Latest news with #cybersecurity
TechCrunch
19 minutes ago
- Politics
- TechCrunch
White House investigating how Trump's chief of staff's phone was hacked
The White House is investigating after one or more people reportedly accessed the contacts from the personal phone of White House chief of staff Susie Wiles, and used the information to contact other top officials and impersonate her. Wiles reportedly told people that her phone was hacked. The Wall Street Journal first reported the hack of Wiles' phone. CBS News also confirmed the reporting. The hacker or hackers are said to have accessed Wiles' phone contacts, including the phone numbers of other top U.S. officials and influential individuals. The WSJ reports that those who received phone calls impersonating Wiles used AI to impersonate her voice and sent text messages from a number not associated with Wiles. White House spokesperson Anna Kelly would not say, when asked by TechCrunch, if authorities had determined if a cloud account associated with Wiles' personal device was compromised, or if Wiles' phone was targeted by a more advanced cyberattack, such as one that involves the use of government-grade spyware. In response, the White House said it 'takes the cybersecurity of all staff very seriously, and this matter continues to be investigated.' This is the second time Wiles has been targeted by hackers. In 2024, The Washington Post reported that Iranian hackers had attempted to compromise Wiles' personal email account. The Journal said Friday, citing sources, the hackers were in fact successful in breaking into her email and obtained a dossier on Vice President JD Vance, then Trump's running mate. This is the latest cybersecurity incident to beset the Trump administration in the months since taking office. In March, former White House top national security adviser Michael Waltz mistakenly added a journalist to a Signal group of top White House officials, including Vance and Wiles, which included discussions of a planned military air-strike in Yemen. Reports later revealed that the government officials were using a Signal clone app called TeleMessage, which was designed to keep a copy of messages for government archiving. TeleMessage was subsequently hacked on at least two occasions, revealing the contents of its users' private messages.
CBC
an hour ago
- Business
- CBC
Nova Scotia Power says it believes it knows who stole customer data
The head of Nova Scotia Power says the company believes it knows who stole customer information in a recent ransomware attack. However, CEO Peter Gregg says he can't disclose that information as the company's investigation is ongoing. "We do have a good sense of who the threat actor is," Gregg told CBC's Information Morning Halifax on Friday morning. "I can't really get into the details of that." Gregg said the company believes some information may have been published on the dark web — part of the internet that requires special software to access, and which cybercriminals can use to buy and sell data and other illicit materials — but that there has been no spread of the information to other sites. The utility has said it did not give any money to the hackers as part of the ransom demand. Nova Scotia Power announced publicly on April 28 that it was dealing with a cybersecurity incident it discovered three days earlier, on April 25. The company later said the actual hack had occurred more than a month earlier, on March 19. About 280,000 customers have been affected by the attack — about half of the utility's total customers and more than a quarter of the province's population. Letters distributed to affected customers say the stolen information may include the customer's name, phone number, email address, mailing address, date of birth, account history, driver's licence number, social insurance number and bank account numbers. Gregg said if a customer has not yet received a letter, he's "fairly confident" their information was not taken. Social insurance numbers stolen Gregg told the CBC Nova Scotia Power still doesn't know exactly which information was taken from each customer, but that about 140,000 social insurance numbers were included in the stolen data. The federal government says people do not have to provide their SIN to sign up for utility service, except for Hydro Quebec customers. Gregg told Information Morning that Nova Scotia Power has used social insurance numbers as a way of authenticating customers in the past, but it will no longer do that, and it will delete social insurance numbers that are on file. Asked why Nova Scotia Power was keeping so many social insurance numbers on file long after a customer's identity had been confirmed, Gregg said, "I don't have a good answer for you for that today. "It's an unfortunate thing. I apologize to our customers that they're in that situation, but at this point in time we need to continue the investigation." Gregg said the Office of the Privacy Commissioner has its own investigation taking place, and Nova Scotia Power is co-operating. Insurance At the time the breach was announced, Nova Scotia Power said it was not expected to affect the company's financial performance. Gregg said Friday the utility has cybersecurity insurance and he anticipates that will cover the cost of dealing with the attack. Nova Scotia Power has offered affected customers free credit monitoring for two years with TransUnion. Gregg said the company chose the two-year period based on consultation with cybersecurity experts and what they said were best practices. Gregg acknowledged that "there were some bumps" early on as customers struggled to access the site and set up the monitoring service, but said those have been dealt with and the process should be smoother now. Upcoming bills Nova Scotia Power's billing system was affected by the ransomware attack, but Gregg says the meters were not. However, the company still needs to rebuild the links between those networks. So, the utility will estimate customers' next bills based on the same time period from last year so that the bills don't pile up and customers aren't hit with "multi-month large bills," Gregg said. Late fees will be waived in the meantime, he said, and the company is looking at verifying all meters before the normal ways of billing resume. Consequences for company executives? Asked whether Gregg's own position as CEO of Nova Scotia Power may be jeopardized by the security breach, he said, "the future of me is up to my board and leadership of Emera." As for executive bonuses and whether they will be warranted after the incident, Gregg said that decision is out of his hands.
