This week the Washington Post described Russia as "struggling under an unprecedented hacking wave" — with one survey finding Russia is now the world's leader for leaked sensitive data (such as passwords and email addresses). "Federation government: your lack of honor and blatant war crimes have earned you a special prize..." read a message left behind on one of the breached networks... Documents were stolen from Russia's media regulator and 20 years of email from one of Russia's government-owned TV/radio broadcasting companies. Ukraine's government is even suggesting targets through its "IT Army" channel on telegram, and has apparently distributed the names of hundreds of Russia's own FSB security agents. And meanwhile, the Post adds, "Ordinary criminals with no ideological stake in the conflict have also gotten in on the act, taking advantage of preoccupied security teams to grab money as the aura of invincibility falls, researchers said." Soon after the invasion, one of the most ferocious ransomware gangs, Conti, declared that it would rally to protect Russian interests in cyberspace. The pledge backfired in a spectacular fashion, since like many Russian-speaking crime groups it had affiliates in Ukraine. One of them then posted more than 100,000 internal gang chats, and later the source code for its core program, making it easier for security software to detect and block attacks. Network Battalion 65 [a small hacktivist group formed as the war began looking inevitable] went further. It modified the leaked version of the Conti code to evade the new detections, improved the encryption and then used it to lock up files inside government-connected Russian companies. "We decided it would be best to give Russia a taste of its own medicine. Conti caused (and still causes) a lot of heartache and pain for companies all around the world," the group said. "As soon as Russia ends this stupidity in Ukraine, we will stop our attacks completely." In the meantime, Network Battalion 65 has asked for ransomware payments even as it has shamed victims on Twitter for having poor security. The group said it hasn't gotten any money yet but would donate anything it collects to Ukraine. Ars Technica quotes a cybersecurity researcher who now says "there are tens of terabytes of data that's just falling out of the sky." Thanks to long-time Slashdot reader SpzToid for sharing the article!

Read more of this story at Slashdot.

Ukrainian hacktivists reportedly disrupted alcohol shipments in Russia after committing distributed denial of service (DDoS) attacks against a critical online portal, according to local reports. From a report: Alcohol producers and distributors are required by law to register their shipments with the EGAIS portal, loosely translated as the "Unified State Automated Alcohol Accounting Information System." However, several entities in the sector told local news site Vedomosti this week that DDoS attacks by Ukrainian hacktivists downed the site on May 2 and 3. The outage impacted not only vodka distribution but also wine companies and purveyors of other types of alcohol. Government sources quoted in the report claim that the site is running normally and any excessive waiting times are merely due to heavy demand. However, one company, Fort, had failed to upload about 70% of invoices to EGAIS due to the outage, according to the report. Its supplies of wine to retail chains and restaurants were apparently disrupted on May 4 due to the incident.

Read more of this story at Slashdot.

A new espionage actor is breaching corporate networks to steal emails from employees involved in big financial transactions like mergers and acquisitions. From a report: Mandiant researchers, which first discovered the advanced persistent threat (APT) group in December 2019 and now tracks it as "UNC3524," says that while the group's corporate targets hint at financial motivation, its longer-than-average dwell time in a victim's environment suggests an intelligence gathering mandate. In some cases, UNC3524 remained undetected in victims' environments for as long as 18 months, versus an average dwell time of 21 days in 2021. Mandiant credits the group's success at achieving such a long dwell time to its unique approach to its use of a novel backdoor -- tracked as "QuietExit" -- on network appliances that do not support antivirus or endpoint detection, such as storage arrays, load balancers and wireless access point controllers. The QuietExit backdoor's command-and-control servers are part of a botnet built by compromising D-Link and LifeSize conference room camera systems, according to Mandiant, which said the compromised devices were likely breached due to the use of default credentials, rather than an exploit.

Read more of this story at Slashdot.

