Even those who do all they can to keep things secret may still be vulnerable, especially if they use YubiKey 5 authentication tokens. The multi-factor authentication device could be cloned due to a cryptographic flaw that can’t be fixed. The company has deployed some mitigations, and the attack itself is relatively difficult to carry out. But it might be time to invest in a new dongle.
But that’s not all, folks. Every week we round up the privacy and security news we didn’t cover in depth. Click the headline to read the full story. And stay safe.
Cybercriminals from the ransomware group RansomHub appear to have infiltrated the Montana branch of Planned Parenthood’s systems in late August. The organization confirmed this week that it suffered a “cybersecurity incident” on August 28, saying staff immediately took parts of its network offline and reported the incident to law enforcement.
A few days after the incident, Ransomhub posted about Planned Parenthood on a leaks site, claiming to have been behind the attack. The criminal group said they would release 93GB of data. It’s unclear what, if anything, the ransomware group got, but Planned Parenthood clinics likely have a ton of sensitive data about their patients, including abortion appointment information. (A similar ransomware incident occurred in 2021, affecting roughly 400,000 Planned Parenthood patients in Los Angeles.)
RansomHub has emerged as one of the most active ransomware-as-a-service groups in recent months following the disruption of RockBit by law enforcement. The group has been described as “efficient and successful,” stealing data from at least 210 victims since forming in February, according to an FBI and Cybersecurity and Infrastructure Security Agency alert in late August. “Members of this group exploit victims using a dual extortion model to blackmail them by encrypting their systems and then exfiltrating their data,” the alert said.
Nigerian-based con artists, aka the Yahoo Boys, run everything from romance scams to posing as FBI agents, but none are as egregious as the rise in sex blackmail cases involving West African con artists. This week, Nigerian brothers Samuel and Samson Ogosi were sentenced to more than 17 years in prison in the United States for running a sex blackmail scam after being extradited to the US earlier this year. This is the first time Nigerian con artists have been charged with sex blackmail in the US, the BBC reported.
The Ogosi brothers, who pleaded guilty in April, are allegedly connected to the death of 17-year-old Jordan Demay, who committed suicide six hours after starting a conversation on Instagram with scammers posing as the girl. The teenager was tricked into sending obscene images to the brothers, who then threatened to post the images online unless she paid them hundreds of dollars. U.S. prosecutors said the brothers sexually exploited and blackmailed more than 100 victims, at least 11 of whom were minors. Sextortion cases have skyrocketed in recent years.
In June, the U.S. Department of Commerce banned Kaspersky Lab from selling its antivirus tools due to national security concerns about its ties to the Russian government (Kaspersky has long denied the ties). The company subsequently announced it was laying off employees and closing its U.S. operations. This week, cybersecurity company Pango Group announced it was acquiring Kaspersky Lab’s U.S. antivirus customers, according to Axios. That represents about 1 million customers who will be transitioning to Pango’s Ultra AV antivirus software. Prior to the Kaspersky deal, parent company Aura also announced it was spinning off Pango Group into its own business. Pango’s president said customers don’t need to do anything and that subscribers will continue to receive updates after Sept. 29, when Kaspersky updates will stop.
For years, the EU has been trying to introduce a new child protection law that would require private chats to be scanned for child sexual abuse content, which could undermine the encrypted messaging apps that provide everyday privacy to billions of people. The plan was highly controversial and shelved earlier this year. But the bill, called “Chat Control,” reappeared in lawmakers’ inboxes this week. The Council of the EU, currently chaired by Hungary, wants to pass the bill by October, but reports suggest there is still strong resistance to the plan.
