Even if you do your best to secure those secrets you can find yourself exposed—especially if you’re using a YubiKey 5 authentication token. Multifactor authentication devices can be cloned thanks to a cryptographic flaw that cannot be patched. The company has rolled out several mitigation measures—and the attack itself is pretty hard to pull off. But it might be time to invest in a new dongle.
That’s not all, folks. Each week, we’ll include privacy and security news that we haven’t covered in depth. Click the headlines to read the full story. And stay safe outside.
At the end of August, it appears that cybercriminals from the ransomware group RansomHub hacked into the systems of Planned Parenthood’s Montana branch. The organization confirmed this week that it suffered a “cybersecurity incident” on Aug. 28 and said its staff immediately took parts of its network offline, reporting the incident to law enforcement.
A few days after the incident took place, RansomHub claimed to be behind the attack, posting Planned Parenthood on its leaked website. The criminal group said it would publish 93 GB of data. It’s unclear what, if anything, the ransomware team obtained, but the Planned Parenthood clinics may have a large set of highly sensitive data about patients, including information on abortion appointments. (About 400,000 Planned Parenthood patients in Los Angeles were affected following a similar ransomware incident in 2021.)
In recent months, RansomHub has emerged as one of the most active ransomware-as-a-service groups, following LockBit’s law enforcement disruption. According to an alert by the FBI and the Cybersecurity and Infrastructure Security Agency at the end of August, the group was “efficient and successful” and had stolen data from at least 210 victims since it was formed in February. “Affiliates use a double-extortion model by encrypting systems and exfiltrating data to extort victims,” the alert said.
Nigerian-based scammers known as Yahoo Boys run just about every scam in the playbook—from romance scams to impersonating FBI agents. But there is something a little more deviant than the rise in sextortion cases linked to scammers in West Africa. This week, Nigerian brothers Samuel Ogoshi and Samson Ogoshi were sentenced to more than 17 years in prison in the US for running sextortion scams, following their extradition earlier this year. This is the first time that Nigerian scammers have been prosecuted for sextortion in the US, the BBC reported.
The Ogoshi brothers, who pleaded guilty in April, were linked to the death of 17-year-old Jordan DeMay, who was killed six hours after he spoke to the scammers, who posed as a woman, in Instagram. The teenager was tricked into sending explicit photos to the brothers, and after he did so, they threatened to post the photos online unless he paid them hundreds of dollars. US prosecutors say the brothers sexually exploited and extorted more than 100 victims, at least 11 of whom were minors. There has been a huge spike in sextortion cases in recent years.
In June, the US Commerce Department banned the sale of Kaspersky antivirus tools over national security concerns about its links to the Russian government. (Kaspersky, for years, has rejected connections). The company later laid off its workers and said it was closing its US business. This week, cybersecurity company Pango Group announced it will buy Kaspersky Lab’s US antivirus customers, according to Axios. This equates to approximately 1 million customers, who will be transferred to Pango’s antivirus software Ultra AV. Ahead of the deal with Kaspersky, parent company Aura also announced it was spinning off Pango Group into its own business. Pango’s president said that customers do not need to take any action and that it will allow subscribers to continue receiving updates after September 29, when Kaspersky updates will stop.
For years, the EU has been trying to introduce new child protection laws that would require private chats to be scanned for child sexual abuse material—something that could potentially break encrypted ones. messaging app that provides everyday privacy to billions of people. The plans were highly controversial and were shelved earlier this year. However, the proposed law, dubbed “chat control,” reappeared in lawmakers’ in-trays this week. The EU Council, currently chaired by Hungary, wants to pass the law in October, but reports say strong opposition to the plans remains.
