Huntsville students out all week after computer system attack

Huntsville school students will not return to campuses for the rest of this week as the school system responds to a computer ransomware attack, the system said today.

Principals, assistant principals, and some operations staff will return Wednesday, and teachers and other employees will return Thursday “to prepare materials for students,” the system said on its website. Curbside meals will be available at some locations Wednesday.

The school system said it is working with local and federal authorities on what is “an active investigation.” An FBI spokesman confirmed Tuesday that the bureau is “involved and working on the case.” No further details were released.

The system said it is working to “determine if any or what information may have been compromised” by the computer system break-in. It said “some families at several campuses may have received phone calls regarding internet access for students. This does not appear to be connected

Read More

Industrial computer manufacturer Advantech hit with a ransomware attack

Industrial computer manufacturer Advantech Co. Ltd. has been hit with a ransomware attack, and those behind the attack are demanding a ransom of 750 bitcoin ($13.8 million).

Based in Taiwan, Advantech is the world’s largest supplier of industrial computers, with a 34% market share as of 2018. The company also manufactures network devices, servers, industrial “internet of things” devices and healthcare solutions.

The attack took place on Nov. 19, according to Taiwanese media with Bleeping Computer, which reported separately Saturday that it involved Conti ransomware. Those behind the Conti ransomware attack are said to have offered full data decryption and a promise to delete the data they had stolen if the ransom was paid with a threat to start releasing stolen data if payment was not made.

By Nov. 26, no payment had been made and those behind the attack released a 3.03-gigabyte archive of Advantech data that they claim

Read More

GoDaddy staff fall prey to social engineering scam in cryptocurrency exchange attack wave

GoDaddy employees were exploited to facilitate attacks on multiple cryptocurrency exchanges through social engineering and phishing. 

Staff at the domain name registrar were subject to a social engineering scam that duped them into changing email and registration records, used to conduct attacks on other organizations. 

As reported by security expert Brian Krebs last week, GoDaddy confirmed that the scam led to a “small number” of customer domain names being ‘modified” earlier this month.

Starting in mid-November, fraudsters ensured that email and web traffic intended for cryptocurrency exchanges was redirected. Liquid.com and the NiceHash cryptocurrency trading posts were impacted, and it is suspected that other exchanges may also have been affected. 

See also: Cryptocurrency platform dangles ‘bug bounty’ carrot to hacker who stole $2 million

According to Liquid CEO Mike Kayamori, a security incident on November 13 was caused by GoDaddy incorrectly transferring control of an account related to the firm’s

Read More

Service NSW expecting cyber attack to set it back AU$7m in legal and investigation costs

Service NSW, the New South Wales government’s one-stop shop for service delivery, in April 2020 experienced a cyber attack that compromised the information of 186,000 customers.

Following a four-month investigation that began in April, Service NSW said it identified that 738GB of data, which comprised of 3.8 million documents, was stolen from 47 staff email accounts.

Service NSW assured, however, there was no evidence that individual MyService NSW account data or Service NSW databases were compromised during the attack.

“This rigorous first step surfaced about 500,000 documents which referenced personal information,” Service NSW CEO Damon Rees said in September. “The data is made up of documents such as handwritten notes and forms, scans, and records of transaction applications.”

In delivering its 2020-21 Budget on Tuesday, the government revealed the legal and investigative cost it is expected to incur from the attack.

“In April 2020, Service NSW alerted police and authorities

Read More

Alek Minassian’s father testifies in van attack trial his son was about to start a good computer job

Article content continued

He paused in his testimony as he became emotional.

He said he watched video of his son pulling his hand out of his pocket and pointing it at police, pretending he had a gun.

“I was in a state of shock,” he said. “How is this even possible?”

He testified there was no hint of his son being capable of it.

“I’ve seen no history of violence. He is, if anything, he’s always been characterized as a gentle person.”

Minassian’s father said his son had problems from a young age because of odd behaviours. He was in a special education program throughout his schooling. In some subjects, such as math, he was ahead of his peers but in other he was far behind.

Social interaction, he said, “was one of the greatest challenges he had.” He did not recognize facial expressions that reveal other’s emotional state, such

Read More

Trojanized Security Software Hits South Korea Users in Supply-Chain Attack

Software Supply Chain Attack

Cybersecurity researchers took the wraps off a novel supply chain attack in South Korea that abuses legitimate security software and stolen digital certificates to distribute remote administration tools (RATs) on target systems.

Attributing the operation to the Lazarus Group, also known as Hidden Cobra, Slovak internet security company ESET said the state-sponsored threat actor leveraged the mandatory requirement that internet users in the country must install additional security software in order to avail Internet banking and essential government services.

The attack, while limited in scope, exploits WIZVERA VeraPort, which is billed as a “program designed to integrate and manage internet banking-related installation programs,” such as digital certificates issued by the banks to individuals and businesses to secure all transactions and process payments.

The development is the latest in a long history of espionage attacks against victims in South Korea, including Operation Troy, DDoS attacks in 2011, and against banking institutions

Read More

DNS cache poisoning, the Internet attack from 2008, is back from the dead

Extreme close-up photograph of Web browser window.

In 2008, researcher Dan Kaminsky revealed one of the more severe Internet security threats ever: a weakness in the domain name system that made it possible for attackers to send users en masse to imposter sites instead of the real ones belonging to Google, Bank of America, or anyone else. With industrywide coordination, thousands of DNS providers around the world installed a fix that averted this doomsday scenario.

Now, Kaminsky’s DNS cache poisoning attack is back. Researchers on Wednesday presented a new technique that can once again cause DNS resolvers to return maliciously spoofed IP addresses instead of the site that rightfully corresponds to a domain name.

“This is a pretty big advancement that is similar to Kaminsky’s attack for some resolvers, depending on how [they’re] actually run,” said Nick Sullivan, head of research at Cloudflare, a content-delivery network that operates the 1.1.1.1 DNS service. “This is amongst the most

Read More