than 640,000 students, said it does not believe employee information, such as social security numbers, was compromised, though officials did not elaborate on what student information might have been stolen in the attack. The district does not collect social security information from students or parents.

Brett Callow, threat analyst at Emsisoft, told the Los Angeles Times that in 2022 so far, 25 school districts have been hit by similar attacks. “The only unusual thing about this attack is that it affected the second largest school district in the country. That being said, incidents like this are unfortunately all too common,” Callow said.

Although it was believed early on that cybercrime gang Vice Society was responsible for the attack, authorities never confirmed this detail and the LA times Officials continue to deny this.

Chrome and Edge’s spell checker exposes clear-text PII to Google and Microsoft

Google’s Chrome and Microsoft’s Edge browsers have been found to transmit private information — like usernames, emails, and even passwords — in good old-fashioned clear text to their parent companies, depending on the user’s configuration.

The problem, dubbed “spelljacking” by researchers at JavaScript security firm Otto who discovered it, occurs in Chrome’s advanced spell checker and Edge’s MS Editor add-on, which allow browsers that Check spelling in form fields and similar places on websites. When users with the feature enabled click the Reveal Password button available on many websites, Chrome and Edge send this valuable data.

“What’s worrying is how easy it is to enable these features and that most users turn on these features without really knowing what’s going on behind the scenes,” said Otto co-founder and CTO Josh Summitt.

Otto said a number of high-profile websites, including Office 365, Alibaba Cloud Service, Google Cloud Secret Manager, AWS Secrets Manager and LastPass, all had the browsers transmit plaintext data to Google and Microsoft. The researchers said AWS and LastPass had already mitigated the problem.

Otto said it tested more than 50 websites across banking, cloud, healthcare, government, social media and e-commerce and found that the majority of the data transferred came from the two spell checkers. Like many website user input security issues, this bug can be decoded, in this case by adding “spellcheck=false” to input fields containing sensitive data. ®

https://www.theregister.com/2022/10/02/in-brief-security/ BlackCat malware attacks US defense IT service provider • The Register

Rick Schindler

World Time Todays is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – admin@worldtimetodays.com. The content will be deleted within 24 hours.

Related Articles

Back to top button