AMD has confirmed to Tom's Hardware that a bug in its GPU driver is, in fact, changing Ryzen CPU settings in the BIOS without permission. This condition has been shown to auto-overclock Ryzen CPUs without the user's knowledge. From the report: Reports of this issue began cropping up on various social media outlets recently, with users reporting that their CPUs had mysteriously been overclocked without their consent. The issue was subsequently investigated and tracked back to AMD's GPU drivers. AMD originally added support for automatic CPU overclocking through its GPU drivers last year, with the idea that adding in a Ryzen Master module into the Radeon Adrenalin GPU drivers would simplify the overclocking experience. Users with a Ryzen CPU and Radeon GPU could use one interface to overclock both. Previously, it required both the GPU driver and AMD's Ryzen Master software.

Overclocking a Ryzen CPU requires the software to manipulate the BIOS settings, just as we see with other software overclocking utilities. For AMD, this can mean simply engaging the auto-overclocking Precision Boost Overdrive (PBO) feature. This feature does all the dirty work, like adjusting voltages and frequency on the fly, to give you a one-click automatic overclock. However, applying a GPU profile in the AMD driver can now inexplicably alter the BIOS settings to enable automatic overclocking. This is problematic because of the potential ill effects of overclocking -- in fact, overclocking a Ryzen CPU automatically voids the warranty. AMD's software typically requires you to click a warning to acknowledge that you understand the risks associated with overclocking, and that it voids your warranty, before it allows you to overclock the system. Unfortunately, that isn't happening here. Until AMD issues a fix, "users have taken to using the Radeon Software Slimmer to delete the Ryzen Master SDK from the GPU driver, thus preventing any untoward changes to the BIOS settings," adds Tom's Hardware.

An anonymous reader shares a report: Microsoft Endpoint Manager is the company's platform for helping IT teams manage and secure large fleets of devices, something that's become increasingly complicated since the start of the pandemic. As part of its larger "Future of Hybrid Work" event, the company also today launched some updates to Endpoint Manager that go beyond some of the traditional feature sets for similar services, with the promise to expand on these in the future.

The first new feature Microsoft is adding to the platform under the name of "Microsoft Advanced Management" is remote help. If you've ever used Teamviewer to help a family member fix a computer issue, you can basically think of it as that, but with all of the enterprise bells and whistles it takes to make sure a service like this is secure, the devices on both ends are configured correctly and everybody is who they say they are. And that's why this is part of the overall Endpoint Manager story, because that's what provides the access and idenity controls through a tight integration with Azure Active Directory and helps verify the users and devices. You wouldn't just want your employees to be able to give control over their machines to any random social hacker, after all.

Block has confirmed a data breach involving a former employee who downloaded reports from Cash App that contained some U.S. customer information. From a report: In a filing with the Securities and Exchange Commission (SEC) on April 4, Block -- formerly known as Square -- said that the reports were accessed by the insider on December 10. "While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended," the filing reads. Block refused to answer our questions about why a former employee still had access to this data, and for how long they retained access after their employment at the company had ended. The information in the reports included users' full names and brokerage account numbers, and for some customers the accessed data also included brokerage portfolio value, brokerage portfolio holdings, and stock trading activity for one trading day.

A letter from the National Archives and Records Administration hints at growing unease with government officials' use of some encrypted messaging apps. NBC News: In October, Laurence Brewer, the chief records officer of the National Archives and Records Administration, told officials at U.S. Customs and Border Protection he was worried about how the agency was using an app called Wickr. The Amazon-owned encrypted messaging platform is known for its ability to automatically delete messages. Brewer, who is responsible for ensuring that government officials handle records correctly, wrote in a letter that he was "concerned about agencywide deployment of a messaging application that has this functionality without appropriate policies and procedures governing its use." Brewer addressed his letter to Eric Hysen, the chief information officer of the Department of Homeland Security. It was uploaded to the National Archives website, and its concerns had not been previously reported. The document offers a rare insight into Customs and Border Protection's use of Wickr, and highlights the broader worries that some officials and watchdogs have about the growing use of messaging apps at all levels of the U.S. government.

Wickr was bought by Amazon's cloud-computing division last June and has contracts with a number of government agencies. Customs and Border Protection (CBP), which has been criticized by human rights activists and immigration lawyers over what they say are its secretive practices, has spent more than $1.6 million on Wickr since 2020, according to public procurement records. But little is known about how the agency has deployed the app, which is popular among security-minded people ranging from journalists to criminals. Its auto-deletion feature has made the platform a cause of concern among government record keepers, as well as external watchdogs, who worry that Wickr and other similar apps are creating ways for customs officials to sidestep government transparency requirements.

