Friday Five: A Breach of Epic Proportions, Ransomware Wins, & More

NATIONALPUBLICDATA.COM HACK EXPOSES A NATION’S DATA BY BRIAN KREBS

A massive data breach at NationalPublicData.com, a little-known consumer data broker, exposed the personal information of millions, including Social Security Numbers (SSNs), names, and addresses. The breach, initially disclosed by cybercriminal "USDoD" in April 2024, was later leaked on Breachforums. NationalPublicData.com, linked to retired sheriff's deputy Salvatore Verini Jr., acknowledged the breach and claimed it was caused by a third-party attack. The breach highlights the vulnerability of data brokers, who gather personal information from public records without stringent regulations, and underscores the need for stronger consumer privacy and data protection laws, as SSNs are increasingly inadequate for authentication.

Read more

HOW A CYBERSECURITY RESEARCHER BEFRIENDED, THEN DOXED, THE LEADER OF LOCKBIT RANSOMWARE GANG BY LORENZO FRANCESCHI-BICCHIERAI

Cybersecurity researcher Jon DiMaggio infiltrated the LockBit ransomware gang using fake personas, eventually uncovering the identity of its leader, Dmitry Khoroshev after gaining the trust of "LockBitSupp" and gathering information over time, even after revealing his true identity. Despite burning his cover, DiMaggio continued communicating with Khoroshev, eventually doxing him before authorities did. DiMaggio shared his experience at Def Con, highlighting the risks and challenges of such operations and cautioning other researchers about potential repercussions when engaging with cybercriminals.

Read more

UN APPROVES CYBERCRIME TREATY DESPITE MAJOR TECH, PRIVACY CONCERNS BY ROBERT LEMOS

A UN committee has advanced a draft treaty aimed at combating cross-border cybercrime, but critics argue it lacks safeguards for human rights and could be exploited by repressive governments to target journalists, researchers, and protesters. The treaty, which would criminalize unauthorized access to ICT systems and require companies to assist law enforcement, faces opposition from the US, EU, and human rights groups, who fear it could undermine freedom of speech. While Russia and Vietnam support the treaty, opponents argue it could be misused without oversight and prefer the existing Budapest Convention on Cybercrime. The treaty now moves to the UN General Assembly for adoption.

Read more

FBI TAKES DOWN RANSOMWARE GANG THAT HACKED DOZENS OF COMPANIES BY ZACK WHITTAKER

Per a recently released statement, the FBI successfully seized the servers and domains of the ransomware and extortion gang Radar (aka Dispossessor), marking a rare victory in the fight against ransomware. The gang, led by "Brain," had targeted at least 43 companies since its inception in August 2023, exploiting security flaws to steal and encrypt data and demanding ransom under the threat of publishing the stolen information. The operation involved cooperation from law enforcement in the UK and Germany.

Read more

VULNERABILITY DISCLOSURE POLICIES EYED FOR FEDERAL CONTRACTORS IN SENATE BILL BY MATT BRACKEN

A bipartisan Senate bill, the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2024, was introduced to require federal contractors to implement vulnerability disclosure policies (VDPs) in line with National Institute of Standards and Technology (NIST) guidelines. Sponsored by Senators Mark Warner and James Lankford, the bill aims to establish a structure for contractors to receive, assess, and manage vulnerability reports, addressing a gap in current federal law that only mandates VDPs for civilian agencies. The legislation is intended to enhance cybersecurity for government systems and critical infrastructure, with support from top cybersecurity firms.

Read more