Hackers threaten data leaks at Planned Parenthood

Even those of you who do everything you can to protect those secrets can become vulnerable – especially if you're using a YubiKey 5 authentication token. The multifactor authentication devices can be cloned due to a cryptographic flaw that can't be patched. The company has rolled out some mitigations – and the attack itself is relatively difficult to pull off. But it might be time to invest in a new dongle.

That's not all, folks. Each week we round up the privacy and security news we didn't cover in depth ourselves. Click on the headlines to read the full articles. And stay safe out there.

In late August, cybercriminals from the RansomHub ransomware group apparently hacked into the systems of Planned Parenthood's Montana branch. The organization confirmed this week that it was affected by a “cybersecurity incident” on August 28 and said its staff immediately took parts of its network offline and reported the incident to law enforcement.

A few days after the incident, RansomHub claimed to be behind the attack and posted Planned Parenthood on its leak website. The criminal group said it would release 93GB of data. It's unclear what, if anything, the ransomware group obtained, but Planned Parenthood's clinics may store a huge amount of highly sensitive data about patients, including information about abortion appointments. (Around 400,000 Planned Parenthood patients in Los Angeles were affected after a similar ransomware incident in 2021.)

In recent months, RansomHub has become one of the most active ransomware-as-a-service groups following law enforcement's disruption of LockBit. According to an alert from the FBI and the Cybersecurity and Infrastructure Security Agency in late August, the group is “efficient and successful” and has stolen data from at least 210 victims since its inception in February. “Affiliate partners use a dual extortion model by encrypting systems and exfiltrating data to extort victims,” ​​the alert states.

The Nigeria-based fraudsters known as the Yahoo Boys run almost every scam there is – from romance scams to posing as FBI agents. But there are few things more insidious than the rise in sextortion cases linked to the West African fraudsters. This week, Nigerian brothers Samuel Ogoshi and Samson Ogoshi were sentenced to more than 17 years in prison in the US for sextortion scams following their extradition earlier this year. It is the first time Nigerian fraudsters have been charged with sextortion in the US, the BBC reported.

The Ogoshi brothers, who pleaded guilty in April, are linked to the death of 17-year-old Jordan DeMay, who took his own life six hours after speaking on Instagram with the scammers posing as girls. The teen was tricked into sending the brothers explicit images, and after he did so, they threatened to post the images online unless he paid them hundreds of dollars. U.S. prosecutors said the brothers sexually exploited and extorted more than 100 victims, including at least 11 minors. There has been a huge increase in sextortion cases in recent years.

In June, the U.S. Department of Commerce banned the sale of Kaspersky's antivirus tools on security grounds because of the company's ties to the Russian government. (Kaspersky has denied any ties for years.) The company later laid off employees and announced it would close its U.S. business. This week, cybersecurity firm Pango Group announced it was buying out Kaspersky Lab's U.S. antivirus customers, according to Axios. That represents about 1 million customers who will switch to Pango's Ultra AV antivirus software. Before the Kaspersky deal, parent company Aura also announced it would spin off Pango Group into its own company. Pango's president said customers don't need to do anything and subscribers can continue to receive updates after Sept. 29, when Kaspersky updates will cease.

For years, the EU has been trying to introduce new child protection laws that would require private chats to be scanned for child sexual abuse material – potentially jeopardising encrypted messaging apps that protect the privacy of billions of people every day. The plans were highly controversial and were put on hold earlier this year. But the proposed law, dubbed “chat control”, resurfaced in lawmakers' inboxes this week. The Council of the EU, currently chaired by Hungary, aims to pass the legislation by October, but reports say there remains strong opposition to the plans.