Security News - Kharazmi University - Computer Emergency Response Team

Authorities in Texas have intercepted more than $300 million in cash and cryptocurrency, the illegal proceeds of business email phishing and online romance scams that were subsequently laundered in a worldwide operation, the Department of Justice reports.
“These defendants orchestrated highly organized and sophisticated schemes to launder fraud proceeds through cryptocurrency,” said US Attorney Brit Featherston, after court documents were unsealed announcing that Operation Crypto Runner had led to the arrest and charging of 21 suspects who allegedly helped to con thousands of victims, many of them elderly, out of their money over the internet.
“Today’s announcement sends a clear message that money laundering networks that service fraud schemes targeting American victims, especially the elderly, will not be tolerated, and those operating such networks will be held accountable,” added Featherston.
“By acting as domestic money launderers for foreign co-conspirators, these defendants played indispensable roles that allowed foreign actors to reach from overseas to target victims in communities across the United States.”
Intriguingly, many of the alleged and convicted accomplices named by Operation Crypto Runner as working on US soil were themselves elderly.
One of the accused, Zenobia Walker, 65, of Maryland, was sentenced to 18 months in November after pleading guilty earlier this year to handling cash deposits hoodwinked from romance scam victims, rerouting the money through personal bank accounts and converting it into cryptocurrency. Between 2019 and 2020, Walker converted more than $300,000 on behalf of her accomplices in this manner.
Another pair of suspects, Randall Rule, 71, of Nevada, and Gregory Nysewander, 64, of California, allegedly converted the illicit proceeds of romance and business email compromise (BEC) into cryptocurrency. BEC scams occur when crooks target specific employees of companies and other organizations, tricking them into giving away sensitive data such as system passwords, which can then be used by other cybercriminals to target victims.
Operation Crypto Runner also managed to haul in some younger suspects. John Khuu of San Francisco, 27, stands accused of selling counterfeit pharmaceuticals on forums on the dark web – a murkier corner of the internet popular with hackers and cybercriminals – accepting payments in Bitcoin and other forms of cryptocurrency. He and his accomplices allegedly then laundered the proceeds, which exceeded $5 million.
Operation Crypto Runner also uncovered tech fraud schemes, whereby suspects would allegedly set up shell companies to appear to be legitimate service providers, conning victims into making deposits of funds under false pretenses.
Further inquiries stemming from the operation are being conducted by the US Secret Service, the Postal Inspection Service, as well as federal authorities in the Eastern District of Texas.

Source: https://cybernews.com/author/damien-black/

View: 1162 Time(s) | Print: 128 Time(s) | Email: 0 Time(s) | 0 Comment(s)

LastPass Confirms Another Breach for Certain Elements of its Cutomer

| Post date: 2022/12/1 |

Password manager with over 25 million users said an unauthorized party gained access to “certain elements of their customers’ information.”
“We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo. We immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement,” Karim Toubba, CEO of LastPass, said.
Apparently, a threat actor used information obtained in the August 2022 incident. LastPass disclosed an incident in the summer where an attacker breached systems through a compromised developer account. They took portions of source code and some proprietary LastPass technical information.
No data within users’ vaults, personal information, or master passwords were compromised in the August incident.
While LastPass customers’ passwords remain safe, the password manager said the attacker gained access to “certain elements of their customers’ information” this time. The company didn’t give any details about what that information contained.
“We are working diligently to understand the scope of the incident and identify what specific information has been accessed. In the meantime, we can confirm that LastPass products and services remain fully functional. As always, we recommend that you follow our best practices around setup and configuration of LastPass, which can be found here,” Toubba said.

