Shortly NATO officials are investigating after criminals put up for sale on dark forums some data they claim is “classified” information stolen from European missile maker MBDA.
MBDA has denied sensitive material was compromised and said it refused to pay the gang a ransom, claiming the data for sale was obtained from an “external hard drive” rather than their systems.
Corresponding the BBCHaving seen samples of the files and reportedly spoken to the thugs, 80GB of data – which she has been unable to verify – is being offered for 15 bitcoins, or approximately $297,000, and the extortionists claim to have made at least one sale.
The data allegedly includes designs for the Land Ceptor Common Anti-Air modular anti-aircraft missile, which the BBC said was used in the Ukrainian conflict. The criminals described the entire data package as “design documentation, drawings, presentations, video and photo materials, contract agreements and correspondence with other companies” and also claimed that it contained personal information about defense company employees.
MBDA’s Italian division, meanwhile, has filed a report with the police about an attempt to blackmail the company, saying not only that there was no actual network penetration, but that the data was neither classified nor sensitive.
The BBC has nevertheless claimed that the sample it saw contained documents labeled “NATO SECRET”, “NATO CONFIDENTIAL” and “NATO RESTRICTED”.
A former NATO official said that while NATO tends to overclassify documents, secret classification is not applied lightly. If the labels are indeed correct and new, they said, “This is really the kind of information that NATO doesn’t want out in the public domain.”
The criminal vendors would not verify whether the data sold online came from multiple sources or just MBDA, but it is understood that NATO’s investigation is focused on one of MBDA’s suppliers, which could mean the ultimate blame lies with could lie to a third party.
TikTok’s Android app is vulnerable to one-click takeover
Microsoft security researchers want TikTok users to know that if they ever accidentally click on a malicious link that doesn’t take over their account, they should direct their gratitude towards Redmond.
It turns out that a specially crafted link sent to Android versions of the TikTok app, both Chinese and international, could give an attacker complete control over the victim’s account once clicked.
Microsoft security researchers said They first found the bug in the Android version of TikTok in February, which the social media company quickly fixed due to its high severity. According to Microsoft, there is no evidence that the exploit was used in the wild.
At the heart of the flaw is a method used to bypass TikTok’s deep link verification process by forcing the code to load an arbitrary URL into WebView, the Android component that allows URLs to be opened in apps.
Teen cracks government encryption puzzle in an hour
A commemorative cryptographic puzzle minted on an Australian coin has been cracked, and it took the winner – an unnamed 14-year-old from Tasmania – just over an hour to complete a task that was supposed to take much longer.
The Australian Signals Directorate (ASD), which handles foreign intelligence along with cyber warfare and security tasks similar to the US NSA or the UK GCHQ, had a special 50 cent coin minted in a limited mintage of 50,000 to honor the agency’s to mark 75th anniversary.
Security-conscious government agencies often use encryption puzzles, making another an appropriate commemoration. ASD Director General Rachel Noble said the coin features four different layers of encryption that are progressively more difficult, with clues also found on the coin.
“There is a challenge out there to see who can break all the layers correctly and, would you believe it, yesterday the coin was launched at 8:45; we uploaded our web form… and believe it or not, a boy, 14 years old in Tasmania, was the first person to get all four levels right in just over an hour,” The Australian Broadcasting Corporation reported Noble as I said.
“So we’re hoping to meet him soon… to recruit him,” Noble said.
Noble didn’t share what the hidden message on the coin is, only saying that it contained uplifting messages that encouraged her to go out and solve it. Noble said the first few layers of the puzzle could be solved with pencil and paper, but she cautioned that the last layer might require a computer.
For those dismayed they lost the chance to solve the mystery, Noble revealed that the game isn’t quite over yet: She said there is a hidden fifth layer of encryption on the coin that no one has cracked yet , but an intelligence agency whose code had just been cracked could say anything to save a bit of face.
2.5 million student loan borrower records hacked
Student loan service providers Edfinancial and the Oklahoma Student Loan Authority (OSLA) are reaching out more than 2.5 million borrowers to notify them that a breach may have exposed their names, addresses, email addresses, phone numbers, and social security numbers.
Edfinancial and OSLA are not directly responsible for the breach suffered by Nebraska-based Nelnet Servicing, which provides technical services to the two student loan companies. Nelnet also services loans but said none of its borrowers were affected by the breach.
Sample letters and an explanation by Nelnet filed with the State of Maine indicate that between June and July 22, 2022, an unauthorized party had access to the recordings in question. Nelnet said that after noticing the breach, it blocked the activity, fixed the vulnerability that led to the breach, launched an investigation, and notified affected service providers.
The U.S. Department of Education has also been notified, and law enforcement is investigating, Nelnet said.
As with previous large-scale breaches, Nelnet said it offers affected borrowers free credit monitoring services through Experian, which itself has been found vulnerable to being tricked into duplicating accounts for criminals using it Hijack Experian customers’ identities.
Nelnet customers whose data was stolen lost no time initiation of a class action lawsuit against the company, filed Tuesday in a district court in Nebraska.
The lawsuit demands that Nelnet be forced to adhere to higher safety standards and demands that the class, which includes students from across the country, be awarded unspecified damages.
Samsung says US customer data stolen
Samsung has admitted to being hit by a cyberattack that led to the theft of some data from its US customers at the end of July.
According to the Korean tech company, an unauthorized third party stole the data that Samsung discovered in early August contained personal customer information.
While no social security numbers were stolen, Samsung admits that customer names, contact and demographic information, date of birth, and product registration information may all have been stolen, although the specific information stolen varies from customer to customer. Said Samsung.
The Galaxy maker said it was taking steps to secure affected systems and is coordinating with law enforcement, but Samsung’s statement doesn’t mention how many customers may have been affected.
There’s nothing Samsung customers need to do immediately to protect themselves, the multinational said, although it recommends kit owners be wary of unsolicited communications asking for personal information or tapping a link, not clicking links or download attachments from suspects to send emails and check their Samsung accounts for suspicious activity.
While theft of customer data may be new to Samsung, breaches of its perimeter resulting in large-scale theft of corporate information are not, the tech company noted 190 GB of its internal filesincluding the source code for Samsung Knox and the company’s bootloader, which was released online earlier this year.
The data was stolen by the online extortion gang Lapsus$, said to be based in Brazilwho has previously hacked and released files from Nvidia, game publisher Ubisoft, and other high-profile targets.
Samsung told about the earlier injury The registry that it had responded with “implement”.[ing] Measures to prevent further such incidents” and that it would continue to serve its customers “without interruption”. ®
https://www.theregister.com/2022/09/05/in-brief-secuirty/ Criminals claim to have stolen NATO missile plans • The Register