DIRS.INFO The most relevant business & tech news

[1/2] A worker arrives at the Department of Health and Human Services in Washington, October 1, 2013. REUTERS/James Lawler Duggan/File PhotoWASHINGTON, June 28 (Reuters) - The U.S. Department of Health and Human Services (HHS) was among those affected by a wide-ranging hack centered on a piece of software called MOVEit Transfer, a source at HHS said on Wednesday. "While no HHS systems or networks were compromised, attackers gained access to data by exploiting the vulnerability in the MOVEit Transfer software of third-party vendors," a health department official familiar with the matter said. Hackers behind the massive breach also claimed credit for stealing data from two major law firms, Kirkland & Ellis LLP and K&L Gates LLP. Kirkland and K&L did not immediately return messages left after hours.

Persons: James Lawler Duggan, Ellis, cl0p, Gates, Kirkland, doesn't, Cl0p didn't, Jon Clay, TrendMicro, Raphael Satter, Lincoln Organizations: Department of Health, Human Services, REUTERS, WASHINGTON, U.S . Department of Health, HHS, Kirkland, Gates, Bloomberg, Progress Software, Thomson Locations: Washington, Russian

☆ Siemens and UCLA say data compromised in MOVEit data breach
▼ + stars: | 2023-06-27 | by ( ) www.reuters.com time to read: +1 min

The hackers behind the wide-ranging breach, Cl0p, had earlier boasted about stealing data from UCLA and Siemens on their website. Cl0p also claimed to have stolen data from biopharmaceutical company Abbvie Inc (ABBV.N) and French industrial group Schneider Electric (SCHN.PA). Siemens and UCLA provided few additional details about the scope or consequences of the breach. Siemens said none of its critical data had been compromised and its operations remained unaffected. UCLA said its campus systems were unaffected and that "all of those who have been impacted have been notified".

Persons: Cl0p, Christoph Steitz, Raphael Satter, Matthias Williams, Mark Potter Organizations: Siemens Energy, University of California, UCLA, Siemens, Abbvie Inc, Schneider, FBI, Genworth, Thomson Locations: FRANKFURT, Los Angeles, UCLA

The total number of recent victims from the online extortion ring has reached 121 organizations, according to Brett Callow, whose cybersecurity company Emsisoft helps companies respond to digital shakedown attempts. In 2021, Ukrainian authorities announced the arrests of six people tied to cl0p, but it's not clear that they were core members of the group, which continued to hack victims. Plundering file transfer protocols has become increasingly popular as hackers shift from encrypting data to simply stealing files and threatening to release them unless a ransom is paid. Many of the organizations stress that the target of the hack is the file transfer service, not their systems. The FBI said it was "aware of and investigating the recent exploitation of a MOVEit vulnerability by malicious ransomware actors."

Persons: Brett Callow, encrypting, TrendMicro, didn't, Cl0p, Emsisoft, Charles Carmakal, Raphael Satter, Christopher Bing, James Pearson, Cynthia Osterman Organizations: University of California, Siemens Energy, Abbvie Inc, Schneider, Publicly, Sony, Shell PLC, Government, U.S . Energy Department, Alphabet Inc, FBI, Thomson Locations: Los Angeles, Russia, Washington, London

Here are the meanings of the least-found words that were used in (mostly) recent Times articles. — When Fashion Becomes a Form of Protest (Aug. 17, 2016)2. botnet — a network of hijacked computers used maliciously:The Dutch responded by launching the H.T.C.U. Since then, it has become one of the world’s leading law enforcement forces in fighting cybercrime. And the reading of the Summer Book can fall effortlessly within the world of the three L’s. — The Ezra Klein Show: The Men — and Boys — Are Not All Right (March 10, 2023)And the list of the week’s easiest words:

Persons: nankeen, — Mercedes, —, — Rafael Viñoly, ’, Abraham Lincoln, Waterston, — Sam Waterston, glia, glia —, zigzaggy, Ezra Klein Organizations: Benz, Safety Technology, ‘ Locations: Nanjing, China, chino, Pennington, Lymington, Hampshire

"It's hard to think of an area that this couldn't help," said Diogo Rau, Eli Lilly chief information and digital officer. He said Lilly already is using generative AI to write patient safety reports and clinical narratives, and ultimately, it will play a role in drug discovery. One of the most anticipated uses for generative AI is in customer relationship management, and that is happening at more companies. Others noted their firms are in the early days of rolling out code generation tools using gen AI, as well as AI "co-pilots" across many roles, and using generative AI to help make investment decisions. Generative AI could enable a more customized and pro-security posture for organizations," he said.

