Security News

The Treasury Department's Office of Foreign Assets Control announced sanctions today against four entities and one individual for their involvement in illicit IT worker schemes and cyberattacks generating revenue to finance North Korea's weapons development programs. North Korea's illicit revenue generation strategy relies heavily on a massive "Army" of thousands of IT workers who hide their identities to get hired by companies overseas, the OFAC said in a press release published on Tuesday.

The Irish Data Protection Commission has announced a $1.3 billion fine on Facebook after claiming that the company violated Article 46(1) of the GDPR. More specifically, it was found that Facebook transferred data of EU-based users of the platform to the United States, where data protection regulations vary per state and have been deemed inadequate to protect the rights of EU data subjects. As a result of the infringement, the DPC imposed a record €1.2 billion fine on Facebook's parent company, Meta Ireland, and requested that all data transfers that violate the GDPR be suspended within five months of the decision.

Babuk therefore serves as a sort-of instruction manual that teaches would-be cybercrimals how to handle the "We can decrypt this but you can't, so pay us the blackmail money or you'll never see your data again" part of a ransomware attack. The US indictment explicitly accuses Matveev of two ransomware attacks in the State of New Jersey, and one in the District of Columbia.

TRANServe - an electronic travel pass system managed by DoT, and used by many employees across the federal government to encourage use of public transport - told Congress it made a mistake in protecting that data.The DoT told The Register its CIO office "Isolated the breach to certain systems at the department used for administrative functions, such as employee transit benefits processing," adding that the incident did not affect any transportation safety systems.

TRANServe - an electronic travel pass system managed by DoT, and used by many employees across the federal government to encourage use of public transport - told Congress it made a mistake in protecting that data. The DoT told The Register its CIO office "Isolated the breach to certain systems at the department used for administrative functions, such as employee transit benefits processing," adding that the incident did not affect any transportation safety systems.

In brief We'd say you'll never guess which telco admitted to a security breakdown last week, but you totally will: T-Mobile US, and for the second time this year. "The information obtained for each customer varied, but may have included full name, contact information, account number and associated phone numbers, T-Mobile account PIN, social security number, government ID, date of birth, balance due, internal codes that T-Mobile uses to service customer accounts, and the number of lines," the "Un-carrier" explained in its letter.

On Call It's always twelve o'clock somewhere, the saying goes, but Friday comes around but once a week and only this day dies The Register offer a fresh instalment of On Call, our reader-contributed tales of tech support torture and turmoil. "Being a helpful kind of guy he is, and a CompSci student, he jumped into troubleshooting mode," Hank Senior told On Call.

Four US citizens have been accused of working on behalf of the Russian government to push pro-Kremlin propaganda and unduly influence elections in Florida. The indictment follows earlier charges last year [PDF] against Moscow resident Aleksandr Viktorovich Ionov, two unnamed Russian Federal Security Service agents, and four unnamed Americans for their roles in recruiting US political groups to sow discord and division among voters, and push, among other fringe ideologies, California's secession from the US. It's claimed this same group of FSB agents also funded and directed the political campaign of a particular candidate for office in St Petersburg, Florida, in 2019, we're told.

The US, UK, and Cisco are warning of Russian state-sponsored APT28 hackers deploying a custom malware named 'Jaguar Tooth' on Cisco IOS routers, allowing unauthenticated access to the device. A joint report released today by the UK National Cyber Security Centre, US Cybersecurity and Infrastructure Security Agency, the NSA, and the FBI details how the APT28 hackers have been exploiting an old SNMP flaw on Cisco IOS routers to deploy a custom malware named 'Jaguar Tooth.

Microsoft has discovered that an Iranian hacking group known as 'Mint Sandstorm' is conducting cyberattacks on US critical infrastructure in what is believed to be retaliation for recent attacks on Iran's infrastructure. In a new report, researchers in Microsoft's Threat Intelligence team explain that a subgroup of Mint Sandstorm switched from performing surveillance in 2022 to performing direct attacks on US critical infrastructure.