Joker

BianLian group actors have affected organizations in multiple U.S. critical infrastructure sectors since June 2022. They have also targeted Australian critical infrastructure sectors in addition to professional services and property development. The group gains access to victim systems through valid Remote Desktop Protocol (RDP) credentials, uses open-source tools and command-line scripting for discovery and credential harvesting, and exfiltrates victim data via File Transfer Protocol (FTP), Rclone, or Mega. BianLian then extorts money by threatening to release data if payment is not made. BianLian group originally employed a double-extortion model in which they encrypted victims’ systems after exfiltrating the data; however, they shifted primarily to exfiltration-based extortion around January 2023 and shifted to exclusively exfiltration-based extortion around January 2024.

According to records filed in the case, Achtemeier conspired with mechanics in garages and operators of truck fleets to disable the anti-pollution software installed on diesel trucks. Coconspirators who wanted to disable their trucks’ pollution control hardware system—a process commonly known as “deleting”—sought Achtemeier’s help to trick the truck’s software into believing the emissions control systems were still functional, a process known as “tuning.” Monitoring software on a deleted truck will detect that the pollution control hardware is not functioning and will prevent the truck from running. Achtemeier disabled the monitoring software on his client’s trucks by connecting to laptops he had provided to various coconspirators. Some of the coconspirators would pass the laptop on to others seeking to have the anti-pollution software disabled on their trucks. Once the laptop was hooked up to the truck’s onboard computer, Achtemeier could access it from his computer and tune the software designed to slow the truck if the pollution control device was missing or malfunctioning. Achtemeier could “tune” trucks remotely, which enabled him to maximize his environmental impact and personal profit.

Breach date: 18 November 2024

Compromised accounts: 892,854

Compromised data: Dates of birth, Email addresses, Geographic locations, Names

Pennsylvania officials gathered at the Capitol in Harrisburg on Wednesday to mark the Transgender Day of Remembrance. It was a means of memorializing transgender Americans and Pennsylvanians who died by violence or suicide in the past year.

Mastodon.

Mastodon.

Mastodon.

🇯🇵Source.

Mastodon.

Mastodon.

To protect users from data breaches and phishing attacks, service providers typically implement two-factor authentication (2FA) to add an extra layer of security against suspicious login attempts. However, since 2FA can sometimes hinder user experience by introducing additional steps, many websites aim to reduce inconvenience by minimizing the frequency of 2FA prompts. One approach to achieve this is by storing the user's ``Remember the Device'' preference in a cookie. As a result, users are only prompted for 2FA when this cookie expires or if they log in from a new device.

To understand and improve the security of 2FA systems in real-world settings, we propose SE2FA, a vulnerability evaluation framework designed to detect vulnerabilities in 2FA systems. This framework enables us to analyze the security of 407 2FA systems across popular websites from the Tranco Top 10,000 list. Our analysis and evaluation found three zero-day vulnerabilities on three service providers that could allow an attacker to access a victim's account without possessing the victim's second authentication factor, thereby bypassing 2FA protections entirely. A further investigation found that these vulnerabilities stem from design choices aimed at simplifying 2FA for users but that unintentionally reduce its security effectiveness. We have disclosed these findings to the affected websites and assisted them in mitigating the risks. Based on the insights from this research, we provide practical recommendations for countermeasures to strengthen 2FA security and address these newly identified threats.