Tag Archive for: Lapses

Review board to issue report detailing Microsoft’s lapses in China hack: report

/in


The US Cyber Safety Review Board is expected to issue a report detailing lapses by Microsoft that led to a targeted Chinese hack of top US government officialsemails last year, the Washington Post reported on Tuesday.
The intrusion, which ransacked the Microsoft Exchange Online mailboxes of 22 organizations and more than 500 individuals around the world, was “preventable” and “should never have occurred”, the Washington Post said, citing the report.”While no organization is immune to cyberattack from well-resourced adversaries, we have mobilized our engineering teams to identify and mitigate legacy infrastructure, improve processes, and enforce security benchmarks,” Microsoft said.

Elevate Your Tech Prowess with High-Value Skill Courses

Offering College Course Website
Indian School of Business ISB Professional Certificate in Product Management Visit
Indian School of Business ISB Product Management Visit
IIM Kozhikode IIMK Advanced Data Science For Managers Visit

“Our security engineers continue to harden all our systems against attack and implement even more robust sensors and logs to help us detect and repel the cyber-armies of our adversaries. We will also review the final report for additional recommendations,” it added.

The Cyber Safety Review Board did not immediately respond to a Reuters request for comment.

Last year, the tech giant said the Chinese hack of senior officials at the US State and Commerce departments stemmed from the compromise of a Microsoft engineer’s corporate account penetrated by a hacking group it dubbed Storm-0558.

Discover the stories of your interest

The hack is alleged to have stolen hundreds of thousands of emails from top American officials including Commerce Secretary Gina Raimondo, US Ambassador to China Nicholas Burns and Assistant Secretary of State for East Asia Daniel Kritenbrink.

The Cyber Safety Review Board’s report blames shoddy cybersecurity practices, lax corporate culture and a deliberate lack of transparency over what Microsoft knew about the origins of the breach, according to the Washington Post.

Source…

Internal Report Suggests Security Lapses at Hacked Crypto Exchange Bitfinex

/in


Bitfinex told OCCRP the analysis was “incomplete” and “incorrect” and that there was “evidence of negligence…on the part of other counterparties that led to the hack.” Bitgo declined to comment. Ledger Lab did not respond to a request for comment.

The hacker covered their tracks with a data destruction tool, used to permanently delete logs and other digital artifacts that might have identified the initial entry point into Bitfinex systems, meaning it’s not clear how they got into the exchange’s systems, only the security weaknesses that they took advantage of once inside. The transfer of the more than 119,000 bitcoins from over 2,000 users’ accounts to wallets under the thief’s control took just over three hours. The cryptocurrency sat there for months until, starting in January 2017,  someone started sending small amounts zig-zagging through other accounts. The money was eventually cashed out or used to make small online purchases.

Investigators managed to follow the money and, six years after the hack, arrested the couple on charges of laundering the stolen bitcoins. Burner phones, fake passports, and USB sticks containing the electronic security keys to the wallet holding $3.9 billion worth of bitcoin were found under the couple’s bed in their New York apartment. Both have pleaded not guilty, and are awaiting trial.

It is unclear whether the lessons from the Bitfinex hack have led to changes in the company’s procedures. The company told OCCRP that the report was “incorrect” and that there was “evidence of negligence…on the part of other counterparties that led to the hack.” Bitgo declined to comment.

Karen A. Greenaway, a former FBI agent and cryptocurrency specialist, says she thought Bitfinex’s security lapses were due to its desire to “put through more transactions more quickly” and thereby raise profits. “The fact that [Bitfinex] have not provided a [public] report accepting responsibility and remedying the security failures that led to the hack says more than any admission or denial on their part ever would,” the agent said.

Security experts say that the crypto industry is in general less vulnerable to the kind of relatively…

Source…

SEC Spanks Blackbaud Over Lapses in Reporting Ransomware Attack

/in



Cloud computing firm Blackbaud is the latest company to find itself targeted by SEC, which alleges the company botched its response to a 2020 ransomware attack. To settle the matter, Charleston, South …

Source…

T-Mobile Sued for Security Lapses Over Cryptocurrency Costing Customer $750k

/in


tmobile crypto

T-Mobile caused one of its customers to lose 3/4 of a million bucks, and the guy who’s out the money is now suing the phone company, claiming its security sucked so bad, someone just up and stole his money.

Calvin Cheng claims T-Mobile violated Federal laws that impose security regulations to ensure against hacking and outright stealing.

Cheng claims he’s a customer of a company called Iterative … a hybrid investment fund focused on crypto trading. He says in 2018 T-Mobile was the victim of a SIM-swap — where a criminal third party convinces a wireless carrier to transfer access from one of its legitimate customers to a SIM-card controlled by the criminal.

Cheng alleges in 2020 … T-Mobile allowed one of these criminal third parties access to Iterative’s founder. The criminal third party, posing as the Iterative founder, convinced Cheng to send 15 Bitcoins to a digital wallet … which he believed was controlled by Iterative. He was expected to cash it in for U.S. dollars but never received them.

He seems to be pegging the price of Bitcoin at the time of the fraud at $50,000 a pop — hence the $750k in damages — although now its value has plummeted to just under $30,000 a coin.

Cheng says T-Mobile’s security lapses were a direct cause of his loss.

In addition to the $750,000, Cheng wants punitive damages and other costs.

We reached out to T-Mobile … so far, no word back.

Source…