Security News

Joseph James O'Connor, aka 'PlugwalkJoke,' has pleaded guilty to multiple cybercrime offenses, including SIM swapping attacks, cyberstalking, computer hacking, and hijacking high-profile accounts on Twitter and TikTok. O'Connor admitted his role in the hack that impacted Twitter in June 2020, where he and his three co-conspirators gained access to the accounts of high-profile individuals such as Barack Obama, Joe Biden, Elon Musk, Bill Gates, Jeff Bezos, Warren Buffet, Binance, Apple, Uber, and Bitcoin.

Britain's leaky outsourcing behemoth Capita is warning investors that the clean-up bill for its recent digital break-in will cost up to £20 million. At the end of March, the business was blindsided when criminals broke into its tech infrastructure and stayed inside for more than a week before Capita realized it was the victim of a "Cyber incident."

Sysco, a leading global food distribution company, has confirmed that its network was breached earlier this year by attackers who stole sensitive information, including business, customer, and employee data. "On March 5, 2023, Sysco became aware of a cybersecurity event perpetrated by a threat actor believed to have begun on January 14, 2023, in which the threat actor gained access to our systems without authorization and claimed to have acquired certain data," Sysco added in data breach notification letters sent to some of the affected individuals.

The company's mea culpa came two days after a cyberextortion gang going by the name Money Message claimed to have stolen MSI source code, BIOS development tools, and private keys. Researchers at vulnerability research company Binarly claim not only to have got hold of the data stolen in the breach, but also to have searched through it for embedded crpyotgraphic keys and come up with numerous hits.

Intel is investigating the leak of alleged private keys used by the Intel Boot Guard security feature, potentially impacting its ability to block the installation of malicious UEFI firmware on MSI devices. On Friday, Alex Matrosov, the CEO of firmware supply chain security platform Binarly, warned that the leaked source code contains the image signing private keys for 57 MSI products and Intel Boot Guard private keys for 116 MSI products.

The threat actors behind the ransomware attack on Taiwanese PC maker MSI last month have leaked the company's private code signing keys on their dark website. "Confirmed, Intel OEM private key leaked, causing an impact on the entire ecosystem," Alex Matrosov, founder and CEO of firmware security firm Binarly, said in a tweet over the weekend.

Digital storage giant Western Digital confirmed that an "Unauthorized third party" gained access to its systems and stole personal information belonging to the company's online store customers. "This information included customer names, billing and shipping addresses, email addresses and telephone numbers," the San Jose-based company said in a disclosure last week.

The Western Digital online store is offline as a result of the "Network security incident" it suffered in March 2023. "This information included customer names, billing and shipping addresses, email addresses and telephone numbers. In addition, the database contained, in encrypted format, hashed and salted passwords and partial credit card numbers," Western Digital informed.

Capita is telling pension customers that some data contained within its systems was potentially accessed when criminals broke into the outsourcing giant's tech infrastructure earlier this year. As part of the ongoing investigation, Capita said in April around 4 percent of its servers were accessed by the intruder and some customers, colleagues and suppliers' data was lifted.

Joe Sullivan, the former Uber CSO who has been convicted last year for attempting to cover up a data breach Uber suffered in 2016 and kept it hidden from the Federal Trade Commission, has been sentenced to three years of probation plus 200 hours of community service. Sullivan became Chief Security Officer at Uber in April 2015, and in November 2016 testified before the FTC under oath that the company had taken to keep customer data secure following a 2014 data breach.