The National Bank of Pakistan (NBP) has suffered what two sources have described to The Record as a "destructive" cyberattack. From a report: The incident, which took place on the night between Friday and Saturday, impacted the bank's backend systems and affected servers used to interlink the bank's branches, the backend infrastructure controlling the bank's ATM network, and the bank's mobile apps. While the attack crippled some of these systems, no funds were reported missing, according to the bank and people familiar with the attack and the current investigation. "Immediate steps were taken to isolate the affected systems," the bank said in a statement on Saturday. Recovery efforts were in full swing over the weekend, and by Monday, NBP reported that more than 1,000 branches opened and catered to customers as normal and that all ATMs nationwide had been fully restored.

"Virtually all compilers -- programs that transform human-readable source code into computer-executable machine code -- are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detected," warns cybersecurity expert Brian Krebs in a new report. An anonymous reader shares an excerpt: Researchers with the University of Cambridge discovered a bug that affects most computer code compilers and many software development environments. At issue is a component of the digital text encoding standard Unicode, which allows computers to exchange information regardless of the language used. Unicode currently defines more than 143,000 characters across 154 different language scripts (in addition to many non-script character sets, such as emojis). Specifically, the weakness involves Unicode's bi-directional or "Bidi" algorithm, which handles displaying text that includes mixed scripts with different display orders, such as Arabic -- which is read right to left -- and English (left to right). But computer systems need to have a deterministic way of resolving conflicting directionality in text. Enter the "Bidi override," which can be used to make left-to-right text read right-to-left, and vice versa.

"In some scenarios, the default ordering set by the Bidi Algorithm may not be sufficient," the Cambridge researchers wrote. "For these cases, Bidi override control characters enable switching the display ordering of groups of characters." Bidi overrides enable even single-script characters to be displayed in an order different from their logical encoding. As the researchers point out, this fact has previously been exploited to disguise the file extensions of malware disseminated via email. Here's the problem: Most programming languages let you put these Bidi overrides in comments and strings. This is bad because most programming languages allow comments within which all text -- including control characters -- is ignored by compilers and interpreters. Also, it's bad because most programming languages allow string literals that may contain arbitrary characters, including control characters.

"So you can use them in source code that appears innocuous to a human reviewer [that] can actually do something nasty," said Ross Anderson, a professor of computer security at Cambridge and co-author of the research. "That's bad news for projects like Linux and Webkit that accept contributions from random people, subject them to manual review, then incorporate them into critical code. This vulnerability is, as far as I know, the first one to affect almost everything." The research paper, which dubbed the vulnerability "Trojan Source," notes that while both comments and strings will have syntax-specific semantics indicating their start and end, these bounds are not respected by Bidi overrides. [...] Anderson said such an attack could be challenging for a human code reviewer to detect, as the rendered source code looks perfectly acceptable. "If the change in logic is subtle enough to go undetected in subsequent testing, an adversary could introduce targeted vulnerabilities without being detected," he said. Equally concerning is that Bidi override characters persist through the copy-and-paste functions on most modern browsers, editors, and operating systems.

For the first interview of its new series on "The New World of Work," Harvard Business Review asked Microsoft CEO Satya Nadella what team collaboration will look like in workplaces of the future. And Nadella begins by arguing that this tail-end of the pandemic brings "real structural changes" — and two megatrends for the future workplace: One is the trend around hybrid work, which is a result of the changed expectations of everyone around the flexibility that they want to exercise in when, where, and how they work. And then the second mega trend is what Ryan Roslansky, who is the CEO of LinkedIn, termed, which I like, which is the great reshuffle. Not only are people talking about when, where, and how they work, but also why they work. They really want to recontract, in some sense, the real meaning of work and sort of asking themselves the question of which company do they want to work for and what job function or profession they want to pursue...