Haje Jan Kamps, writing for TechCrunch: A couple of weeks ago yet another of my friends was a victim of identity theft, and I got yet another deep look into how fantastically broken the U.S. can be when it comes to security. "They have my social security number," she said, and I was reminded of how a lot of systems in the U.S. are woefully poorly designed. To wit: This morning I called my bank and was asked for the last four digits of my SSN and they somehow accepted my identity because I knew those four digits. When I moved to the U.S. a couple of years ago, my friends made sure that I knew I had to keep my Social Security number (SSN) secret and hidden. When I started opening a bank account and set up a cell phone plan, it became obvious why: All sorts of institutions that really should know better are treating this string of numbers as a password. There's a huge, glaring problem with that. I maintain that Equifax should receive the corporate equivalent of capital punishment for allowing this to happen, but 145 million social security numbers were stolen by hackers a few years ago, which means that the Social Security numbers -- yes, the same numbers that are being treated as "passwords" -- for about half the U.S. adult population are in the wind. We've gotten used to passwords by now, but at least, in most cases, passwords can be changed when they are hacked. Your social security number? Not so much. If your SSN leaks just once, you're boned. It's not possible to change it, and that brings up the true depth of idiocy in all of this: Relying on security that depends on keeping an unchangeable piece of information secret is really bloody stupid. The corollary is this: Imagine that your email has been hacked but your email provider tells you that you can't change your password, you can't change your email provider, and you'll just have to deal with it. That's the situation we currently have with Social Security numbers.

Read more of this story at Slashdot.

Information released under data protection laws sheds light on apparent effort to undermine Canadian research group Citizen Lab. From a report: When Downing Street was recently named as the suspected victim of a phone hack by the United Arab Emirates using the Israeli-made spyware, Pegasus, few were surprised at who was behind the discovery. The Citizen Lab at the University of Toronto has for years been a thorn in the side of the NSO Group, deciphering the company's sophisticated hacking tools and -- crucially -- identifying victims of the spyware. Ron Deibert, the longtime director of the Canadian research group, is one of the world's leading experts on identifying digital threats against civil society. John Scott-Railton, a senior researcher at Citizen Lab, is among a relatively small group of experts globally who can identify which iPhones and Android devices have been infected with Pegasus, and which government clients are likely to have been responsible. It is unsurprising, then, that the pair were an intense focus at Novalpina, the London-based private equity group which took over NSO Group in 2019, and quickly sought to stem its reputation for enabling repressive governments to commit widespread human rights abuses. Using UK data protection laws, Deibert and Scott-Railton last year sought the personal data held on them by Novalpina. The results of their so-called subject access requests, recently shared with the Guardian, contain snippets of hundreds of emails and attachments that included their names. The released data, combined with information from other sources, sheds light on an apparent attempt by Novalpina partner Stephen Peel to gather information on and undermine Citizen Lab. In one case, he even reached out to George Soros, whose foundation is an important Citizen Lab donor, and complained about the researchers.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Vulnerabilities recently discovered by Microsoft make it easy for people with a toehold on many Linux desktop systems to quickly gain root system rights -- the latest elevation of privileges flaw to come to light in the open source OS. [...] Nimbuspwn, as Microsoft has named the EoP threat, is two vulnerabilities that reside in the networkd-dispatcher, a component in many Linux distributions that dispatch network status changes and can run various scripts to respond to a new status. When a machine boots, networkd-dispatcher runs as root. [...] A hacker with minimal access to a vulnerable desktop can chain together exploits for these vulnerabilities that give full root access. [The step-by-step exploit flow can be found in the article. The researcher also was able to gain persistent root access using the exploit flow to create a backdoor.] The proof-of-concept exploit works only when it can use the "org.freedesktop.network1" bus name. The researcher found several environments where this happens, including Linux Mint, in which the systemd-networkd by default doesn't own the org.freedodesktop.network1 bus name at boot. The researcher also found several processes that run as the systemd-network user, which is permitted to use the bus name required to run arbitrary code from world-writable locations. The vulnerable processes include several gpgv plugins, which are launched when apt-get installs or upgrades, and the Erlang Port Mapper Daemon, which allows running arbitrary code under some scenarios. The vulnerability has been patched, although it's unclear which version of Linux the patch is in.

Read more of this story at Slashdot.

At least six different Kremlin-linked hacking groups have conducted nearly 240 cyber operations against Ukrainian targets, Microsoft said Wednesday, in data reveal a broader scope of alleged Russian cyberattacks during the war on Ukraine than previously documented. From a report: "Russia's use of cyberattacks appears to be strongly correlated and sometimes directly timed with its kinetic military operations," said Tom Burt, a Microsoft vice president. The Microsoft report is the most comprehensive public record yet of Russian hacking efforts related to the war in Ukraine. It fills in some gaps in public understanding of where Russia's vaunted cyber capabilities have been deployed during the war. Burt cited a cyberattack on a Ukrainian broadcast company on March 1, the same day as a Russian missile strike against a TV tower in Kyiv, and malicious emails sent to Ukrainians falsely claiming the Ukrainian government was "abandoning" them amid the Russian siege of the city of Mariupol. Suspected Russian hackers "are working to compromise organizations in regions across Ukraine," and may have been collecting intelligence on Ukrainian military partnerships many months before the full-scale invasion in February, the Microsoft report says.

