Equifax had patch 2 months before hack and didn’t install it, security group says

SAN FRANCISCO — Hackers took advantage of an Equifax security vulnerability two months after an industry group discovered the coding flaw and shared a fix for it, raising questions about why Equifax didn’t update its software successfully when the danger became known.

A week after Equifax revealed one of the largest breaches of consumers’ private financial data in history — 143 million consumers and access to the credit-card data of 209,000 — the industry group that manages the open source software in which the hack occurred blamed Equifax.

“The Equifax data compromise was due to (Equifax’s) failure to install the security updates provided in a timely manner,” The Apache Foundation, which oversees the widely-used open source software, said in a statement Thursday.

Read more details here.

Author: Elizabeth Weise and Nathan Bomey

HBO’s Twitter accounts hacked in latest cyberattack


“Premium cable channel HBO has fallen victim yet again to a hacker attack. This time its official Twitter account was broken into, along with accounts for several of its most popular shows.

A group calling itself OurMine gained control of HBO’s main account Wednesday night, according to the Hollywood Reporter. It left a message in a tweet saying, “Hi, OurMine are here, we are just testing your security, HBO team please contact us to upgrade the security – ourmine .org -> Contact.”

A second tweet read, “let’s make #HBOHacked trending!”

The group also posted messages on the accounts for the shows “Vinyl,” “true Blood,” “Silicon Valley,” “Looking,” “Last Week Tonight,” “Veep” and “The Leftovers.”

A spokesperson for the channel told the Hollywood Reporter, “We are investigating.”

HBO was initially hacked several weeks ago, resulting in scripts, unaired episodes and other digital files from the channel’s servers being released onto the internet.”

Read more details here.

Author: Hollywood Reporter

Largest Hollywood hack in history may have compromised HBO confidential documents, emails

“A coordinated cyberattack on July 27 saw hackers walk away with one-and-a-half terabytes of HBO data, a publication reported, which included video footage, internal documents and email correspondence.

Insiders at HBO now fear the lack of motive or ransom demand may lead the culprits to leak confidential emails and documents, according to The Hollywood Reporter.

On Monday, the hacking group – which calls itself “little.finger66” – released the alleged script for the “Game of Thrones” episode scheduled to air on August 6. In a statement to CNBC, the company said “HBO recently experienced a cyber incident, which resulted in the compromise of proprietary information.””

Read more details here.

Author: Michael Sheetz

Hackers Had Access To Millions Of Social Security Numbers

“Hackers who breached a Kansas Department of Commerce data system in March had access to more than 5.5 million Social Security numbers in 10 states, along with another 805,000 accounts that didn’t include the Social Security numbers, according to records obtained from the agency.

The department will be required to pay for credit monitoring for most of the victims of the hacking, according to records obtained through an open records request by the Kansas News Service.

Besides Kansas, the other states affected by the hack are Arkansas, Arizona, Delaware, Idaho, Maine, Oklahoma, Vermont, Alabama and Illinois.”

Read more details here.

Author: Phys.org

NotPetya Is a Cyber Weapon, Not Ransomware

Yesterday morning, after monitoring this new outbreak for 24 hours, the conclusion was that we were dealing with cyber warfare, and not ransomware. Two separate reports coming from Comae Technologies and Kaspersky Lab experts confirm this now.

NotPetya is a destructive disk wiper similar to Shamoon which has been targeting Saudi Arabia in the recent past. Note that Shamoon actually deleted files, NotPetya goes about it slightly different, it does not delete any data but simply makes it unusable by locking the files and then throwing away the key. The end result is the same.

Someone is hijacking known ransomware families and using them to attack Ukrainian computer systems. Guess who.

You never had a chance to recover your files. There are several technical indicators that NotPetya was only made to look as ransomware as a smoke screen:

  • It never bothers to generate a valid infection ID
  • The Master File Table gets overwritten and is not recoverable
  • The author of the original Petya also made it clear NotPetya was not his work

This has actually happened earlier. Foreshadowing the NotPetya attack, the author of the AES-NI ransomware said in May he did not create the XData ransomware, which was also used in targeted attacks against Ukraine. Furthermore, both XData and NotPetya used the same distribution vector, the update servers of a Ukrainian accounting software maker.

Catalin Cimpanu, the Security News Editor for Bleepingcomputer stated: “The consensus on NotPetya has shifted dramatically in the past 24 hours, and nobody would be wrong to say that NotPetya is on the same level with Stuxnet and BlackEnergy, two malware families used for political purposes and for their destructive effects. Evidence is clearly mounting that NotPetya is a cyber-weapon and not just some overly-aggressive ransomware.”

