Last week cyber news
- Hackers broke into the computer systems of the Goldfarb-Seligman law firm, one of Israel’s largest law firms. The firm, which handles sensitive transactions of tycoons and senior businessmen, as well as most of the banks in Israel, is exposed to sensitive information about its clients. Based on initial estimates, the attackers managed to break into the office’s electronic mail server and perhaps took control of years’ worth of email correspondence – these emails contain particularly sensitive information. The Goldfarb-Seligman office stated: “Recently, we were informed by the national cyber system about a suspected cyber incident concerning the office’s computer network and information”.
- A cyber-attack in Kansas City has been shutting down a large part of the city’s services for about a month, including some of the cameras placed on the roads and used to investigate accidents etc. In recent months, Kansas City has been suffering from repeated cyber-attacks on a wide variety of targets, including hospitals, City Hall, and schools.
- Last March, it was reported that the manager of the Incognito-Market site was blackmailing the site’s users and demanding a ransom from them for not publishing their activities. This week it was reported that US law enforcement arrested Rui-Siang Lin, the manager of the Incognito-Market website. He is accused of selling drugs and various services to the extent of approximately 90 million dollars.
- The research department of the information security company ESET published a study on one of the most advanced server damage campaigns, which managed to hack hundreds of thousands of servers during its 15 years of activity. Among the notorious actions of the Ebury group and the botnet network are the distribution of spam, redirection of network traffic and password theft. Over the past few years, the group has changed its MO to stealing credit cards and digital currencies. In addition, Ebury vulnerabilities were implemented as backdoors to compromise nearly 400,000 Linux, FreeBSD, and OpenBSD servers, and in more than 100,000 servers, the vulnerability still existed as of the end of 2023. In many cases, Ebury operators were able to gain full access to large servers used by well-known ISP & hosting companies.