Even those of you who bash everything you tin to unafraid those secrets tin find yourself vulnerable—especially if you’re using a YubiKey 5 authentication token. The multifactor authentication devices tin beryllium cloned acknowledgment to a cryptographic flaw that can’t beryllium patched. The institution has rolled retired immoderate mitigation measures—and the onslaught itself is comparatively hard to propulsion off. But it whitethorn beryllium clip to put successful a caller dongle.
That’s not all, folks. Each week, we circular up the privateness and information quality we didn’t screen successful extent ourselves. Click the headlines to work the afloat stories. And enactment harmless retired there.
Hackers Threaten to Leak Planned Parenthood Data
At the extremity of August, cybercriminals from the ransomware radical RansomHub look to person hacked into the systems of Planned Parenthood’s Montana branch. The organization this week confirmed it had suffered from a “cybersecurity incident” connected August 28 and said its unit instantly took parts of its web offline, reporting the incidental to instrumentality enforcement.
Days aft the incidental took place, RansomHub claimed to beryllium down the attack, posting Planned Parenthood connected its leak website. The transgression radical said it would people 93 GB of data. It is unclear what, if anything, the ransomware radical has obtained, but Planned Parenthood clinics tin clasp a immense array of highly delicate information astir patients, including accusation connected termination appointments. (Around 400,000 Planned Parenthood patients successful Los Angeles were impacted pursuing a similar ransomware incidental successful 2021.)
In caller months, RansomHub has emerged arsenic 1 of the astir progressive ransomware-as-a-service groups, pursuing the instrumentality enforcement disruption of LockBit. According to an FBI and Cybersecurity and Infrastructure Security Agency alert astatine the extremity of August, the radical is “efficient and successful” and has stolen information from astatine slightest 210 victims since it formed successful February. “The affiliates leverage a double-extortion exemplary by encrypting systems and exfiltrating information to extort victims,” the alert said.
Nigerian Sextortion Scammers Sentenced to 17 Years After Teen Death
The Nigeria-based scammers known arsenic the Yahoo Boys tally astir each scam successful the playbook—from romance scams to pretending to beryllium FBI agents. Yet there's little-more devious than the summation successful sextortion cases linked to the West African scammers. This week, Nigerian brothers Samuel Ogoshi and Samson Ogoshi were sentenced to much than 17 years successful US jailhouse for moving sextortion scams, pursuing their extradition earlier this year. It is the archetypal clip Nigerian scammers person been prosecuted for sextortion successful the US, the BBC reported.
The Ogoshi brothers, who pleaded blameworthy successful April, person been linked to the decease of 17-year-old Jordan DeMay, who took his beingness six hours aft helium started talking to the scammers, who posed arsenic a girl, connected Instagram. The teen had been duped into sending the brothers explicit images, and aft helium had done so, they threatened to station the images online unless helium paid them hundreds of dollars. US prosecutors said the brothers sexually exploited and extorted much than 100 victims, with astatine slightest 11 of them being minors. There has been a huge spike in sextortion cases successful caller years.
Kaspersky’s Banned US Business Sold
In June, the US Commerce Department banned the merchantability of Kaspersky’s antivirus tools implicit nationalist information concerns astir its links to the Russian government. (Kaspersky has, for years, denied connections). The steadfast aboriginal fired its workers and said it was closing its US business. This week, cybersecurity institution Pango Group announced it is purchasing Kaspersky Lab’s US antivirus customers, according to Axios. This equates to astir 1 cardinal customers, who volition beryllium transitioned to Pango’s antivirus bundle Ultra AV. Ahead of the Kaspersky deal, genitor institution Aura besides announced it was spinning retired Pango Group into its ain business. Pango’s president said customers would not request to instrumentality immoderate enactment and that it would let subscribers to proceed to person updates aft September 29, erstwhile Kaspersky updates volition stop.
Europe’s Encryption-Busting “Chat Control” Plans Return
For years, the EU has been trying to introduce caller kid extortion laws that would necessitate backstage chats to beryllium scanned for kid intersexual maltreatment material—something that would perchance undermine encrypted messaging apps that supply mundane privateness to billions of people. The plans person been highly controversial and were shelved earlier this year. However, the projected law, which has been dubbed “chat control,” reappeared successful legislators’ in-trays this week. The Council of the EU, which is presently chaired by Hungary, wants to walk authorities by October, but reports accidental strong absorption to the plans inactive remain.