Russian ransomware attack destabilizes British Royal Mail

WIRE investigation This week, the SweepWizard app, which some U.S. law enforcement agencies use to coordinate raids, was found to have publicly disclosed sensitive data from hundreds of police operations until WIRED disclosed the vulnerability. The disclosed data included personal information about hundreds of officers and thousands of suspects, including the geographic coordinates of the suspects’ homes, the time and location of the raids, demographic and contact information, and the social security numbers of some suspects.

Meanwhile, police in the Indian state of Telangana are using grassroots education initiatives to help people avoid digital scams and other online exploits. And industrial control giant Siemens this week uncovered a serious vulnerability in one of its most popular product lines of programmable logic controllers. The company has no plans to fix the vulnerability, as the vulnerability itself can only be exploited through physical access. The researchers say, however, that this creates a vulnerability for industrial control and critical infrastructure environments, which include any of the 120 vulnerable S7-1500 PLC models.

And that’s not all. Every week we cover security news that we didn’t cover in detail ourselves. Click on the headings below to read the full stories.

The UK Royal Mail service said on Wednesday that it had been attacked by ransomware and, as a result, was unable to process parcels and letters for international shipment. The company has asked customers not to attempt to send international mail until the attack is fixed. Royal Mail officials blamed the successful cybercriminal ransomware group LockBit, which is believed to be based in Russia, for the attack. Royal Mail did not provide detailed comment on the situation, but called it a “cyber incident” and warned that there would be “major disruptions” as a result of the attack.

In November, aides to President Joe Biden discovered classified material he made during his tenure as vice president in an office he used prior to his 2020 presidential campaign and at his home in Wilmington, Delevere. Now, after combing through the president’s papers and offices, they have found even more secret documents elsewhere. NBC News, which first reported the new details on Wednesday, wrote: “The level of secrecy, number and exact location of additional documents were not immediately clear. It was also not immediately clear when the additional documents were discovered or whether the search for any other classified material that Biden might have obtained from the Obama administration had been completed.”

In March 2019, Microsoft stated that it would be phasing out Windows 7 and that customers should upgrade to newer versions of the operating system. Beginning in January 2020, the company continued to provide security updates only to enterprise customers who paid for extended support. Microsoft has said that this too will end at the end of 2022. The company confirmed on Tuesday that security updates for Windows 7 have ended and that all users should upgrade if they haven’t already. Computers that continue to run Windows 7 will not receive updates and will be vulnerable to hacking. The operating system was first launched in 2009 and was ubiquitous in its heyday. Like many versions of Windows, it will most likely have a long tail. TechCrunch reports that some market share data analysts estimate that 10 percent of Windows PCs worldwide are still running Windows 10. Apparently due to slower adoption rates, Microsoft ended support for Windows 8 in January 2016 year, and ended support for Windows 8.1 on Tuesday. . And the company won’t be offering extended support for Windows 8.1.

Cybercriminals trying to commit identity theft exploited a very simple security vulnerability on the website of the Experian credit bureau. Experian has designed its systems so that people who want a copy of their credit report must correctly answer a series of multiple-choice questions about their financial history in order to verify their identity. However, until the end of 2022, the Experian website allowed anyone to bypass the requirement simply by entering the person’s name, date of birth, social security number, and address. This set of information is often easily accessible to cybercriminals due to past data breaches and the composite treasures of many leaks combined.

September 2022 investigation New York Times included candid comments from Russian soldiers about their criticism of Russia’s invasion of Ukraine and the ongoing war in the country. But the article appears to have inadvertently exposed phone numbers and other identifying metadata about some of the sources, and the information was kept in the article’s public source code until Motherboard notified the publication in January. While this is an unintentional omission, it has real potential implications for the physical security of the sources, which could be subject to repercussions by the Russian government or other entities.