Persons: OpenAI, Diogo Rau, Eli Lilly, Lilly, Rau, Eddie Fox, It's, Fox, Nicole Coughlin, Cybersecurity, ransomware, Jim Richberg, Richberg, Joe Levy, Sophos, it's, Levy Organizations: CNBC, Nvidia, Google, Microsoft, TEC, CNBC Technology, Epic, AIs Locations: Cary , North Carolina, Fortinet

☆ Australia names air force veteran as cybersecurity chief amid rise in data breaches
▼ + stars: | 2023-06-23 | by ( ) www.reuters.com time to read: +2 min

SYDNEY, June 23 (Reuters) - Australia on Friday named a senior air force commander as its first cybersecurity boss to help lead the government's response to major data breaches and boost the nation's security capabilities amid a recent spike in network intrusions. Air Marshal Darren Goldie, a 30-year veteran, will become the national cybersecurity coordinator, Prime Minister Anthony Albanese said. He will be supported by a national office within the department of home affairs and begin his term on July 3. HWL Ebsworth has flagged ransomware group BlackCat, also known as ALPHV, may have published some stolen data on the dark web. Major breaches were reported by health insurer Medibank Private (MPL.AX) and telco Optus, owned by Singapore Telecommunications (STEL.SI).

Persons: Darren Goldie, Anthony Albanese, " Albanese, HWL Ebsworth, Goldie, Clare O'Neil, telco, Renju Jose, Jamie Freed Organizations: SYDNEY, Home Affairs, Medibank, telco Optus, Singapore Telecommunications, Thomson Locations: Australia, Sydney

☆ MOVEit hack claims Calpers and Genworth as millions more victims impacted
▼ + stars: | 2023-06-22 | by ( ) www.reuters.com time to read: +2 min

News reports said information from more than 700,000 Calpers members and retirees was taken. The MOVEit software is widely-used by organisations around the world to share sensitive data. Genworth Financial was harder hit, saying personal information of nearly 2.5 million to 2.7 million of its customers was breached. "The personal information of a significant number of insurance policyholders or other customers of its life insurance businesses was unlawfully accessed," Genworth said. The MOVEit hack has hit several state and federal agencies.

Persons: PBI, Calpers, Genworth, Niket, Chris Sanders, Maju Samuel, Daniel Wallis Organizations: Genworth, PBI Research Services, U.S . Department of Energy, Washington DC, Thomson Locations: Calpers, Burlington , Massachusetts, Russia, Bengaluru, Washington

☆ Hackers who say they stole Reddit data demand the platform reverses its API pricing policy and pay $4.5 million ransom it previously asked for
▼ + stars: | 2023-06-20 | by ( Beatrice Nolan | ) www.businessinsider.com time to read: +2 min

Hackers are demanding Reddit policy changes amid an ongoing battle over its API pricing. As well as the funds, they are now demanding Reddit reverses its API pricing plans, per The Verge. Hackers are threatening to publicly release 80 GB of Reddit data they say they have stolen. Last week, the hackers followed up by continuing to demand the money and additionally asking Reddit to reverse its planned API pricing changes, per The Verge. The planned API pricing changes have proved controversial, sparking protests and blackouts across the site.

Persons: Reddit, Dominic Alvieri, Steve Huffman Organizations: Twitter, NBC

☆ DOJ launches cyber unit with national security focus as China, Russia threats mount
▼ + stars: | 2023-06-20 | by ( Rohan Goswami | In Rohangoswamicnbc | ) www.cnbc.com time to read: +2 min

The U.S. Department of Justice announced Tuesday a new unit within its National Security Division focused on pursuing cyber threats from nation-state and state-backed hackers, formalizing an increasingly significant part of the national security apparatus into the Justice Department's hierarchy. In a statement, Assistant Attorney General Matt Olsen said the new unit would allow the DOJ's national security team "to increase the scale and speed of disruption campaigns and prosecutions of nation-state threat actors, state-sponsored cybercriminals, associated money launderers, and other cyber-enabled threats to national security." National security officials outside the DOJ have also emphasized China as a top cybersecurity concern, including the U.S.' top cybersecurity official. The announcement made no mention of Chinese cyber efforts, which CISA Director Jen Easterly described last week as an "epoch-defining threat." Building cases against those groups can take years, and don't always result in an arrest, given the far-flung nature of the hacking groups.