Email marketing giant Mailchimp has confirmed a data breach after malicious hackers compromised an internal company tool to gain access to customer accounts. From a report: In a statement given to TechCrunch, Mailchimp CISO Siobhan Smyth said the company became aware of the intrusion on March 26 after it identified a malicious actor accessing a tool used by the company's customer support and account administration teams. Access was gained following a successful social engineering attack, a type of attack that exploits human error and uses manipulation techniques to gain private information, access or valuables. "We acted swiftly to address the situation by terminating access for the compromised employee accounts and took steps to prevent additional employees from being affected," Smyth said.

"Google is taking aim at Microsoft's dominance in government technology and security," reports NBC News: Jeanette Manfra, director of risk and compliance for Google's cloud services and a former top U.S. cybersecurity official, said Thursday that the government's reliance on Microsoft — one of Google's top business rivals — is an ongoing security threat.

Manfra also said in a blog post published Thursday that a survey commissioned by Google found that a majority of federal employees believe that the government's reliance on Microsoft products is a cybersecurity vulnerability. "Overreliance on any single vendor is usually not a great idea," Manfra said in a phone interview. "You have an attack on one product that the majority of the government is depending on to do their job, you have a significant risk in how the government can continue to function."

Microsoft pushed back strongly against the claim, calling it "unhelpful." The study comes as Google is positioning itself to challenge Microsoft's dominance in federal government offices, where Windows and Office programs are commonly used....

The blog post comes as hackers continue to discover critical software vulnerabilities at an increasing pace across major tech products, but especially in Microsoft programs. Last year, researchers discovered 21 "zero-days" — an industry term for a critical vulnerability that a company doesn't have a ready solution for — actively in use against Microsoft products, compared to 16 against Google and 12 against Apple. he most prominent zero-day was used against Microsoft's Exchange email program, which cybersecurity experts say was first employed by Chinese cyberspies and then quickly adopted by criminal hackers, leading to hundreds of companies becoming compromised.

In March of 2021 the Krebs on Security blog reported that Ubiquiti, "a major vendor of cloud-enabled Internet of Things devices," had disclosed a breach exposing customer account credentials. But Krebs added that a company source "alleges" that Ubiquiti was downplaying the severity of the incident — which is not true, says Ubiquiti.

Krebs' original post now includes an update — putting the word "breach" in quotation marks, and noting that actually a former Ubiquiti developer had been indicted for the incident...and also for trying to extort the company. It was that extortionist, Ubiquiti says, who'd "alleged" they were downplaying the incident (which the extortionist had actually caused themselves).

Ubiquiti is now suing Krebs, "alleging that he falsely accused the company of 'covering up' a cyberattack," ITWire reports: In its complaint, Ubiquiti said contrary to what Krebs had reported, the company had promptly notified its clients about the attack and instructed them to take additional security precautions to protect their information. "Ubiquiti then notified the public in the next filing it made with the SEC. But Krebs intentionally disregarded these facts to target Ubiquiti and increase ad revenue by driving traffic to his website, www.KrebsOnSecurity.com," the complaint alleged.

It said there was no evidence to support Krebs' claims and only one source, [the indicted former employee] Nickolas Sharp....

According to the indictment issued by the Department of Justice against Sharp in December 2021, after publication of the articles in question on 30 and 31 March, Ubiquiti's stock price fell by about 20% and the company lost more than US$4 billion (A$5.32 billion) in market capitalisation.... The complaint alleged Krebs had intentionally misrepresented the truth because he had a financial incentive to do so, adding, "His entire business model is premised on publishing stories that conform to this narrative...."

"Through its investigation, Ubiquiti learned that Sharp had used his administrative access codes (which Ubiquiti provided to him as part of his employment) to download gigabytes of data. Sharp used a Virtual Private Network (VPN) to mask his online activity, and he also altered log retention policies and related files to conceal his wrongful actions," the complaint alleged. "Ubiquiti shared this information with federal authorities and the company assisted the FBI's investigation into Sharp's blackmail attempt. The federal investigation culminated with the FBI executing a search warrant on Sharp's home on 24 March 2021." The complaint then went into detail about how Sharp contacted Krebs and how the story came to be published.

