Even those who do their best to protect those secrets can find themselves vulnerable, especially if they’re using a YubiKey 5 authentication token. Multi-factor authentication devices can be cloned thanks to a cryptographic flaw that can’t be fixed. The company has implemented some mitigation measures, and the attack itself is relatively difficult to pull off. But it may be time to invest in a new device.
But that’s not all, folks. Every week, we round up the privacy and security news we haven’t covered in depth. Click on the headlines to read the full stories. And stay safe.
In late August, cybercriminals from the RansomHub ransomware group appear to have hacked the systems of Planned Parenthood’s Montana branch. The organization confirmed this week It had suffered a “cybersecurity incident” on August 28 and said its staff immediately took parts of its network offline, reporting the incident to authorities.
Days after the incident occurred, RansomHub claimed to be behind the attack, publishing Planned Parenthood’s name on its leaks website. The criminal group said it would release 93 GB of data. It’s unclear what, if anything, the ransomware group obtained, but Planned Parenthood clinics can store a wide variety of highly sensitive data about patients, including information about abortion appointments. (Around 400,000 Planned Parenthood patients in Los Angeles were affected following a similar ransomware incident in 2021.)
In recent months, RansomHub has become one of the most active ransomware-as-a-service groups, following the disruption of LockBit by law enforcement. According to a report by the FBI and the Cybersecurity and Infrastructure Security Agency alert By late August, the group was “efficient and successful” and had stolen data from at least 210 victims since it was formed in February. “Affiliates leverage a double extortion model by encrypting systems and exfiltrating data to extort victims,” the alert said.
Nigeria-based scammers known as Yahoo Boys pull off just about every scam under the sun, from romance scams to impersonating FBI agents. But nothing is more cunning than the rise in sextortion cases linked to West African scammers. This week, Nigerian brothers Samuel Ogoshi and Samson Ogoshi were sentenced to more than 17 years in prison in the United States for carrying out sextortion scams, following their extradition earlier this year. It is the first time Nigerian scammers have been prosecuted for sextortion in the United States, according to the report. The BBC reported.
The Ogoshi brothers, who pleaded guilty in April, have been linked to the death of 17-year-old Jordan DeMay, who took his own life six hours after he began talking to the scammers, who posed as a girl, on Instagram. The teenager had been tricked into sending the brothers explicit images and, after he did, they threatened to post the images online unless he paid them hundreds of dollars. U.S. prosecutors said the brothers sexually exploited and extorted more than 100 victims, at least 11 of whom were minors. huge beak in cases of sextortion In recent years.
In June, the U.S. Department of Commerce banned the sale of Kaspersky’s antivirus tools over national security concerns about its ties to the Russian government (Kaspersky has for years denied its ties). The company then fired its workers and said he was closing his business in the United StatesThis week, cybersecurity firm Pango Group announced that it will buy Kaspersky Lab’s US antivirus clients, according to AxiosThis equates to around one million customers, who will switch to Pango’s Ultra AV antivirus software. Prior to the Kaspersky deal, parent company Aura also announced it was spinning off Pango Group into its own business. Pango’s president said customers would not need to take any action and that it would allow subscribers to continue receiving updates after September 29, when they will stop receiving updates from Kaspersky.
For years, the EU has been trying to introduce new child protection laws that would require private chats to be scanned for child sexual abuse material, something that could undermine encrypted messaging apps that provide daily privacy to billions of people. The plans have been highly controversial and were filed Earlier this year, however, the proposed law, which has been dubbed “chat control,” reappeared in lawmakers’ inboxes this week. The EU Council, which Hungary currently chairs, wants to approve the legislation in October, but reports say that There is still strong resistance to the plans.