Posted on

Chinese State-Sponsored Hack Targets US Treasury Through Third-Party Software

external content.duckduckgo 15 scaled

the staff of the Ridgewood blog

Washington DC, in a concerning revelation, the U.S. Treasury Department informed Congress on Monday that a Chinese state-sponsored cyber actor exploited a third-party software service provider to breach its systems. The incident highlights the growing sophistication and persistence of cyber threats posed by nation-state actors.

Continue reading Chinese State-Sponsored Hack Targets US Treasury Through Third-Party Software

Posted on

FBI Director Warns on Chinese Cyber Security Threat

FBI director Christopher Wray 857372640

the staff of the Ridgewood blog

Ridgewood NJ, FBI Director Christopher Wray issued a stark warning on Thursday, revealing that Chinese government-affiliated hackers have infiltrated critical infrastructure in the United States and are poised to strike at a moment’s notice. Speaking at Vanderbilt University’s 2024 Summit on Modern Conflict and Emerging Threats, Wray detailed an ongoing Chinese hacking campaign dubbed Volt Typhoon, which has successfully breached numerous American companies operating in telecommunications, energy, water, and other vital sectors. Alarmingly, 23 pipeline operators have been among the targets.

Continue reading FBI Director Warns on Chinese Cyber Security Threat

Posted on

Hacking at UnitedHealth Unit Cripples US Health System

external content.duckduckgo 4 e1622674678213

the staff of the Ridgewood blog

Ridgewood NJ, in the early hours of February 21, Change Healthcare, a company largely unfamiliar to the general public but pivotal in the U.S. healthcare system, issued a concise statement noting that some of its applications were currently inaccessible.

Continue reading Hacking at UnitedHealth Unit Cripples US Health System

Posted on

DOJ Announces Take Down LockBit Ransomware Group that Targeted Hospitals , Law Enforcement, Businesses, Government and Schools

LockBit 939069220

the staff of the Ridgewood blog

Washington DC, the Department of Justice joined the United Kingdom and international law enforcement partners in London today to announce the disruption of the LockBit ransomware group, one of the most active ransomware groups in the world that has targeted over 2,000 victims, received more than $120 million in ransom payments, and made ransom demands totaling hundreds of millions of dollars.

Continue reading DOJ Announces Take Down LockBit Ransomware Group that Targeted Hospitals , Law Enforcement, Businesses, Government and Schools

Posted on

Cybercriminals Target ANCHOR Property Tax Relief Fraud

16640313845855 3804797353

the staff of the Ridgewood blog

Ridgewood NJ, the Affordable NJ Communities for Homeowners & Renters (ANCHOR) program was developed to offset both the high costs of living and property tax burden, replacing the Homestead Benefit program and expanding the number of eligible taxpayers. Nearly 1.7 million New Jersey citizens applied for the ANCHOR property tax relief program by the February 28 filing deadline. The NJCCIC detected a series of phishing emails attempting to steal New Jersey residents’ ANCHOR program ID and PIN. These emails originated from similar IP addresses and the same subject line “ANCHOR Program Request for ID/PIN,”  with some of the messages containing attachments. Further analysis also identified telephone-oriented attack delivery (TOAD) phishing attempts containing similar subject content as well as attempts to redirect payments. Recent open-source reporting indicates that threat actors may have filed fraudulent claims purporting to be NJ taxpayers.

Continue reading Cybercriminals Target ANCHOR Property Tax Relief Fraud

Posted on

Stolen Uber accounts worth more than stolen credit cards

hacker-neo

Harriet Taylor | @Harri8t

Cybercriminals don’t care that much about your credit card number anymore.

Uber, PayPal and even Netflix accounts have become much more valuable to criminals, as evidenced by the price these stolen identifiers now fetch on the so-called “deep Web,” according to security company Trend Micro.

Stolen Uber account information on underground marketplaces sells for an average of $3.78 per account, while personally identifiable information (PII) was listed for $1 to $3.30 on average, oddly down from $4 per record in 2014, according to data compiled by Trend Micro for CNBC last week. (PII includes any information that can be used to commit identity fraud, like Social Security numbers or date of birth and varies in price depending on the specific information for sale.)

https://www.cnbc.com/2016/01/19/stolen-uber-accounts-worth-more-than-stolen-credit-cards.html

Posted on

Why Credit Monitoring Fails to Address the Real Threat Facing Hacked Feds

hackkers_theridgwoodblog

By Eric Katz
June 11, 2015

In response to what was one of the largest data breaches in American history, the Office of Personnel Management has offered 4 million current and former federal employees free credit monitoring and identity theft insurance.

That approach may completely miss the mark, experts say.

Media reports and now lawmakers have said that state actors — likely from China – appear to be behind the attack, rather than individuals looking to exploit employees’ financial information. Credit monitoring, therefore, is a nice offer but one that is unlikely to protect federal employees from their adversaries’ true intentions.

“Credit reporting is lip service,” said Richard Blech, CEO of Secure Channels Inc., a cybersecurity firm that provides encryption technology and authentication services. “It means nothing.”

