Parents, students, and staff from schools in the school district were notified of the situation just a few hours ago, and have been receiving regular updates through The Tenafly Public Schools notification system, a structure independent of the affected systems.

So far, the ransomware variant used in this attack or the amount of the ransom demanded by cybercriminals is unknown. It is also not known whether local authorities plan to negotiate with the attackers or whether they will try to restore their systems on their own.

Unofficial sources had reported that the ransomware attack rendered dozens of computers useless in the county before which local authorities were being forced to pay a ransom in cryptocurrency.

The Bergen County Prosecutor’s Office and the New Jersey State Police’s CyberCrime Unit are already aware of the attack, and an investigation has been ordered by the Federal Bureau of Investigation (FBI), as Bergen authority believes this case is beyond its capabilities.

This is an increasingly common hacking variant. Just a few weeks ago, Somerset County suffered a cybersecurity breach that forced the temporary shutdown of all its electronic systems, while last year Hillsborough and Bernards Township school districts also had to disrupt their academic activities due to an encryption malware infection.

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.

The post <strong>Ransomware attack targeting public schools in New Jersey forces cancellation of final exams</strong> appeared first on Information Security Newspaper | Hacking News.

The report notes that, while it is still difficult to obtain access orders for this information, at least since 2018 Telegram has been adopting measures to comply with the legal provisions of some governments in the West, willing to share IP addresses and telephone numbers when required by a court.

These changes can even be seen in the application’s usage policies. In the section “WHO YOUR PERSONAL DATA MAY BE SHARED WITH”, Telegram shares some details about this possible scenario: “If Telegram receives a court order confirming that you are suspected of terrorism, we may disclose your IP address and phone number to the relevant authorities. So far, this has never happened. When it happens, we will include it in a semi-annual transparency report published in https://t.me/transparency.”

Free interpretation

While this is a valid cause for the deployment of intelligence tasks, it is known that governments around the world have always used counterterrorism policies to validate the implementation of invasive measures.

The German government itself already carries out some surveillance tasks on opposition groups and civil interest groups. Recently, a German court had to order the state intelligence agency BfV to halt its investigations into the Alternative for Germany (AfD) party, a right-wing political group that opposes immigration, among other ultra-nationalist measures.

In addition, the governments of the United States and Canada have been deploying mass surveillance tasks for years under the pretext of combating terrorist activities.

Privacy structure

In this regard, Telegram published a message endorsing its commitment to protecting the confidential information and conversations of its users: “Secret chats on the platform use end-to-end encryption, so we do not have any data to reveal.”  Still, it’s important to mention that Telegram doesn’t use end-to-end encryption by default.

To safeguard unprotected data with end-to-end encryption, Telegram uses a distributed infrastructure; Cloud chat data is stored in various data centers around the world that are controlled by different legal entities across multiple jurisdictions. The relevant decryption keys are divided into parts and never stored in the same place as the data, so interested parties would require several court orders to force Telegram to share this information.

Telegram considers that this structure simply makes it impossible for government agencies to access the confidential records of their users, although it has always been specified that the platform may be forced to hand over data only in sufficiently serious and relevant cases at the multinational level. Still, there are no known examples of what Telegram considers important enough to pass the scrutiny of the legal systems that safeguard its privacy structure.

Is Telegram even a good choice?

Although the idea of the general public is that Telegram represents a safer option than platforms such as WhatsApp or Facebook Messenger, this is not an idea shared by many experts. Moxie Marlinspike, the developer of the encrypted messaging service Signal, has become one of Telegram’s harshest critics: “I’m surprised that the media refers to Telegram as an encrypted messaging service; Telegram has a lot of attractive features, but there’s no worse option in terms of privacy and data collection.”

According to Marlinspike, Telegram stores on its servers all contacts, groups, media, and plain text messages that users have sent: “Almost everything we can see in the app, Telegram can see it too,” adds the developer.

For the expert, this false perception of privacy comes from a misinterpretation of the “secret chat” function, conversations that are protected with end-to-end encryption although with technology at least questionable. Other platforms like Facebook Messenger or Instagram chat also have secret chat features or expired messages, and they don’t store users’ files on their servers.