Read more of this story at Slashdot.

An anonymous reader quotes a report from PC Magazine: European wind-energy companies have reportedly been targeted by hackers -- or been affected by cyberattacks on their suppliers -- since Russia invaded Ukraine in late February. The Wall Street Journal reports that Nordex SE and Deutsche Windtechnik AG have both reported cyber incidents over the last few months. A third German company, Enercon GmbH, told the Journal it was "collateral damage" when Viasat was hacked at the start of the invasion. The severity of the hacks varies. Nordex SE had to shut down its IT systems; Deutsche Windtechnik AG couldn't remotely control about 2,000 turbines for at least a day; and Enercon GmbH lost remote access to some 5,800 turbines because of the Viasat hack. The notorious Conti ransomware gang has reportedly claimed responsibility for the March hack of Nordex SE; the Journal says that security experts are currently investigating the possibility that it was involved with the April hack of Deutsche Windtechnik AG as well.

Read more of this story at Slashdot.

Bored Ape Yacht Club's Instagram account and Discord server were both hacked on Monday, with an unofficial "mint" link being sent out to followers. From a report: "There is no mint going on today. It looks like BAYC Instagram was hacked. Do not mint anything, click links, or link your wallet to anything," the NFT project wrote on Twitter. At the time of writing, it is estimated that around 24 Bored Apes and 30 Mutant Apes have been stolen according to recent OpenSea transfers, although some of these may be holders transferring their NFTs for security purposes. The value of the 54 NFTs calculated by floor price is $13.7 million.

Read more of this story at Slashdot.

CNBC explores the dream of "a future where nobody has to constantly update and change online passwords to stay ahead of hackers and keep data secure." Here's the good news: Some of the biggest names in tech are already saying that the dream of a password-less internet is close to becoming a reality. Apple, Google and Microsoft are among those trying to pave the way... In theory, removing passwords from your cybersecurity equation nixes what former Secretary of Homeland Security Michael Chertoff has called "by far the weakest link in cybersecurity." More than 80% of data breaches are a result of weak or compromised passwords, according to Verizon.... Doing away with passwords altogether is not without risks. First, verification codes sent via email or text message can be intercepted by hackers. Even scarier: Hackers have shown the ability to trick fingerprint and facial recognition systems, sometimes by stealing your biometric data. As annoying as changing your password might be, it's much harder to change your face or fingerprints. Second, some of today's password-less options still ask you to create a PIN or security questions to back up your account. That's not much different from having a password.... Plus, tech companies still need to make online accounts accessible across multiple platforms, not just on smartphones — and also to the people who don't own smartphones at all, roughly 15% of the U.S. Some data points from the article: "Microsoft says 'nearly 100%' of the company's employees use password-less options to log into their corporate accounts." "In September, Microsoft announced that its users could go fully password-less to access services like Windows, Xbox, and Microsoft 365." "Similarly, Google sells physical security keys, and its Smart Lock app allows you to tap a button on your Android or iOS device to log into your Google account on the web." Apple's devices have used Touch ID and Face ID features for several years."

Read more of this story at Slashdot.

A former NSA computer scientist is disgusted with the current state of security practices, writes ITWire. Slashdot reader samuel_the_fool shares their report: Patching of vulnerabilities is the security industry's equivalent of thoughts and prayers, a prominent American security expert has said during a debate on the topic "Patching is useless" at a recent online conference named Hack At The Harbor. Dave Aitel, 46, a former NSA computer scientist who ran his own security shop, Immunity, for many years, said the remedies proposed by security vendors and big technology companies had served to lull people into a false sense of security all these years and ensure that all the old problems still remained.... Aitel pointed out that if there were vulnerable devices on a network, then they should be removed and substituted with others, rather than being continuously patched.... Aitel was no less severe on Linux, noting that the biggest contributor to the kernel was the Chinese telecommunications vendor Huawei Technologies, which he claimed had been indicted by the US, and asking how one could rest content if so many patches were coming from a company of this kind. On the positive side, he had praise for ChromeOS, an operating system that is produced by Google, and recommended the use of Chromebooks rather Windows machines. Aitel called for vulnerability management, advocating the government as the best entity to handle this. His argument was that no other entity had sufficient power to push back against the lobby of the big software vendors and the security industry.