Ken Ammon, chief strategy officer for Xceedium, a network security company that contracts with the government and commercial enterprises, said credit monitoring is fine as a “first step,” though it serves more to protect the infiltrated organization legally than it does the individual from bad actors.

Experts refer to the hack as “cyber espionage,” rather than “cyber crime.” Individuals that illegally obtain data such as Social Security numbers and addresses can use that information for identity theft as it relates to credit card information, for example, but state actors do not hold those same interests.

https://www.govexec.com/defense/2015/06/why-credit-monitoring-fails-address-real-threat-facing-hacked-feds/115090/?oref=relatedstories

Posted on

New Wave of Federal Workers to be notified that their Data Was Hacked

hacker-neo

By Eric Katz
June 16, 2015

The Office of Personnel Management will notify many more individuals their personal information was compromised than the 4.2 million current and former federal employees the agency initially informed, officials said on Tuesday.

The timing of the second round of notifications, as well as the number of employees who will receive them, is still unknown by OPM. The agency’s director, Katherine Archuleta, confirmed to a congressional panel that OPM discovered, in the course of looking into the initial hack it uncovered in April, a second hack that targeted background investigation and security clearance data.

Archuleta said it will notify the those who went through background investigations their data was compromised “as soon as practicable,” with OPM’s Chief Information Officer Donna Seymour adding the agency first had to identify exactly whose information was hacked. The initial notifications began going out June 8 and will continue through June 19.

Representatives from the Homeland Security Department, Office of Management and Budget, Interior Department — where OPM’s hacked servers were housed — and OPM all said they were taking steps to upgrade systems and boost security protocols. The other agencies noted, however, the hack was OPM’s responsibility. Archuleta said, in turn, she inherited “decades old” legacy systems that she was doing her best to modernize them.

https://www.govexec.com/pay-benefits/2015/06/opm-will-soon-notify-new-wave-workers-their-data-was-hacked/115441/?oref=govexec_today_nl

Posted on

Rutgers’ Internet on the fritz again

Screenshot 2015-03-28 at 8

Susan Loyer, @SusanLoyerMyCJ5:46 p.m. EDT April 27, 2015

RUTGERS – University officials reported late Monday afternoon that they are working to restore Internet service.

“The Rutgers University network is currently experiencing technical difficulties,” spokesman Steve Manas said. “OIT (Office of Information Technology) staff are aware of the issue and are working to restore services.”

Manas said status updates will be provided when they become available.

Numerous posts on Twitter earlier in the afternoon reported issues with the Internet.

https://www.mycentraljersey.com/story/news/local/middlesex-county/2015/04/27/rutgers-internet-fritz/26466805/

Network Failure or Cyberattack? Rutgers Quiet About Breach Affecting Key Server

Rutgers Has Not Yet Acknowledged Problem, Which Has Affected Residential Internet Service and Numerous Other Services Including Sakai, eCollege, and ScartletMail https://newbrunswicktoday.com/article/network-failure-or-cyberattack-rutgers-quiet-about-breach

Posted on

FAA COMPUTER SYSTEMS HIT BY CYBERATTACK EARLIER THIS YEAR

nextgov-medium

By Aliya Sternstein

April 6, 2015

Hackers earlier this year attacked a Federal Aviation Administration network with malicious software, agency officials said Monday.

In early February, FAA discovered “a known virus” spread via email on “its administrative computer system,” agency spokeswoman Laura Brown told Nextgov.

“After a thorough review, the FAA did not identify any damage to agency systems,” she added.

An upcoming competition among contractors to help run an FAA cybersecurity center might be altered as a result of the incident, according to an April 2 interim award notice that casually mentioned the attack.

FAA drew up a short-term agreement for incumbent contractor SRA International without reviewing competitors’ services to avoid disrupting operations while preparing a new solicitation, according to the notice.

“Due to a recent cyberattack, the FAA requires additional planning time to determine the impact to the competitive procurement’s requirements,” agency officials said in the notice.

https://www.nextgov.com/cybersecurity/2015/04/faa-computer-systems-hit-cyberattack-earlier-year/109384/?oref=govexec_today_nl

Posted on

Anonymous joins the legions of anti-Semites

anonymous_110513getty

ADL warns Jewish groups of ‘digital terrorism’
By Elise Viebeck – 04/06/15 11:30 AM EDT

The Anti-Defamation League (ADL) is warning Jewish institutions and individuals to prepare for a potential hacking campaign mounted by an affiliate of Anonymous.

The ADL said a pro-Palestinian hacking collective known as AnonGhost is threatening an “electronic Holocaust” against Jews on Tuesday, including hacks targeting individuals’ cellphones. The effort was scheduled to coincide with the celebration of Passover.

“In the past three years, anti-Israel hackers participating in this campaign have targeted Israeli sites with limited success, but they are now widening their attacks to target individual Israelis with threatening anti-Semitic rhetoric,” said Abraham H. Foxman, ADL National Director, in a statement released Saturday.