Source: https://cybernews.com/author/jurgital/

View: 1156 Time(s) | Print: 130 Time(s) | Email: 0 Time(s) | 0 Comment(s)

Medibank Australia's Biggest Health Insurer Has Admitted Hacker Data Dump

| Post date: 2022/12/1 |

Australia's biggest health insurer has admitted hackers released more of its stolen medical records, amid media reports that data on millions of its customers is now public.
The Office of the Australian Information Commission (OAIC), the country's privacy regulator, has also begun investigating how the company handles personal information, Medibank said in a statement.
The latest release on the dark web follows progressive uploads, including records of customers' mental health and alcohol use, that began after Medibank said on November 7 it would not pay a ransom. "The raw data we have analysed today so far is incomplete and hard to understand," chief executive David Koczkar said.
"While there are media reports of this being a signal of 'case closed', our work is not over."
On Thursday, the media reported that a blog, believed by cyber experts to be used by the hackers, carried a new post: "Happy Cyber Security Day!!! Added folder full. Case closed." It also included a file that had several compressed files amounting to more than 5GB.
Reuters has not verified the contents of the latest files uploaded on the dark web, a part of the internet accessible only with special software. Medibank did not immediately respond to a question asking whether it believed all stolen data had now been released. Australian Federal Police last month said Russia-based hackers were behind the Medibank cyberattack, which compromised the details of almost 10 million current and former customers.
Medicare revealed the breach on October 13. In an update on December 1, Medibank said there were currently no signs that banking data had been stolen. Personal details accessed by hackers were not enough to enable financial fraud, it added. Six zipped files placed in a folder called "full" and containing raw data believed to have been stolen had been uploaded, Medibank said in a statement.
Australia has been grappling with a recent rise in cyberattacks. At least eight companies, including telecoms company Optus, owned by Singapore Telecommunications, have reported breaches since September.
The OAIC, which is also investigating Optus over the breach, did not immediately respond to a Reuters request for comment on the Medibank investigation. Technology experts have said Australia has become a target for hackers just as a skills shortage leaves an understaffed, overworked cybersecurity workforce ill-equipped to stop attacks.

Source: Home | Thomson Reuters

View: 1150 Time(s) | Print: 125 Time(s) | Email: 0 Time(s) | 0 Comment(s)

French Data Protection Authority Has Fined Energy Giant $600k for Using Insecure Password Hashing Function

| Post date: 2022/12/1 |

The French data protection authority (CNIL) has fined the energy company Électricité de France $600,000 for sending commercial marketing emails, collecting data without clarification, and failing to handle requests and store data securely.
Électricité de France (EDF) is a French energy giant with 84 billion euros in turnover and nearly 26 million customers.
Failure to store data security entails using a weak hashing function to protect user passwords. According to CNIL, EDF had at least 25,800 users' passwords protected with a single MD5 hash as recently as July 2022.
"In defense, the company explains that, since January 2018, all registrations or changes to a user password are recorded in the directory associated with the ‘prime energy’ portal in SHA-256 with a random mechanism associated (salting). The MD5 hash only corresponds to the hash level historically implemented by the company […], an EDF subcontractor, and for which only a few thousand accounts were still concerned in April 2021," CNIL said.
MD5 is considered a weak and insecure hashing function generating a 128-bit hash value, while no one has been able to crack SHA 256 to date.
The company said that since the beginning of 2022, it had carried out a final purge of passwords that were protected using MD5 (3.2% of the total number of "prime energy customers"), and now, all the passwords are stored with salt and strong algorithm.
"In short, you wouldn't expect any company, let alone an energy sector behemoth like EDF, to use MD5 for any cryptographic purpose at all, let alone for securing passwords," cybersecurity company Sophos said.
The rapporteur also noted that while 11,241,166 account passwords are well-hashed and salted, 2,414,254 account passwords are hashed only without having been salted.
Password salting is a technique to protect passwords by adding a string of 32 or more characters and then hashing them.
"The reason for a salt is simple: it ensures that the hash values of potential passwords cannot be calculated in advance and then brought along to help with an attack. Without salting, every time any user chooses the password 123456, the crooks know in advance what its hash would be. Even if the user chooses a more suitable password, such as 34DF6467!Lqa9, you can tell in advance that its MD5 hash will be 7063a00e 41866d47 f6226e60 67986e91," Sophos explained.

Source: https://cybernews.com/author/jurgital/

View: 1174 Time(s) | Print: 131 Time(s) | Email: 0 Time(s) | 0 Comment(s)