Read more of this story at Slashdot.

Lenovo has released security updates for more than 100 laptop models to fix critical vulnerabilities that make it possible for advanced hackers to surreptitiously install malicious firmware that can be next to impossible to remove or, in some cases, to detect. Ars Technica reports: Three vulnerabilities affecting more than 1 million laptops can give hackers the ability to modify a computer's UEFI. Short for Unified Extensible Firmware Interface, the UEFI is the software that bridges a computer's device firmware with its operating system. As the first piece of software to run when virtually any modern machine is turned on, it's the initial link in the security chain. Because the UEFI resides in a flash chip on the motherboard, infections are difficult to detect and even harder to remove. Two of the vulnerabilities -- tracked as CVE-2021-3971 and CVE-2021-3972 -- reside in UEFI firmware drivers intended for use only during the manufacturing process of Lenovo consumer notebooks. Lenovo engineers inadvertently included the drivers in the production BIOS images without being properly deactivated. Hackers can exploit these buggy drivers to disable protections, including UEFI secure boot, BIOS control register bits, and protected range register, which are baked into the serial peripheral interface (SPI) and designed to prevent unauthorized changes to the firmware it runs. After discovering and analyzing the vulnerabilities, researchers from security firm ESET found a third vulnerability, CVE-2021-3970. It allows hackers to run malicious firmware when a machine is put into system management mode, a high-privilege operating mode typically used by hardware manufacturers for low-level system management. "All three of the Lenovo vulnerabilities discovered by ESET require local access, meaning that the attacker must already have control over the vulnerable machine with unfettered privileges," notes Ars Technica's Dan Goodin. "The bar for that kind of access is high and would likely require exploiting one or more critical other vulnerabilities elsewhere that would already put a user at considerable risk." Still, it's worth looking to see if you have an affected model and, if so, patch your computer as soon as possible.

Read more of this story at Slashdot.

Catalonia's regional leader accused the Spanish government on Monday of spying on its citizens after a rights group said his phone and dozens more belonging to Catalan pro-independence figures had been infected with spyware used by sovereign states. From a report: The Citizen Lab digital rights group found more than 60 people linked to the Catalan separatist movement, including several members of the European Parliament, other politicians, lawyers and activists, had been targeted with "Pegasus" spyware made by Israel's NSO Group after a failed independence bid. NSO, which markets the software as a law-enforcement tool, said Citizen Lab and Amnesty International, which was not involved in this investigation but has published previous studies about Pegasus, had produced inaccurate and unsubstantiated reports to target the company.

Read more of this story at Slashdot.

Decentralized finance project Beanstalk Farms suffered one of the largest-ever flash-loan exploits on Sunday, sending its price tumbling. From a report: The credit-focused, Ethereum-based stablecoin protocol suffered a total loss of around $182 million and the attacker got away with around $80 million of crypto tokens, according to blockchain security firm PeckShield, which had flagged the incident on Twitter. The project's native token BEAN fell about 75% from its $1 peg against the dollar, pricing from CoinGecko showed. The protocol's creators disclosed their identities on Beanstalk's Discord server, and said that they were not involved in the attack. "We are not aware of the identity of the individuals who were involved. Like all other investors in Beanstalk, we lost all of our deposited assets in the Silo, which was substantial," the founders wrote. It isn't yet clear whether investors who lost funds will be reimbursed -- or if so, how and to what extent. Unlike traditional lending, which requires a loan to be secured with a collateral or credit checks, DeFi smart contracts allow users to borrow huge sums of stablecoins in what are known as flash loans, without any form of security. Flash loans, where the entire process of borrowing and returning the loan happens in a single transaction on the blockchain, are fairly popular among arbitrage traders.

Read more of this story at Slashdot.

