Foxconn, the electronics manufacturing company best known for its role in the creation of iPhones, revealed this week that it recently “suffered a cyber attack.” A ransomware group called Nitrogen claimed responsibility for the hack and said it stole 8TB of data from the manufacturer. Although the theft has not been confirmed, the fact that Foxconn remains a valuable target is almost inevitable.
It’s going to be a lot more crowded in the skies above the United States-Canada border. The Department of Homeland Security and Defense Research and Development Canada plans to run an experiment testing 5G-connected drones to collect “real-time battlefield intelligence.”
Meanwhile, in the Strait of Hormuz, Iran’s Revolutionary Guard Corps is successfully blocking the vital shipping route using a “mosquito fleet” of small boats as US-Israeli combat operations continue to bomb the country.
and that’s not all. Each week, we round up security and privacy news that we haven’t covered in depth ourselves. Click on titles to read full stories. And stay safe there.
A lesson for future criminal hackers and rogue employees: When you—and, say, your twin brother—decide to destroy your employer’s network, the first thing you do is remember to close the Microsoft Teams meeting you were fired from, so that it doesn’t record you discussing your acts of vengeance.
Hopefully this lesson has now been driven home to Muneeb and Sohaib Akhtar, two hackers who have now pleaded guilty to charges that they destroyed 96 government databases after being fired from their jobs at federal contractor Opexus. (Muneeb has since tried to reiterate his guilty plea in handwritten notes to the judge.) Their employer had decided to terminate both 34-year-old brothers after discovering their criminal records, which included multiple hacking and wire fraud convictions for minor crimes like theft of airline miles.
The teams’ meeting in which both men were fired lasted only a few minutes. However, the detailed planning and execution of their revenge campaign lasted for hours and was all recorded in the same team meeting they failed to shut down – a court document seen by Ars Technica documented.
“Still connected? Still on VPN?” Sohaib is heard saying this to his brother, who lived in the same house. “Delete all their databases?”
“Now we are talking small talk,” says Muneeb.
Instructor, the company behind the educational software Canvas, said on Monday it has reached a settlement with hackers calling themselves ShinyHunters who disrupted Canvas in thousands of US schools and posted ransom messages on victims’ screens. In a message on its website, the company wrote that it “has reached a settlement with the unauthorized actor involved in this incident.” The statement claimed that the data stolen by the hackers – including 275 million student records – had been “returned” to Instruct, destroyed on the hackers’ own systems, and no further extortion money would be made from any Instruct customer. Instructor did not clearly state whether he had paid the ransom, or if so, how much he had paid.
Glad to have it all settled. (Until the well-incentivized ransomware industry brings its next big disruption.)
Dream Market was once the world’s largest dark web market for drugs and other contraband until it voluntarily shut down in 2019 after a series of raids in which many of its sellers were arrested. Now, more than seven years after the illegal marketplace disappeared from the Internet, the alleged administrator of the marketplace has reportedly been located and charged. Ove Martin Andresen was arrested earlier this month during raids at his home and two other locations. U.S. and German prosecutors say he made millions of dollars in Dream Market commissions, some of which was laundered through gold bars he allegedly bought from an Atlanta company. Given that Dream Market was launched in 2013 – the same year that the original Silk Road dark web drug market was busted – Andresen’s arrest could bring to a close the longest-running dark web drug investigation to date.
OpenAI revealed that two of its employees were affected by a supply chain attack on an open source project called Tanstack, a popular library used to build web apps. In a blog post, the company said it investigated the incident and observed unauthorized access and “credential-focused intrusion activity” in a limited subset of internal code repositories. The company did not find evidence that user data was accessed or that its production systems were compromised. However, it is now required that all macOS users update their OpenAI apps by June 12th.
The Tanstack hijacking was part of a larger attack on open source packages used by developers. The hackers embedded malware designed to steal people’s private data, which BleepingComputer reported included Git credentials, GitHub action tokens, SSH keys, and cloud code configuration.
Findem, a major US data broker that was previously caught hiding its data-deletion pages from Google, says it has taken steps to fix the problem three years later. The firm told Democrats on the Joint Economic Committee this week that a former employee had embedded a “no index” code on the company’s website to prevent consumers from finding its opt-out controls through a Google search, but company executives were unaware of the matter.
Fidem said it removed the code the day after Senator Maggie Hassan, the panel’s ranking member, published a report in February calling out the company for its practices and failing to respond to the JEC minority’s questions. Findem says that during the years the page was de-indexed, only 679 people viewed it.
<a href