Stanford University is investigating a cybersecurity incident within its Department of Public Safety after a ransomware gang claimed it attacked the school on Friday. A spokesperson for the university directed Recorded Future News to a statement published late on Friday afternoon explaining that it is in the process of figuring out the details of the incident. “We are continuing to investigate a cybersecurity incident at the Stanford University Department of Public Safety (SUDPS) to determine the extent of what may have been impacted,” the school said. “Based on our investigation to date, there is no indication that the incident affected any other part of the university, nor did it impact police response to emergencies. The impacted SUDPS system has been secured.”
Microsoft has published a detailed profile of a native English-speaking threat actor with advanced social engineering capabilities it tracks as Octo Tempest, that targets companies in data extortion and ransomware attacks. Octo Tempest’s attacks have steadily evolved since early 2022, expanding their targeting to organizations providing cable telecommunications, email, and tech services, and partnering with the ALPHV/BlackCat ransomware group. The threat actor was initially observed selling SIM swaps and stealing accounts of high-profile individuals with cryptocurrency assets.
The Clark County School District (CCSD) in Nevada is dealing with a potentially massive data breach, as hackers email parents their children’s’ data that was allegedly stolen during a recent cyberattack. CCSD is the fifth largest school district in the US, with over 300,000 students and 15,000 teachers. On October 16, CCSD confirmed it suffered a cyberattack earlier this month, stating threat actors gained access to the district’s email servers. “On approximately October 5, 2023, Clark County School District (“CCSD”) became aware of a cybersecurity incident impacting its email environment,” reads a statement from the Clark County School District.
HackerOne has announced that its bug bounty programs have awarded over $300 million in rewards to ethical hackers and vulnerability researchers since the platform’s inception. Thirty hackers have earned over a million USD for their submissions, and one has broken the record, receiving over $4 million for his bug reports. Founded over a decade ago, HackerOne is a bug bounty platform that connects organizations with a community of ethical hackers who identify and report vulnerabilities and weaknesses in software in exchange for a reward.
Boeing Co (BA.N) said on Friday it was assessing a claim made by the Lockbit cybercrime gang that it had “a tremendous amount” of sensitive data stolen from the aerospace giant that it would dump online if Boeing didn’t pay ransom by Nov. 2. The hacking group posted a countdown clock on its data leak website with a message saying, “Sensitive data was exfiltrated and ready to be published if Boeing do not contact within the deadline!” “For now we will not send lists or samples to protect the company BUT we will not keep it like that until the deadline,” the hacking group said.
There is a strange phone booth floating in the void of the internet. Lacquered red in the British style, it sits in space. If you click it, it will initiate a free 45 minute encrypted video call. It looks like a Zoom call, but unlike Zoom, it’s completely private. This is theinternetphonebooth.com, a website that routes users to Birdcalls, a privacy-centered communications service. “Isn’t there something essential about the phone booth in society? Public, yet private? A little space to connect with someone, in the middle of a crowd? Maybe a better question to ask would be: how did the internet exist without its own phone booth before now?” Sunny Allen, the founder of Birdcalls told Motherboard.