Photo Illustration by Michael M. Santiago/Getty Images Follow ZDNET: Add us as a preferred source<!–> on Google. ZDNET’s key takeaways TikTok is introducing tools to fight AI and doomscrolling. You can earn badges for improving your digital well-being. A new slider lets you control how much AI content you see. While there are numerous problems […] More

Yaroslav Vasinskyi, accused of being connected to the Sodinokibi/REvil ransomware group, was extradited and arraigned in a Dallas, Texas court on Wednesday. In November, the Justice Department said the 22-year-old was behind the July 2021 ransomware attack against Kaseya, which crippled hundreds of companies around the world for days. 

CyberScoop reported in November that Vasinskyi was arrested at a border crossing in Dorohusk — a Polish-Ukrainian border town — on October 8. Vasinskyi made his first appearance and was arraigned today in the Northern District of Texas.”When last year I announced charges against members of the Sodinokibi/REvil ransomware group, I made clear that the Justice Department will spare no resource in identifying and bringing to justice transnational cybercriminals who target the American people,” said Attorney General Merrick Garland. “Just eight months after committing his alleged ransomware attack on Kaseya from overseas, this defendant has arrived in a Dallas courtroom to face justice,” said Deputy Attorney General Lisa Monaco. The DOJ said Vasinskyi was brought to Dallas on March 3.According to an indictment from August, Vasinskyi was responsible for the attack on Kaseya as well as several other companies. REvil was also accused of being responsible for the ransomware attack against food supplier JBS, which paid $11 million in Bitcoin to the attackers in exchange for the key required to decrypt the network. Garland said in November that Vasinskyi — who went by the name “Rabotnik” online — was one of the masterminds behind the REvil ransomware. The indictment shared by the DOJ said Vasinskyi has been part of the REvil ransomware gang since at least 2019 and has launched at least 2,500 attacks. 

The DOJ said he made $2.3 million from ransoms after demanding a total of more than $760 million.He has been charged with conspiracy to commit fraud and related activity in connection with computers, damage to protected computers, and conspiracy to commit money laundering. He is facing a total of 115 years in prison if convicted of all counts. News of Vasinskyi’s arrest in November was paired with the seizure of $6.1 million in funds traceable to alleged ransom payments received by 28-year-old Russian national Yevgeniy Polyanin. Polyanin was also charged for his involvement with Sodinokibi/REvil.”The arrest of Yaroslav Vasinskyi, the charges against Yevgeniy Polyanin, and seizure of $6.1 million of his assets, and the arrests of two other Sodinokibi/REvil actors in Romania are the culmination of close collaboration with our international, US government, and especially our private sector partners,” FBI Director Christopher Wray said at the time. “The FBI has worked creatively and relentlessly to counter the criminal hackers behind Sodinokibi/REvil.”Law enforcement officials from multiple countries were involved in disrupting the REvil ransomware gang, which went dark for the second time in October. Suspected members of the group were also detained following raids by Russia’s Federal Security Service (FSB) in January. According to the US Department of Justice, in addition to the headlining attacks on Kaseya and JBS, REvil is responsible for deploying its ransomware on more than 175,000 computers. The group allegedly brought in at least $200 million from ransoms. More

peepo/Getty Images The year 2024 delivered all the drama technology fans could want: AI dominance, chip wars, smart devices that were anything but, and a social media implosion that’s already a case study in corporate mismanagement. From monumental wins to jaw-dropping failures, here’s the definitive breakdown of the year’s tech highs and lows. Also: The […] More

Liquid, one of today’s top 20 cryptocurrency exchange portals, has disclosed a security breach on Wednesday.

In a blog post on its website, the company said that last week, on Friday, November 13, a hacker managed to breach employee email accounts and pivot to its internal network.
The company said it detected the intrusion before the hacker stole any funds, but a subsequent investigation revealed that the attacker was able to collect personal information from Liquid’s database that stored user details.
Stolen information included real name, home address, emails, and encrypted passwords.
Liquid CEO Mike Kayamori said the company is still investigating if the intruder was able to steal proofs-of-identity that all users must provide when making their first transaction on the platform.
“We do not believe there is an immediate threat to your account due to our use of strong password encryption. Nevertheless, we recommend that all Liquid customers change their password and 2FA credentials at the earliest convenience,” Kayamori said.
Another social engineering attack leading to a DNS hijack
The company blamed the intrusion on its domain name provider, which fell victim to a social engineering attack and incorrectly transferred Liquid’s account to the hacker.

Immediately after gaining control of this account, Liquid said the attacker hijacked the company’s DNS records, pointing incoming traffic to a server under their control.
The hacker is believed to have used access over the company’s DNS records to redirect employees to fake login pages and collect their work email credentials, which they later used to access employee work email accounts, and later pivot to Liquid’s internal infrastructure.
DNS hijacking attacks like these are bold, but they have also been very common against cryptocurrency services over the past few years. For example: More

Google has outlined how the company handles customer data in response to a Dutch data protection assessment. 

Launched in October, Google Workspace is an enterprise suite for applications including Gmail, Meet, Drive, and Sheets, software that can be useful for businesses currently adopting work from home or hybrid workplace models. 
A Data Protection Impact Assessment (DPIA) was recently published by Dutch data protection authorities outlining comparisons between data handling in Google Workspace. 
The DPIA included ten original ‘risk’ factors to government agencies adopting Google Workspace, citing issues including a lack of transparency concerning the purposes behind processing both customer and diagnostic data; potential legal gray areas surrounding both the tech giant and government bodies acting as data controllers or processors, “privacy-unfriendly” default settings, and potential spill-overs between ‘one-account’ users in personal and enterprise settings. 
On Monday, Google Cloud VP of EMEA South, Samuel Bonamigo, said that in response to the DPIA and a separate assessment of and Google Workspace for Education delivered to the Dutch government, Google “welcomes the opportunity to demonstrate our commitment to privacy and security.”
Google is in discussion with the Dutch government over the concerns highlighted, but wants to emphasize that Workspace solutions have been designed “to secure and protect the privacy of our customers’ data.”
“Our cloud is designed to empower European organizations’ strict security and privacy requirements and expectations,” Google says. “We adhere to regulatory and compliance requirements to protect our customers’ data. And we believe that it is deeply important for us to be transparent about our products and our practices.”

Google says that user or service data is not used for targeted ads or creating ad profiles, and ads are not shown in Workspace and Workspace for Education Core Services, which are the premium versions of existing tools. Cloud customer data is also only processed based on customer agreements and is kept in the control of the user, the company says. 
Google has also created the Google Cloud Privacy Notice to outline how service data is processed, alongside a new Google Workspace for Education data protection implementation guide (.PDF). 
“Our goal in addressing the DPIA is complete transparency for our customers, regulators, and policymakers on the open issues,” Google said. “We will continue to discuss the findings with the Dutch government in the next few months, with the goal of reaching an agreement that will lead to more choice for public sector organizations in the Netherlands and beyond.”
In related news, Google has also updated Google Workspace with new features including new security access controls, the “Workspace Frontline” function for key workers that need to use their own devices to access corporate resources, improved endpoint management, and support for Google Assistant in Workspace. 
On Monday, Google warned of an increase in bots targeting businesses, not only to perform Distributed Denial-of-Service (DDoS) assaults, but also the use of bots for content scraping and other forms of attack.
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More