I think we should sort of perhaps just get grounded on what are we seeing in the expectations. For example, when we see all of the data, the reality is close to 70% of the people say they want flexibility. At the same time, 70% also want that human connection so that they can collaborate. So therein lies that hybrid paradox. Interestingly enough, if you look at the other sort of confounding piece of data: 50-odd percent of the people say they want to come into work so that they can have focus time. Fifty-odd percent also want to stay at home so that they can have focus time.

So the real thing I would say is right now, it's probably best not to be overly dogmatic. Because I don't think we have settled on the new norms... [W]e are taking what I would call a much more organic approach right now. What I would say is what we want to practice and what we want to evangelize is empowering every manager and every individual to start coming up with norms that work for that team, given the context of what that team is trying to get done. In some sense, we are really saying, let's just use an organic process to build up through empowerment new norms that work for the company to be productive.
"Nobody quits companies," Nadella says at one point. "They quit managers."

And towards the end, when he's asked what's the greatest source of innovation, he answers: empathy. To me, what I have sort of come to realize, what is the most innate in all of us is that ability to be able to put ourselves in other people's shoes and see the world the way they see it. That's empathy. That's at the heart of design thinking. When we say innovation is all about meeting unmet, unarticulated, needs of the marketplace, it's ultimately the unmet and articulated needs of people, and organizations that are made up of people. And you need to have deep empathy.

So I would say the source of all innovation is what is the most humane quality that we all have, which is empathy.

"New Android malware can root infected devices to take complete control and silently tweak system settings, as well as evade detection using code abstraction and anti-emulation checks," reports BleepingComputer.

Cybersecurity company Lookout said on its blog that they'd spotted the malware on Google Play "and prominent third-party stores such as the Amazon Appstore and the Samsung Galaxy Store.... To protect Android users, Google promptly removed the app as soon as we notified them of the malware." We named the malware "AbstractEmu" after its use of code abstraction and anti-emulation checks to avoid running while under analysis. A total of 19 related applications were uncovered, seven of which contain rooting functionality, including one on Play that had more than 10,000 downloads...

This is a significant discovery because widely-distributed malware with root capabilities have become rare over the past five years. As the Android ecosystem matures there are fewer exploits that affect a large number of devices, making them less useful for threat actors... By using the rooting process to gain privileged access to the Android operating system, the threat actor can silently grant themselves dangerous permissions or install additional malware — steps that would normally require user interaction. Elevated privileges also give the malware access to other apps' sensitive data, something not possible under normal circumstances...

AbstractEmu does not have any sophisticated zero-click remote exploit functionality used in advanced APT-style threats, it is activated simply by the user having opened the app. As the malware is disguised as functional apps, most users will likely interact with them shortly after downloading... By rooting the device, the malware is able to silently modify the device in ways that would otherwise require user interaction and access data of other apps on the device.
"Apps bundling the malware included password managers and tools like data savers and app launchers," reports BleepingComputer, "all of them providing the functionality they promised to avoid raising suspicions..."

Lookout's blog post said they'd spotted people affected by the malware in 17 different countries.

The Tesla Oracle blog reports on a newly-released security feature "that enables Tesla owners to remotely view what's happening around their vehicles in real-time using their mobile phones..."

"While you have opened the live camera view of your parked Tesla car, you can talk back to the people in the vehicle's surroundings." The Tesla vehicle will change your voice, amplify and output it via an external speaker installed under the car. Teslas built since January 2019 have this speaker installed as part of the pedestrian warning system, a requirement by the NHTSA. In the last year's holiday software update package, Tesla introduced the Boombox feature using this external speak. Boombox lets Tesla owners add custom horn and pedestrian warning sounds to the vehicle.

Tesla owners will now be able to warn potential vandals more explicitly by giving them verbal warnings from a remote location...
In a tweet Wednesday, Elon Musk joked the feature was also "great for practical jokes."

