Cybersecurity

"A federal judge has ordered Trump administration officials involved in Elon Musk’s “opaque” Department of Government Efficiency to testify under oath in one of the sprawling lawsuits seeking to block DOGE’s access to sensitive government databases.

U.S. District Judge John Bates agreed Thursday that “very limited” efforts to question officials connected to DOGE would help clarify what exactly the group is doing and whether it poses the risks to sensitive data that government employees fear. Bates’ order will allow unions and liberal groups suing to question four officials: one from DOGE’s White House headquarters and one each from the Labor Department, the Department of Health and Human Services and the Consumer Financial Protection Bureau.

While the bureaucracy-slashing DOGE effort has sparked more than a dozen lawsuits, the order from Bates is the first that would force people involved in the project to answer questions from lawyers outside the government.

Those depositions will be capped at eight hours in total, ruled Bates, a Washington-based appointee of President George W. Bush."

https://www.politico.com/news/2025/02/27/doge-depositions-union-lawsuits-00206542

#USA #Trump #Musk #DOGE #CyberSecurity #Privacy #DataProtection

Just two months into 2025, we’ve already seen several data breaches affecting the personal information of millions of people, setting up what could be a year unlike any we’ve seen. @Techcrunch breaks down each of the biggest breaches (Yes, DOGE’s access of U.S. federal government data makes the list):

https://flip.it/v0gym6

#Tech #CyberSecurity #Security #DataBreach #Data

"A hacker claims to have stolen thousands of internal documents with user records and employee data after breaching the systems of Orange Group, a leading French telecommunications operator and digital service provider.

The threat actor published on a hacker forum details about the stolen data after trying to extort the company unsuccessfully.

Orange confirmed the breach to BleepingComputer saying that it occurred on a non-critical application. The company intiated an investigation and is working to minimize the impact of the incident.

According to the threat actor, who uses the alias Rey and is a member of the HellCat ransomware group, the stolen data is mostly from the Romanian branch of the company and includes 380,000 unique email addresses, source code, invoices, contracts, customer and employee information."

https://www.bleepingcomputer.com/news/security/orange-group-confirms-breach-after-hacker-leaks-company-documents/

#CyberSecurity #Romania #Orange #Jira #DataBreaches #Hacking

Encryption backdoors are like leaving the door open for a totalitarian society... I don't see why people are unable to understand this...

"If they're going to cave into Zuck's demand to facilitate spying on Instagram users, do we really think they'll resist Kier Starmer's demands to remove Signal – and any other app that stands up to the Snooper's Charter – from the App Store?

It goes without saying that the "bad guys" the UK government claims it wants to target will be able to communicate in secret no matter what Apple does here. They can just use an Android phone and sideload a secure messaging app, or register an iPhone in Ireland or any other country and bring it to the UK. The only people who will be harmed by the combination of the British government's reckless disregard for security, and Apple's designs that trade the security of its users for the security of its shareholders are millions of law-abiding Britons, whose most sensitive data will be up for grabs by anyone who hacks their accounts."

https://pluralistic.net/2025/02/25/sneak-and-peek/

#CyberSecurity #UK #Apple #Encryption #Backdoors #Privacy #Totalitarianism #iCloud

"The furor after Apple removed full iCloud security for U.K. users may feel a long way from American users this weekend. But it’s not — far from it. What has just shocked the U.K. is exactly what the FBI told me it also wants in the U.S. “Lawful access” to any encrypted user data. The bureau’s quiet warning was confirmed just a few weeks ago.

The U.K. news cannot be seen in isolation and follows years of battling between big tech and governments over warranted, legal access to encrypted messages and content to fuel investigations into serious crimes such as terrorism and child abuse.

As I reported in 2020, “it is looking ever more likely that proponents of end-to-end security, the likes of Facebook and Apple, will lose their campaign to maintain user security as a priority.” It has taken five years, but here we now are.

The last few weeks may have seemed to signal a unique fork in the road between the U.S. and its primary Five Eyes ally, the U.K. But it isn’t. In December, the FBI and CISA warned Americans to stop sending texts and use encrypted platforms instead. And now the U.K. has forced open iCloud to by threatening to mandate a backdoor. But the devil’s in the detail — and we’re fast approaching a dangerous pivot."

https://www.forbes.com/sites/zakdoffman/2025/02/24/fbis-new-iphone-android-security-warning-is-now-critical/

#USA #FBI #CyberSecurity #Encryption #Privacy #UK #CISA #Apple #Backdoor

LockBit's alleged leader claims to have stolen FBI-damaging data in a birthday message to Trump's FBI pick, Kash Patel.

