May 13, 2024 A Europol police portal hacked, a report on the Black Basta ransomware gang is released, and more.

Welcome to Cyber Security Today. It’s Monday May 13th, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for TechNewsday.com.

The Europol police co-operative has confirmed a portal used by experts for sharing best practices was compromised. The Bleeping Computer news site says the confirmation comes after the IntelBroker group says it recently stole confidential data, including information on employees. Europol says the platform has no personal data on crime and no police operational information. But the hackers say they got into a community on the portal called EC3 Space, which has cybercrime-related materials, and SIRIUS, used to access cross-border electronic evidence for criminal investigations.

The latest informational report on ransomware gangs by U.S. authorities covers the Black Basta group. A ransomware-as-a-service operation, it’s been running since 2022 and has hit over 500 organizations around the world. The report covers the operation’s tactics and indicators of compromise, which will be useful for those responsible for protecting IT networks.

A warning from security researchers about a VPN vulnerability has prompted providers offering a virtual private network service, software companies that provide VPN clients as well as IT departments overseeing VPNs to consider mitigations. The warning comes from Leviathan Security, which says attackers can set up a rouge server to de-cloak encrypted VPN communications. Vendors have already been notified. For now the best advice for IT departments is to warn employees who are away from home or office and need to connect to a VPN not to use public WiFi at malls, airports and similar places. Instead they should connect to the VPN through a cellular modem on their smartphone, tablet or laptop, or use their smartphone’s cellular connection as a wireless hotspot to their mobile devices.

A suspected Russian threat actor is using generative AI tools to plagiarize or modify stories from mainstream media to pump pro-Russian themes across 12 websites. That’s according to researchers at Recorded Future. They dub the campaign CopyCop. The goal is to present material on Russian military actions in Ukraine in a pro-Russian light to audiences in the U.S., the U.K. and France. The 12 websites, some of which have names similar to legitimate news websites, post critical viewpoints of Israeli military operations in Gaza and support Republican candidates running for election in the U.S. The infrastructure supporting this campaign has strong ties to the disinformation outlet DCWeekly, run by John Mark Dougan, a U.S. citizen who fled to Russia in 2016, the report says. The content is also amplified by well-known Russian state-sponsored threat actors. News organizations are warned to track content from known influence threat actors who are likely to plagiarize or distort their content, or set up similar-sounding news sites. One suspect site, for example, is called New York News Daily, a riff on the New York Daily News.

Financial Business and Consumer Solutions Inc., an American collection agency, has updated the number of people affected in a February data breach. At first it told Maine attorney general’s office that personal information on 1.9 million people was copied. Now it puts the number at just over 2.6 million people.

Finally, the Ohio Lottery is notifying over a half a million people that personal data it holds was stolen in a December cybersecurity incident. Information copied included names and Social Security numbers. The DragonForce ransomware group has taken responsibility for the attack.

Follow Cyber Security Today on Apple Podcasts, Spotify or add us to your Flash Briefing on your smart speaker.