Krebs was accused of two counts of defamation, with Ubiquiti seeking a jury trial and asking for a judgment against him that awarded compensatory damages of more than US$75,000, punitive damages of US$350,000, all expenses and costs including lawyers' fees and any further relief deemed appropriate by the court.
Krebs' follow-up post in December had included more details: Investigators say they were able to tie the downloads to Sharp and his work-issued laptop because his Internet connection briefly failed on several occasions while he was downloading the Ubiquiti data. Those outages were enough to prevent Sharp's Surfshark VPN connection from functioning properly — thus exposing his Internet address as the source of the downloads...

Several days after the FBI executed its search warrant, Sharp "caused false or misleading news stories to be published about the incident," prosecutors say. Among the claims made in those news stories was that Ubiquiti had neglected to keep access logs that would allow the company to understand the full scope of the intrusion. In reality, the indictment alleges, Sharp had shortened to one day the amount of time Ubiquiti's systems kept certain logs of user activity in AWS.
Thanks to Slashdot reader juul_advocate for sharing the story...

GitLab has addressed a critical severity vulnerability that could allow remote attackers to take over user accounts using hardcoded passwords. Bleeping Computer reports: The bug (discovered internally and tracked as CVE-2022-1162) affects both GitLab Community Edition (CE) and Enterprise Edition (EE). This flaw results from static passwords accidentally set during OmniAuth-based registration in GitLab CE/EE. GitLab urged users to immediately upgrade all GitLab installations to the latest versions (14.9.2, 14.8.5, or 14.7.7) to block potential attacks. GitLab also added that it reset the passwords of a limited number of GitLab.com users as part of the CVE-2022-1162 mitigation effort. It also found no evidence that any accounts have been compromised by attackers using this hardcode password security flaw.

An anonymous reader quotes a report from 9to5Mac: A major Wyze Cam security flaw easily allowed hackers to access stored video, and it went unfixed for almost three years after the company was alerted to it, says a new report today. Additionally, it appears that Wyze Cam v1 -- which went on sale back in 2017 -- will never be patched, so it will remain vulnerable for as long as it is used.

Bleeping Computer reports: "A Wyze Cam internet camera vulnerability allows unauthenticated, remote access to videos and images stored on local memory cards and has remained unfixed for almost three years. The bug, which has not been assigned a CVE ID, allowed remote users to access the contents of the SD card in the camera via a webserver listening on port 80 without requiring authentication. Upon inserting an SD card on the Wyze Cam IoT, a symlink to it is automatically created in the www directory, which is served by the webserver but without any access restrictions."

And as if that weren't bad enough, it gets worse. Many people re-use existing SD cards they have laying around, some of which still have private data on them, especially photos. The flaw gave access to all data on the card, not just files created by the camera. Finally, the AES encryption key is also stored on the card, potentially giving an attacker live access to the camera feed. Altogether, Bitdefender security researchers advised the company of three vulnerabilities. It took Wyze six months to fix one, 21 months to fix another, and just under two years to patch the SD card flaw. The v1 camera still hasn't been patched, and as the company announced last year that it has reached end-of-life status, so it appears it never will.

According to Bloomberg, Apple and Meta "provided customer data to hackers who masqueraded as law enforcement officials." Bloomberg's William Turton reports: Apple and Meta provided basic subscriber details, such as a customer's address, phone number and IP address, in mid-2021 in response to the forged "emergency data requests." Normally, such requests are only provided with a search warrant or subpoena signed by a judge, according to the people. However, the emergency requests don't require a court order. Snap Inc. received a forged legal request from the same hackers, but it isn't known whether the company provided data in response. It's also not clear how many times the companies provided data prompted by forged legal requests.

Cybersecurity researchers suspect that some of the hackers sending the forged requests are minors located in the U.K. and the U.S. [...] The fraudulent legal requests are part of a months-long campaign that targeted many technology companies and began as early as January 2021. The forged legal requests are believed to be sent via hacked email domains belonging to law enforcement agencies in multiple countries. The forged requests were made to appear legitimate. In some instances, the documents included the forged signatures of real or fictional law enforcement officers. By compromising law enforcement email systems, the hackers may have found legitimate legal requests and used them as a template to create forgeries. Further reading: Hackers Gaining Power of Subpoena Via Fake 'Emergency Data Requests'

After a short "vacation," the Lapsus$ hacking gang is back. In a post shared through the group's Telegram channel on Wednesday, Lapsus$ claimed to have stolen 70GB of data from Globant -- an international software development firm headquartered in Luxembourg, which boasts some of the world's largest companies as clients. From a report: Screenshots of the hacked data, originally posted by Lapsus$ and shared on Twitter by security researcher Dominic Alvieri, appeared to show folders bearing the names of a range of global businesses: among them were delivery and logistics company DHL, US cable network C-Span, and French bank BNP Paribas. Also in the list were tech giants Facebook and Apple, with the latter referred to in a folder titled "apple-health-app." The data appears to be development material for Globant's BeHealthy app, described in a prior press release as software developed in partnership with Apple to track employee health behaviors using features of the Apple Watch.

