Ransomware puts the breaks on Bridgestone
The tire manufacturer said that a February 27th cyber attack resulted in it shutting down its network and production facilities in the Americas for one week. An investigation later revealed this to be an attempted ransomware attack. It’s unclear who was behind the attack or what the ransom demands entailed. This comes after several weeks of increased cyber attacks on the automotive supply chain, with the Toyota supplier Denso hit by a ransomware attack two weeks ago, and Toyota hit with an attack in late February that shut down domestic production for a day.
Phishing with browser-in-a-browser attacks
A security researcher known as mrd0x_ outlined this new novel phishing attack, which simulates a browser window in a browser to spoof a legitimate domain. This aims to replicate the entire single sign-on process used by Sign in with Google or similar services, and provides a pop-up window for users to fill in their credentials. In a technical write up on the process, the researcher said this would be “basically indistinguishable” for users, warning that even if users find themselves on a malicious website, it would be easy to socially engineer them to complete the sign in if it seemed to be from a trusted company.
Conti Leaks leaks Conti code
Last month, the security researcher going by Conti Leaks uploaded chat logs and older source code belonging to the Conti ransomware group, in response to the group’s expression of support for Russia’s invasion of Ukraine. While useful for researchers to understand the group, the source code had limited utility, as it was several years old and no longer used by Conti on current victims. Over the weekend Conti Leaks uploaded source code for Conti version 3 to VirusTotal, about a year newer than the last leak, last modified in January 2021.
FTC accuses CafePress of covering up data breach
The Federal Trade Commission filed a complaint against the current and former owners of CafePres, saying the company failed to implement reasonable security controls to protect sensitive data. The complaint specifically said the site stored Social Security Numbers in plaintext, failed to protect encrypted passwords for buyers and sellers, and stored data longer than was necessary. An investigation into the company’s security practices found multiple breaches, with a February 2019 attack exfiltrating millions of email addresses, passwords with weak encryption, and Social Security numbers. A proposed settlement would see the site’s former owner pay $500,000 to redress damages, and require its current owners to alert customers.
Thanks to our episode sponsor, Varonis
Starlink terminals hit Ukraine
At the start of Russia’s invasion of Ukraine, SpaceX CEO Elon Musk pledged to open up Starlink satellite internet service in the country, saying terminals were on their way. At the time it was unclear how widespread the service would be in Ukraine and how many terminals would be available. In an interview with the Washington Post, Ukraine’s minister of digital transformation, Mykhailo Fedorov said the country already received thousands of SpaceX’s Starlink satellite internet terminals, calling the service “very effective.” The Post’s sources say over 5000 terminals are in the country, coming from the supplies of other European countries.
(WaPo)
Meta labeled an extremist organization
A Moscow court banned Facebook and Instagram in Russia, with the judge ruling the apps’ activities as “extremist.” While Russia’s communication regulator Rozkomnadzor already blocked access to the apps, the “extremist” designation opens the door to bringing criminal charges against Meta employees in Russia. Currently there are no Meta employees in Russia, but this designation could be used to target other tech companies still operating in the country. WhatsApp remains available in Russia, although some government officials have also called for a ban on Meta’s messaging platform..
(Reuters)
Hubspot hack impacts crypto companies
The marketing and sales platform Hubspot informed clients that a “bad actor” compromised an employee account, leading to a data breach that “focused on customers in the cryptocurrency industry.” Circle, BlockFi, Pantera Capital, and NYDIG were among the crypto firms impacted by the breach. Pantera said that it used Hubspot as a CRM platform, with hackers able to access customer names, phone numbers, and regulatory classifications. It said that internal systems were not impacted and no social security numbers were accessed. Hubspot did not say how much data was stolen, only saying “data was exported from fewer than 30 HubSpot portals.” It’s likely this data will be used in attempted phishing schemes.
(Decrypt)
Telegram in Brazil temporarily banned
The New York Times reports that Brazil lifted its ban on the messaging app Telegram, after its Supreme Court blocked the app late last week. The app’s reinstatement came after it made changes to combat misinformation. This includes removing classified information previously leaked by Brazil’s president. Telegram also committed to labeling posts with false information, promoting factual sources, and monitoring Brazil’s 100 most popular channels. Telegram CEO Pavel Durov said the company failed to comply with court demands for changes before the band, saying it was monitoring the wrong email inbox and missed seeing the Court’s message in time.