In conclusion, Telegram is a good choice in the world of instant messaging, although users should not assume that no one can access their conversations, photos, videos, and documents sent through this platform.

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.

The post <strong>Telegram is providing Police with user information in several cases, contradicting the company’s privacy policy. Use it with a burner phone and VPN</strong> appeared first on Information Security Newspaper | Hacking News.

Damian Williams, a U.S. attorney, says, “While building a cryptocurrency platform that brought him millions of dollars, Hayes deliberately defied U.S. law that requires businesses to do their part to help prevent crime and corruption.” Prosecutors say BitMex intentionally avoided implementing basic anti-money laundering policies, which would have benefited some criminal groups.

In 2020, the U.S. government officially indicted Hayes and two BitMEX co-founders. In early 2022, the three individuals pleaded guilty to violating the BSA, which helped deliberately maintain a complex money laundering structure.

In the complaint, it is mentioned that Hayes and his collaborators never filed suspicious activity reports, as stated in the BSA. In an example presented by the prosecution, it describes how BitMEX helped clean up funds obtained through a cryptocurrency theft campaign.

Like other similar platforms, BitMEX was required to maintain strong anti-money laundering policies as it provided services to U.S. residents. Although the platform announced its exit from the US market in 2015, trying to avoid its responsibilities, the prosecution assures that this was only a charade, since the company enabled a careless access control and its customers in the U.S. were able to continue using the service.

Although Hayes faced a sentence of between six and 12 months in prison, the Probation Department recommended a sentence of one year of house arrest, followed by one year on probation. The prosecution refused to accept this recommendation, as they wanted to use Hayes and his accomplices as an example for other cryptocurrency exchange operators; however, the judge in charge of the case ordered probation.

Hayes and one of the defendants will pay a $10 million fine, plus BitMEX agreed to publicly acknowledge its lack of commitment to anti-corruption controls.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Cryptocurrency exchange founder sentenced to 2 years of probation for failing to implement an anti-money laundering program appeared first on Information Security Newspaper | Hacking News.

The document, titled “Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations”, invites buyers and end users of digital hardware, software, and services to conduct due diligence on the origin and security of components of a digital/technology product.

Supply chain attacks have become one of the most dangerous hacking variants, as they allow threat actors to compromise multiple devices at once, in addition to exploiting vulnerabilities in widely used components. Just remember the SolarWinds attack, which impacted thousands of organizations worldwide.

For Ilkka Turunen, software supply chain security specialist at Sonatype, these measures are important to substantially improve the security of organizations: “This document outlines fundamental best practices, such as generating software bills of materials (SBOM), as well as describing the maintenance activities necessary to maintain effective security practices in the supply chain.”

The researcher adds that software risk mitigation begins with understanding how the use of managed and unmanaged software occurs in an organization, in addition to the progressive mitigation of those risks at the vendor level and with the constant participation of customers.

On the other hand, Cequence Security experts recently alerted the cybersecurity community about the persistence of attacks exploiting flaws such as Log4Shell, discovered a few months ago and that allows abusing the Apache Log4j login utility, considered omnipresent.

A new wave of attacks, identified as LoNg4j, demonstrates the interaction between modern enterprise IT infrastructure and the digital supply chain, spreading across all kinds of applications and creating a critical attack vector in case any vulnerability is exploited.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post NIST updates the Cybersecurity Supply Chain Risk Management Guidance (C-SCRM) in Response to Executive Order Signed by President Biden appeared first on Information Security Newspaper | Hacking News.

On Sunday, the university announced the cancelation of all classes on Monday and confirmed that its five campuses would remain closed at least until Tuesday. It was also decided to implement a forced password reset for all students, faculty and staff who have access to the institution’s online systems in order to mitigate the risk of further attacks.

At the time of writing this article, the name of the ransomware that infected the school’s systems and the amount of the ransom demanded are still unknown.

The academic institution posted an update on its website, mentioning that every possible work was being done to restore the affected systems and determine the scope of the incident: “We are still trying to understand the full extent of this incident. Since our last update, we have been working diligently with our Incident Response Team and have made progress into our restoration process.”