#LockBit #cybersecurity #FBI #Trump #ransomware #cybercrime

https://cnews.link/lockbit-ransomware-gang-claims-fbi-kash-patel-birthday-2/

DISA Global Solutions reported a breach last spring exposing 3.3M records for over two months.

#DISA #databreach #cybersecurity #cybercrime #datasecurity

https://cnews.link/disa-breach-3m-employee-exposed-1/

Wir feiern die Vielfalt und Freiheit von Open Source Software (OSS)! 🎉

Damit OSS auch wirklich sicher bleibt, ist eine regelmäßige Überprüfung des Quellcodes unerlässlich. Denn: Erfolgreiche Angriffe lassen sich häufig auf Fehler im Programmcode zurückführen. Hier kommt unser Projekt CAOS ins Spiel!📖 Neugierig auf mehr? Erfahrt hier alles über CAOS und unsere spannenden Analysen: https://www.bsi.bund.de/dok/1092594

#OpenSource #CyberSecurity #CodeAnalysis

A few reports offer an early glimpse into the largest-ever crypto hack, even though the exact details remain unclear.

#crypto #hack #cybersecurity #NorthKorea

https://cnews.link/bybit-hack-lazarus-group-1/

The malicious Finance Simplified app was still available for download on Monday, but Google later removed it from the Play Store.

#app #Google #Googleplay #malware #cybersecurity

https://cnews.link/spylend-malware-finance-simplified-google-play-3/

Around 200,000 private messages from one of the most dangerous cybercriminal groups, Black Basta, have been revealed. Researchers are expected to find tactics, targets and dynamics within the trove of internal communications.
@[email protected] has more:

https://flip.it/nh6uYu

#CyberCrime #CyberSecurity #BlackBasta

"After the United Kingdom demanded that Apple create a backdoor that would allow government officials globally to spy on encrypted data, Apple decided to simply turn off encryption services in the UK rather than risk exposing its customers to snooping.

Apple had previously allowed end-to-end encryption of data on UK devices through its Advanced Data Protection (ADP) tool, but that ended Friday, a spokesperson said in a lengthy statement.

"Apple can no longer offer Advanced Data Protection (ADP) in the United Kingdom to new users and current UK users will eventually need to disable this security feature," Apple said."

https://arstechnica.com/tech-policy/2025/02/apple-pulls-data-protection-tool-instead-of-caving-to-uk-demand-for-a-backdoor/

#UK #CyberSecurity #Apple #Encryption #Backdoors #DataProtection #Surveillance

The attacks are likely carried out by an advanced Chinese-affiliated group, with Strike researchers hinting at Volt Typhoon or Salt Typhoon.

#Microsoft #cyberattack #cybercrime #cybersecurity #China

https://cnews.link/botnet-targeting-microsoft-365-password-spraying-1/

▪ @[email protected] research ▪ Movistar Costa Rica, a major telecommunications company, leaked hundreds of thousands of IDs, creating a potential goldmine for cybercriminals.

#Movistar #datasecurity #dataprivacy #cybersecurity #infosec

https://cnews.link/movistar-data-leak-3/

"Edward Coristine, a 19-year-old engineer with Elon Musk’s so-called Department of Government Efficiency (DOGE) known as “Big Balls,” is now on staff at the Cybersecurity and Infrastructure Security Agency, WIRED has confirmed. He is joined by another member of the DOGE team, 38-year-old software engineer Kyle Schutt, who is now also on the CISA staff, according to a government source.

CISA referred WIRED to the Department of Homeland Security (DHS), of which it’s a component agency, when reached for comment. DHS did not immediately reply to a request for comment.

Coristine—briefly an intern for Musk’s brain-computer interface company Neuralink, as WIRED has reported—has been working his way through numerous federal agencies and departments as a DOGE operative since January. He has been tracked at the General Services Administration (GSA), the Office of Personnel Management, the State Department, and the Federal Emergency Management Agency. At State’s Bureau of Diplomatic Technology, he potentially had access to systems containing sensitive information about diplomats and many sources around the world who provide the US government with intelligence and expertise."

https://www.wired.com/story/doge-cisa-coristine-cybersecurity/

#USA #CyberSecurity #DOGE #CISA #DHS #Privacy #DataProtection

?!?!

"Among the cadre of DOGE engineers now rooting through the guts of the administrative state, few have attracted more curiosity than Edward “Big Balls” Coristine, a 19-year-old coder who interned for three months for Neuralink, Elon Musk’s brain implant company. Coristine has a brief but colorful history that includes being fired from Path Networks, a cybersecurity company, for giving company documents to a competitor. He apparently palled around with a criminal hacking group called The Com and, according to a Telegram account associated with him, had solicited hacking services online. In 2021, he founded a company called Tesla.Sexy LLC that, according to Wired, “controls dozens of web domains, including at least two Russian-registered domains. One of those domains, which is still active, offers a service called Helfie, which is an AI bot for Discord servers targeting the Russian market.”