An anonymous reader quotes a report from NPR: A nearly decade-long scheme to steal millions of dollars of computers and iPads from Yale University's School of Medicine is officially over. Former Yale administrator Jamie Petrone, 42, pleaded guilty Monday in federal court in Hartford, Conn., to two counts of wire fraud and a tax offense for her role in the plot. Petrone's ploy started as far back as 2013 and continued well into 2021 while she worked at the university, according to the U.S. Attorney's Office for the District of Connecticut. Until recently, her role was the director of finance and administration for the Department of Emergency Medicine at Yale. As part of this job, Petrone had the authority to make and authorize certain purchases for the department -- as long as the amount was below $10,000.

Starting in 2013, Petrone would order, or have a member of her staff order, computers and other electronics, which totaled to thousands of items over the years, from Yale vendors using the Yale School of Medicine's money. She would then arrange to ship the stolen hardware, whose costs amounted to millions of dollars, to a business in New York, in exchange for money once the electronics were resold. Investigators said Petrone would report on documents to the school that the equipment was for specific needs at the university, like medical studies that ultimately didn't exist. She would break up the fraudulent purchases into orders that were below $10,000 each so that she wouldn't need to get additional approval from school officials. Petrone would ship this equipment out herself to the third-party business that would resell the equipment. It would later pay Petrone by wiring funds into an account of Maziv Entertainment LLC, a company she created.

Petrone used the money to live the high life, buy real estate and travel, federal prosecutors say. She bought luxury cars as well. At the time of her guilty pleas, she was in possession of two Mercedes-Benz vehicles, two Cadillac Escalades, a Dodge Charger and a Range Rover. [...] At the time of her guilty plea, she agreed to forfeit the luxury vehicles as well as three homes in Connecticut. A property she owns in Georgia may also be seized. Petrone has also agreed to forfeit more than $560,000 that was seized from the Maziv Entertainment LLC bank account. Federal prosecutors say the loss to Yale totals approximately $40,504,200.

An anonymous reader quotes a report from ZDNet: The Log4Shell vulnerability is being actively exploited to deliver backdoors and cryptocurrency miners to vulnerable VMware Horizon servers. On Tuesday, Sophos cybersecurity researchers said the attacks were first detected in mid-January and are ongoing. Not only are backdoors and cryptocurrency miners being deployed, but in addition, scripts are used to gather and steal device information. Log4Shell is a critical vulnerability in Apache Log4J Java logging library. The unauthenticated remote code execution (RCE) vulnerability was made public in December 2021 and is tracked as CVE-2021-44228 with a CVSS score of 10.0.

According to Sophos, the latest Log4Shell attacks target unpatched VMware Horizon servers with three different backdoors and four cryptocurrency miners. The attackers behind the campaign are leveraging the bug to obtain access to vulnerable servers. Once they have infiltrated the system, Atera agent or Splashtop Streamer, two legitimate remote monitoring software packages, may be installed, with their purpose twisted into becoming backdoor surveillance tools.

The other backdoor detected by Sophos is Silver, an open source offensive security implant released for use by pen testers and red teams. Sophos says that four miners are linked to this wave of attacks: z0Miner, JavaX miner, Jin, and Mimu, which mine for Monero (XMR). Previously, Trend Micro found z0Miner operators were exploiting the Atlassian Confluence RCE (CVE-2021-26084) for cryptojacking attacks. A PowerShell URL connected to this both campaigns suggests there may also be a link, although that is uncertain. [...] In addition, the researchers uncovered evidence of reverse shell deployment designed to collect device and backup information.

A cryptocurrency affiliated with the popular free-to-play blockchain game Axie Infinity has been hacked in one of the largest crypto heists in history. From a report: The Ronin network is a blockchain launched in February 2021 to make interacting with the Ethereum-based Axie Infinity a little less costly. Whereas doing anything at all on Ethereum costs fees, Ronin allows 100 free transactions per day, per user. Axie Infinity is popular in the Philippines, for example, where users work playing the game in exchange for tokens, often on behalf of individuals or firms that may employ dozens or hundreds of so-called "scholars."