The statement concludes by confirming that classes will remain suspended until all affected systems can be restored.

On the status of the affected systems, the vice president of strategy, relations and communications of the school, Eric Greene, ensures that the institution has backups for cases like this, so eventually operations will be resumed. This statement could indicate that the institution has no intention of negotiating with the attackers or paying a ransom.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Kellogg Community College shuts down its campus and cancels classes after ransomware attack appeared first on Information Security Newspaper | Hacking News.

On its reasons for making this determination, the agency mentions that its teams identified “certain gaps that hinder the analysis of security incidents”; in addition to this new deadline, CERT-In will encourage the submission of incident reports by analog mediums such as telephone or fax, in addition to e-mail.

The new mechanisms will apply to service providers, intermediaries, data center operators, enterprises and government organizations that manage IT infrastructure.

As mentioned above, the report lists 20 types of security incidents, including information breaches and ransomware infections. Although it is obvious that the situation merits a report in these cases, on other occasions CERT-In provides very little concrete definitions, as is the case of those defined as “Attacks or suspicious activities that affect systems/servers/software/applications in the cloud”.

In addition to ambiguous definitions, CERT-In has received criticism about how short the report window is. Other legislative frameworks such as EU’s General Data Protection Regulation (GDPR) establish a deadline of 72 hours for the reporting of security incidents after their detection, while for the U.S. Government 24 hours are more than enough to submit these reports.

This is not the only update to the security incident reporting process in India. According to the new guidelines, organizations under this regulation must also keep a detailed record of all their information systems during the 180 days after the report, also having the obligation to deliver this data to CERT-In when requested.

Finally, additional requirements were established for organizations operating with cryptocurrency. Providers of services related to virtual assets will have to verify the identity of their customers and safeguard this data for at least five years, in what appears to be an aggressive measure against money laundering through cryptocurrency.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post CERT-IN makes mandatory for Indian companies to report hacking/cyber security incidents to government within six hours after detecting them appeared first on Information Security Newspaper | Hacking News.

In 2017, LinkedIn demanded that hiQ stop collecting LinkedIn data, starting to block hiQ’s access and its ability to extract data from public profiles. At the time, LinkedIn argued that hiQ’s actions violated several laws, primarily the Computer Fraud and Abuse Act (CFAA) and LinkedIn’s own terms of use.

In this regard, the courts in the U.S. determined that LinkedIn could not block access to the public data of its users for HiQ; in her ruling, Circuit Judge Marsha Berzon said, “There is little evidence that LinkedIn users who choose to make their profiles public maintain an expectation of privacy with respect to the information they post.”

For LinkedIn, this decision was not enough to desist from their plans, so they took the case to the U.S. Supreme Court. However, in a previous case the Court had already decided not to penalize the extraction of publicly available information on Internet platforms, so the LinkedIn case was returned to the circuit court.

Upon receiving the case back, the Ninth Circuit ruled that the concept of access authorization will not apply to public websites. Not only can this prove useful for companies like hiQ, but it will also ensure access to relevant sources of information for journalists, researchers and companies for legitimate purposes.

Despite all the setbacks, LinkedIn doesn’t seem to have given up. In a statement, spokesman Greg Snapper said: “We are disappointed with the court’s decision. This is a preliminary decision and the case is far from over.” Snapper says LinkedIn will continue to fight to protect its users’ information.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post It’s now legal to scrap LinkedIn users’ data for marketing purposes without their permission appeared first on Information Security Newspaper | Hacking News.

Agents of the Service to Combat Cybercrime in Romania (DCCO) carried out raids on seven houses in the cities of Gorj and Hunedoara, arresting five alleged operators of the fraudulent sites. Investigators seized 18 mobile phones, 10 laptops, 15 memory cards, 7 bank cards, 13 hard drives, a cryptocurrency wallet and multiple records related to the websites.

This was an operation coordinated by law enforcement in the United States: “Authorities in the U.S. determined that these platforms are operated by five or more people on Romanian territory; we act in a coordinated manner to carry out this operation,” said a statement from the DCCO.

