Former Uber security chief gets probation for 2016 data breach cover up

Former Uber chief security officer Joe Sullivan was sentenced to three years' probation and 200 hours of community service for concealing the 2016 theft of company data on more than 50 million Uber customers and obstructing a federal investigation.

According to court documents, Sullivan, who worked at Uber between April 2015 and November 2017, learned of the hack on November 2016, about 10 days after providing testimony to the US Federal Trade Commission about a smaller previous breach at Uber in 2014, but decided to not disclose it to the public.

The Uber hackers extorted the ride-hailing giant and were paid $100,000 in bitcoin via the company’s bug bounty program in exchange for them signing non-disclosure agreements promising not to reveal the data theft. The hackers pleaded guilty in 2019 to computer fraud conspiracy charges and are awaiting sentencing.

288 dark web vendors arrested as part of international police operation

Europol announced the arrests of 288 people suspected of buying and selling drugs on the dark web following the takedown of the underground marketplace “Monopoly Market” in December 2021.

More than EUR 50.8 million (USD 53.4 million) in cash and virtual currencies, 850 kg of drugs, including over 258 kg of amphetamines, 43 kg of cocaine, 43 kg of MDMA and over 10 kg of LSD and ecstasy pills were seized, as well as 117 firearms.

Popular credit card checking service Try2Check dismantled

The US authorities together with partners in Germany, Austria, and France have taken down Try2Check, a popular platform used by cybercriminals to verify the validity of stolen credit cards.

Active since 2005, Try2Check run tens of millions of credit card checks per year and supported the operations of major card shops that made hundreds of millions in bitcoin in profits.

The US authorities also charged the 43-year-old Russian national Denis Kulkov, the alleged creator and owner of Try2Check, who currently resides in Russia.

FBI and Ukrainian cops disrupt nine crypto exchanges used by ransomware actors

The US Federal Bureau of Investigation (FBI) in cooperation with the National Police of Ukraine seized domains of nine virtual currency exchange services used by ransomware groups and other cybercriminals for money laundering.

The domains were seized on April 25, 2023. The disrupted services include 24xbtc.com, 100btc.pro, pridechange.com, 101crypta.com, uxbtc.com, trust-exchange.org, bitcoin24.exchange, paybtc.pro, and owl.gold. The websites provided support both in Russian and English.

Police detective charged with buying stolen credentials via Genesis Market shop

The US authorities charged a police officer for using the now-defunct Genesis Market dark web marketplace to purchase stolen account details and other personally identifying information (PII).

According to the US Department of Justice, Terrance Michael Ciszek, 33, a police detective in Buffalo, New York, is accused of buying 11 product “packages” on Genesis Market between March and July in 2020 that included 194 sets of stolen account credentials.

Investigators also found that Ciszek, who allegedly used online moniker ‘DrMonster,’ had bitcoin wallet addresses associated with UniCC, a dark web carding website.

BlackCat/ALPHV ransomware group taunts WD with leaked incident response image

A ransomware group that breached Western Digital’s systems and stole sensitive data in late March this year leaked a series of screenshots of internal emails and video conferences indicating the threat actor had continued access to the company’s systems as it was dealing with the hack.

Cybersecurity researchers spotted a total of 29 screenshots showing emails, documents, and video conferences, related to the actions Western Digital took following the breach. Among the leaked images was a screen grab of an early morning video conference convened by WD’s incident response team to discuss a recent ransomware attack on the company.

The published screenshots also include what appear to be invoices, development tools, confidential communications, and various internal tools.

Royal ransomware hits Dallas, police, court websites affected

The City of Dallas, the ninth largest city in the US, was hit with a Royal ransomware attack that disrupted several public services in the city, including emergency services, Police Department and City Hall websites, and court systems.

The incident forced 911 dispatchers to manually write down instructions for responding officers, while officers responded via personal phones and radios, according to news media reports.

The city is now working to isolate the ransomware to prevent its spread, to remove the ransomware from infected servers, and to restore any services currently impacted, the officials said.