Persons: Sue Gordon, Matt Olsen, Jen, Olsen Organizations: National Intelligence, National Counterterrorism Center, CNBC, U.S . Department of Justice, National Security Division, Justice, DOJ, U.S, Navy Locations: San Francisco, China, North Korea

☆ Hackers threaten to leak stolen Reddit data if company doesn’t pay $4.5 million and change controversial pricing policy
▼ + stars: | 2023-06-19 | by ( Jennifer Korn | ) edition.cnn.com time to read: +2 min

In their post, the hackers claim they first demanded a $4.5 million payout “for the deletion of the data and our silence” in April. Reddit CTO Chris Slowe previously posted about a security incident that took place in early February. A Reddit spokesperson confirmed to CNN on Monday that BlackCat’s post relates to the February incident. The spokesperson reiterated that no user data was accessed, but declined to comment beyond that. “We are very confident that Reddit will not pay for its data,” the group wrote in the post on the dark web.

Persons: CNN —, Chris Slowe, Slowe, “, ALPHV, ”, Brett Callow, Emsisoft Organizations: CNN

CORPORATE DROPBOXESFTA, GoAnywhere MFT, and MOVEit Transfer are corporate versions of file sharing programs consumers use all the time, like Dropbox or WeTransfer. MFT software often promises the ability to automate the movement of data, transfer documents at scale and provide fine-grained control over who can access what. MFT PROGRAMS CAN BE TEMPTING TARGETSRunning an extortion operation against a well-defended corporation is reasonably difficult, said Recorded Future analyst Allan Liska. "If you can get to one of these file transfer points, all the data is right there. HACKER TACTICS ARE SHIFTINGScooping up data that way is becoming an increasingly important part of the way hackers operate.

Persons: Ransom, GoAnywhere MFT, James Lewis, WeTransfer, Allan Liska, Bam, Liska, Joe Slowik, Huntress, Raphael Satter, Grant McCool Organizations: Software, GoAnywhere, Thomson

Separately, state agencies said late Thursday that millions of people in Louisiana and Oregon had their data compromised in a security breach. The cyberattack has targeted federal and state agencies. No other federal agencies have confirmed being impacted. And on Thursday, state agencies said 3.5 million Oregonians with driver’s licenses or state ID cards had been impacted by a breach as well as anyone with that documentation in Louisiana. But much of the responsibility now lies on businesses and federal agencies rather than individuals, according to Cattanach.

Persons: “, ” Robert Cattanach, Dorsey, you’re, ”, Clop, Brett Callow, Emsisoft, ” Callow, Aon, they’ve, ” CISA, Allan Liska Organizations: CNN, Infrastructure Security Agency, Whitney, Department of Justice, The Department of Energy, BBC, British Airways, Boston Globe, Sydney Phoenix, US Department of Homeland, Johns Hopkins University, University of Georgia, –, Progress Software Locations: Russian, Louisiana, Oregon, Minnesota, Illinois, Arlington , VA, Baltimore, Georgia’s

☆ Millions of Americans’ personal data exposed in global hack
▼ + stars: | 2023-06-16 | by ( Sean Lyngaas | ) edition.cnn.com time to read: +5 min

CNN —Millions of people in Louisiana and Oregon have had their data compromised in the sprawling cyberattack that has also hit the US federal government, state agencies said late Thursday. The breach has affected 3.5 million Oregonians with driver’s licenses or state ID cards, and anyone with that documentation in Louisiana, authorities said. The hackers exploited a flaw in a popular file-transfer software known as MOVEit made by Massachusetts-based Progress Software. Hundreds of organizations across the globe have likely had their data exposed after the hackers used the flaw to break into networks in recent weeks. US officials described the cyberattack as an opportunistic, financially motivated hack that has not caused disruptions to agency services.

