Yazılar

SK Group Chairman Chey Apologizes for Major SK Telecom Data Breach, Pledges Security Overhaul

/in /tarafından

SK Group Chairman Chey Tae-won issued a public apology on Wednesday following a significant data breach at SK Telecom, South Korea’s largest mobile carrier, which has sparked alarm among its 23 million users over potential theft of personal and financial information.

The breach, detected on April 18, was attributed to a malware attack, and has led to widespread concern and customer action. Thousands have visited SK Telecom outlets to replace their USIM (Universal Subscriber Identity Module) cards, which the company is offering free of charge.

Chey, speaking for the first time since the breach became public, said, I believe we need to look at this as a matter of national defence, not just (data) security.” He acknowledged a need for a more comprehensive and strategic approach to cybersecurity, noting that the company previously treated such threats as a standard IT issue handled internally.

In response to the breach, SK Telecom has launched a USIM Protection Service, which it says provides equivalent protection to replacing the USIM card. Chey confirmed he enrolled in the service but had not yet replaced his own card.

The chairman also pledged a full-scale security review involving external cybersecurity experts to prevent similar incidents in the future and restore public trust in the company’s data protection capabilities.

Meta Wins $168 Million Verdict Against Spyware Firm NSO Group in Landmark Privacy Case

/in /tarafından

Meta Platforms secured a major legal victory on Tuesday, winning a $168 million verdict against Israeli surveillance firm NSO Group in a landmark case centered on unlawful spyware deployment through WhatsApp. The jury in a California court awarded $444,719 in compensatory damages and $167.3 million in punitive damages, concluding a six-year legal battle.

The case stems from a 2019 lawsuit filed by Meta’s subsidiary WhatsApp, which accused NSO of exploiting a vulnerability in the app to install spyware on users’ phones. A December 2023 ruling had already confirmed NSO’s liability, and Tuesday’s verdict marks a rare legal reckoning for a company in the secretive spyware industry.

Meta hailed the outcome as a step forward for privacy and security,” calling it the first legal victory against the development and use of illegal spyware that threatens global user safety.

NSO, which rose to global notoriety in 2016, is known for its controversial Pegasus spyware, used by governments and intelligence agencies. While the company claims its tools are used to combat terrorism and child exploitation, investigations have linked its software to abusive surveillance practices in countries such as Saudi Arabia, Poland, Mexico, and El Salvador.

In response to the ruling, NSO said it would explore legal options, including an appeal.

The trial also offered a rare glimpse into NSO’s inner workings, revealing details about its 140-person research team, a $50 million budget dedicated to exploiting smartphone vulnerabilities, and clients including Uzbekistan, Saudi Arabia, and Mexico. District Judge Phyllis Hamilton criticized NSO for repeatedly failing to comply with court orders and for withholding key evidence during discovery.

Human rights advocates called the ruling a pivotal moment for accountability in the surveillance industry. Natalia Krapiva of Access Now said it sends a strong message to spyware firms: “There will be consequences if you act recklessly or unlawfully.”

Cyberattacks on M&S and Co-op Originated from Help Desk Deception, Says Report

/in /tarafından

Cybercriminals launched recent attacks on British retailers Marks & Spencer (M&S) and Co-op Group by impersonating employees to trick IT help desks into resetting passwords, according to a report by BleepingComputer. This social engineering tactic allowed hackers to gain initial access to internal systems.

The UK’s National Cyber Security Centre (NCSC) responded by urging all organisations to re-evaluate their help desk protocols, warning that online criminal activity like ransomware and data extortion is on the rise and that even large enterprises are vulnerable to such basic forms of manipulation.

While both M&S and Co-op declined to comment, the consequences of the M&S breach are already being felt. Shares dropped 4% on Tuesday and are down 12% since the cyber incident was disclosed on April 22. The company halted online orders for clothing and home products via its website and app on April 25, with no timeline for resumption. Some food product availability has also been disrupted.

Deutsche Bank analysts estimate the incident has cost M&S around £30 million ($40 million) so far, with an ongoing weekly impact of approximately £15 million. Though cyber insurance may offset part of the loss, it typically covers a limited time period. The broader risks include loss of consumer trust, data breach fines, and long-term reputational damage.

Ciaran Martin, former CEO of the NCSC, noted that the recovery time for such attacks is often lengthy due to the need to completely rebuild compromised IT networks.

Meanwhile, a group identifying as DragonForce claimed responsibility for attacking both M&S and Co-op, as well as stealing staff and potential customer data from the latter. The same group also claims responsibility for attacking Harrods. The report also links the cyberattack on M&S to the Scattered Spider” hacking collective, known for using DragonForce ransomware, although the NCSC said it could not confirm the connection.