According to Lumen Technologies, a Chinese hacking group has exploited a software flaw, compromising several internet companies in the US and abroad. Researchers at Lumen revealed that the hackers targeted a previously unknown vulnerability in Versa Director, a software platform used by Santa Clara-based Versa Networks. The attack began early in June and affected four US firms and one in India.
Versa Networks acknowledged the flaw and urged customers to update their software. Lumen’s researchers believe the hacking campaign was conducted by the Chinese government-backed group, ‘Volt Typhoon.’
Allegedly, the attackers aimed to surveil the customers of the compromised internet companies. Cybersecurity experts warn that such access could enable broad, undetected surveillance.
The US Cybersecurity and Infrastructure Security Agency added the Versa vulnerability to its list of known exploited weaknesses. Concerns over China’s cyber activities have grown, with US officials noting an increase in the intensity of these efforts. In April, the FBI warned that China was developing the capability to disrupt critical infrastructure.
Meta recently announced that it had detected attempts to hack WhatsApp accounts belonging to US officials from both the Biden and Trump administrations. The company linked these efforts to an Iranian hacker group, APT42, which has previously been connected to breaches in the Trump campaign. Meta described the attempts as a small-scale operation using social engineering tactics, where hackers posed as technical support from major companies like AOL, Google, Yahoo, and Microsoft.
After users flagged these suspicious activities, Meta blocked the accounts and confirmed that none of the targeted WhatsApp accounts had been compromised. The company explained that APT42 is known for deploying surveillance software on victims’ mobile devices, enabling them to access calls and text messages and even activate cameras and microphones without detection.
These hacking attempts are reportedly part of a broader campaign targeting US presidential campaigns earlier this month, just ahead of the upcoming presidential election. While Meta did not disclose the identities of those targeted, it indicated that the hackers focused on political and diplomatic figures, as well as business leaders from several countries, including the US, UK, Israel, the Palestinian territories, and Iran.
Meta’s findings underscore the ongoing risks of cyber-attacks targeting political figures and highlight the need for increased vigilance as the US heads into a critical election period.
The collaboration will focus on creating software tailored to Australia’s regulatory environment. Google will contribute its existing open-source vulnerability database and AI services, while CSIRO will apply its research expertise to enhance the project’s outcomes. The goal is to provide customised cybersecurity solutions that align with local laws and promote greater compliance and trust.
The partnership is part of Google’s commitment to invest A$1 billion in Australia over five years, a pledge made in 2021 amidst Australia’s efforts to enforce stricter regulations on global tech companies. The collaboration is seen as a critical step in bolstering the country’s defences against cyber threats.
Why does this matter?
The Australian government has recently imposed stricter requirements on critical infrastructure operators to report and prevent cyberattacks following a series of breaches that compromised the personal data of millions of Australians. The tools developed through this partnership aim to mitigate such risks and ensure the security of essential services.
The findings from this research will be made publicly available, ensuring that critical infrastructure operators can easily access the information and improve their cybersecurity measures.
Halliburton, a major US oilfield services company, experienced a cyberattack on Wednesday, affecting certain systems and disrupting business operations at its north Houston campus and global networks. The company is working with external experts to resolve the issue and has advised some staff not to connect to internal networks as they investigate the cause and impact of the attack.
Cyberattacks have become a significant concern for the energy sector following high-profile incidents like the 2021 Colonial Pipeline ransomware attack that led to fuel shortages and price spikes. Although details about the Halliburton attack remain unclear, ransomware attacks typically involve hackers encrypting data and demanding payment for its release, with threats to leak confidential information if their demands are not met.
Halliburton, one of the largest oilfield services firms globally, is now the latest in a series of major US companies targeted by cybercriminals, raising further alarm in an industry already on high alert for such threats.
German authorities have seized nearly €25 million in cash during a large-scale operation targeting illegal cryptocurrency ATMs. The operation uncovered 13 machines operating without the necessary permits, posing significant risks related to money laundering. These unlicensed ATMs were used for trading bitcoin and other cryptocurrencies, prompting the swift action from the country’s financial regulator, BaFin.
Across 35 different locations in Germany, 13 ATMs were found. The lack of proper authorisation for these machines meant they could be exploited for illicit activities, heightening concerns about financial crimes within the cryptocurrency market. The seizure of such a large sum of cash underscores the scale of the problem and the authorities’ determination to clamp down on illegal financial operations.
Collaboration between BaFin, law enforcement agencies, and the German Bundesbank was key to the success of this operation. By working together, these organisations were able to effectively identify and shut down the unauthorised ATMs, preventing further potential misuse of these machines. However, the operation highlights the ongoing efforts by German authorities to regulate the rapidly evolving world of cryptocurrency.
The seizure marks a significant step in Germany’s efforts to enforce stricter regulations on cryptocurrency trading. As the popularity of digital currencies grows, so too does the need for robust oversight to prevent financial crimes. The operation serves as a warning to those attempting to bypass regulations and operate outside the law in the cryptocurrency industry.
