Here we go with this month’s NewsScam and NO this isn’t an April’s fool! Read all the newest Cybersecurity headlines including why and where not to charge your phone during your travels; and of course, all about the newest & biggest scandal around the Pentagon cybersecurity incident caused by a 21-year-old and so much more!
This month there was a moment, I could literally see people’s baffled faces right in front of me but going like “What!?.... Wait a minute!” And yes indeed, a 21-year-old American man working for the US Air Force intelligence unit, seriously jeopardized the Pentagon's security by sharing classified documents on a video game chat platform. One may wonder if playing with cybersecurity might become a new sport amongst youngsters. Fly over to Spain where a 19-year-old was arrested by the Spanish police as they figured he is a threat towards national security due to the nature of cybercrime he has been involved with. Lest we forget back in 2021, a 17-year old American was behind a major attack on Twitter. Whatever happened to teenagers just hanging out at the mall?
A European Air Traffic incident left people terrified about flying when the Pro-Russian group KillNet found their way into Europe’s air-traffic control IT systems. The motive? Well, the hacker’s main goal was to target the NATO linked to Eurocontrol’s agency though and punish them for their ongoing support of Ukraine. The attack on German weapons manufacturer Rheinmetall is just another example of the ongoing Cyberwar, which leaves one of Germany’s largest automotive and arms manufacturing companies industry picking up the pieces.
If you weren’t already nervous about flying before the previous story, you may want to think twice before charging your phone during your next visit to the airport. The FBI warned that people should stay away from public sockets in airports and hotels as they potentially risk giving access to their personal information, including credit card details and photos on their devices, while they are being charged.
Even though there have been several warnings about the danger of expired digital certificates to maintain secure communication, outages (due to expired certificates) keep happening. This time it hit Elon Musk’s company Starlink. And as if UK’s Brexit has not been challenging enough, visa applications are now stuck in long queues due to a cybercrime incident at the UK Criminal Records Office (ACRO) but even worse, the data from people who have been applying for a UK visa, have been exposed.
This month has certainly kept the cyber industry on its toes and has been a difficult month to choose which stories to highlight but keep on reading all further details and other news below.
Locals React to Pentagon Leaks Caused by ‘A Little Kid Trying to be Important’
Locals living close to the sprawling military base in Cape Cod, where 21-year-old Jack Teixeira worked for a US air force intelligence unit, have been asking the same questions as everyone else.
Was his alleged leak of national security documents some kind of principled stand or an immature attempt to impress two dozen members of a closed chat group called Thug Shaker Central on Discord, a video game chat platform, that he lost control of?
Spanish Teen Hacking Suspect Arrested
Spanish police have arrested a 19-year-old who they claim represents a national security threat due to the magnitude of the cyber-attacks he has conducted.
An investigation into Jose Luis Huertas (aka “Alcasec”) began after he allegedly hacked the national council of the judiciary (CGPJ) and tax agency, and stole data on over half a million Spaniards.
The individual subsequently created a database filled with this information, including personal data and bank account numbers, for onward sale to cyber-criminals, according to the Spanish National Police (Policia Nacional). Huertas is also accused of building a de facto search engine – dubbed “Udyat,” or the “Eye of Horus” – to sell large volumes of stolen data.
Paralyzed in Flight: Pro-Russian Hackers Launched an Attack Against Europe's Air-traffic Agency
A cyber-attack launched by pro-Russian hackers on Europe’s air-traffic control agency has paralyzed air traffic employee operations.
On April 20, some 2,000 employees of the European Organization for the Safety of Air Navigation (EOSAN) could not use internal and external communication channels due to the attack, according to the Wall Street Journal. The employees had to resort to using commercial channels.
Though the hackers did not gain access to the agency’s air-traffic control IT systems, they penetrated its website and caused it to malfunction. “The attack is causing interruptions to the website and web availability,” a statement on the agency’s website reads.
German Manufacturer Rheinmetall’s Automotive Sector Suffered a Cyber-attack
Rheinmetall, one of Germany’s largest automotive and arms manufacturing companies, suffered a cyber-attack that affected its industrial customers in the automotive sector.
Established in 1889 and headquartered in Düsseldorf, Germany, Rheinmetall manufactures automotive parts as well as military weapon systems such as tank guns, munitions, anti-tank guided missiles, autocannons, military vehicles, and electronics. The company generated a revenue of around 6.4 billion euros in 2022.
A Rheinmetall spokesperson said this week that the cyber-attack was aimed at the company’s department dealing with non-military customers, mostly in the automotive sector. Rheinmetall also added that the cyber-attack did not affect its military division.
Airport Public Charging Stations are the Latest Outlet For Cyber Criminals, the FBI Warns
Free public charging stations in the US have become the latest tactic for cyber criminals to infect devices with malware and tracking software. The Federal Bureau of Investigation (FBI) warns people not to connect to the free power but instead carry their own chargers and USB cord that plug into an outlet.
The attack lets bad actors scrape personal information from devices, such as account logins, passwords, credit card details and photos.
Musk’s Starlink Outage Over Digital Certificate ‘Inexcusable’
Elon Musk’s Starlink went down for several hours over an expired digital certificate that machines rely on to work together. Starlink, a satellite internet constellation operated by SpaceX, experienced severe downtime for several hours on April 8, with users from Melbourne to Seattle complaining about the issue.
“[The issue was] caused by expired ground station cert[ificate]. We’re scrubbing the system for other single-point vulnerabilities,” SpaceX’s CEO Elon Musk said on Twitter after the outage.
UK Criminal Records Office Crippled by "Cyber Incident"
The UK Criminal Records Office (ACRO) has been battling a “cyber incident” for two months, creating backlogs for visa applicants and potentially exposing customer information to compromise, according to reports.
The national policing unit checks the police records of UK citizens who want to work or live abroad. However, it has been struggling to recover from a cyber event since January 17, according to the Evening Standard. An email sent to customers impacted by the operational issue reportedly claimed that their data may have been exposed.
This could mean highly sensitive data including “identification information and any criminal conviction data” could be in the hands of would-be extortionists.
Wait, there's more...
MIT and Stanford researchers develop operating system with one major promise: Resisting ransomware - Cyberscoop
KFC, Pizza Hut owner discloses data breach after ransomware attack - bleepingcomputer.com
Tasmanian data breach: schoolchildren’s information among 16,000 documents leaked on dark web - The Guardian
Proskauer Cyber Attack Left Sensitive Client Data Unguarded - bloomberglaw.com
AI-created malware sends shockwaves through cybersecurity world - Fox News
Hyundai data breach exposes owner details in France and Italy - bleepingcomputer.com
NCR in recovery as ransomware disrupts widely used point-of-sale system - Cybersecurity Dive