Tag: cybersecurity

US Army soldier pleads guilty to hacking telcos and extortion

Posted on by faz_business


Former U.S. Army soldier Cameron John Wagenius pleaded guilty to hacking telecommunication companies and attempting to extort them by threatening to release stolen files, the Department of Justice announced on Tuesday.

According to the DOJ, Wagenius, who went online with the nickname “kiberphant0m,” conspired to defraud 10 victim companies by stealing their login credentials, using brute force attacks and other techniques, and then used Telegram group chats to transfer the stolen credentials and discusses hacks. 

Wagenius and his conspirators also attempted to extort their victims in private and in public, including on hacking forums such as the notorious BreachForums. They sold some of the stolen data and also used the stolen credentials to commit other frauds, including SIM swapping victims. 

Earlier this year, Wagenius had already pleaded guilty to hacking AT&T and Verizon, a breach that led to him stealing a massive amount of call records.  

Wagenius’ sentencing is scheduled for October 6, and he faces 20 years in prison, according to the press release. 

The hacker has been linked to a series of hacks that originated from the breach of could computing services giant Snowflake.

If you’re using Microsoft Authenticator to store your passwords, don’t

Posted on by faz_business


Microsoft Authenticator is sunsetting its ability to store your passwords. This month, the service stopped allowing users to add or import new passwords. Beginning in July 2025, users will no longer be able to use autofill with Authenticator, and in August 2025, passwords will no longer be available at all. Payment information stored in Authenticator will be deleted after July, and after the following month, all unsaved generated passwords will be deleted. Passkeys will still be supported in Authenticator.

People who want to stay within the Microsoft ecosystem do have the option to use access their saved passwords when using the Edge browser. But if you’re not interested in Edge, that means Authenticator users may want to peruse their options for a different password manager. Fortunately, there are several excellent choices for that aren’t tied to a particular hardware provider.

Now’s a good time to check in on your Steam account security

Posted on by faz_business


Update May 14, 6:38PM ET: Valve has confirmed that Steam systems were not breached and identifying user data has not been stolen or accessed by hackers. The company provided clarification in a Steam blog post:

“We’re still digging into the source of the leak, which is compounded by the fact that any SMS messages are unencrypted in transit, and routed through multiple providers on the way to your phone. The leak consisted of older text messages that included one-time codes that were only valid for 15-minute time frames and the phone numbers they were sent to. The leaked data did not associate the phone numbers with a Steam account, password information, payment information or other personal data. Old text messages cannot be used to breach the security of your Steam account.”

Our original story follows.

Steam has allegedly suffered a data breach in the past week. Details are scant and difficult to confirm, but a known hacker has claimed to be selling a database of more than 89 million user records for the gaming platform with one-time access codes obtained from a third-party vendor used by Steam. If accurate, that would include information about more than two-thirds of Steam’s audience.

The original LinkedIn post identifying a breach suggested that the leaked information came from cloud communication company Twilio. However, a Steam rep said the platform doesn’t use Twilio, so if there has been a breach, it may be through a different vendor providing SMS codes for access.

While we’re genuinely not sure what’s happening at this stage, the whole kerfuffle is a timely reminder to check in on your online security practices. In the case of Steam, Valve has a mobile authentication program called Steam Guard that can help keep your account secure. It’s also a good practice to make sure you’re regularly changing your pass codes, especially when it’s possible that some component of Steam Guard was at the root of this week’s security drama. A password manager can streamline that process. Since phone numbers appear to have been compromised, be extra alert to possible phishing attempts via text.

If you buy something through a link in this article, we may earn commission.

Cybersecurity Professor Faced China-Funding Inquiry Before Disappearing, Sources Say

Posted on by faz_business


Jason Covert, one of attorneys representing Xiaofeng Wang and his wife, Nianli Ma, a library systems analyst whose employee profile was also removed by Indiana University, tells WIRED that Wang and Ma are both “safe” and that neither of them have been arrested. Their legal team is not currently aware of any pending criminal charges against them, and while the couple’s attorneys have viewed a search warrant from the Department of Justice, Covert says they have not received a copy of the affidavit establishing probable cause.