Microchip Technology experienced a cyber incident that disrupted certain servers and business operations, the company revealed on Tuesday. The disruption began after ‘potentially suspicious activity’ was detected in its IT systems over the weekend. Immediate steps were taken to assess and contain the situation, but the company’s manufacturing facilities have been operating below normal capacity, impacting its ability to fulfil orders.
The timing of the incident coincides with a challenging period for Microchip, as the company is already facing reduced demand for chips. Many clients are working through excess inventory accumulated during the COVID-19 pandemic, further complicating the situation. In response to the breach, Microchip has shut down specific systems and launched an investigation, enlisting external cybersecurity experts to assist in understanding the full scope of the attack.
While the exact nature and impact of the incident remain unclear, Microchip is working to determine whether the disruption will have a significant effect on its financial health. The company, whose shares dropped by approximately 2% in extended trading, continues to investigate the breach and mitigate its effects.
Switzerland has announced its decision to join the European Cyber Security Organisation (ECSO) to bolster its defences against cyber threats. By becoming a member, Switzerland will gain access to valuable information on technological advancements and be able to collaborate with a network of experts across Europe, enhancing its ability to combat online attacks.
The ECSO, which includes 300 members such as companies, universities, research centres, and European governments, provides a platform for sharing expertise and resources in cybersecurity. Switzerland’s move comes in response to a notable rise in cyberattacks and disinformation campaigns earlier this year, particularly surrounding a summit focused on establishing peace in Ukraine.
This membership reflects Switzerland’s proactive approach to strengthening its cybersecurity infrastructure, ensuring it remains resilient despite evolving digital threats.
A new malware named Banshee, developed by Russian hackers, is targeting macOS users by compromising browser extensions. Banshee poses a significant threat by stealing sensitive data such as passwords, cryptocurrency, and personal information. The malware affects a wide range of web browsers, including Safari, Chrome, and Firefox, and can infiltrate various crypto wallets.
Banshee is being sold on the dark web for as little as $3,000, making it an accessible tool for cybercriminals. Researchers at Elastic Security Labs identified that Banshee operates on both x86_64 and ARM64 macOS systems. Once the malware infiltrates a system, it begins harvesting data from the Mac’s Keychain, desktop, and documents, with the ability to evade detection.
Infection methods likely involve deceptive tactics, such as fake pop-ups mimicking legitimate updates or urgent notifications. Despite the growing concerns, the full extent of Banshee’s spread and impact remains unclear. Apple’s security infrastructure, while robust, has been exploited through browser extensions, underscoring the need for vigilance.
To protect against such threats, Mac users should limit browser extensions, be cautious with downloads, keep software updated, and use strong, unique passwords. These practices, while not foolproof, significantly reduce the risk of falling victim to malware like Banshee.
A massive data breach has resulted in the exposure of over 2.7 billion records from National Public Data (NPD), now available on a criminal forum. The leaked data includes sensitive information such as names, mailing addresses, and Social Security numbers. Although the exact accuracy of the records is unclear, the breach is substantial, potentially affecting a significant portion of the US population.
The stolen database was posted on Breachforums, a site known for distributing such leaks, and was made available for free download. NPD, which compiles and sells personal data from public sources, is facing multiple lawsuits for failing to protect this information. The breach highlights ongoing issues with data security, as this is not the first time NPD’s data has been compromised.
In response to the data breach, there are increased calls for improved data protection measures and identity theft protection. Affected individuals are advised to monitor their accounts and be cautious of phishing attempts. This incident underscores the need for stronger encryption and security practices to safeguard personal data.
NPD has not yet responded to requests for comment. The breach raises serious concerns about the company’s data management practices and its responsibility to protect the information it collects.
Enzo Biochem has agreed to pay $4.5 million to settle claims that it failed to protect sensitive patient data, leading to a significant cyberattack in April 2023. The breach compromised the personal and health information of approximately 2.4 million patients, including Social Security numbers and health histories. The settlement, announced by New York Attorney General Letitia James, involves payments to New York, New Jersey, and Connecticut.
The attack was made possible by shared login credentials among Enzo employees, including one password that hadn’t been updated in ten years. The attackers installed malware on the company’s systems, which went undetected for several days due to insufficient monitoring. The company has since taken steps to enhance its security measures, such as enforcing stronger passwords, implementing two-factor authentication, and improving its response plan for future incidents.
Enzo began notifying affected patients in June 2023. The breach impacted 1.46 million New Yorkers, including 405,000 whose Social Security numbers were compromised. New York will receive $2.8 million from the settlement. Attorney General James emphasised the importance of protecting patient information, particularly in the context of medical services.
Enzo Biochem has not commented on the settlement. The company previously exited the clinical lab testing business in August of the previous year. The settlement marks a significant reminder of the importance of robust cybersecurity protocols in protecting sensitive data.