Persons: Casey Tingle, Aon, John Bel Edwards, ” Munish Walther, Puri, It’s, ”, Jeff Greene, “, Greene Organizations: CNN, Department of Energy, BBC, British Airways, University of Georgia, Social, Louisiana Office of Motor Vehicles, Louisiana Gov, US, Progress Software, FBI, Infrastructure Security Agency, National Security Council, Aspen Locations: Louisiana, Oregon, Russian, Massachusetts, Clop, Ukraine

☆ Russian ransomware hacker extorted millions from U.S. businesses, prosecutors say
▼ + stars: | 2023-06-15 | by ( Rohan Goswami | In Rohangoswamicnbc | ) www.cnbc.com time to read: +2 min

A 20-year-old Russian hacker was part of a campaign that worked to extort tens of millions of dollars from more than 1,400 victims, federal prosecutors said Thursday. Astamirov allegedly deployed ransomware called LockBit to steal sensitive data from the servers of businesses, then lock those systems and demand payment of hundreds of thousands of dollars. Department of Justice prosecutors allege Astamirov was directly responsible for five different attacks against U.S. businesses in Florida and Virginia, as well as international businesses based in France, Japan and Kenya. LockBit-powered attacks account for 16% of ransomware attacks against state and local governments, according to the Department of Homeland Security. Astamirov will face a federal judge Thursday, prosecutors said in a release announcing his arrest.

Persons: Ruslan Astamirov, Astamirov, ransomware, Astarimov, cybercriminals, Lisa Monaco, LockBit, Carlos Del Toro Organizations: Department of Justice, U.S, Department of Homeland Security, NBC, CNBC, U.S . Navy Locations: Russian, Chechen Republic, , New Jersey, Florida, Virginia, France, Japan, Kenya, Russia, China

☆ U.S. government says several agencies hacked as part of broader cyberattack
▼ + stars: | 2023-06-15 | by ( Kevin Collier | ) www.cnbc.com time to read: +2 min

Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly testifies before a House Homeland Security Subcommittee, at the Rayburn House Office Building on April 28, 2022 in Washington, DC. Several U.S. agencies have been hacked as part of a broader cyberattack that has hit dozens of companies and organizations in recent weeks through a previously unknown vulnerability in popular file sharing software. "CISA is providing support to several federal agencies that have experienced intrusions," he said. Charles Carmakal, chief technology officer of Mandiant, a cybersecurity company owned by Google whose clients include government agencies, said that he was aware of some data theft from federal agencies through the MOVEIt hacks. Wendi Whitmore, who leads threat analysis for the cybersecurity company Palo Alto Networks, said that CL0P's campaign of hacking victims through MOVEIt was incredibly widespread.

Persons: Jen, Eric Goldstein, Charles Carmakal, Andrea Mitchell, Brett Callow, Wendi Whitmore, MOVEIt Organizations: Infrastructure Security Agency, Homeland Security, U.S, Google, NBC News, FBI, National Intelligence, National Security Council, Palo Alto Networks Locations: Rayburn, Washington ,, MOVEIt

☆ US government hit in global cyberattack
▼ + stars: | 2023-06-15 | by ( Sean Lyngaas | ) edition.cnn.com time to read: +3 min

CNN —“Several” US federal government agencies have been hit in a global cyberattack that exploits a vulnerability in widely used software. A CISA spokesperson had no comment when CNN asked who carried out the hack of federal agencies and how many have been affected. But the news adds to a growing tally of victims of a sprawling hacking campaign that began two weeks ago and has hit major US universities and state governments. As of Thursday morning, the dark website did not list any US federal agencies. Progress, the US firm that owns the MOVEit software, has also urged victims to update their software packages and has issued security advice.