In a blog post published on Tuesday, Ronin revealed it had fallen victim to a security breach that has drained half a billion dollars in crypto. Hackers were able to exploit the Ronin bridge and make off with 173,600 ETH (worth about $591,242,019) and $25.5 million worth of the stablecoin USDC in two separate transactions by taking over the blockchain's validator nodes. Validator nodes verify and approve transactions in Ronin's Proof-of-Authority (PoA) model, which differs from the decentralized mining and approval process employed by Bitcoin. Ronin has nine validator nodes, five of which were needed to approve any particular deposit or withdrawal. According to the blog, the hackers "used hacked private keys in order to forge fake withdrawals." The attackers found a backdoor in the gas-free RPC node run by Sky Mavis -- the company that owns Axie Infinity -- allowing them to gain control over a validator node linked to the Axie DAO after it helped Sky Mavis distribute free transactions in November 2021 during an overload of users, according to the Ronin blog post. With Axie DAO's validator node and the four controlled by Sky Mavis, the attackers were able to approve the two transactions.

Microsoft is finally making it easier to change your default browser in Windows 11. A new update (KB5011563) has started rolling out this week that allows Windows 11 users to change the default browser with a single click. After testing the changes in December, this new one-click method is rolling out to all Windows 11 users. From a report: Originally, Windows 11 shipped without a simple button to switch default browsers that was always available in Windows 10. Instead, Microsoft forced Windows 11 users to change individual file extensions or protocol handlers for HTTP, HTTPS, .HTML, and .HTM, or you had to tick a checkbox that only appeared when you clicked a link from outside a browser. Microsoft defended its decision to make switching defaults harder, but rival browser makers like Mozilla, Brave, and even Google's head of Chrome criticized Microsoft's approach.

Krebs on Security reports: In the United States, when federal, state or local law enforcement agencies wish to obtain information about who owns an account at a social media firm, or what Internet addresses a specific cell phone account has used in the past, they must submit an official court-ordered warrant or subpoena. Virtually all major technology companies serving large numbers of users online have departments that routinely review and process such requests, which are typically granted as long as the proper documents are provided and the request appears to come from an email address connected to an actual police department domain name. But in certain circumstances -- such as a case involving imminent harm or death -- an investigating authority may make what's known as an Emergency Data Request (EDR), which largely bypasses any official review and does not require the requestor to supply any court-approved documents.

It is now clear that some hackers have figured out there is no quick and easy way for a company that receives one of these EDRs to know whether it is legitimate. Using their illicit access to police email systems, the hackers will send a fake EDR along with an attestation that innocent people will likely suffer greatly or die unless the requested data is provided immediately. In this scenario, the receiving company finds itself caught between two unsavory outcomes: Failing to immediately comply with an EDR -- and potentially having someone's blood on their hands -- or possibly leaking a customer record to the wrong person. "We have a legal process to compel production of documents, and we have a streamlined legal process for police to get information from ISPs and other providers," said Mark Rasch, a former prosecutor with the U.S. Department of Justice. "And then we have this emergency process, almost like you see on [the television series] Law & Order, where they say they need certain information immediately," Rasch continued. "Providers have a streamlined process where they publish the fax or contact information for police to get emergency access to data. But there's no real mechanism defined by most Internet service providers or tech companies to test the validity of a search warrant or subpoena. And so as long as it looks right, they'll comply." To make matters more complicated, there are tens of thousands of police jurisdictions around the world -- including roughly 18,000 in the United States alone -- and all it takes for hackers to succeed is illicit access to a single police email account.

Almost $10 billion over the next decade will be pumped into helping Australia compete in cyber warfare with adversaries such as Russia and China in a major funding boost that will nearly double the size of the nation's leading cyber security agency. From a report: In its centrepiece defence budget announcement, the government will make the largest single investment in the 75-year history of the Australian Signals Directorate, the country's powerful and highly secretive electronic intelligence agency. The government said the funding increase -- dramatically named Project REDSPICE (Resilience, Effects, Defence, Space, Intelligence, Cyber, and Enablers) -- will significantly expand the ASD's offensive cyber capabilities, as well as the agency's ability to prevent hacking and other digital attacks.