According to a post on the Signal blog, a federal grand jury in the Central District of California has subpoena'd Signal for a whole pile of user data, like subscriber information, financial information, transaction histories, communications, and more. HotHardware reports: The thing is, the subpoena is moot: Signal simply doesn't have the data to provide. The company can't provide any of the data that the grand jury is asking for because, as the company itself notes, "Signal doesn't have access to your messages, your chat list, your groups, your contacts, your stickers, [or] your profile name or avatar." The only things that Signal can offer up to the court are Unix timestamps for when the accounts in question were created and last accessed the service.

The announcement (and, we suppose, this news post) essentially amounts to an advertisement for Signal, but it's an amusing -- or possibly distressing -- anecdote nonetheless. While Signal is secure, keep in mind that the messages still originate from your device, which means that other apps on your device (like, say, your keyboard) could still be leaking your data. Lest you doubt Signal's story, the app creators have published the subpoena, suitably redacted, on their blog.

Hive, a ransomware group that has hit over 30 organizations since June 2021, now also encrypts Linux and FreeBSD using new malware variants specifically developed to target these platforms. BleepingComputer reports: However, as Slovak internet security firm ESET discovered, Hive's new encryptors are still in development and still lack functionality. The Linux variant also proved to be quite buggy during ESET's analysis, with the encryption completely failing when the malware was executed with an explicit path. It also comes with support for a single command line parameter (-no-wipe). In contrast, Hive's Windows ransomware comes with up to 5 execution options, including killing processes and skipping disk cleaning, uninteresting files, and older files. The ransomware's Linux version also fails to trigger the encryption if executed without root privileges because it attempts to drop the ransom note on compromised devices' root file systems.

An anonymous reader quotes a report from Motherboard: So far this year, almost 1,000 schools across the country have suffered from a ransomware attack, and in some cases had classes disrupted because of it, according to tallies by Emsisoft, a cybersecurity company that specializes in tracking and investigating ransomware attacks, and another cybersecurity firm Recorded Future. Brett Callow, a researcher at Emsisoft shared the list with Motherboard. It includes 73 school districts, comprising 985 schools. Callow said that it's very likely there's some schools that are missing from the list, meaning the total number of victims is likely higher than 1,000. The list includes schools such as the Mesquite Independent School District in Texas, which comprises 49 different schools; the Haverhill Public Schools in Massachusetts, which comprises 16 schools; and the Visalia Unified School District in California, which comprises 41 schools.

"There is a huge jump in ransomware attacks hitting schools starting in 2019 and that trend is accelerating," Allan Liska, a researcher at cybersecurity firm Recorded Future who tracks ransomware, told Motherboard in an online chat. [...] Schools are getting hit every other week, and 2021 was worse than 2020, according to Liska, who said that last year he and his company catalogued 56 ransomware attacks impacting almost 700 schools. "The thing is, as bad as it is right now it will likely get worse before it gets better. While most ransomware attacks are not targeted there are two sectors that ransomware groups do seem to enjoy going after are healthcare and schools," Liska said. "It seems like schools are basically proving ground for ransomware actors to test out their skills. Schools pay significantly less in average ransom than most sectors (when they pay, which is rare), so the ransomware groups are not going after schools for the money."

An anonymous reader quotes a report from KrebsOnSecurity: In December 2018, bling vendor Signet Jewelers fixed a weakness in their Kay Jewelers and Jared websites that exposed the order information for all of their online customers. This week, Signet subsidiary Zales.com updated its website to remediate a nearly identical customer data exposure. Last week, KrebsOnSecurity heard from a reader who was browsing Zales.com and suddenly found they were looking at someone else's order information on the website, including their name, billing address, shipping address, phone number, email address, items and total amount purchased, delivery date, tracking link, and the last four digits of the customer's credit card number. The reader noticed that the link for the order information she'd stumbled on included a lengthy numeric combination that -- when altered -- would produce yet another customer's order information. When the reader failed to get an immediate response from Signet, KrebsOnSecurity contacted the company.