GitHub issued a security alert Friday. GitHub's chief security officer wrote that on Tuesday, "GitHub Security began an investigation that uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm..." We do not believe the attacker obtained these tokens via a compromise of GitHub or its systems, because the tokens in question are not stored by GitHub in their original, usable formats. Following immediate investigation, we disclosed our findings to Heroku and Travis-CI on April 13 and 14... Looking across the entire GitHub platform, we have high confidence that compromised OAuth user tokens from Heroku and Travis-CI-maintained OAuth applications were stolen and abused to download private repositories belonging to dozens of victim organizations that were using these apps. Our analysis of other behavior by the threat actor suggests that the actors may be mining the downloaded private repository contents, to which the stolen OAuth token had access, for secrets that could be used to pivot into other infrastructure. We are sharing this today as we believe the attacks may be ongoing and action is required for customers to protect themselves. The initial detection related to this campaign occurred on April 12 when GitHub Security identified unauthorized access to our npm production infrastructure using a compromised AWS API key. Based on subsequent analysis, we believe this API key was obtained by the attacker when they downloaded a set of private npm repositories using a stolen OAuth token from one of the two affected third-party OAuth applications described above. Upon discovering the broader theft of third-party OAuth tokens not stored by GitHub or npm on the evening of April 13, we immediately took action to protect GitHub and npm by revoking tokens associated with GitHub and npm's internal use of these compromised applications. We believe that the two impacts to npm are unauthorized access to, and downloading of, the private repositories in the npm organization on GitHub.com and potential access to the npm packages as they exist in AWS S3 storage. At this point, we assess that the attacker did not modify any packages or gain access to any user account data or credentials. We are still working to understand whether the attacker viewed or downloaded private packages. npm uses completely separate infrastructure from GitHub.com; GitHub was not affected in this original attack. Though investigation continues, we have found no evidence that other GitHub-owned private repos were cloned by the attacker using stolen third-party OAuth tokens. Once GitHub identified stolen third-party OAuth tokens affecting GitHub users, GitHub took immediate steps to respond and protect users. GitHub contacted Heroku and Travis-CI to request that they initiate their own security investigations, revoke all OAuth user tokens associated with the affected applications, and begin work to notify their own users.... GitHub is currently working to identify and notify all of the known-affected victim users and organizations that we discovered through our analysis across GitHub.com. These customers will receive a notification email from GitHub with additional details and next steps to assist in their own response within the next 72 hours. If you do not receive a notification, you and/or your organization have not been identified as affected. You should, however, periodically review what OAuth applications you've authorized or are authorized to access your organization and prune anything that's no longer needed. You can also review your organization audit logs and user account security logs for unexpected or anomalous activity.... The security and trustworthiness of GitHub, npm, and the broader developer ecosystem is our highest priority. Our investigation is ongoing, and we will update this blog, and our communications with affected customers, as we learn more.

Read more of this story at Slashdot.

A new social engineering scam is making the rounds, and this one is particularly insidious: It tricks users into sending money to what they think is their own account to reverse a fraudulent charge. From a report: The FBI's Internet Crime Complaint Center issued the warning, which it said involves cybercriminals who have definitely done their homework. "In addition to knowing the victim's financial institution, the actors often had further information such as the victim's past addresses, social security number, and the last four digits of their bank accounts," the IC3 said. The con starts off as many that target individuals do nowadays: With a text message. In this case it's not a phishing attempt, it's an attempt to ascertain whether the person receiving the message is susceptible to further manipulation. Posing as the target's bank, the message asks whether a large charge ($5,000 in the example the FBI gives) was legitimate and asks for a reply of YES or NO. Replying no leads to a follow-up text: "Our fraud specialist will be contacting you shortly. This is where social engineering comes in, and the FBI is painting a picture of a sophisticated operation. The "fraud specialists" contacting users reportedly "speak English without a discernible accent," and once they establish credibility with the victim they move on to "helping" them "reverse" the fake transaction. It gets even more insidious here: The charges that are being refuted aren't bank charges directly: they are payments being made through an instant payment app like Venmo or CashApp. The fraudster never asks for a password or any information that might clue someone in that they're being strung along. Instead, the caller asks the victim to use their bank website or app to remove their email address from the digital payment app (thereby unlinking the app and bank account), which the fraudster then asks for. Next, the victim is asked to send the same amount as the fake payment to themselves using their own email address, which has already been added to an account the criminal controls.

Read more of this story at Slashdot.