Washington Post
an hour ago
- Politics
- Washington Post
US government is investigating messages impersonating Trump's chief of staff, Susie Wiles
WASHINGTON — The government is investigating after elected officials, business executives and other prominent figures in recent weeks received messages from someone impersonating Susie Wiles , President Donald Trump's chief of staff. A White House official said Friday the matter is under investigation and the White House takes cybersecurity of its staff seriously. ,The official was not authorized to discuss the matter publicly and spoke on condition of anonymity.
Forbes
2 hours ago
- Politics
- Forbes
Brute-Force Router Login Attacks Confirmed — What You Need To Know
AyySSHush campaign targeting thousands of routers confirmed. Thousands of routers worldwide have been targeted by a sophisticated campaign that leverages a two-year-old vulnerability, authentication flaws, and brute-force attacks. The researchers who uncovered the AyySSHush attacks have suggested it is likely the work of a nation-state threat actor. Here's what you need to know. The as-of-yet unidentified threat actors behind the AyySSHush campaign have targeted routers from major manufacturers, with at least 9,000 ASUS router models known to have already been compromised, using a stealthy and persistent backdoor that can survive firmware updates and reboots. State-sponsored hacker groups are known to have been behind everything from Windows password-stealing attacks, targeting presidential political campaigns, and even ransomware attacks against predominantly Western targets. Espionage, however, is one of the primary drivers of these hackers working in tandem with government resources. And what better way to get a data eavesdropping foothold than to compromise a router? Researchers at GreyNoise have reported that just such a sophisticated compromise campaign, that is said to be consistent with such advanced persistent threat actors, although it cannot attribute it to a specific group at this point in time, 'the level of tradecraft suggests a well-resourced and highly capable adversary,' the report stated. Although the GreyNoise research has confirmed that at least 9,000 ASUS routers have been compromised to date, and the number is increasing all the time, it has been reported that other routers from other major vendors such as Cisco, D-Link, and Linksys have also been targeted by AyySSHush. The researchers explained that attackers gain initial access through brute-force login attempts, along with authentication bypass techniques that exploit known vulnerabilities that owners have yet to patch. They then insert a public key that is under their control for remote access. While no malware is installed, the backdoor itself 'is stored in non-volatile memory and is therefore not removed during firmware upgrades or reboots,' GreyNoise warned. I have reached out to ASUS for a statement. "Even something as mundane as a router becomes a strategic asset once it gains long-term identity in a threat actor's infrastructure,' Wade Ellery, field chief technology officer at Radiant Logic, said. Which is why, at the organizational level at least, real-time identity-aware telemetry across all assets, including those routers, is essential. Debbie Gordon, CEO at Cloud Range, meanwhile, wanted that the campaign highlighted a dangerous shift in attacker strategy from quick hits to long-haul persistence. 'AyySSHush's ability to survive factory resets and firmware updates is a wake-up call,' Gordon said, 'edge devices like routers are no longer low-value targets.' With both SoHo and consumer routers targeted by this latest attack, routers can no longer be treated as set-and-forget devices.
Associated Press
2 hours ago
- Politics
- Associated Press
US government is investigating messages impersonating Trump's chief of staff, Susie Wiles
WASHINGTON (AP) — The government is investigating after elected officials, business executives and other prominent figures in recent weeks received messages from someone impersonating Susie Wiles, President Donald Trump's chief of staff. A White House official said Friday the matter is under investigation and the White House takes cybersecurity of its staff seriously. ,The official was not authorized to discuss the matter publicly and spoke on condition of anonymity. The FBI did not immediately respond to a message seeking comment. The Wall Street Journal reported Thursday that senators, governors, business leaders and others began receiving text messages and phone calls from someone who seemed to have gained access to the contacts in Wiles' personal cellphone. The messages and calls were not coming from Wiles number, the newspaper reported. It is unclear how the person gained access to Wiles' phone, but the intrusion is the latest security breach for Trump staffers. Last year, Iran hacked into Trump's campaign and sensitive internal documents were stolen and distributed, including a dossier on Vice President JD Vance, created before he was selected as Trump's running mate. Wiles, who served as a co-manager of Trump's campaign before taking on the lynchpin role in his new administration, has amassed a powerful network of contacts. Some of those who received calls heard a voice that sounded like Wiles that may have been generated by artificial intelligence, according to the report. Some received text messages that they initially thought were official White House requests but some people reported the messages did not sound like Wiles. ___ Associated Press writer Eric Tucker contributed to this report.