In a written response, Signet said, "A concern was brought to our attention by an IT professional. We addressed it swiftly, and upon review we found no misuse or negative impact to any systems or customer data." Their statement continues: "As a business principle we make consumer information protection the highest priority, and proactively initiate independent and industry-leading security testing. As a result, we exceed industry benchmarks on data protection maturity. We always appreciate it when consumers reach out to us with feedback, and have committed to further our efforts on data protection maturity."

When Signet fixed similar weaknesses with its Jared and Kay websites back in 2018, the reader who found and reported that data exposure said his mind quickly turned to the various ways crooks might exploit access to customer order information. "My first thought was they could track a package of jewelry to someone's door and swipe it off their doorstep," said Brandon Sheehy, a Dallas-based Web developer. "My second thought was that someone could call Jared's customers and pretend to be Jared, reading the last four digits of the customer's card and saying there'd been a problem with the order, and if they could get a different card for the customer they could run it right away and get the order out quickly. That would be a pretty convincing scam. Or just targeted phishing attacks."

A security bug in the health app Docket exposed the private information of residents vaccinated against COVID-19 in New Jersey and Utah, where the app received endorsements from state officials. From a report: Docket lets residents download and carry a digital copy of their immunizations by pulling their vaccination records from their state's health authority. The digital copy has the same information as the COVID-19 paper card, but is digitally signed by the state to prevent forgeries. Docket is one of several so-called vaccine passports in the U.S., allowing residents to show their vaccination records -- or a scannable QR code -- for getting into events, restaurants or crossing into countries where vaccines are required.

But for a time, the app allowed anyone access to the QR codes of other vaccinated users -- and all the personal and vaccine information encoded within. That included names, dates of birth and information about a person's COVID-19 vaccination status, such as which type of vaccine they received and when. TechCrunch discovered the bug on Tuesday and immediately contacted the company. Docket chief executive Michael Perretta said the bug was fixed at the server level a few hours later. The bug was found in how the Docket app requests the user's QR code from its servers. The user's QR code is generated on the server in the form of a SMART Health Card, a widely accepted standard for validating a person's vaccination status across the world. That QR code is tied to a user ID, which isn't visible from the app, but can be viewed by looking at its network traffic using off-the-shelf software like Burp Suite or Charles Proxy.

Iran's president said Wednesday that a cyberattack which paralyzed every gas station in the Islamic Republic was designed to get "people angry by creating disorder and disruption," as long lines still snaked around the pumps a day after the incident began. NPR reports: Ebrahim Raisi's remarks stopped short of assigning blame for the attack, which rendered useless the government-issued electronic cards that many Iranians use to buy subsidized fuel at the pump. However, his remarks suggested that he and others in the theocracy believe anti-Iranian forces carried out the assault. "There should be serious readiness in the field of cyberwar and related bodies should not allow the enemy to follow their ominous aims to make problem in trend of people's life," Raisi said. No group has claimed responsibility for the attack that began Tuesday, though it bore similarities to another months earlier that seemed to directly challenge Iran's Supreme Leader Ayatollah Ali Khamenei as the country's economy buckles under American sanctions.

On Wednesday morning, IRNA quoted another official who claimed 80% of Iran's gas stations had begun selling fuel again. Associated Press journalists saw long lines at multiple gas stations in Tehran. One station had a line of 90 cars waiting for fuel. Those buying ended up having to pay at higher, unsubsidized prices. Tuesday's attack rendered useless the government-issued electronic cards that many Iranians use to buy subsidized fuel at the pump. The semiofficial ISNA news agency, which first called the incident a cyberattack, said it saw those trying to buy fuel with a government-issued card through the machines instead receiving a message reading "cyberattack 64411." While ISNA didn't acknowledge the number's significance, that number is associated with a hotline run through Khamenei's office that handles questions about Islamic law. ISNA later removed its reports, claiming that it too had been hacked. Such claims of hacking can come quickly when Iranian outlets publish news that angers the theocracy.

