Weekly Axis Of Easy #247
Last Week’s Quote was “Correction does much, but encouragement does more,” was by Johann Wolfgang von Goethe. Our winner is E Blakely. Well done E!
This Week’s Quote: “Some people see things that are and ask, Why? Some people dream of things that never were and ask, Why not? Some people have to go to work and don’t have time for all that.” …by???
THE RULES: No searching up the answer, must be posted to the blog – the place to post the answer is at the bottom of the post, in the comments section.
The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.
- Democratic senators call on the FTC to investigate ID.me over selfie data
- Cybergang threatens to topple Costa Rica’s government with a ransomware attack
- Hackers from North Korea pretend to be IT employees in the US
- Hong Kong considers banning Telegram
- A data breach exposed the personal information of nearly two million Texans
- Chaos Ransomware Variant Sides with Russia
- Data breach affects 3.6 million customers of pharmaceutical giant
- A shadow server exposed over 380,000 Kubernetes API servers to the internet
- Google announced that its Russian bank account had been frozen
- Hackers use cold callers to intimidate ransomware victims into paying up
Democratic senators call on the FTC to investigate ID.me over selfie data
Some Democrats in the U.S. Senate asked the Federal Trade Commission (FTC) to investigate ID.me for making “deceptive statements” about facial recognition data. Senators argue that Blake Hall, CEO of ID.me, has provided conflicting information about how his company uses facial scan data received from the federal government and states that use ID proofing technology to screen unemployment insurance applicants.
Legislators assert that ID.me issued statements and blog posts, claiming it didn’t use one-to-many facial recognition. But after a public backlash, the company acknowledged the allegations were true.
“Within days, the company edited the numerous blog posts and white papers on its website that previously stated the company did not use one-to-many to reflect the truth,” the letter alleges.
“According to media reports, the company’s decision to correct its prior misleading statements came after mounting internal pressure from its employees.”
In response to senators’ concerns, ID.me boasted about its successes in preventing fraud. Additionally, the company expressed its desire to work with all relevant government agencies.
“Five state workforce agencies have publicly credited ID.me with helping to prevent $238 billion in fraud,” the statement says.
“Conditions were so bad during the pandemic that the deputy assistant director of the FBI called the fraud ‘an economic attack on the United States.’ ID.me played a critical role in stopping that attack in more than 20 states. The service was rapidly adopted for its equally important ability to increase equity and verify individuals left behind by traditional options. We look forward to cooperating with all relevant government bodies to clear any misunderstandings.”
Cybergang threatens to topple Costa Rica’s government with a ransomware attack
Last week, Costa Rica declared a state of emergency after a Conti Group ransomware attack infected government computer networks. The ransomware gang has reportedly said its objective is to overthrow the government.
According to the newly elected President Rodrigo Chaves, the Russian-speaking threat actors had increased the ransom payment to $20 million. “We’re at war, and that is not an exaggeration,” Chaves told reporters, adding officials believe they’re dealing with a national terrorist group with collaborators inside Costa Rica.
The ransomware attack infected 27 government institutions, including the Finance Ministry and other federal agencies, state-run utilities, and municipalities. The cyber gang has threatened to overthrow the government if the ransom is not paid promptly.
Hackers from North Korea pretend to be IT employees in the US
US government officials warned organizations to be wary of hackers posing as independent contractors and claiming to be non-DPRK nationals. In an advisory issued by the US State and Treasury Departments and the Federal Bureau of Investigation (FBI), highly skilled mobile app and software developers from North Korea pose as independent contractors to secure employment.
North Korea allegedly engages in this scam to circumvent sanctions and launch a cyberattack on its enemies. The North Korean government reportedly runs the fraud to exploit the demand for remote work. North Korean hackers generate revenue for the North Korean government by getting employed, allowing them to fund their activities and support their president Kim Jong Un.
US officials believe North Korean IT workers appear to be engaged in routine IT work but are providing money laundering and virtual currency services to cybercriminals in the country. According to the advisory, it is possible to identify hackers posing as IT workers by checking their technical configurations and activities.
Hong Kong considers banning Telegram
The Privacy Commissioner is considering blocking access to Telegram, a platform found to be rampant with doxxing, the Sing Tao Daily reported. According to the newspaper, the widespread doxxing was aimed at government officials and citizens.
This would likely stoke fears that national security legislation enacted in 2020 would further erode civil liberties as part of Beijing’s continued effort to impose its influence over the city. It is not a coincidence that the report appears days after a new leader –who is a vocal proponent of the China-imposed national security law– was appointed.
Despite the recent overhaul of Hong Kong’s political institutions, the authorities have so far avoided curbing the internet a la China. It’s unclear how the privacy watchdog intends to carry out such an action.
A data breach exposed the personal information of nearly two million Texans
An issue at the Texas Department of Insurance (TDI) caused nearly two million Texans’ personal information to be exposed for almost three years.
According to a TDI audit report, from March 2019 to January 2022, information on 1.8 million workers who filed compensation claims was publicly available online. Data included Social Security numbers, dates of birth, phone numbers, addresses, and information about workers’ injuries.
On March 24, the TDI published a public notice revealing that it first became aware of a security problem with a TDI web application used to manage workers’ compensation information on January 4, 2022. Public access to a protected area of the online application was made possible due to this issue.
TDI, a state agency that oversees and enforces insurance regulations in Texas, immediately took the application offline, fixed the issue, and engaged a forensics firm to investigate the nature and scope of the incident. TDI said in a press release that it did not find any evidence that personal information had been misused. The department offers credit monitoring and identity protection services at no cost to those affected.
However, Neil Jones, director of cybersecurity evangelism, Egnyte, warned that the recent data breach at the TDI is especially concerning because the breached information includes personally identifiable information and protected health information, which are potential treasure troves for cyber-attackers.
Chaos Ransomware Variant Sides with Russia
Data breach affects 3.6 million customers of pharmaceutical giant
A shadow server exposed over 380,000 Kubernetes API servers to the internet
Google announced that its Russian bank account had been frozen
Hackers use cold callers to intimidate ransomware victims into paying up
Previously on #AxisOfEasy
If you missed the previous issues, they can be read online here:
- May 16th, 2022: DEA Law Enforcement Data Breach Under Investigation
- May 9th, 2022: Citizens Should Be Told Government Tracks Their Movements, Says Canada’s Ethics Committee
- May 2nd, 2022: Goldbackdoor Malware Is Used Against Journalists By Nation-State Hackers
- April 25th, 2022: Shanghai Residents Find Creative Ways To Challenge Chinese Censorship
- April 25th, 2022: April 18th, 2022: Government Network Was Crawling With LockBit Ransomware For Months