Persons: Eric Goldstein, cybersecurity, “, – Organizations: CNN, Infrastructure Security Agency, Johns Hopkins University, University of Georgia, –, BBC, British Airways Locations: Russian, Baltimore, Georgia’s, Minnesota, Illinois

☆ The viral AI-generated image showing an explosion near the Pentagon is 'truly the tip of the iceberg of what's to come,' tech CEO says
▼ + stars: | 2023-06-09 | by ( Grace Dean | ) www.businessinsider.com time to read: +3 min

People need to prepare for a surge in AI-generated content being shared online, a tech CEO told CNN. The viral image of an explosion near the Pentagon is just "the tip of the iceberg," Jeffrey McGregor said. The viral AI-generated image showing an explosion near the Pentagon is "truly the tip of the iceberg of what's to come," a CEO who works in image authenticity detection has warned. Earlier this year, a photographer sparked debate about whether AI-generated images can be classed as art after an image he created using DALL-E 2 won a major international photography competition. It's not just AI-generated images that are being used to deceive people.

Persons: Jeffrey McGregor, we're, Donald Trump, hadn't, It's, Joe Rogan, Ben Shapiro, Emma Watson, McGregor, Ben Colman Organizations: CNN, Pentagon, Reality

☆ How tech companies are working to help detect AI-generated images
▼ + stars: | 2023-06-08 | by ( Jennifer Korn | ) edition.cnn.com time to read: +10 min

In recent months, an AI-generated image of Pope Francis in a puffer jacket went viral and AI-generated images of former President Donald Trump getting arrested were widely shared, shortly before he was indicted. Some lawmakers are now calling for tech companies to address the problem. Reality Defender and Hive Moderation are working on the former. Other tech companies like Google appear to be pursuing a playbook that pulls a bit from both approaches. “We need everybody to participate.”For now, however, tech companies continue to move forward with pushing more AI tools into the world.

Persons: Jeffrey McGregor, “ We’re, we’re, ”, McGregor, ” McGregor, Pope Francis, Donald Trump, Vera Jourova, –, “, Dall, ChatGPT, ” Hany Farid, ” Farid, Tom Cruise deepfake, ” Ben Colman, Kevin Guo, ” Guo, —, Andy Parsons, Bing, Farid, ” Parsons Organizations: New, New York CNN, Microsoft, ” Tech, European, Google, Meta, Big Tech, Reality, University of California, CNN, Realty, “, Coalition, Adobe, CAI, BBC, Intel, Sony Locations: New York, EU, Berkeley

☆ Clop: Russian-speaking cyber gang claims credit for hack of BBC and British Airways employee data
▼ + stars: | 2023-06-07 | by ( Sean Lyngaas | ) edition.cnn.com time to read: +3 min

CNN —A group of Russian-speaking cyber criminals has claimed credit for a sweeping hack that has compromised employee data at the BBC and British Airways and left US and UK cybersecurity officials scrambling to respond. The compromise of employee data at the BBC and British Airways came via a breach of a human resources firm, Zellis, that both organizations use. Numerous US state government agencies use the MOVEit software, but it’s unclear how many agencies, if any, have been compromised. The US Cybersecurity and Infrastructure Security Agency has ordered all federal civilian agencies to update the MOVEit software in light of the hack. Progress, the US firm that owns the MoveIT software, has also urged victims to update their software packages and has issued security advice.

Persons: ” They’ve, —, CISA, Eric Goldstein, Charles Carmakal, ”, Allan Liska Organizations: CNN, BBC, British Airways, Infrastructure Security Agency, Federal Bureau of Investigation, Progress Software, FBI, Mandiant Consulting, Google, LinkedIn Locations: Canada

Rubrik may raise more than $750 million in its IPO, three of the sources added, though that may change based on market conditions as the preparations are still at an early stage. Rubrik currently generates annual recurring revenue of about $600 million, one of the sources said. Three of the sources said Rubrik could choose to go public in 2024, if the IPO market becomes more welcoming. Founded in 2014 by venture capitalist Bipul Sinha, Rubrik makes cloud-based ransomware protection and data-backup software. SoftBank-backed Cohesity Inc, which competes with Rubrik, is also preparing to go public, having filed confidentially for an IPO in late 2021, Reuters reported.