Wang is considered among the top researchers in the field of privacy, data security, and biometric privacy, and his sudden disappearance came as a shock to many of his academic peers. Wang joined IU in 2004 and is the lead principal investigator of the multidisciplinary Center for Distributed Confidential Computing, which he established in 2022 with an almost $3 million grant from the National Science Foundation (NSF), according to a since-deleted bio on IU’s website. As part of his application for the NSF funding and other US federal research grants, Wang would have been required to disclose other grants he already received or were currently pending review.

On March 28, the FBI searched two home addresses associated with Wang. The same day, IU also reportedly terminated Wang’s job via an email sent by provost Rahul Shrivastav, which WIRED obtained and was first reported by The Indiana Daily Student. The email also said it was understood that Wang had recently accepted a position with a university in Singapore, a detail also repeated in the statement attributed to Li.

The statement says Wang planned to start at the unnamed Singaporean university on June 1, 2025 and requested a leave of absence from Indiana University in early March. But IU responded by “putting him on administrative leave, removing his IU homepage, and disabling his IU email address,” it claims.

Wang’s new job offer “would be irrelevant in any event because it is for [the] next academic year and would not justify firing him,” Tanford says. Terminating his employment via an email was a violation of university policy, Tanford claims, which prohibits firing a tenured professor without cause, and requires a 10-day notice and a hearing before a faculty board of review, if requested by the staff member. “The faculty is deeply concerned. If the administration can fire a tenured professor without due process and in violation of a policy approved by our trustees, none of us is safe,” he says.

Reached for comment, an IU spokesperson declined to answer detailed questions from WIRED about prior communications between the university and Wang and the school’s decision to fire him.

“Indiana University was recently made aware of a federal investigation of an Indiana University faculty member,” university spokesperson Mark Bode tells WIRED in an emailed statement. “At the direction of the FBI, Indiana University will not make any public comments regarding this investigation. In accordance with Indiana University practices, Indiana University will also not make any public comments regarding the status of this individual.”

National Security Council adds Gmail to its list of bad decisions

Posted on by faz_business


The Washington Post that members of the White House’s National Security Council have used personal Gmail accounts to conduct government business. National security advisor Michael Waltz and a senior aide of his both used their own accounts to discuss sensitive information with colleagues, according to the Post‘s review and interviews with government officials who spoke to the newspaper anonymously.

Email is not the best approach for sharing information meant to be kept private. That covers sensitive data for individuals such as social security numbers or passwords, much less confidential or classified government documents. It simply has too many potential paths for a bad actor to access information they shouldn’t. Government departments typically use business-grade email services, rather than relying on consumer email services. The federal government also has its own internal communications systems with additional layers of security, making it all the more baffling that current officials are being so cavalier with how they handle important information.

“Unless you are using GPG, email is not end-to-end encrypted, and the contents of a message can be intercepted and read at many points, including on Google’s email servers,” Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation told the Post.

Additionally, there are regulations requiring that certain official government communications be preserved and archived. Using a personal account could allow some messages to slip through the cracks, accidentally or intentionally.

This latest instance of dubious software use from the executive branch follows the discovery that several high-ranking national security leaders used Signal to discuss planned military actions in Yemen, then added a journalist from The Atlantic to the group chat. And while Signal is a more secure option than a public email client, even the encrypted messaging platform can be exploited, as its own team last week.

As with last week’s Signal debacle, there have been no repercussions thus far for any federal employees taking risky data privacy actions. NSC spokesman Brian Hughes told the Post he hasn’t seen evidence of Waltz using a personal account for government correspondence.

CFPB drops Zelle lawsuit in latest reversal under Trump administration

Posted on by faz_business


The Consumer Financial Protection Bureau has dropped its lawsuit over peer-to-peer payment system Zelle, the latest in a series of dismissals from this department under President Donald Trump’s administration. The agency had only just announced the suit — filed against Zelle’s operating entity Early Warning Services and partner banks JPMorgan Chase, Bank of America and Wells Fargo – in December. According to the initial action, the CFPB said that customers of the three banks had lost more than $870 million during the seven years Zelle has been active.