“Israel and Jewish communities worldwide should be on alert, as digital terrorism takes many forms and hackers are getting more sophisticated,” Foxman said.

The campaign — dubbed #OpIsrael on Twitter — is intended to “erase” Israel from cyberspace, according to its organizers. Anonymous and its affiliates have a history of targeting Jewish institutions over Israel’s activities in the Palestinian conflict.

Online hostilities against Israel previously spiked during a 50-day battle with Palestinians that left more than 1,500 civilians dead. Security expert Isaac Ben-Israel of Tel Aviv University said cyberattacks against Israel jumped from 100,000 to more than one million per day during the conflict.

https://thehill.com/policy/cybersecurity/237972-adl-warns-jews-of-digital-terrorism-campaign

Posted on

Fairleigh Dickinson, Rutgers report cyberattacks

hacker-neo

hacker-neo

Fairleigh Dickinson, Rutgers report cyberattacks

March 30, 2015, 10:26 AM    Last updated: Monday, March 30, 2015, 2:38 PM
By HANNAN ADELY and STEFANIE DAZIO
Staff Writers |
The Record

A second New Jersey university has reported that it was the target of a weekend cyberattack that crippled Internet-based services — similar to the one that struck Rutgers University a day earlier.

Fairleigh Dickinson University experienced an attack “on one of the university’s computers from the outside of the FDU network, causing an excessive amount of traffic,” according to an alert sent Saturday to students and faculty.

Reports came in Saturday morning that the network was slow and that later it was unavailable for Internet and other services, wrote Brian Domenick, director of Information Systems and Technology, in the email.

“The attack had the effect of flooding the network; sort of like trying to fit too many cars into the Holland Tunnel all at the same time. This situation, which is known as a ‘Denial of Service,’ severely impaired the university’s network to the point of effectively shutting it down,” he stated.

https://www.northjersey.com/news/fairleigh-dickinson-rutgers-report-cyberattacks-1.1298926

Posted on

Target agrees to pay $10 million to settle lawsuit from data breach

imgres-1

imgres-1

Target agrees to pay $10 million to settle lawsuit from data breach

WASHINGTON Thu Mar 19, 2015 6:19am EDT

(Reuters) – Target Corp (TGT.N) has agreed to pay $10 million in a proposed settlement of a class-action lawsuit related to a huge 2013 data breach that consumers say compromised their personal financial information, court documents show.

Under the proposal, which requires federal court approval, Target will deposit the settlement amount into an interest bearing escrow account, to pay individual victims up to $10,000 in damages.

The claims will be submitted and processed primarily online through a dedicated website, according to the court documents.

The proposal also requires Target to adopt and implement data security measures such as appointing a chief information security officer and maintaining a written information security program.

“We are pleased to see the process moving forward and look forward to its resolution,” said Target spokeswoman Molly Snyder.

https://www.reuters.com/article/2015/03/19/us-target-settlement-idUSKBN0MF04K20150319

Posted on

Ridgewood Blog Comment Issues

unnamed-3
unnamed-3
Message from the Editor : Comment Issue
Thank you so much for all your loyalty and emails , it has been brought to our attention that some comments have been lost in the last couple of days .  Please be advised that comments have been lost do to all the site up dates and are not I repeat not a result of any “Hacking” activity or the Mayors new civility policies
If you dont see your comment please repost !
thank you again and sorry for the inconvenience
James aka PJ Blogger and the the staff of the Ridgewood blog
Posted on

Feds: Hackers stole 1 billion email addresses in spam scheme

imgres-1

imgres-1

Feds: Hackers stole 1 billion email addresses in spam scheme

MARCH 6, 2015    LAST UPDATED: FRIDAY, MARCH 6, 2015, 3:44 PM
WIRE SERVICE

The Associated Press

ATLANTA – Computer hackers stole a whopping 1 billion email addresses from U.S. marketing companies in what federal authorities Friday described as a massive spam scheme.

Three people were indicted on federal charges in what John Horn, the acting U.S. attorney based in Atlanta, called “one of the largest reported data breaches in United States history.” He said they netted $2 million in commissions from millions of spam emails that routed recipients to websites selling software and other products.

That means the defendants would have averaged just a fraction of a penny for each of the stolen email addresses.

Still, authorities said the case is significant because of the scale of the information stolen. Horn said hackers targeted marketing companies that send bulk emails to customers of their commercial clients. They gained access to the firms’ computer systems by sending emails with hidden malware to the marketing companies’ employees.

The hackers not only stole hundreds of millions of email addresses, Horn said, but they also succeeded in using the marketing firms’ own systems to send the hackers’ spam messages.

One of the defendants, 25-year-old Vietnamese citizen Giang Hoang Vu, pleaded guilty to a single count of conspiracy to commit computer fraud before a federal judge last month. He has not been sentenced.

https://www.northjersey.com/news/business/feds-hackers-stole-1-billion-email-addresses-in-spam-scheme-1.1284168