The statement adds that the suspects made profits of up to 500,000 Euros. “Yura,” the hacker identified as a member in charge of this fraudulent operation, was located in Ukraine a couple of months ago with the help of Chris Monteiro, a white-hat hacker who has been attacking dark web platforms for years; Monteiro linked a suspicious IP address to a city in Romania, taking the first steps towards dismantling this cybercriminal operation.

Yura began to attract the attention of law enforcement in Europe since 2017, when the National Crime Agency (NCA) and Bulgarian Police identified him as the main operator of the illegal Platform Crime Bay. Although Montero assumes that Yura has already been arrested, he acknowledges that the cybercriminal is skilled and knows very well how to disappear before being found.

Finally, Monteiro estimates that Yura would have earned about $6,539,800 USD for his work at the head of this group, a large discrepancy from the almost 500,000 Euros that the Romanian authorities mentioned.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post 5 members of Yura, a murder-for-hire operation on the dark web, are arrested. Platforms such as Besa Mafia, Cosa Nostra and Crimebay shut down appeared first on Information Security Newspaper | Hacking News.

The researchers mention that Cyclops Blink allowed threat actors to gain persistence on affected devices through firmware updates, providing remote access to affected networks. The botnet malware is modular, making it easy to upgrade to infect new devices and access new pools of vulnerable hardware.

U.S. Attorney General Merrick Garland has attributed this activity to the Russian military intelligence agency, known as GRU: “The Russian government has used similar infrastructure to attack its targets in Ukraine. We were able to disrupt this botnet before it could be used in bulk thanks to our work with international agencies.”

This research work made it possible to remove malware from all Watchguard devices identified as C&C servers. For its part, the Federal Bureau of Investigation (FBI) notified the owners of compromised devices in the United States and other regions of the world.

Chris Wray, director of the FBI, mentions that the botnet was shut down following close cooperation with Watchguard while analyzing the malware and developing compromise detection tools: “As we move forward, any Firebox device that acted as a bot may remain vulnerable in the future until its owners mitigate the flaws. Therefore, those owners still need to go ahead and take the detection and remediation steps recommended by the manufacturer.”

Sandworm and the Russian government

Also known as Voodoo Bear, BlackEnergy and TeleBots, this hacking group has been active for more than 15 years and is believed to be made up of military-trained hackers, who are part of Unit 74455, part of the GRU Special Technologies Center.

Between 2015 and 2016, Sandworm hackers were linked to the BlackEnergy malware, the tool responsible for the massive blackouts in Ukraine. Other disruptive tools allegedly linked to Sandworm are KillDisk and NotPetya, malware variants that caused millions of dollars in losses years ago.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Watchguard firewalls and ASUS routers in the U.S. are being attacked by the Russian government: How to fix it? appeared first on Information Security Newspaper | Hacking News.

While the first hypothesis pointed to a security incident related to the official video platform Vevo, this explanation was soon ruled out by the appearance of a group that claimed responsibility for this incident.

Through a Twitter account, the cybercriminal group known simply as Los Pelaos claimed responsibility for the attack on these YouTube accounts, causing confusion among millions of fans around the world. On the compromised accounts, the hackers posted a video just over a minute long titled ‘Music video by Drake performing Justin Bieber – Free Paco Sanz (ft. Will Smith, Chris Rock, Skinny flex & Los Pelaos)’. The video does not seem to have a clear message, although the motivation of the hackers has already been confirmed.

Apparently, the attackers’ goal was to post a message in defense of Paco Sanz, a Spanish citizen accused of fraud. Shortly after the attack was identified on the aforementioned channels, the message reached the platforms of other artists such as Traviss Scott, Eminem, The Weeknd, Drake and Lil Nas X, creating even more confusion on the world’s leading video platform.

Controversy grows among Latin artists

In the case of J Balvin’s channel, hackers posted a link redirecting users to the video of rapper Residente that caused controversy a few weeks ago, calling the Colombian singer an. Dozens of users on social networks reacted to the incident with irony:

The video published by Los Pelaos has already been removed from the compromised channels, although so far it is unknown what was the method used by the attackers to access these platforms.

