Ex-C.I.A. engineer convicted in biggest theft ever of Agency secrets
A former Central Intelligence Agency software engineer was convicted by a federal jury on Wednesday of causing the largest theft of classified information in the agency’s history. Joshua Schulte, was arrested after the 2017 disclosure by WikiLeaks of a trove of confidential documents detailing the agency’s secret methods for penetrating the computer networks of foreign governments and terrorists. The document dump included instructions for compromising various commonly used computer tools, and then using them to spy: the online calling service Skype; Wi-Fi networks; PDF documents; and even commercial antivirus programs of the kind used by millions of people to protect their computers. The breach, known as the Vault 7 leak, caused “catastrophic” damage to national security, the government said.
Chinese hackers targeted U.S. political reporters just ahead of January 6 attack, researchers say
Hackers connected with the Chinese government engaged in numerous phishing campaigns targeting U.S.-based journalists since early 2021, with operations focused on political and national security reporters and White House correspondents in the days leading up to the January 6 attack on the Capitol, researchers said Thursday. Researchers with cybersecurity firm Proofpoint shared the details Thursday as part of a report looking at these kinds of operations carried out by China, Iran, North Korea, and Turkey. The attacks both targeted journalists and had hackers posing as journalists to target others, the researchers said.
Twitter outage briefly hits thousands
The Fail Whale reappeared briefly – in spirit anyway – when Twitter Inc. faced a brief outage on Thursday, leaving thousands of users without service for about an hour. At the peak, at 8:20 a.m. in New York, 54,582 users reported problems on Downdetector.com, an outage tracking platform. Twitter’s website displayed an error message and prompted users to reload the page. It wasn’t immediately clear what caused the outage.
Endemic Log4j software flaw could take years to address, US government review finds
It could take a decade to fully eradicate Log4j from some computer systems, a Department of Homeland Security review board said Thursday. The review board, which the White House established last year to investigate major cybersecurity incidents, called on the government and the private sector to invest much more in securing the open-source software that underpins global IT infrastructure. But while there were reports of ransomware gangs and governments from China to Turkey exploiting the software vulnerability, the high-impact hacks that some analysts anticipated have yet to materialize, the DHS-backed panel wrote.
(CNN)
Thanks to our episode sponsor, Edgescan
Microsoft published exploit code for a macOS App sandbox escape flaw
Microsoft has uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. Microsoft reported the issue to Apple through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR) in October 2021. Apple addressed the CVE-2022-26706 flaw on May 16, 2022. An attacker can trigger the flaw using a specially crafted Office document containing malicious macro code that allows to bypass sandbox restrictions and execute commands on the system.
Lilith enters the ransomware game
Researchers at Cyble describe a new ransomware operation, “Lilith,” and BleepingComputer reports that the group not only operates a new strain of malware, but that it’s already posted the first victim to its double-extortion dump site. Cyble notes, “throughout 2021 and 2022, we have observed record levels of ransomware activity. While notable examples of this are rebrands of existing groups, newer groups like LILITH, RedAlert, and 0mega are also proving to be potent threats.”
Experts concerned about ransomware groups creating searchable databases of victim data
Several ransomware gangs and extortion groups are creating searchable databases of information stolen during attacks, according to several cybersecurity experts. Over the last month, ransomware groups AlphV and LockBit have debuted features on their leak sites that allow anyone to search through troves of data by company name or other signifiers. Bleeping Computer also reported that the Karakurt extortion group has created a similar functionality. Tenable senior staff research engineer Satnam Narang confirmed to The Record that all three groups have incorporated some kind of searchable database functionality into their leak sites.
Lithuanian energy firm disrupted by DDOS attack
Lithuanian energy company Ignitis Group was hit by what it described as its “biggest cyber-attack in a decade” on Saturday when numerous distributed denial of service (DDoS) attacks were aimed at it, disrupting its digital services and websites. Pro-Russian hacking group Killnet claimed responsibility for the attack on its Telegram channel on Saturday, making this the latest in a series of attacks launched by the group in Lithuania due to that country’s support for Ukraine in the war with Russia. In a post on the Ignitis Group’s Facebook page on July 9, the company said it had been able to manage and limit the attack’s impact on its systems and that no breaches were recorded. However, the post also revealed that attacks were ongoing.