DeFi protocol Cream Finance suffered yet another hack this year after an exploit stole at least $130 million in what could be one of the largest thefts in decentralized finance. From a report: The attack on the Ethereum-based lending protocol was first reported by The Block Crypto, which cited a tweet by PeckShield highlighting a large flash-loan transaction that carried out the theft. The burgeoning DeFi landscape has drawn in billions of dollars in investor funds, but it has been a frequent target by hackers, with many using flash loans -- a type of uncollateralized lending -- as a way to exploit poorly protected protocols. Cream was involved in similar attacks that stole nearly $38 million in February and almost $19 million in August, according to The Block. Meanwhile, a hacker stole $600 million worth of crypto tokens from the PolyNetwork protocol in August in what is considered to be the largest DeFi hack ever.

The operators of the Grief ransomware have listed today the US National Rifle Association (NRA) as a victim of one of their attacks. From a report: The organization's name was listed on a dark web portal, often called a "leak site," where the Grief gang typically lists companies they infected and which haven't paid their ransom demands. It remains unclear if the Grief gang hit one of the NRA's smaller branches or if the attack hit the organization's central network. Ransomware gangs often like to exaggerate their attacks.

An anonymous reader quotes a report from KrebsOnSecurity: U.S. federal investigators today raided the Florida offices of PAX Technology, a Chinese provider of point-of-sale devices used by millions of businesses and retailers globally. KrebsOnSecurity has learned the raid is tied to reports that PAX's systems may have been involved in cyberattacks on U.S. and E.U. organizations. Headquartered in Shenzhen, China, PAX Technology Inc. has more than 60 million point-of-sale terminals in use throughout 120 countries. Earlier today, Jacksonville, Fla. based WOKV.com reported that agents with the FBI and Department of Homeland Security (DHS) had raided a local PAX Technology warehouse. In an official statement, investigators told WOKV only that they were executing a court-authorized search at the warehouse as a part of a federal investigation, and that the inquiry included the Department of Customs and Border Protection and the Naval Criminal Investigative Services (NCIS).

Several days ago, KrebsOnSecurity heard from a trusted source that the FBI began investigating PAX after a major U.S. payment processor started asking questions about unusual network packets originating from the company's payment terminals. According to that source, the payment processor found that the PAX terminals were being used both as a malware "dropper" -- a repository for malicious files -- and as "command-and-control" locations for staging attacks and collecting information. The source said two major financial providers -- one in the United States and one in the United Kingdom -- had already begun pulling PAX terminals from their payment infrastructure, a claim that was verified by two different sources. The source was unable to share specific details about the strange network activity that prompted the FBI's investigation. But it should be noted that point-of-sale terminals and the technology that supports them are perennial targets of cybercriminals.

An indie developer has found an interesting observation: Though only 5.8% of his game's buyers were playing on Linux, they generated over 38% of the bug reports. Not because the Linux platform was buggier, either. Only 3 of the roughly 400 bug reports submitted by Linux users were platform specific, that is, would only happen on Linux. PC Gamer reports: The developer, posting as Koderski for developer Kodera Software on Reddit, makes indie game [Delta] V: Rings of Saturn -- that's Delta V, or DV, for the non-rocket-science-literate. [...] Koderski says he's sold a little over 12,000 copies of his game, and about 700 of those were bought by Linux players. "I got 1040 bug reports in total, out of which roughly 400 are made by Linux players," says Koderski's post. "That's one report per 11.5 users on average, and one report per 1.75 Linux players. That's right, an average Linux player will get you 650% more bug reports." Koderski's numbers are a limited sample size drawn from one person's experience, but tell a compelling story.

Koderski also says that very few of those bugs were specific to Linux, being clear that "This 5.8% of players found 38% of all the bugs that affected everyone." The bug reports themselves were also pretty high quality, he said, including software and OS versions, logs, and steps for replication. Multiple commenters on the post chalked this up to the kind of people who use Linux: Software professionals, IT employees, and engineers who would already be familiar with official bug reporting processes. It's a strong theory as to why this might be, though the sheer passion that the gaming on Linux community has for anyone who supports their favorite hobby may be another.

