GoKawiilThe United States military has known for years that enemies could use location data to track troops’ phones—and it’s also long been aware of easy fixes for the problem. The Pentagon adopted almost none of these protections, though, in spite of admitting in a letter exposed this week that US adversaries are actually using the data to target soldiers in war. Meanwhile, US law enforcement warned this week about “anti-tech extremism” as AI backlash grows around the country.
After a nearly 90-day internet shutdown, connectivity started to trickle back into Iran this week amid internal political power struggles and ongoing negotiations with the US to end its war with Tehran. Researchers cautioned that it is unclear how extensive the restoration will be and whether connectivity will only return temporarily.
As cybercriminals and offensive hackers ramp up their use of AI to exploit vulnerabilities and develop hacking tools, the technology is also radically changing the dynamics of how security researchers hunt for vulnerabilities. And scammers are using real hotel reservation data and other travel details to conduct effective spear-phishing campaigns, potentially accessing customer data from 350 hotels and vacation rentals around the world.
And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
Play, a Russian-language ransomware operation that has affected more than 900 organizations since 2022, posted to its dark-web leak site on Monday claiming it had pulled “private and personal confidential data, clients' documents, budget, payroll, IDs, taxes,” and other financial records from MyPillow. The Minnesota-based home goods company is run by Mike Lindell, who is among at least 10 Republicans seeking the party’s nomination for governor of Minnesota in August’s primary. Lindell is also one of the most prolific backers of Donald Trump’s false claims of victory in the 2020 election.
Play reportedly set a Friday deadline for MyPillow to make contact before publishing the data online. Lindell told Straight Arrow News, which broke the story of the ransomware claims on Tuesday, that his company was not hacked and that allegations that it was are a political hit job.
“This is another hit job by outside sources because I’m running for governor,” Lindell said. “I guarantee it. We do not have any breaches in our data at all.”
Lindell has been on the losing end of two recent defamation rulings over his 2020 election claims: A federal jury in Colorado last year found that he had defamed Eric Coomer, a former Dominion Voting Systems director, and ordered Lindell and his media platform, FrankSpeech, to pay $2.3 million in damages; a federal judge in Minnesota separately ruled in September that Lindell had defamed Smartmatic through 51 false statements about its voting machines, with damages still to be set at trial.
In recent years, ransomware groups have become more aggressive and ruthless in their efforts to obtain money from victims. Most of these criminal hackers now focus on stealing data and extorting companies rather than using malware to lock computer systems. But in rare occasions, ransomware groups have been seen directly threatening executives, or contacting people named in stolen data, to try to obtain payment. The FBI said this week that one ransomware group is going even further: sending people to steal data directly from companies IRL.
Among more traditional social engineering techniques, the FBI says the Silent Ransom Group (SRG), which is targeting law firms, has sent people to company offices to directly get access to computers. “By sending someone in person to the victim’s location to facilitate the intrusion, SRG actors exfiltrate data to an external hard drive or USB drive inserted by the threat actor into the victim’s computer,” the FBI said in an alert. Security researchers say the tactic has not been seen before. The FBI did not provide any information about who the Russian-speaking ransomware group was sending to conduct its attacks, but researchers believe they could be paying freelancers who do not necessarily know who they are working for.
... continue reading