China tries to censor what could be biggest data hack in history
This is a follow-up to the story we covered last week, in which a hacker only identified as “ChinaDan” announced they had acquired data on 1 billion Chinese citizens. The Financial Times has written that Weibo, essentially China’s version of Twitter, and WeChat were already censoring any mention of hashtags containing “data leak” or “database breach.” Censors blocked existing posts and even reportedly asked at least one poster with a big follower-base to come in for questioning.
(Gizmodo)
Pentagon: We’ll pay you if you can find a way to hack us
The United States Department of Defense has initiated an expansive yet concise bug bounty initiative aimed at identifying vulnerabilities in publicly accessible systems and applications. Dubbed Hack US, the program commenced on Independence Day and is slated to conclude today, July 11, with reward amounts varying based on the severity of the discovered flaws. The DoD has earmarked up to $110,000 for this endeavor. Discoveries of vulnerabilities can yield rewards starting from $500 for high-severity issues, while critical vulnerabilities are valued at a minimum of $1,000, with special awards reserved for particular findings, such as $3,000 for the most notable discovery within the *.army.mil domain. Collaborating with bug bounty platform provider HackerOne, the initiative builds upon a 12-month pilot program conducted in partnership with the DoD, which concluded in April. Hack US introduces financial incentives into the equation.
Tech’s red-hot hiring spree shows signs of cooling
The rapid recruitment spree witnessed in the tech sector during the pandemic is displaying signs of moderation, prompting several top-level executives to brace for potential further downturns. Amid apprehensions of an impending economic downturn, leaders of prominent tech firms have unveiled strategies to either decelerate hiring processes or implement job cuts, cautioning employees to prepare for challenging circumstances. Despite a generally tight labor market characterized by robust demand for talent in specific sectors and roles, the cautionary statements issued by certain tech executives have exacerbated concerns about an arduous period ahead for an industry whose influence permeates nearly every facet of society. Recent announcements of layoffs or intentions to downsize have been made by notable companies including Twitter, Tesla, Snap, Netflix, Amazon, Meta, Coinbase, and RobinHood.
Maastricht University wound up earning money from its ransom payment
The Dutch university was hit with Clop ransomware in December 2019, which had been deployed through phishing emails. The university decided to pay the 30 bitcoin ransom which was equal to roughly €200,000 at the time, in order to avoid delaying exams and losing all its research, educational, and staff data. However, since the Netherlands Public Prosecution Service later traced and seized a wallet containing the ransom, still held as bitcoin, their value had grown to approximately €500,000.” The University Executive Board said it wants to use the money to create a fund that would allow the university to help students in need.
Thanks to today’s episode sponsor, Edgescan
Rogers CEO apologizes for massive service outage, blames maintenance update
A massive network outage at Rogers Communications that shut down mobile and internet services across much of Canada on Friday was not a cyberattack, but was instead what Rogers president and CEO Tony Staffieri described as “a network system failure following a maintenance update in our core network, which caused some of our routers to malfunction.” With many businesses, government agencies and parts of the 911 emergency service rendered powerless during the 15-hour outage, experts are calling this a “learning opportunity for threat actors such as Russian state-sponsored hackers, who can now see how vulnerable Canadian industry, financial institutions and health-care systems are to an attack on a telecom provider.”
(CBC)
Medical debt collection firm says ransomware attack exposed info on 650+ healthcare orgs
In a statement issued late last week, Professional Finance Company said that during the February attack the Quantum ransomware group used the Bumblebee malware loader to gain access to databases that held names, addresses, accounts receivable balances, information regarding payments made to accounts, dates of birth, Social Security numbers, and health insurance data and medical treatment information. Its role as a debt collection firm means healthcare organizations provide the company with information on patients or customers who have not paid, making them an ideal target for hackers. PFC said it notified the 657 companies in May.
Last week in ransomware
Earlier last week, the AstraLocker ransomware group decided to shut down and release its decryptors after receiving attention from researchers. These decryptors allowed Emsisoft to release their own decryptor. Two new enterprise-targeting ransomware operations appeared last week, one called RedAlert, the other 0mega, both of which perform double-extortion attacks. CheckMate is a new ransomware targeting QNAP devices but not stealing any data. And in addition to the just-mentioned Quantum attack on PFC, the US government is warning about the Maui ransomware that is targeting healthcare.
Pentester says he broke into datacenter via hidden route running behind toilets
Noted security consultant Andrew Tierney, who works as a consultant for security services outfit Pen Test Partners revealed on Twitter how he managed to gain unauthorized access to a datacenter when he discovered that the toilet facilities for an unnamed client’s general office space and the secure area where the IT infrastructure is housed, had a shared access space for servicing both sets of facilities. Flushed with his success, Tierney noted that he had just managed to defeat the datacenter’s security protection which involved mantrap entry gates where personnel had to “surrender all digital devices” upon entry. Even worse, the toilet layout was visible for all to see on public planning documents, meaning that anyone could have figured out how to bypass security. He single handedly gave new meaning to the term, IP access.