Persons: Goldman Sachs, Rubrik, Bipul Sinha, Johnson, Echo Wang, Milana Vinn, Krystal Hu, Matthew Lewis Organizations: YORK, Microsoft Corp, Barclays Plc, Citigroup Inc, Barclays, Citi, Nvidia Corp, Depot Inc, Bain Capital Ventures, Lightspeed Venture Partners, Kenvue Inc, Johnson, SoftBank Group Corp, Inc, Reuters, Cohesity Inc, Thomson Locations: U.S, Palo Alto , California, ., New York

☆ BA, BBC and Boots caught up in file transfer hack
▼ + stars: | 2023-06-05 | by ( ) www.reuters.com time to read: +2 min

BA, the BBC and Boots said the breach occurred at their payroll provider, Zellis. The provincial government of Nova Scotia, in Canada, was also hit by the breach. The data from Zellis and the Nova Scotia government was exposed through their use of the MOVEit file transfer software, both organizations said in separate statements. The Nova Scotia government did not immediate return a request for comment. Boots, part of Walgreens Boots Alliance (WBA.O), said the attack had included some of its employees' personal details.

Persons: Boots, Zellis, Nova, Colton LeBlanc, MOVEit, extortionists, Raphael Satter, Sarah Young, Muvija, Eva Mathews, Paul Sandle, Bill Berkrot Organizations: British Airways, BBC, Nova, Security, Digital Solutions, IAG, Walgreens Boots Alliance, Progress Software, Microsoft, Reuters, Britain . British Airways, Thomson Locations: Nova Scotia, Canada, Zellis, Britain, Washington, London, Bengaluru

☆ In a new hacking crime wave, much more personal data is being held hostage
▼ + stars: | 2023-05-07 | by ( Kevin Travers | ) www.cnbc.com time to read: +5 min

Gorodenkoff | iStock | Getty ImagesThe cybersecurity world faces new threats beyond targeted ransomware attacks, according to experts at the recent RSA cybersecurity industry conference in San Francisco. McMann said hackers are now focusing on stealing customer or employee data and then threatening to leak it publicly. At the end of March, OpenAI documented a data leak in an open-source data provider that made it possible to see personal AI chat histories, payment information, and addresses. The team patched the leak in hours, but McMann said once data is out there, hackers can use it. "For example, the LastPass breach saw one of four key individuals targeted on their personal computer, through a personal public IP address getting in through an unpatched solution," he said.

☆ FBI says it is coordinating with city of Dallas over ransomware incident
▼ + stars: | 2023-05-05 | by ( ) www.reuters.com time to read: +1 min

WASHINGTON, May 5 (Reuters) - The FBI said on Friday it was coordinating with the city of Dallas, Texas, over a ransomware incident that disrupted several public services, closing courts and knocking emergency services websites offline this week. "The FBI is aware of the incident and coordinating with the city of Dallas. Courts were closed on Wednesday and Thursday, the city said in a series of statements posted online. Although the statements said emergency services to residents were unaffected, the home pages of the police and fire service were unavailable on Friday, and a police spokesperson said the city's computer-aided dispatch system had been hit. The ransomware operation behind the Dallas hack is called Royal, according to two security researchers familiar with the incident.

May 4 (Reuters) - Hacker sabotage has disrupted several public services in Dallas, closing courts and knocking emergency services websites offline, officials said Thursday. Courts were closed Wednesday and will remain closed Thursday, the City of Dallas said in a series of statements posted to the web. Dallas city officials did not immediately return messages seeking comment. Other authorities affected included the Dallas Water Utilities, which was delaying readings, and the Dallas Public Library, whose online materials were unavailable, according to the statement. Dallas officials said that the cause was ransomware - a form of malicious software that hackers use to scramble data and immobilize networks until an extortion payment is made, typically in digital currency.

☆ Chinese hackers outnumber FBI cyber staff 50 to 1, bureau director says
▼ + stars: | 2023-04-28 | by ( Lauren Feiner | ) www.cnbc.com time to read: +1 min

U.S. cyber intelligence staff is vastly outnumbered by Chinese hackers, Federal Bureau of Investigation Director Christopher Wray told Congress as he pleaded for more money for the agency. The disclosure highlights the massive scale of cyber threats the U.S. is facing, particularly from China. The agency is requesting about $63 million to help it beef up its cyber staff with 192 new positions. Wray said this would also help the FBI put more cyber staff in field offices to be closer to where victims of cyber crimes actually are. WATCH: Crowdstrike CEO on government spending on cyber, vulnerabilities and geopolitical threats

Search resuls for: "Ransomware"

25 mentions found