The government intends to put national security at the centre of the upcoming election campaign, contrasting its latest announcements with reductions to defence spending during the Rudd-Gillard era. In his budget night speech Treasurer Josh Frydenberg described the $9.9 billion in spending over 10 years as the country's "biggest ever investment in Australia's cyber preparedness." It comes on top of the government's previously announced expansion in Australian Defence Force personnel and the purchase of new Chinook helicopters, Abrams tanks and combat engineering vehicles.

Corin Faife writes via The Verge: On March 24th, EU governing bodies announced that they had reached a deal on the most sweeping legislation to target Big Tech in Europe, known as the Digital Markets Act (DMA). Seen as an ambitious law with far-reaching implications, the most eye-catching measure in the bill would require that every large tech company -- defined as having a market capitalization of more than 75 billion euros or a user base of more than 45 million people in the EU -- create products that are interoperable with smaller platforms. For messaging apps, that would mean letting end-to-end encrypted services like WhatsApp mingle with less secure protocols like SMS -- which security experts worry will undermine hard-won gains in the field of message encryption.

The main focus of the DMA is a class of large tech companies termed "gatekeepers," defined by the size of their audience or revenue and, by extension, the structural power they are able to wield against smaller competitors. Through the new regulations, the government is hoping to "break open" some of the services provided by such companies to allow smaller businesses to compete. That could mean letting users install third-party apps outside of the App Store, letting outside sellers rank higher in Amazon searches, or requiring messaging apps to send texts across multiple protocols. But this could pose a real problem for services promising end-to-end encryption: the consensus among cryptographers is that it will be difficult, if not impossible, to maintain encryption between apps, with potentially enormous implications for users.

Signal is small enough that it wouldn't be affected by the DMA provisions, but WhatsApp -- which uses the Signal protocol and is owned by Meta -- certainly would be. The result could be that some, if not all, of WhatsApp's end-to-end messaging encryption is weakened or removed, robbing a billion users of the protections of private messaging. Given the need for precise implementation of cryptographic standards, experts say that there's no simple fix that can reconcile security and interoperability for encrypted messaging services. Effectively, there would be no way to fuse together different forms of encryption across apps with different design features, said Steven Bellovin, an acclaimed internet security researcher and professor of computer science at Columbia University.

The Lapsus$ hackers used compromised credentials to break into the network of customer service giant Sitel in January, days before subsequently accessing the internal systems of authentication giant Okta, according to documents seen by TechCrunch that provide new details of the cyber intrusion that have not yet been reported. The report adds: [...] The documents provide the most detailed account to date of the Sitel compromise, which allowed the hackers to later gain access to Okta's network. [...] The documents, obtained by independent security researcher Bill Demirkapi and shared with TechCrunch, include a Sitel customer communication sent on January 25 -- more than a week after hackers first compromised its network -- and a detailed timeline of the Sitel intrusion compiled by incident response firm Mandiant dated March 17 that was shared with Okta.

According to the documents, Sitel said it discovered the security incident in its VPN gateways on a legacy network belonging to Sykes, a customer service company working for Okta that Sitel acquired in 2021. The timeline details how the attackers used remote access services and publicly accessible hacking tools to compromise and navigate through Sitel's network, gaining deeper visibility to the network over the five days that Lapsus$ had access. Sitel said that its Azure cloud infrastructure was also compromised by hackers. According to the timeline, the hackers accessed a spreadsheet on Sitel's internal network early on January 21 called "DomAdmins-LastPass.xlsx." The filename suggests that the spreadsheet contained passwords for domain administrator accounts that were exported from a Sitel employee's LastPass password manager.

Ukraine's state-owned telecommunications company Ukrtelecom experienced a disruption in internet service on Monday after a "powerful" cyberattack, according to Ukrainian government officials and company representatives. Reuters reports: The incident is the latest hacking attack against Ukrainian internet services since Russian military forces invaded in late February. "Today, the enemy launched a powerful cyberattack against Ukrtelecom's IT-infrastructure," said Yurii Shchyhol, chairman of the State Service of Special Communication and Information Protection of Ukraine. "The attack was repelled. And now Ukrtelecom has an ability to begin restoring its services to the clients." "Currently, the attack is repulsed, the provision of services is gradually resumed," said Ukrtelecom spokesperson Mikhail Shuranov.

NetBlocks, which monitors internet service disruptions, posted on Twitter earlier on Monday that it saw "connectivity collapsing" with an "ongoing and intensifying nation-scale disruption." A similar incident took place earlier this month with Triolan, a smaller Ukrainian telecom company, Forbes previously reported. That company suffered a hack that reset some internal systems, resulting in some local subscribers losing access.