A lot about DOGE remains unknown – like who’s officially in charge – but Coristine has email addresses at USAID and the Department of Homeland Security and was recently seen inside the Cybersecurity and Infrastructure Security Agency and the State Department. Across the federal government, he seems to have the run of the place.

There’s one aspect of Coristine’s background that has escaped public notice: his grandfather, Valery Martynov, was a KGB spy who played an intriguing role in a sprawling 1980s espionage drama."

https://www.jacobsilverman.com/p/prominent-doge-staffer-is-grandson

#USA #Musk #DOGE #Russia #CyberSecurity #DataProtection

"Italy’s national union for journalists has submitted a criminal complaint to prosecutors in Rome after Giorgia Meloni’s government shut down questions in parliament over suspicions it had illegally used spyware technology to hack the phones of critics instead of criminals.

The legal action on Wednesday was triggered by the absence of clarity from the government since revelations emerged in late January that a migrant activist and Francesco Cancellato, an investigative journalist, were among at least seven people in Italy whose mobile phones had been targeted by an entity using Graphite, a military-grade spyware produced by the Israel-based Paragon, which is intended for use on criminals."

https://www.theguardian.com/world/2025/feb/19/journalists-launch-legal-action-against-italian-government-over-spyware-claims

#Italy #CyberSecurity #Spyware #Paragon #Meloni

#curl predecessor httpget 0.2 from around 1996/1997 is 165 lines. Needless to say, it has multiple critical security vulnerabilities. How many can you spot?

If you build it on a modern system and want to try exploiting it in true 90s fashion, be sure to turn off address space layout randomisation (ASLR).

https://github.com/curl/httpget/blob/master/httpget-0.2.c

#infosec #cybersecurity

Happy Friday everyone!

The Cybersecurity and Infrastructure Security Agency and Federal Bureau of Investigation (FBI) have released a #cybersecurity advisory focusing on the #Ghost ransomware threat. They provide us with some updates to the TTPs and Behaviors on the groups activity and what we can hunt for!

Behaviors (MITRE ATT&CK):
Initial Access - TA0001
Exploit Public-Facing Application - T1190 - the group exploited many CVEs to gain their initial foothold. They exploited Fortinet FortiOS appliances (CVE-2018-13379), servers running Adobe ColdFusion (CVE2010-2861 and CVE-2009-3960), Microsoft SharePoint (CVE-2019-0604), and Microsoft Exchange (CVE2021-34473, CVE-2021-34523, and CVE-2021-31207.

Defense Evasion - TA0005
Impair Defenses: Disable or Modify Tools - T1562.001 - Ghost
frequently runs a command to disable Windows Defender on network connected devices.

There are plenty of other technical and behavior artifacts in the report, so go check it out yourself! Enjoy and Happy Hunting!

#StopRansomware: Ghost (Cring) Ransomware
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-050a

Intel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

As expected #Apple has nuked Advanced Data Protection (ADP) for UK users. What does this mean in practice? UK govt will be able to decrypt all UK user's #iCloud data at will.

Existing users' access will be disabled at a later date - this will likely mean that unless if you accept the new policy Apple will delete your existing iCloud data. Which I would recommend you do right now anyway - never trust someone else's computer with sensitive data.

https://www.bbc.com/news/articles/cgj54eq4vejo

#cybersecurity #privacy #enshittification

Black Basta, a notorious ransomware gang, has imploded, leaking its internal messages.

#ransomware #cybersecurity #cybercrime #datasecurity #dataprivacy

https://cnews.link/black-basta-ransomware-dissected-1/

New phishing tools let bad actors launch attacks with little to no technical skill, experts warn.

#phishing #cyberattack #cybersecurity #malware

https://cnews.link/dracula-diy-malware-simplifies-phishing-1/

Cybercriminals from North Korea are disguising themselves as recruiters and targeting freelancer developers with infostealing malware.

#cybercrime #northkorea #cybersecurity #malware #freelance

https://cnews.link/north-korean-hackers-stealing-crypto-2/

▪ @[email protected] research ▪ The digital loan provider made everything from passports to utility bills available online.

#cybersecurity #DataPrivacy #DataSecurity #passport #infosec

https://cnews.link/vivifi-data-leak-3/

This is it. I have to close up shop providing mentorship for #cybersecurity careers. My final available sessions are posted. I will not be able to provide the service in Australia due to visa and time. https://calendly.com/lesleycarhart/
My apologies, and love to all the students I’ve seen over ten years.