Security News

The US Air Force reached that conclusion in an August report [PDF] made public yesterday into the actions of Airman 1st Class Jack Teixeira, who was arrested in April on suspicion that he had stolen and shared classified military documents on a private Discord server that later found their way to the wider internet - and, presumably, into the hands of foreign governments. Per the USAF report, Teixeira "Was observed viewing intelligence content on TS-SCI websites" in August 2022, and while his supervisor was informed, the incident wasn't otherwise documented.

Austal USA, a shipbuilding company and a contractor for the U.S. Department of Defense and the Department of Homeland Security confirmed that it suffered a cyberattack and is currently investigating the impact of the incident. Earlier today, the Hunters International ransomware and data extortion group claimed to have breached Austal USA and leaked some information as proof of the intrusion.

The Rhysida ransomware group has published most of the data it claimed to have stolen from the British Library a month after the attack was disclosed. The Register has not examined any of the data posted online, but a cursory perusal of the file trees leaked to Rhysida's website appears to show data related to various British Library departments, functions, and stakeholders.

Ukraine's intelligence service, operating under the Defense Ministry, claims they hacked Russia's Federal Air Transport Agency, 'Rosaviatsia,' to expose a purported collapse of Russia's aviation sector. Rosaviatsia is the agency responsible for overseeing the civil aviation industry in Russia, keeping records of flight or emergency incidents.

Toyota Financial Services has confirmed that it detected unauthorized access on some of its systems in Europe and Africa after Medusa ransomware claimed an attack on the company. Toyota Financial Services, a subsidiary of Toyota Motor Corporation, is a global entity with a presence in 90% of the markets where Toyota sells its cars, providing auto financing to its customers.

The LockBit ransomware gang published data stolen from Boeing, one of the largest aerospace companies that services commercial airplanes and defense systems. LockBit hackers said that Boeing ignored warnings that data would become publicly available and threatened to publish a sample of about 4GB of the most recent files.

In the active Elektra-Leak campaign, attackers hunt for Amazon IAM credentials within public GitHub repositories before using them for cryptomining. New research from Palo Alto Networks's Unit 42 exposes an active attack campaign in which a threat actor hunts for Amazon IAM credentials in real time in GitHub repositories and starts using them less than five minutes later.

Ransomware crooks claim they've stolen data from a firm that helps other organizations run medical trials after one of its executives had their cellphone number and accounts hijacked. The Register understands one or more people close to or affiliated with the notorious Alphv, aka BlackCat, extortion gang managed to get into a work account of an exec at Advarra and may have copied out at least some information from the business.

A new ongoing campaign dubbed EleKtra-Leak has set its eyes on exposed Amazon Web Service (AWS) identity and access management (IAM) credentials within public GitHub repositories to facilitate...

Microsoft has released the optional KB5031445 Preview cumulative update for Windows 10 22H2 with nine improvements or fixes, including a fix for a memory leak in ctfmon. The KB5031445 cumulative update preview is part of Microsoft's "Optional non-security preview updates" schedule, which are typically released on the fourth Tuesday of every month.