A spokesperson for Zelle said the company welcomed the CFPB’s decision, and reiterated that it believes the lawsuit was “without merit, and legally and factually flawed.” A JPMorgan Chase representative called scam prevention and consumer education “a national security problem” and stated the bank’s commitment to working “across the public and private sectors” toward solutions.

The CFPB made several moves to increase oversight on the financial products offered by tech companies under its previous director, Rohit Chopra. However, the agency is now overseen by Acting Director Russell Vought, who ordered the CFPB to cease all “supervision and examination activity” last month. While employees of the bureau have sued to try to keep the CFPB alive, there have been conflicting messages from government leadership about the agency’s status.

Since taking office, Trump and ally Elon Musk have taken sweeping actions to control and close federal government departments. Agencies that have historically regulated Musk’s business activities have been among those with reduced powers, as have federal operations for cybersecurity, digital services and personnel management.

Update, March 5, 2025, 4:41PM ET: Added official statements from Zelle and JPMorgan Chase.

US indicts five individuals in crackdown on North Korea’s illicit IT workforce

Posted on by faz_business


U.S. authorities have indicted five people over their alleged involvement in a multi-year scheme that saw them obtain remote IT employment with dozens of American companies.

The Department of Justice on Thursday announced the indictment of North Korean citizens Jin Sung-Il and Pak Jin-Song; Pedro Ernesto Alonso De Los Reyes of Mexico, and U.S. nationals Erick Ntekereze Prince and Emanuel Ashtor.

The DOJ said the FBI arrested Ntekereze and Ashtor, and a search of Ashtor’s home in North Carolina found evidence of a “laptop farm” that hosted company-provided laptops to deceive organizations into thinking they had hired workers based in the U.S.

Alonso was also arrested in the Netherlands after a U.S. warrant was issued.

According to the indictment, Ntekereze and Ashtor allegedly installed remote access software, including Anydesk and TeamViewer, on the company-provided devices, allowing the North Koreans to conceal their locations. The two Americans also provided Jin and Pak with forged identity documents, including U.S. passports and U.S. bank accounts.

The indictment alleges that the defendants gained employment from at least 64 American organizations over the course of the multi-year scheme, which ran from April 2018 through August 2024. These included a U.S. financial institution, a San Francisco-based technology company, and a Palo Alto-headquartered IT organization.

According to the Justice Department, payments from ten of those companies generated at least $866,255 in revenue, most of which was laundered through a Chinese bank account. 

“The Department of Justice remains committed to disrupting North Korea’s cyber-enabled sanctions-evading schemes, which seek to trick U.S. companies into funding the North Korean regime’s priorities, including its weapons programs,” Devin DeBacker, supervisory official with the Justice Department’s National Security Division, said in a statement. 

Alongside Thursday’s indictments, which come just days after the Treasury Department sanctioned two individuals and four entities for allegedly engaging in similar behavior, the FBI released an advisory warning that North Korean IT workers are increasingly engaging in malicious activity, including data extortion.

The agency said it has observed North Korean IT workers leveraging unlawful access to company networks to “exfiltrate proprietary and sensitive data, facilitate cyber-criminal activities, and conduct revenue-generating activity on behalf of the regime.”

A New Jam-Packed Biden Executive Order Tackles Cybersecurity, AI, and More

Posted on by faz_business


Four days before he leaves office, US president Joe Biden has issued a sweeping cybersecurity directive ordering improvements to the way the government monitors its networks, buys software, uses artificial intelligence, and punishes foreign hackers.

The 40-page executive order unveiled on Thursday is the Biden White House’s final attempt to kickstart efforts to harness the security benefits of AI, roll out digital identities for US citizens, and close gaps that have helped China, Russia, and other adversaries repeatedly penetrate US government systems.

The order “is designed to strengthen America’s digital foundations and also put the new administration and the country on a path to continued success,” Anne Neuberger, Biden’s deputy national security adviser for cyber and emerging technology, told reporters on Wednesday.

Looming over Biden’s directive is the question of whether president-elect Donald Trump will continue any of these initiatives after he takes the oath of office on Monday. None of the highly technical projects decreed in the order are partisan, but Trump’s advisers may prefer different approaches (or timetables) to solving the problems that the order identifies.

