Table of Contents

  1. Ransomware
    1. Ransomware gang asks $42m from NY law firm, threatens to leak dirt on Trump
    2. FBI warns of ProLock ransomware decryptor not working properly
  2. Scams
    1. U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs
  3. Leaks
    1. Personal info on over 12,000 people leaked after Nikkei comes under cyberattack
    2. Edison Mail bug exposed users’ email accounts to complete strangers
    3. Payment portals leak the passport numbers of the tens of thousands of Muscovites ticketed for quarantine violations
    4. Over 12,000 Hacked Domino’s Pizza Accounts Have Been Sold on the Dark Web
    5. Illinois blames ‘glitch’ for exposure of PUA applicant Social Security numbers, private data
    6. Norway: Soldiers' location history found in data sold by Tamoco
  4. Privacy
    1. Face masks prompt London police to consider pause in rollout of facial recognition cameras

Ransomware

Ransomware gang asks $42m from NY law firm, threatens to leak dirt on Trump

The criminal group behind the REvil (Sodinokibi) ransomware is extorting a New York-based law firm, threatening to release sensitive files on the company's celebrity clients unless the firm pays a whopping $42 million ransom demand. The extortion attempt is the result of a ransomware infection that Grubman Shire Meiselas & Sacks (GSMS) suffered last week. On May 7, REvil operators published a message addressed to the GSMS staff on a dark web portal, threatening to release files about its clients, files the REvil gang stole from the law firm's internal network before encrypting its files. REvil operators said GSMS offered to pay only $365,000 of the $21 million they asked, and as a result, they were now doubling the ransom demand to $42 million. Furthermore, as punishment for the company's failure to pay in time, the REvil gang also released a 2.4 GB archive containing Lady Gaga legal documents, most of which were contracts for concerts, merchandising, and TV appearances. In addition to doubling the ransom demand, hackers have also made another veiled threat against the NY law firm, threatening to release files related to US President Donald Trump.

FBI warns of ProLock ransomware decryptor not working properly

The FBI‌ issued a flash alert at the beginning of the month to alert organizations of the new threat actor, saying that its targets in the US include entities in the following sectors: healthcare, government, financial, and retail. The FBI does not encourage giving in to the demands of any ransomware actor. Doing so would only increase their confidence to continue such attacks. With ProLock, the decryptor is not working properly and data will be lost. Files larger than 64MB may become corrupted during the decryption process. Integrity loss of 1 byte per 1KB is possible with files over 100MB and additional work may be needed to make the decryptor work properly. This issue will increase the downtime of an organization even if they agree to the actor's demands.

Scams

U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs

A well-organized Nigerian crime ring is exploiting the COVID-19 crisis by committing large-scale fraud against multiple state unemployment insurance programs, with potential losses in the hundreds of millions of dollars, according to a new alert issued by the U.S. Secret Service.

Leaks

Personal info on over 12,000 people leaked after Nikkei comes under cyberattack

The publisher of the business daily The Nikkei and other media, announced on May 12 that personal information on a total of 12,514 people had been leaked after a computer used by a group company employee was infected with a virus in an apparent cyberattack. The leaked information included the names and email addresses of board members, regular and part-time employees and others at the Nikkei headquarters and some of its group companies. The firm said there was no leakage of information pertaining to its readers and customers, nor information gathered by its reporters for news coverage.

Edison Mail bug exposed users’ email accounts to complete strangers

No account credentials were compromised; issue was fully resolved within 30 hours of first report by 'bricking' access to potentially impacted Edison iOS app users and any email messages from the app. On Friday, May 15th, 2020, a software update enabled users to manage accounts across their Apple devices. This update caused a technical malfunction that impacted approximately 6,480 Edison Mail iOS users. The issue only impacted a fraction of our iOS app users (and no Android or Mac users were affected). This temporary issue was a bug, and not related to any external security issues.

Payment portals leak the passport numbers of the tens of thousands of Muscovites ticketed for quarantine violations

Over the past two months, Moscow has issued tens of thousands of fines to local residents for violating the city's coronavirus self-isolation restrictions. Thanks to weak cryptographic security, the personal data of those ticketed is now available online. The blog Nora Ezhika first drew attention to the data leak on May 12, reporting that the city's web portals for paying quarantine fines makes it easy to discover people's full names and passport numbers. All that's needed to obtain this information is the specific ticket number. "Under no circumstances ever share screenshots of your tickets showing your unique ticket number!" warned the blog.

Over 12,000 Hacked Domino’s Pizza Accounts Have Been Sold on the Dark Web

Hackers are engaged in an ongoing credential stuffing operation against the well-known international pizza brand, with their sights primarily set on Domino's Pizza customers in the US. After scouring posts on more than a dozen dark web marketplaces, we discovered over 12,000 Domino's Pizza accounts have been sold, and most within the past 12 months. Why are hackers targeting Domino's Pizza accounts? While it may seem counterintuitive, hackers and their buyers aren't immediately after Domino's shoppers' credit card information. Instead, they're on the hunt for rewards points and free pizza.

Illinois blames ‘glitch’ for exposure of PUA applicant Social Security numbers, private data

The Illinois Department of Employment Security (IDES) has acknowledged a security lapse that exposed the private information of independent contractors and the self-employed. Names, Social Security numbers, and other data points - including phone numbers and addresses - related to unemployment claims were leaked through the scheme's website, which has been set up to give gig workers access to funds if they have lost their jobs due to the COVID-19 pandemic.

Norway: Soldiers' location history found in data sold by Tamoco

NRK has acquired information on the movements of Norwegians from a British company. The company has a business address in the heart of London, and states on its website that they "make accurate data accessible to everyone". The data NRK holds on and shows accurate positions for 140,000 mobiles and tablets from 2019. The information comes from apps Norwegians have installed. The data package cost NOK 35,000 and shows how easy it is to map parts of the lives of military personnel. Several of the persons NRK has found are officers with in-depth knowledge of the Armed Forces' weaknesses and strengths. Others have access to sensitive areas. This included, among other things, a soldier who has stayed in the area of ​​the Armed Forces' elite soldiers, and a person who has stayed at one of the Intelligence Service's stations in Northern Norway.

Privacy

Face masks prompt London police to consider pause in rollout of facial recognition cameras

The rollout of facial recognition cameras in London is facing disruption as citizens are now using face coverings that could potentially incapacitate the technology. The police force is reportedly considering a pause on the scheme as so many in the capital are now wearing face masks. The UK government has urged citizens that need to use public transport - including crucial tube, bus, and train networks in London - to wear face coverings to help reduce the spread of COVID-19.