Microsoft said on Monday that a Russian state-sponsored hacking group known as Nobelium had attacked more than 140 IT and cloud services providers, successfully breaching 14 companies. From a report: The Microsoft Threat Intelligence Center (MSTIC) said the attacks were part of a planned campaign that began in May this year. The attacks included spear-phishing campaigns and password-spraying operations that targeted employees of companies that manage IT and cloud infrastructure on behalf of their clients. "We believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers' IT systems and more easily impersonate an organization's trusted technology partner to gain access to their downstream customers," said Tom Burt, Corporate Vice President for Customer Security & Trust at Microsoft.

It's estimated there are 10.9 million digital nomads just in the U.S. — and two digital nomads writing for The Next Web point out they're just part of a larger trend. "As of 2021, there are over 35 million digital nomads

Are they also about to start changing the world? Digital nomads' growing numbers and financial clout have caused dozens of tourist-starved countries to update their travel policies for borderless workers. In Summer 2020, a handful of nations launched visa programs to attract digital nomads, starting with Estonia in June, then Barbados, Bermuda, Costa Rica, Anguilla, Antigua, and later, most of Eastern Europe. Now, 30+ nations offer some form of incentive for traveling remote workers. Sweetheart deals like income tax breaks, subsidized housing, and free multiple entry have become as popular as employee work benefits. The opportunities are so numerous, solutions exist just to help you "amenity shop" the perfect country Airbnb style...

Some ambitious nomads, like activist and author Lauren Razavi, have also started to advocate for their rights as global citizens and the future of borderless work... Remote workers like Lauren (and us) want to completely redefine the role governments play in digital nomads' movement and regulation. How? By laying the foundation for the next generation of travel and work, an internet country called Plumia... Plumia wants to build the alternative using decentralized technologies, while also working with countries and institutions on policies that achieve common goals... Begun in 2020 as an independent project by remote-first travel insurance company, SafetyWing, Plumia's plan is to combine the infrastructure for living anywhere with the functions of a geographic country...

Blockchain enthusiasts are also testing an approach that begs the question: are traditional countries still necessary? Bitnation advocates for decentralizing authority by empowering voluntary participation and peer-to-peer agreements. They've âhosted the world's first blockchain marriage, birth certificate, refugee emergency ID, and more as proof of concept... Currently in development, Plumia is focusing on developing member-focused services and content... Verifying a digital identity, maintaining a 'permanent address' whilst on the move, switching service providers and jurisdictions on the fly, complying with complicated tax and labor laws — these are all thorny issues to solve. Initiatives like Plumia are jumping into quite an active ring, however.

In addition to countries competing to serve and attract digital nomads, a number of well-financed startups such as Jobbatical, Remote, and Oyster are creating private-sector solutions to issues posed by people and companies going remote.

Cybersecurity researchers at Bitdefender say cyber criminals have been using a rootkit named FiveSys "that somehow made its way through the driver certification process to be digitally signed by Microsoft," reports ZDNet: The valid signature enables the rootkit — malicious software that allows cyber criminals to access and control infected computers — to appear valid and bypass operating systems restrictions and gain what researchers describe as "virtually unlimited privileges". It's known for cyber criminals to use stolen digital certificates, but in this case, they've managed to acquire a valid one.

It's a still a mystery how cyber criminals were able to get hold of a valid certificate. "Chances is that it was submitted for validation and somehow it got through the checks. While the digital signing requirements detect and stop most of the rootkits, they are not foolproof," Bogdan Botezatu, director of threat research and reporting at Bitdefender told ZDNet. It's uncertain how FiveSys is actually distributed, but researchers believe that it's bundled with cracked software downloads.