Trump hasn’t named any of his top cyber officials, and Neuberger said the White House didn’t discuss the order with his transition staff, “but we are very happy to, as soon as the incoming cyber team is named, have any discussions during this final transition period.”

The core of the executive order is an array of mandates for protecting government networks based on lessons learned from recent major incidents—namely, the security failures of federal contractors.

The order requires software vendors to submit proof that they follow secure development practices, building on a mandate that debuted in 2022 in response to Biden’s first cyber executive order. The Cybersecurity and Infrastructure Security Agency would be tasked with double-checking these security attestations and working with vendors to fix any problems. To put some teeth behind the requirement, the White House’s Office of the National Cyber Director is “encouraged to refer attestations that fail validation to the Attorney General” for potential investigation and prosecution.

The order gives the Department of Commerce eight months to assess the most commonly used cyber practices in the business community and issue guidance based on them. Shortly thereafter, those practices would become mandatory for companies seeking to do business with the government. The directive also kicks off updates to the National Institute of Standards and Technology’s secure software development guidance.

Another part of the directive focuses on the protection of cloud platforms’ authentication keys, the compromise of which opened the door for China’s theft of government emails from Microsoft’s servers and its recent supply-chain hack of the Treasury Department. Commerce and the General Services Administration have 270 days to develop guidelines for key protection, which would then have to become requirements for cloud vendors within 60 days.

To protect federal agencies from attacks that rely on flaws in internet-of-things gadgets, the order sets a January 4, 2027, deadline for agencies to purchase only consumer IoT devices that carry the newly launched US Cyber Trust Mark label.

Hackers injected malicious code into several Chrome extensions in recent attack

Posted on by faz_business


Hackers were reportedly able to modify several Chrome extensions with malicious code this month after gaining access to admin accounts through a phishing campaign. The cybersecurity company Cyberhaven shared in a this weekend that its Chrome extension was compromised on December 24 in an attack that appeared to be “targeting logins to specific social media advertising and AI platforms.” A few other extensions were hit as well, going back to mid-December, reported. According to Nudge Security’s , that includes ParrotTalks, Uvoice and VPNCity.

Cyberhaven notified its customers on December 26 in an email seen by , which advised them to revoke and rotate their passwords and other credentials. The company’s initial investigation of the incident found that the malicious extension targeted Facebook Ads users, with a goal of stealing data such as access tokens, user IDs and other account information, along with cookies. The code also added a mouse click listener. “After successfully sending all the data to the [Command & Control] server, the Facebook user ID is saved to browser storage,” Cyberhaven said in its analysis. “That user ID is then used in mouse click events to help attackers with 2FA on their side if that was needed.”

Cyberhaven said it first detected the breach on December 25 and was able to remove the malicious version of the extension within an hour. It’s since pushed out a clean version.

Healthcare organizations in the US may soon get a cybersecurity overhaul

Posted on by faz_business


A set of new requirements proposed by the US Department of Health and Human Services’ (HHS) Office for Civil Rights could bring healthcare organizations up to par with modern cybersecurity practices. The proposal, posted to the Federal Register on Friday, includes requirements for multifactor authentication, data encryption and routine scans for vulnerabilities and breaches. It would also make the use of anti-malware protection mandatory for systems handling sensitive information, along with network segmentation, the implementation of separate controls for data backup and recovery, and yearly audits to check for compliance.

HHS also shared a fact sheet outlining the proposal, which would update the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. A 60-day public comment period is expected to open soon. In a press briefing, US deputy national security advisor for cyber and emerging technology Anne Neuberger said the plan would cost $9 billion in the first year to execute, and $6 billion over the subsequent four years, Reuters reports. The proposal comes in light of a marked increase in large-scale breaches over the past few years. Just this year, the healthcare industry was hit by multiple major cyberattacks, including hacks into Ascension and UnitedHealth systems that caused disruptions at hospitals, doctors’ offices and pharmacies.

“From 2018-2023, reports of large breaches increased by 102 percent, and the number of individuals affected by such breaches increased by 1002 percent, primarily because of increases in hacking and ransomware attacks,” according to the Office for Civil Rights. “In 2023, over 167 million individuals were affected by large breaches — a new record.”