An Alleged Russian Smuggling Ring Was Uncovered in New Hampshire

Like the invasion of Russia of Ukraine continues, navigation system monitors reported this week that they have detected an increase in GPS outages in Russian cities since Ukraine began conducting long-range drone strikes. Elsewhere, a lawsuit against Meta alleges that the lack of proper moderation of hate speech on Facebook led to the violence that escalated Ethiopia’s civil war.

New evidence suggests attackers planted data to frame an Indian priest who died in police custody, and that hackers may have cooperated with law enforcement while he was being investigated. The Russia-based Cuba ransomware gang abused legitimate Microsoft certificates to sign some of its malware, a method of falsely legitimizing hacking tools that cybercriminals have particularly relied on in recent times. And with the one-year anniversary of the Log4Shell vulnerability, researchers and security professionals reflected on the current state of open source supply chain security and what needs to be done to improve patch adoption.

We also explore the confluence of factors and circumstances that lead to radicalization and extremism in the United States. And Meta gave WIRED insight into the difficulty of allowing users to recover their accounts when they’re locked out, without allowing attackers to exploit those same account takeover mechanisms.

But wait, there’s more! Each week, we highlight security news that we haven’t covered in depth ourselves. Click on the headlines below to read the full stories.

Also Read :  Abortions exposed among Australian health insurer customers

Alexey Brayman, 35, was one of seven people named in a 16-count federal indictment this week accusing them of operating an international smuggling ring over the past five years, illegally exporting restricted technology to Russia. Brayman was arrested Tuesday and later released on $150,000 bond, after being ordered to forfeit his passport and obey a curfew. He is an Israeli citizen who was born in Ukraine. Brayman and his wife, Daria, live in Merrimack, New Hampshire, a small town where the two run an online craft business out of their home. “They’re the nicest family,” said a delivery man who regularly drops off packages at their home The Boston Globe. “They’ll leave gift cards during the holidays. And snacks.” The indictment alleges, however, that his home was a staging ground for “millions of dollars in military and sensitive dual-use technologies from US manufacturers and sellers.” Two other suspects connected to the case were also arrested in New Jersey and Estonia.

A hacker breached the FBI’s InfraGard information-sharing database this week, compromising the data of more than 80,000 members who share details and updates through the platform related to critical infrastructure in the United States. Some of the data is sensitive and pertains to national and digital security threats. Last weekend, the hacker posted samples of data stolen from the platform on a relatively new cybercriminal forum called Breached. They priced the database at $50,000 for the full content. The hacker claims to have gained access to InfraGard by posing as the CEO of a financial company. The FBI said it was “aware of a possible fake account associated with the InfraGard portal and is actively investigating the matter.”

Also Read :  Pixel 7's major update, Twitter Blue pricier on iPhone

Former Twitter employee Ahmad Abouammo was convicted in August of receiving payment to send user data to the Saudi Arabian government while working at the tech company. He was also found guilty of money laundering, wire fraud and falsifying records. He is now sentenced to 42 months in prison. Abouammo worked at Twitter from 2013 to 2015. “This case revealed that foreign governments will bribe insiders to obtain user information that our Silicon Valley social media companies collect and store,” U.S. Attorney Stephanie Hinds said in a statement. . “This sentence sends a message to people who have access to user information to safeguard it, particularly from repressive regimes, or risk spending significant time in prison.” Earlier this year, whistleblower and former Twitter security chief Peiter Zatko alleged that Twitter has long had problems with foreign agents infiltrating the company. The situation was particularly worrying since the new CEO Elon Musk massively reviews the company and its workforce.

In an effort to compromise Ukrainian government networks, hackers have been posting malicious Windows 10 installers to torrent sites used in Ukraine and Russia, according to researchers at security firm Mandiant. The installers were configured with the Ukrainian language pack and were free to download. They implemented malware for reconnaissance, data collection and exfiltration. Mandiant said it could not definitively attribute the campaign to specific hackers, but that the targets overlapped with those targeted in previous hacks by Russia’s GRU military intelligence agency.

Also Read :  Gamevice Flex, definitive mobile/cloud gaming controller

Years after it was shown to be vulnerable and insecure, the US National Institute of Standards and Technology said Thursday that the SHA-1 cryptographic algorithm should be removed from all software platforms by December 31, 2030. Developers should turn to to algorithms with stronger security. , i.e. SHA-2 and SHA-3. The “security hash algorithm,” or SHA, was developed by the National Security Agency and debuted in 1993. SHA-1 is a slightly modified replacement used since 1995. By 2005 it was clear that SHA-1 was “cryptographically broken,” but remained in widespread use for years. However, NIST said this week that attacks against SHA-1 “have become increasingly serious.” Developers have eight years to migrate any remaining use of the algorithm. “Modules that still use SHA-1 after 2030 will not be able to be purchased by the federal government,” NIST computer scientist Chris Celi said in a statement.

Source

Leave a Reply

Your email address will not be published.