AvosLocker ransomware gang hijacks university’s alert system to threaten students and staff

The AvosLocker ransomware gang hijacked emergency communications system of Bluefield University, a private Baptist university in Western Virginia, to send students and staff SMS and email messages that their data was stolen and would soon be leaked on the dark web if the university did not pay a ransom.

On April 30, Bluefield disclosed to the students and faculty that it had been breached but claimed that it didn’t yet see any evidence of “financial fraud or identity theft” as a result of the incident. About a day after the disclosure AvosLocker took control of the university’s alert system called “RamAlert” to threaten students and staff in an unusual move clearly aimed at intimidating the administration into paying the ransom.

Russia-linked Sandworm is continuing to target Ukraine with destructive attacks

Ukraine’s government emergency response team (CERT-UA) detected a cyberattack against an unnamed government organization seeking to disable server equipment, user workstations and data storage systems.

CERT-UA has linked this attack to Sandworm (UAC-0165), a threat actor believed to be one of Russia's military cyber units. The team said the recent attack used a combination of BAT and Bash scripts to destroy files on both Windows and Linux machines.

A separate attack targeting Ukrainian government organizations involved malicious emails purportedly containing a set of instructions on how to update their Windows systems to defend against cyberattacks. CERT-UA linked this attack to another Russian military hacker group known as APT28.

The US DoJ detected SolarWinds hack months before public disclosure

The US Department of Justice, Mandiant, and Microsoft discovered the SolarWinds supply chain hack six months before the incident became widely known in December 2020, but didn’t realize the significance of what they found at the time.

The DoJ discovered the breach in late May 2020, when it detected unusual traffic coming from one of its servers running a trial version of SolarWinds Orion software, which was found communicating externally with an unfamiliar system on the internet. The agency launched an investigation into the incident together with Mandiant and Microsoft, but wasn’t able to identify the root cause of the issue.

The agency said it “notified the US Cybersecurity and Infrastructure Agency (CISA) about the breach at the time it occurred - though a US National Security Agency spokesperson expressed frustration that the agency was not also notified.”

Cyber spies target military personnel in South Asia, Meta warns

Facebook parent Meta released its quarterly adversarial threat report highlighting three separate cyber-espionage campaigns linked to the Bahamut APT, the Patchwork APT and an unnamed Pakistan-based threat actor, as well as six adversarial groups from various global regions engaged in what it calls “inauthentic behavior” on Facebook and other social networks.

North Korean KimsukyAPT updates its arsenal with the new ReconShark tool

A North Korean advanced persistent threat (APT) group tracked as Kimsuky, Velvet Chollima, Black Banshee, or Thallium, has been observed using a new reconnaissance tool dubbed “ReconShark” with unique execution instructions and server communication methods.

The recent campaign targeted the staff of Korea Risk Group (KRG), the information and analysis firm specializing in matters directly and indirectly impacting North Korea.

The ReconShark malware is delivered via phishing emails and is able to steal valuable information. SentinelLabs says that the tool is an evolution of Kimsuky's “BabyShark” malware.

Google to remove HTTPS lock icon in Chrome 117

Internet giant Google announced plans to replace the HTTPS lock icon long associated with the trustworthiness of a website in the Chrome address bar with a more neutral clickable indicator that will provide users with settings and controls.

The lock icon will be replaced by a variant of a tune icon, which, the company believes, will help make permission controls and additional security information more accessible. At the same time, Chrome will continue to warn users when their connection is not secure.

The new icon is scheduled to launch in Chrome 117 set for release in September 2023. The same redesigned indicator will also be available in Android. However, on iOS the lock will be fully removed, as the icon isn’t tappable on this platform.

In related news, Google announced that passkeys, a new solution that lets users sign in to apps and sites with a fingerprint, a face scan or a screen lock PIN, are coming to Google accounts on all major platforms.

Passkeys will be an additional option that people can use to sign in, alongside passwords, 2-Step Verification (2SV), etc.