The Git team has issued an update to fix a bug in Git for Windows that "affects multi-user hardware where untrusted parties have write access to the same hard disk," reports The Register. Specifically, the update is concerned with CVE-2022-24765. From the report: Arguably, if an "untrusted party" has write access to a hard disk, then all bets are off when it comes to the nooks and crannies of a PC anyway. In this case, the miscreants would only need to create the folder c:\.git, "which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory," according to NIST. The result is that Git would use the config in the directory. NIST went on to list potentially vulnerable products, which included Visual Studio. "Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash." The Git team was little blunter about the vulnerability, and warned that "Merely having a Git-aware prompt that runs 'git status' (or 'git diff') and navigating to a directory which is supposedly not a Git worktree, or opening such a directory in an editor or IDE such as VS Code or Atom, will potentially run commands defined by that other user." [...] To deal with the issue, the Git team recommends an update. Alternatively, a user could create that .git folder themselves and remove read/write access as workaround or "define or extend 'GIT_CEILING_DIRECTORIES' to cover the parent directory of the user profile," according to NIST.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Wired: More than half a decade has passed since the notorious Russian hackers known as Sandworm targeted an electrical transmission station north of Kyiv a week before Christmas in 2016, using a unique, automated piece of code to interact directly with the station's circuit breakers and turn off the lights to a fraction of Ukraine's capital. That unprecedented specimen of industrial control system malware has never been seen again -- until now: In the midst of Russia's brutal invasion of Ukraine, Sandworm appears to be pulling out its old tricks. On Tuesday, the Ukrainian Computer Emergency Response Team (CERT-UA) and the Slovakian cybersecurity firm ESET issued advisories that the Sandworm hacker group, confirmed to be Unit 74455 of Russia's GRU military intelligence agency, had targeted high-voltage electrical substations in Ukraine using a variation on a piece of malware known as Industroyer or Crash Override. The new malware, dubbed Industroyer2, can interact directly with equipment in electrical utilities to send commands to substation devices that control the flow of power, just like that earlier sample. It signals that Russia's most aggressive cyberattack team attempted a third blackout in Ukraine, years after its historic cyberattacks on the Ukrainian power grid in 2015 and 2016, still the only confirmed blackouts known to have been caused by hackers. ESET and CERT-UA say the malware was planted on target systems within a regional Ukrainian energy firm on Friday. CERT-UA says that the attack was successfully detected in progress and stopped before any actual blackout could be triggered. But an earlier, private advisory from CERT-UA last week, first reported by MIT Technology Review today, stated that power had been temporarily switched off to nine electrical substations. Both CERT-UA and ESET declined to name the affected utility. But more than 2 million people live in the area it serves, according to Farid Safarov, Ukraine's deputy minister of energy. [...] The revelation of Sandworm's attempted blackout attack provides more evidence that Russia's invasion of Ukraine has been accompanied by a new wave of cyberattacks on the country's networks and critical infrastructure, though with only mixed success.

Read more of this story at Slashdot.

Russian military hackers tried and failed to attack Ukraine's energy infrastructure last week, the country's government and a major cybersecurity company said Tuesday. From a report: The attack was designed to infiltrate computers connected to multiple substations, then delete all files, which would shut that infrastructure down, according to Ukraine's summary of the incident. ESET, a Slovakia-based cybersecurity company working to help secure Ukrainian infrastructure, said in a summary of the attack that it was conducted by the same arm of Russia's military intelligence agency, GRU, that had previously successfully executed similar attacks in 2014 and 2015. In both of those incidents, some residents of Kyiv temporarily lost power. This attack had been planned for at least two weeks, ESET said. Since Russia began its invasion in February, Ukraine hasn't been hit by any attacks as visibly destructive as those previous hacks of Kyiv energy companies. But Ukraine has faced multiple so-called "wiper" attacks, including ones that have targeted computers in Ukraine's government, financial institutions and internet service providers. Those attacks also look to mass-delete files from hacked computers.

Read more of this story at Slashdot.

U.S. and European authorities said on Tuesday they had seized RaidForums, a popular website used by hackers to buy and sell stolen data, and the United States also unsealed charges against the website's founder and chief administrator Diego Santos Coelho. From a report: Coelho, 21, of Portugal, was arrested in the United Kingdom on Jan. 31, and remains in custody while the United States seeks his extradition to stand trial in the U.S. District Court for the Eastern District of Virginia, the U.S. Justice Department said. The department said it had obtained court approval to seize three different domain names that hosted the RaidForums website: raidforums.com, Rf.ws and Raid.lol. Among the types of data that were available for sale on the site included stolen bank routing and account numbers, credit card information, log-in credentials and social security numbers.

Read more of this story at Slashdot.