Once installed, FiveSys rootkit redirects internet traffic to a proxy server, which it does by installing a custom root certificate so that the browser won't warn about the unknown identity of the proxy. This also blocks other malware from writing on the drivers, in what's likely an attempt to stop other cyber criminals from taking advantage of the compromised system. Analysis of attacks shows that FiveSys rootkit is being used in cyber attacks targeting online gamers, with the aim of stealing login credentials and the ability to hijack in-game purchases. The popularity of online games means that a lot of money can be involved — not only because banking details are connected to accounts, but also because prestigious virtual items can fetch large sums of money when sold, meaning attackers could exploit access to steal and sell these items.

Currently, the attacks are targeting gamers in China — which is where researchers also believe that the attackers are operating from.
"The campaign started slowly in late 2020, but massively expanded during the course of summer 2021," ZDNet adds.

"The campaign is now blocked after researchers at Bitdefender flagged the abuse of digital trust to Microsoft, which revoked the signature."

"Facebook has filed a lawsuit on Friday against a Ukrainian national for allegedly scraping its website and selling the personal data of more than 178 million users on an underground cybercrime forum," reports the Record. According to court documents filed Friday, the man was identified as Alexander Alexandrovich Solonchenko, a resident of Kirovograd, Ukraine. Facebook alleges that Solonchenko abused a feature part of the Facebook Messenger service called Contact Importer. The feature allowed users to synchronize their phone address books and see which contacts had a Facebook account in order to allow users to reach out to their friends via Facebook Messenger. Between January 2018 and September 2019, Facebook said that Solonchenko used an automated tool to pose as Android devices in order to feed Facebook servers with millions of random phone numbers. As Facebook servers returned information for which phone numbers had an account on the site, Solonchenko collected the data, which he later collected and offered for sale on December 1, 2020, in a post on RaidForums, a notorious cybercrime forum and marketplace for stolen data.
The article also notes that Facebook's court documents say Solonchenko scraped data from some of the largest companies in the Ukraine, including its largest commercial bank and largest private delivery service.

And the Record points out that he's not the only person known to have this hole to scrape Facebook's user data and then sell it on the forum.) Days after another incident in April involving 533 leaked phone numbers of Facebook user, Facebook "revealed that it retired the Messenger Contact Importer feature back in September 2019 after it discovered Solonchenko and other threat actors abusing it."

An anonymous reader quotes a report from Motherboard: In the early hours of Sunday morning, hackers took down the corporate servers and systems of Sinclair Broadcast Group, a giant U.S. TV conglomerate that owns or operates more than 600 channels across the country. Days later, inside the company, "it's pandemonium and chaos," as one current employee, who asked to remain anonymous as they were not authorized to speak to the press, told Motherboard. Sinclair has released very few details about the attack since it was hacked Sunday. On Wednesday, Bloomberg reported that the group behind the attack is the infamous Evil Corp., a ransomware gang that is believed to be based in Russia and which was sanctioned by the U.S. Treasury department in 2019.

The ransomware attack interfered with several channels' broadcast programming, preventing them from airing ads or NFL games, as reported by The Record, a news site owned by cybersecurity firm Recorded Future. It has also left employees confused and wondering what's going on, according to current Sinclair workers. "Whoever did this, they either by accident or by design did a very good job," a current employee said in a phone call, explaining that there are some channels that haven't been able to air commercials since Sunday. "We're really running in the blind [...] you really can't do your job." The employee said that he was working on Sunday and was able to get two emails out to colleagues. "And one of them got it, and the other one didn't," they said.

Employees did not have access to their emails until Tuesday morning, according to the two employees and text messages seen by Motherboard. The office computers, however, are still locked by the company out of precaution, and Sinclair told employees not to log into their corporate VPN, which they usually used to do their jobs. Until Thursday, the company was communicating with employees via text, according to the sources, who shared some of the texts sent by the company. In one of them, they called for an all hands meeting. The meeting, according to the two current employees, was quick and vague. Both sources said that the company should be more transparent with its own employees.