Category: Cyber-Crime

Two Linux vulnerabilities introduced recently into the Ubuntu kernel create the potential for unprivileged local users to gain elevated privileges on a massive number of devices. Ubuntu is one of the most widely used Linux distributions, especially popular in the U.S., having an approximate user base of over 40 million. Two recent flaws tracked as CVE-2023-32629 and CVE-2023-2640 discovered by Wiz’s researchers S. Tzadik and S. Tamari were recently introduced into the operating system, impacting roughly 40% of Ubuntu’s userbase. CVE-2023-2640 is a…

NATO has confirmed that its IT team is investigating claims about an alleged data-theft hack on the Communities of Interest (COI) Cooperation Portal by a hacking group known as SiegedSec. The COI Cooperation Portal (dnbl.ncia.nato.int) is the military alliance’s unclassified information-sharing and collaboration environment, dedicated to supporting NATO organizations and member nations. Yesterday, the hacking group ‘SiegedSec’ posted on Telegram what they claimed to be hundreds of documents stolen from the COI Cooperation Portal. SiegedSec post on Telegram Cybersecurity company CloudSEK analyzed…

Ilya Sachkov who helped found one of Russia’s most prominent cybersecurity firms was accused of passing information to foreign spies. A Russian court has jailed for 14 years a top cybersecurity executive for treason in a case which centred on allegations he had passed classified information to foreign spies. Following a closed-door trial, the AFP news agency quoted Judge Alexander Rybak as saying on Wednesday, “The court found Ilya Sachkov guilty under Article 275 of Russia’s Criminal Code and sentenced…

U.S. prosecutors have accused FTX founder Sam Bankman-Fried of witness tampering and asked a federal judge to issue an order that would bar the former billionaire and other parties from making public statements likely to interfere with a fair trial. The prosecutors wrote to U.S. District Judge Lewis Kaplan on Thursday referencing a New York Times article titled “Inside the Private Writings of Caroline Ellison, Star Witness in the FTX Case.” The article reported excerpts from Ellison’s personal Google documents…

In just the last five years, the “right to repair” movement has shifted from nerdy niche to the mainstream, thanks in part to significant support from the Biden FTC and efforts in states like Minnesota and New York to pass new right to repair laws, making it easier and less expensive for consumers and independent repair shops to gain affordable access to manuals, tools, and replacement parts. Surveys continue to indicate the majority of consumers support such efforts. But a significant…

The U.S. Justice Department and the Federal Trade Commission (FTC) announced that Amazon has agreed to pay a $25 million fine to settle alleged children’s privacy laws violations related to the company’s Alexa voice assistant service. Amazon has offered Alexa voice-activated products and services targeted at children under 13 years old since May 2018. In May 2023, the Federal Trade Commission (FTC) and the U.S. Department of Justice (DOJ) filed charges against Amazon, accusing the company of violating children’s privacy laws,…

SINGAPORE – DBS Bank has agreed to sell a 77.8 per cent stake in electronic payment services provider AXS to Tower Capital Asia, a private equity firm based in Singapore. The bank will retain a minority stake of 9.9 per cent in AXS, it said on Tuesday. It did not disclose the stake’s sale price. The deal is slated to close by August, and is not expected to have a material impact on DBS’ earnings or net tangible assets for…

A threat actor referred to as ‘RomCom’ has been targeting organizations supporting Ukraine and guests of the upcoming NATO Summit set to start tomorrow in Vilnius, Lithuania. BlackBerry’s research and intelligence team recently discovered two malicious documents that impersonated the Ukranian World Congress organization and topics related to the NATO Summit to lure selected targets. The attackers used a replica of the Ukrainian World Congress website hosted on an “.info” domain instead of the real one that uses an “.org” top-level domain….

Here we go again. It was only a month ago that Karl Bode wrote about Disney’s absolutely and totally cool process of removing a bunch of content from its Disney Plus streaming platform not because the content sucks and nobody liked it, but because it gets to play accounting tricks as to its assets in order to receive giant tax breaks. To some extent, a big media company prioritizing quarterly profit reports over providing customers value in its streaming platform…

As you’ll recall, Reddit CEO Steve Huffman whined about what he called the “landed gentry” among moderators of subreddits that were protesting his ridiculous extractive API changes. He insisted that perhaps things should be more democratic. In response, many subreddits took a vote on how subscribers to those subreddits wanted the mods to handle things, and many urged the moderators to continue protesting. But, Huffman apparently couldn’t handle that kind of democracy. So he’s spent the last few weeks threatening…

The Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten – IMY) has fined two companies with 12.3 million SEK (€1 million/$1.1 million) for using Google Analytics and warned two others about the same practice. In a decision published yesterday, the agency explains that by using Google Analytics to generate web statistics the firms were breaching European Union’s General Data Protection Regulation (GDPR). Specifically, the companies were in violation of the GDPR Article 46(1), which forbids the transfer of personal data to countries or…

Microsoft has denied the claims of the so-called hacktivists “Anonymous Sudan” that they breached the company’s servers and stole credentials for 30 million customer accounts. Anonymous Sudan is known for debilitating distributed denial-of-service (DDoS) attacks against Western entities in recent months. The group has confirmed their affiliation with pro-Russian hacktivists like Killnet. Last month, Microsoft admitted that Anonymous Sudan was responsible for service disruptions and outages at the beginning of June that impacting several of its services, including Azure, Outlook, and…

Sweden’s data protection watchdog has issued a couple of fines in relation to exports of European users’ data via Google Analytics which it found breach the bloc’s privacy rulebook owing to risks posed by US government surveillance. It has also warned other companies against use of Google’s tool. The fines — just over $1.1 million for Swedish telco Tele2 and less than $30k for local online retailer CDON — are notable as they are the first such fines following a…

MOSCOW (Sputnik) – Russian forces have destroyed a Ukrainian Starlink satellite communication station and a drone control center near Artemovsk (Bakhmut), a Russian Defense Ministry spokesperson told Sputnik. “… the artillery of the group [of Russian forces] destroyed a Starlink communication station, a control center for unmanned aerial vehicles together with a Leleka-100 drone, a communication center and a pickup truck with an infantry group,” the spokesperson said. In addition, Russian forces have repelled an attack by a Ukrainian assault…

Petro-Canada gas stations across Canada are impacted by technical problems preventing customers from paying with credit card or rewards points as its parent company, Suncor Energy, discloses they suffered a cyberattack. Suncor Energy is the 48th-largest public company in the world, and one of Canada’s largest synthetic crude producers, having an annual revenue of $31 billion. The company says it has taken measures to mitigate the attack and informed the authorities of the situation. At the same time, it expects…

  The U.S. government has confirmed that multiple federal agencies have fallen victim to cyberattacks exploiting a security vulnerability in a popular file transfer tool. In a statement shared with TechCrunch, CISA confirmed that “several” U.S. government agencies have experienced intrusions related to the exploitation of a vulnerability in MOVEit Transfer, an enterprise file transfer tool developed by Progress Software. The agency also attributed the attacks to the Russia-linked Clop ransomware gang, which this week started posting the names of…