Laptops given to British schoolkids came preloaded with malware and talked to Russia when booted

The Register

A shipment of laptops supplied to British schoolkids by the Department for Education to help them learn under lockdown came preloaded with malware, The Register can reveal.

The affected laptops, supplied to schools under the government’s Get Help With Technology (GHWT) scheme, which started last year, came bundled with the Gamarue malware – an old remote access worm from the 2010s.

The Register understands that a batch of 23,000 computers, the GeoBook 1E running Windows 10, made by Shenzhen-headquartered Tactus Group, contained the units that were loaded with malware.

These devices have shipped over the past three to four weeks, though it is unclear how many of them are infected. It is believed the devices were imaged at factory level.

Full article

Slack serves up out-of-order messages, shaky comms as world goes back to work

The Register

Messaging platform Slack is first out of the gates of 2021 with a good, old fashioned TITSUP*.

4 January was the first working day of 2021 for many, but as the clock passed the 15:00 UTC mark, and much of the US began to ruefully turn off their out-of-office notifications and stare blearily at inboxes rammed full of a festive fluff, hipster chat outfit Slack decided to extend the vacation for some by ignoring message requests.

Or delivering messages woefully late and, helpfully, in the wrong order.

Full article

Julian Assange will NOT be extradited to the US over WikiLeaks hacking and spy charges, rules British judge

The Register

Accused hacker and WikiLeaks founder Julian Assange should not be extradited to the US to stand trial, Westminster Magistrates’ Court has ruled.

District Judge Vanessa Baraitser told Assange this morning that there was no legal obstacle to his being sent to the US, where he faces multiple criminal charges under America’s Espionage Act and Computer Fraud and Abuse Act over his WikiLeaks website.

Assange is a suicide risk and the judge decided not to order his extradition to the US, despite giving a ruling in which she demolished all of his legal team’s other arguments against extradition.

Full article

Ransomware masterminds claim to have nabbed 53GB of data from Intel’s Habana Labs

The Register

The Pay2Key ransomware group on Sunday posted what appear to be details of internal files obtained from Habana Labs, an Israel-based chip startup acquired a year ago by Intel.

The hacking group, which has been linked to Iranians by security firm Check Point, published a screenshot of source code credited to Habana Labs via Twitter, alongside a link to a Tor Browser-accessible .onion address. The website contains file names associated with Habana Labs’ Gerrit code collaboration software, DomainController data, and documents that appear to have come from the AI chipmaker.

As this story was being written, the @pay2key account was suspended for violating Twitter’s rules.

The ReadMe file posted to the .onion website says Intel and Habana Labs have seventy-two hours to stop further leaks, which the unidentified author suggests may include Active Directory information and associated passwords, and the entirety of the company’s Gerrit server, said to consist of 53GB worth of data.

Full article

Rogue ex-Cisco employee who crippled WebEx conferences and cost Cisco millions gets two years in US prison

The Register

A former Cisco employee who went medieval on his former employer and cost the company millions, has been sentenced to two years in prison and a $15,000 fine.

Sudhish Kasaba Ramesh was employed by Switchzilla for less than two years but left in April 2018. Five months later he used access credentials to get back into Cisco’s systems and deleted virtual machines on Webex – borking more than 16,000 WebEx Teams accounts for two weeks in some cases and costing Cisco $2.4m in refunds and repair work.

Northern California District Judge Lucy Koh, sentenced Ramesh to 24 months in prison after he pleaded guilty to one count of Intentionally Accessing a Protected Computer Without Authorization and Recklessly Causing Damage. Ramesh had been trying for a green card at the time of his crimes, and it’s safe to say this won’t look good on his application.

Full article

Manchester United working with infosec experts to ‘minimize ongoing IT disruption’ caused by ‘cyber attack’

The Register

Manchester United is working with infosec pros to “minimize the ongoing IT disruption” that it says was caused by an assault on its tech systems.

The New York Stock Exchange listed football business confirmed the incident last night but didn’t clarify the technical nature of it, and refused to answer questions posed by The Register.

Full article

The Russians are at it again: Zebrocy backdoor malware is evolving, Uncle Sam warns close to eve of presidential election

The Register

The US government, in full pre-presidential election high alert, has issued a warning about an evolved strain of backdoor malware from a Russian offensive cyber unit.

The Zebrocy backdoor, warned the CISA infosec agency, has evolved – and while the agency didn’t explicitly link it to Russia, previous research from the private sector made it abundantly clear who the malware’s operators are.

Two Windows executables identified as a new variant of the Zebrocy backdoor were submitted for analysis. The file is designed to allow a remote operator to perform various functions on the compromised system, said the CISA in an advisory published overnight.

Full article

Software AG hit with ransomware: Crooks leak staffers’ passports, want millions for stolen files

The Register

Software AG has seemingly been hit by ransomware, with the German IT giant itself telling the Euro nation’s stock market it had been “affected by a malware attack.”

In a notification to the German stock market published earlier this week, Software AG said: “The IT infrastructure of Software AG is affected by a malware attack since the evening of 3 October 2020.”

News of the “malware attack” has been slow to filter into the Anglosphere, though the German Press Agency newswire published a brief note that was syndicated on obscure investment websites yesterday evening. That report states “data from Software AG servers and employees’ notebooks were downloaded.”

Full article

Russian hacker, described as ‘brilliant’ by judge, gets seven years in a US clink for raiding LinkedIn, Dropbox

The Register

A Russian scumbag found guilty of hacking into LinkedIn, Dropbox, and Formspring – and stealing data on over 200 million users – has been sent down for more than seven years.

Yevgeniy Nikulin was sentenced to 88 months in an American prison by a federal court in San Francisco this week though the judge in this case, William Alsup, was surprisingly kind about the 32-year-old Russian. I think you’re a brilliant guy. Very smart, Alsup told him. I urge you to apply that brilliance to a lawful profession and do something good with your life other than hacking into computers.

Full article