Notices by Metacurity (metacurity@infosec.exchange)

Exclusive: Legal Practice Board of Western Australia confirms Dire Wolf ransomware attack
https://www.cyberdaily.au/security/12158-exclusive-legal-practice-board-of-western-australia-confirms-dire-wolf-ransomware-attack

This should be much bigger news.

CrowdStrike discovered that state officials in Rhode Island had been unaware for more than five months that its VPN system, managed by Deloitte, had been hacked. Deloitte didn't know until the hackers asked for a ransom.

Now, it looks like RI will sue Deloitte.

https://www.bostonglobe.com/2025/05/15/metro/ribridges-vpn-hack-ri-breach-personal-data-investigation-findings/

Here is the CrowdStrike report.
https://admin.ri.gov/sites/g/files/xkgbur536/files/2025-05/RIBridges%20Investigation%20Summary%20FINAL%20-%20External%20Release.pdf

The Coinbase hack is expected to cost the company up to $400 million, and the company has launched a $20 million reward fund for information leading to the attackers’ arrest and conviction.
https://www.investing.com/news/stock-market-news/coinbase-discloses-security-breach-expects-impact-of-up-to-400m-4047654

Oh goodie...

Generative AI will surpass cybersecurity in many corporate tech budgets this year

https://www.geekwire.com/2025/generative-ai-tops-cybersecurity-in-2025-tech-budget-priorities-new-aws-study-finds/

"Hackers have targeted GlobalX Air, one of the main airlines the Trump administration is using as part of its deportation efforts, and stolen what they say are flight records and passenger manifests of all of its flights, including those for deportation"
https://www.404media.co/globalx-airline-for-trumps-deportations-hacked/

Oracle engineers caused days-long software outage at U.S. hospitals
https://www.cnbc.com/2025/04/28/oracle-engineers-caused-days-long-software-outage-at-us-hospitals.html

Really useful advice for these times we suddenly find ourselves in.

How to hard-lock your iPhone in a hurry
https://www.cultofmac.com/how-to/how-to-hard-lock-your-iphone-in-a-hurry?utm_source=flipboard&utm_medium=activitypub

Dozens of mobile providers across 35 countries are routing mobile traffic through major Chinese interconnect providers such as China Mobile International, China Telecom Global and China Unicom Global, allowing the Chinese telcos to conduct MITM attacks, track device locations in real time, intercept SMS and voice communications and "silently push spyware or malware onto target devices using signaling-level attacks."

https://dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/iverify-abusing-data-in-the-middle.pdf

Oh wow. This just in from a CISA spokesperson:

“The CVE Program is invaluable to cyber community and a priority of CISA. Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services. We appreciate our partners’ and stakeholders’ patience.”

Chris Krebs and SentinelOne face a long slog to redress Trump's EO stripping them of their security clearances.

This is the latest in a string of similar punitive actions against a host of Trump "enemies." As one legal expert told me, “We might as well live in Stalin’s Soviet Union.”

Check out my latest piece in CSO.

Trump revokes security clearances for Chris Krebs, SentinelOne in problematic precedent for security vendors

https://www.csoonline.com/article/3958808/trump-revokes-security-clearances-for-chris-krebs-sentinelone-in-problematic-precedent-for-security-vendors.html

Hackers Breach Berkshire Hathaway’s NetJets, Steal Client Data
https://www.bloomberg.com/news/articles/2025-04-09/hackers-breach-berkshire-hathaway-s-netjets-steal-client-data?utm_medium=email&utm_source=author_alert&utm_term=250409&utm_campaign=author_22719966

Exclusive: DOGE staffer, 'Big Balls', provided tech support to cybercrime ring, records show
https://www.reuters.com/world/us/doge-staffer-big-balls-provided-tech-support-cybercrime-ring-records-show-2025-03-26/

The greatest thing of the day - when Microsoft needlessly demanded a PoC video for a vulnerability that analyst Will Dormann discovered and was well-documented, he submitted a 15-minute video that contained a clip from Zoolander, in which the protagonist unveils the "Center for Kids Who Can't Read Good," as well as a punchy techno backing track while wasting the reviewer's time with approximately 14 minutes of inactivity.
https://www.theregister.com/2025/03/17/microsoft_bug_report_troll/

Exclusive: Fired US government workers with top security clearances were not given exit briefings, sources say
https://www.reuters.com/world/us/fired-us-government-workers-with-top-security-clearances-were-not-given-exit-2025-03-04/

It's all over but the shouting my friends.

"Within the White House complex, the WiFi permissions — meant to bolster security by prompting users to log in frequently — were recently changed to allow guests to remain logged in for a year, up from seven days, because so many personal devices are newly in use."
https://www.washingtonpost.com/business/2025/02/25/elon-musk-doge-data-privacy-security/

https://www.wired.com/story/doge-hr-elon-musk-resignation-fork-road-leaked-staff-meeting/

“One employee expressed concerns that outside actors could send resignation emails on staffers’ behalf by spoofing their email addresses.”

Musk has locked OPM workers out of their computer systems.

Exclusive: Musk aides lock government workers out of computer systems at US agency, sources say
https://www.reuters.com/world/us/musk-aides-lock-government-workers-out-computer-systems-us-agency-sources-say-2025-01-31/

"Norway is sounding the alarm after discovering that Russia is no longer only disrupting the Global Navigation Satellite Systems (GNSS) across the border, but also spoofing GPS signals, an attack that can cause significant disruption to commercial aviation."

"We were spoofed on approaching Kirkenes today”
https://www.thebarentsobserver.com/news/we-were-spoofed-on-approaching-kirkenes-today/423323

Violent Hackers Are Using U-Haul To Dox Targets
https://www.404media.co/violent-hackers-are-using-u-haul-to-dox-targets/

Even though the HOPE (Hackers on Planet Earth) conference is usually slated for every other year, given the success of the 2024 conference, HOPE will take place again next year.

I just got an email saying HOPE_16 will occur August 15-17, 2025, at St. John's University in Queens, New York City.

I'm definitely going this time.