Washington Post: Tech giants ramp up cloud security under pressure from Washington. “After a recent theft of emails from top U.S. officials raised alarms about the country’s increasing dependence on the biggest cloud computing companies, Amazon, Google and Microsoft have begun to explain more of the work they do to secure the data of tens of millions of online customers.”
Reuters: War Crimes Tribunal ICC Says It Has Been Hacked. “The International Criminal Court (ICC) said on Tuesday its computer system had been hacked, a breach at one of the world’s most high-profile international institutions and one that handles highly sensitive information about war crimes.”
CNBC: How a North Korean cyber group impersonated a Washington D.C. analyst. “Six years ago, a well-respected researcher was working late into the night when she stepped away from her computer to brush her teeth. By the time she came back, her computer had been hacked.”
NBC News: Donald Trump Jr.’s X account apparently hacked, announces father’s death. “Donald Trump Jr.’s account on the social media platform formerly known as Twitter appeared to be hacked early Wednesday. One post falsely stated that former President Donald Trump had died, according to screenshots.”
The Register: Scattered Spider traps 100+ victims in its web as it moves into ransomware. “Scattered Spider, the crew behind at least one of the recent Las Vegas casino IT security breaches, has already hit some 100 organizations during its so-far brief tenure in the cybercrime scene, according to Mandiant. Further, as also witnessed in the ongoing MGM Resorts network outage, the gang, known for its social-engineering-based attacks, is now throwing data-stealing ransomware at victims, too.”
Ars Technica: How Google Authenticator made one company’s network breach much, much worse. “A security company is calling out a feature in Google’s authenticator app that it says made a recent internal network breach much worse. Retool, which helps customers secure their software development platforms, made the criticism on Wednesday in a post disclosing a compromise of its customer support system. The breach gave the attackers responsible access to the accounts of 27 customers, all in the cryptocurrency industry.”
BBC: Greater Manchester Police officers’ details hacked in cyber attack. “Police officers’ personal details have been hacked after a company was targeted in a cyber attack. The firm in Stockport, which makes ID cards, holds information on various UK organisations including some of the staff employed by Greater Manchester Police (GMP). The force confirmed it was aware of the ransomware attack.”
St. Louis Post-Dispatch: Cyberattack hits main St. Louis-area police database, shuts down system for a day. “A cyberattack earlier this week caused a major law enforcement database to shut down for about a day, leaving local police departments to lean on backup procedures for arrest reports, jail logs and law enforcement records.”
The Register: Save the Children feared hit by ransomware, 7TB stolen . “As highlighted by VX-Underground and Emsisoft threat analyst Brett Callow earlier today, BianLian bragged on its website it had hit an organization that, based on the gang’s description of its unnamed victim, looks to be Save The Children International. The NGO, which employs about 25,000 people, says it has helped more than a billion kids since it was founded in 1919.”
Bleeping Computer: Freecycle confirms massive data breach impacting 7 million users. “Freecycle, an online forum dedicated to exchanging used items rather than trashing them, confirmed a massive data breach that affected more than 7 million users. The nonprofit organization says it discovered the breach on Wednesday, weeks after a threat actor put the stolen data for sale on a hacking forum on May 30, warning affected people to switch passwords immediately.”
Ars Technica: Hacker gains admin control of Sourcegraph and gives free access to the masses. “An unknown hacker gained administrative control of Sourcegraph, an AI-driven service used by developers at Uber, Reddit, Dropbox, and other companies, and used it to provide free access to resources that normally would have required payment.”
404 Media: Hackers Can Silently Grab Your IP Through Skype. Microsoft Is In No Rush to Fix It. “Hackers are able to grab a target’s IP address, potentially revealing their general physical location, by simply sending a link over the Skype mobile app. The target does not need to click the link or otherwise interact with the hacker beyond opening the message, according to a security researcher who demonstrated the issue and successfully discovered my IP address by using it.”
The Street: FTX victims’ face doxxing threat after sensitive data taken by hackers. “Kroll, the firm managing customer data of FTX collapse victims, was hit by a data breach this month that resulted in customer data being stolen. The company was struck by ‘a cybersecurity incident that compromised non-sensitive customer data of certain claimants in the pending bankruptcy case,’ FTX said. However, Kroll announced that hackers also stole sensitive data in the hack.”
BBC: Anonymous Sudan hacks X to put pressure on Elon Musk over Starlink. “A hacking group called Anonymous Sudan took X, formerly known as Twitter, offline in more than a dozen countries on Tuesday morning in an attempt to pressurise Elon Musk into launching his Starlink service in their country. X was down for more than two hours, with thousands of users affected.”
BBC: Baghdad advertising boards turned off over porn screening. “Iraqi officials have ordered all electronic advertising screens to be shut down in Baghdad after a hacker used one to show a pornographic film. It happened at a major road junction in the Iraqi capital. Videos have been shared widely on social media. A man has been arrested in connection with the incident, police say.”
The ResearchBuzz Firehose is regular RB content presented as individual posts.
For digest-type posts a couple of times a day, please visit ResearchBuzz.
Want to know how to best use the Firehose for content discovery?
Check out this handy article.