When the incident had already gone viral, the threat actors reposted a message on their Twitter account, dismissing YouTube’s work and assuring that the attacks would continue: “This has just begun,” Los Pelaos claimed.

Free Paco Sanz?

Spanish media report that this incident could be part of a movement called Free Paco Sanz, in defense of a Spanish citizen who was diagnosed with Cowden Syndrome in 2009. Sanz began to appear in the media claiming that he suffered from a fatal disease, so he began to receive large donations that he ended up using to buy cars, electronic devices and luxury travel.

A few years later, Sanz was sentenced to two years in prison and the payment of a fine of thousands of dollars to those affected. Although it was proven that the defendant acted deceptively intentionally, there are still people who defend him and fight for his freedom, even by questionable means. In previous incidents, hackers managed to take control of the online accounts of Spanish media outlet La Sexta.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post YouTube accounts of 20+ famous artists like Drake and Eminem were hacked. Vevo managed accounts hacked again? appeared first on Information Security Newspaper | Hacking News.

Local officials mention that the system employed by Harris County law enforcement agencies began failing on March 24, remaining dormant for a couple of days, which had a direct impact on the regular work of the justice system.

Texas state law mandates that defendants generally should not be held for legal prosecution for more than 24 hours in misdemeanor cases and 48 hours in felony cases. Errors in these computer systems prevented the defendants from appearing before a trial judge for a probable cause hearing within these time periods, so once these deadlines were met it was legally impossible to proceed with the arrests.

The county’s public defense office filed motions for the defendants to be released, as they would not be able to appear before magistrate judges within the required time period. Motions were granted and most of the defendants were released, considering they had been arrested on lesser charges.

In a statement, the district attorney’s office said officers will need to refile the charges and that it is possible that some of these people will be arrested again, though it is not yet clear whether local authorities are willing to make these arrests again.

The causes of the failure are still unknown, although local authorities mention that this is the fifth time the court’s systems have failed in less than a year.

“The safety of the public, the safety of our criminal justice system and the efficiency of our courts require the county to provide the resources to fix these issues and ensure that a similar incident never happens again,” said Dane Schiller, a spokeswoman for the district attorney’s office.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post 300 offenders were released from prison after a computer error prevented them from getting an initial court hearing appeared first on Information Security Newspaper | Hacking News.

In addition to the time he must spend in prison, the accused must return a part of the damages caused by his attacks, accept the seizure of his property and spend a period of supervised release. Vachon-Desjardins would have been involved in at least 17 ransomware attacks, generating losses of about $2.8 million USD.

In 2020, Canadian authorities began receiving reports related to NetWalker’s activity, sent by the Federal Bureau of Investigation (FBI). Authorities in the U.S. believed there was a group affiliated with the ransomware operation working from Quebec. Thanks to the collection of IP addresses, online accounts, aliases, email addresses and logs from Apple, Google, Microsoft and Mega.nz, the researchers were able to identify Vachon-Desjardins.

The defendant was arrested in Florida a couple of months ago, when the U.S. Department of Justice (DOJ) released a report claiming that NetWalker’s unit in Canada managed to raise up to $27.5 million USD, targeting organizations such as Northwest Territories Power Corporation, College of Nurses of Ontario and a large local tire store.

Although the defendant claimed that about 1,200 Bitcoin passed through his electronic wallet, investigators have only been able to seize 720 cryptocurrencies from Vachon-Desjardins’ accounts, since the defendant managed to convert part of these assets into cash. During his arrest, Vachon-Desjardins had more than half a million dollars in cash in his possession.

For the authorities, this arrest and sentence are not minor incidents: “The defendant was not an insignificant actor in these and other crimes, as he played a dominant role and helped NetWalker and other affiliates improve their ability to extort money from their victims and launder their illegal profits,” says G. Paul Renwick, the Canadian judge in charge of the case.

Renwick notes that the defendant already had a criminal record related to drug charges, being sentenced to 3 1/2 years in prison in 2015.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post A member of one of the most dangerous hacking groups has been arrested appeared first on Information Security Newspaper | Hacking News.