Read more details here.

Author: Stu Sjouwerman

Canadian firm pays $425,000 to recover from ransomware attack

“A major Canadian company was forced to pay $425,000 in Bitcoin over the weekend to restore its computer systems after suffering a crippling ransomware attack that not only encrypted its production databases but also the backups as well.

“They literally had not choice but to pay” because the backups were frozen, said Daniel Tobok, CEO of forensics firm Cytelligence, which is helping with the investigation.

Tobok wouldn’t identify the company for reasons of confidentiality. He believes it to be the largest ransomware payment in Canada to date. By comparison last month a South Korean Web hosting firm reportedly paid the equivalent of US$1 million in ransomware, believed to be the biggest publicly reported payment so far in the world.

Although the forensic investigation is in its early stages, the attack was very sophisticated. It started with spear phishing targeting six senior company officials who were sent a PDF attachment with a malicious payload.

Staff apparently fell for two old ploys: Two of the messages purported to be from a courier company and told recipients the attachments were invoices for packages to be picked up, while the other messages asked officials to open and print the attached document. That led to the insertion of malware.”

Read more details here.

Author: Howard Solomon

FedEx Reports Material Financial Impact From Last Month’s ‘Petya’ Cyber Attack


“FedEx Corp. announced that it expects to see a material financial impact from the ‘Petya’ cyber attack that crippled the computer systems of its European arm TNT Express, which FedEx acquired in May 2016.

The company made the announcement in its SEC 10K filing.

FedEx said that all of its other computer operations were unaffected by the virus. However, TNT operates from Ukraine which was the hub of the cyber attack.

“Although we cannot currently quantify the amounts, we have experienced loss of revenue due to decreased volumes at TNT and incremental costs associated with the implementation of contingency plans and the remediation of affected systems,” FedEx said Monday.”

Read more details here.

Author: Tony Uwusu

A new ransomware attack is infecting airlines, banks, and utilities across Europe

“A major ransomware attack has brought businesses to a close throughout Europe, in an infection reminiscent of last month’s WannaCry attack. The most severe damage is being reported by Ukrainian businesses, with systems compromised at Ukraine’s central bank, state telecom, municipal metro, and Kiev’s Boryspil Airport. Systems were also compromised at Ukraine’s Ukrenego electricity supplier, although a spokesperson said the power supply was unaffected by the attack.

The attack has even affected operations at the Chernobyl nuclear power plant, which has switched to manual radiation monitoring as a result of the attack. Infections have also been reported in more isolated devices like point-of-sale terminals and ATMs.

The virus has also spread internationally. The Danish shipping company Maersk has also reported systems down across multiple sites, including the company’s Russian logistics arm Damco. The virus also reached servers for the Russian oil company Rosneft, although it’s unclear how much damage was incurred. There have also been several recorded cases in the United States, including the pharmaceutical company Merck, a Pittsburgh-area hospital, and the US offices of law firm DLA Piper.

Early reports from a Kaspersky researcher identified the virus as a variant of the Petya ransomware, although the company later clarified that the virus is an entirely new strain of ransomware, which it dubbed “NotPetya.” Kaspersky telemetry indicated that at least 2,000 users had been attacked by the virus as of this afternoon.”

Read more details here.

Author: Russell Brandom

Apple iCloud ransom demands: The facts you need to know

“Hackers are demanding Apple pay a ransom in bitcoin or they’ll blow the lid off millions of iCloud account credentials.

Beyond the primary headline, however, there are a bevy of loose ends and nuances to ponder.

So far, we know that a London-based hacker group, calling itself the Turkish Crime Family, has claimed to have access to 250 million accounts (at the time of writing). The hackers are threatening to reset the passwords on those iCloud accounts and remotely wipe iPhones if Apple doesn’t pay a ransom by April 7. Those demands have since changed and increased. Motherboard, which first reported the story, noted that the media-hungry group has approached multiple outlets, possibly to help its extortion efforts.”

Read more details here.

Author: Zack Whittaker

Hackers demand Apple pay up or millions of iCloud accounts will be wiped

“A group of hackers is allegedly trying to extort Apple by holding Apple customers’ data for ransom and threatening to remotely wipe iCloud accounts connected to both iPhones and iPads if those ransoms are not paid.

The group self-identifies as the “Turkish Crime Family,” and it is demanding either $75,000 in Ethereum or Bitcoin or $100,000 in iTunes gift cards, according to a report from Motherboard. Not only that, but the hackers gave Apple an April 7 deadline to meet the demands — or else they will start wiping both phones and iCloud accounts.”

Read more details here.

Author: Christian de Looper, Digital Trends