Ex-C.I.A. engineer convicted in biggest theft ever of Agency secrets
Joshua Schulte, a former Central Intelligence Agency software engineer who was arrested after the 2017 disclosure by WikiLeaks of a trove of confidential documents detailing the agency’s secret methods for penetrating the computer networks of foreign governments and terrorists, was convicted by a federal jury on Wednesday of causing the largest theft of classified information in the agency’s history. The haul included instructions for compromising various commonly used computer tools, and then using them to spy. this included Skype; Wi-Fi networks; PDF documents; and commercial antivirus programs. The breach, now known as the Vault 7 leak, caused “catastrophic” damage to national security, the government said.
Chinese hackers targeted U.S. political reporters just ahead of January 6 attack, researchers say
According to experts, individuals linked to the Chinese government have been involved in multiple instances of fraudulent email campaigns aimed at American journalists since the beginning of 2021. These activities primarily targeted reporters covering political and national security matters, as well as correspondents stationed at the White House, especially in the period leading up to the January 6 assault on the Capitol. The cybersecurity company Proofpoint released findings on Thursday outlining these activities, which were part of a broader investigation into similar activities conducted by China, Iran, North Korea, and Turkey. The researchers noted that the attacks not only directly targeted journalists but also involved hackers impersonating journalists to carry out further attacks.
Twitter outage briefly hits thousands
The Fail Whale reappeared briefly – in spirit anyway – when Twitter Inc. faced a brief outage on Thursday, leaving thousands of users without service for about an hour. At its peak, at 8:20 a.m. in New York, 54,582 users reported problems on Downdetector.com, an outage tracking platform. Twitter’s website displayed an error message and prompted users to reload the page. It wasn’t immediately clear what caused the outage.
Endemic Log4j software flaw could take years to address, US government review finds
It could take a decade to fully eradicate Log4j from some computer systems, a Department of Homeland Security review board said Thursday. According to CNN, “the review board, which the White House established last year to investigate major cybersecurity incidents, called on the government and the private sector to invest much more in securing the open-source software that underpins global IT infrastructure. But while there were reports of ransomware gangs and governments from China to Turkey exploiting the software vulnerability, the high-impact hacks that some analysts anticipated have yet to materialize, the DHS-backed panel wrote.”
(CNN)
Thanks to our episode sponsor, Edgescan
Microsoft published exploit code for a macOS App sandbox escape flaw
Microsoft has uncovered a vulnerability in macOS that could “allow specially crafted codes to escape the App Sandbox and run unrestricted on the system.” Microsoft reported the issue to Apple through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR) in October 2021. Apple addressed the CVE-2022-26706 flaw on May 16. Through it, a threat actor can trigger the flaw using a customized Office document containing “malicious macro code that allows to bypass sandbox restrictions and execute commands on the system.”
Experts concerned about ransomware groups creating searchable databases of victim data
Numerous cybersecurity professionals have reported that various ransomware syndicates and extortion networks are now developing accessible databases containing pilfered data from their attacks. In recent weeks, both AlphV and LockBit ransomware groups have introduced tools on their disclosure platforms enabling users to comb through vast datasets using specific identifiers such as company names. Additionally, Bleeping Computer disclosed that the Karakurt extortion group has implemented a comparable feature. Satnam Narang, a senior research engineer at Tenable, corroborated that all three entities have integrated search capabilities into their disclosure platforms.
Lithuanian energy firm disrupted by DDOS attack
Ignitis Group, a Lithuanian energy firm, faced what it termed its “most significant cyber assault in ten years” on Saturday, as it was targeted by multiple distributed denial of service (DDoS) attacks, causing disruption to its online services and websites. The pro-Russian hacking collective known as Killnet claimed responsibility for the attack via its Telegram channel on the same day, marking another instance in a series of assaults conducted by the group in Lithuania, attributed to the country’s solidarity with Ukraine in its conflict with Russia. On July 9, Ignitis Group posted on its Facebook page that it had successfully mitigated and contained the attack’s impact on its systems, with no breaches detected. However, the company also noted that the attacks persisted.