All news with #enforcement tag

⚖️ The FTC announced a $2.5 billion settlement with Amazon over allegations it used dark patterns to trick millions into enrolling in and retaining Prime subscriptions. The agreement includes a $1 billion civil penalty and $1.5 billion in refunds for an estimated 35 million affected consumers. The FTC said Amazon's checkout and cancellation designs obscured opt-outs, failed to disclose automatic renewals, and relied on an internal cancellation flow nicknamed "Iliad" that deterred cancellations. Internal documents, the agency added, showed employees discussing the problematic practices.

🔍 A Eurojust-coordinated joint action day led to the arrest of five suspects, including the alleged mastermind of a cryptocurrency investment fraud that reportedly seized €100m from victims across 23 countries. Authorities say the multi-year scheme, active since at least 2018, used professionally designed websites to promise high returns and then demanded additional fees to process withdrawals before sites went offline. Europol provided operational and analytical support while the joint investigation team helped coordinate cross-border activity.

🛑 Eurojust coordinated the arrest of five suspects tied to an elaborate online investment fraud that stole more than €100 million from over 100 victims across France, Germany, Italy and Spain. Searches and asset freezes were carried out in Spain, Portugal, Italy, Romania and Bulgaria, and investigators say funds were laundered via Lithuanian bank accounts. Victims were charged extra withdrawal fees before the platform disappeared.

🛡️ Microsoft's Digital Crimes Unit has seized 338 domains to dismantle the Phishing‑as‑a‑Service platform RaccoonO365, which enabled low‑skilled actors to deploy convincing Microsoft login pages. The DCU reports the service compromised more than 5,000 accounts across 94 countries since July 2024 and could bypass MFA to maintain persistent access. Operators marketed AI enhancements to scale attacks and collected at least $100,000 in cryptocurrency, prompting legal action to disrupt the infrastructure and seize control of the platform.

🔒 Conor Brian Fitzpatrick, known online as "Pompompurin", has been resentenced to three years in prison after a U.S. appeals court overturned his earlier lenient term. He created and administered the notorious BreachForums, a marketplace for stolen data and hacking tools, and was arrested after the Department of Justice disrupted the site. Fitzpatrick had violated pretrial release conditions and pleaded guilty to hacking charges and possession of child sexual abuse material; the forum remains active under a new domain.

⚖️ The U.S. Department of Justice resentenced Conor Brian Fitzpatrick (aka Pompompurin) to three years in prison after vacating his prior 17‑day time‑served sentence for operating BreachForums and possessing child sexual abuse material. Fitzpatrick pleaded guilty in 2023 to access device conspiracy, access device solicitation, and CSAM possession and agreed to forfeit domains, devices, and cryptocurrency representing illicit proceeds. The resentencing followed a Fourth Circuit decision that remanded his case for a new term.

🔒 Conor Brian Fitzpatrick, 22, who operated the BreachForums hacking forum under the alias Pompompurin, was resentenced to three years in prison after the U.S. Court of Appeals vacated his earlier sentence of time served and 20 years of supervised release. Fitzpatrick pleaded guilty in July 2023 to conspiracy to commit access device fraud, solicitation to offer access, and possession of child sexual abuse material (CSAM). Prosecutors say he violated pretrial release by using VPNs and unauthorized, unmonitored devices to conceal internet activity. BreachForums, created in 2022, rapidly grew to over 330,000 members and facilitated the sale and leakage of stolen data and access to corporate networks.

🔍 The DHS Office of Inspector General (OIG) audit found that CISA misused federal funds and undermined its mission by broadly administering the Cyber Incentive program. The review identified 240 recipients in non-cyber support roles, poor record-keeping in OCHCO, and $1.4m in undocumented back pay among more than $138m disbursed since 2020. Payments typically ranged from $21,000 to $25,000 annually per person, more than 40% of staff received incentives, and the OIG issued eight recommendations to tighten eligibility, tracking, governance and recovery procedures; CISA has concurred with all recommendations.

🚨 U.S. Senator Ron Wyden requested that the FTC investigate Microsoft for what he describes as “gross cybersecurity negligence” after product weaknesses tied to Kerberos and legacy RC4 usage contributed to ransomware incidents, including the May 2024 Ascension Health breach that exposed data for 5.6 million patients. Wyden says his office alerted Microsoft in July 2024 and urged setting stronger ciphers like AES as defaults; he criticized an October Microsoft blog as too technical to warn corporate decision-makers. Microsoft replied that RC4 accounts for under 0.1% of traffic, that full removal risks breaking legacy systems, and that deprecation is on its roadmap.

🔒 Authorities, working with the Alliance for Creativity and Entertainment (ACE), have disrupted Streameast, the world's largest illegal live sports streaming network, and arrested two individuals in Egypt. The ad-supported platform, active since 2018, operated roughly 80 domains and drew hundreds of millions of visits monthly. Law enforcement seized devices and financial records while ACE redirected many domains to a Watch Legally portal. Investigators say the operation routed significant advertising revenue through a UAE shell company.

🔒 The U.S. Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned two individuals and two companies tied to a North Korean IT worker network that embeds personnel in foreign firms using stolen or fabricated identities and "laptop farms" to disguise locations. Designations include Russian national Vitaliy Sergeyevich Andreyev and DPRK consular official Kim Ung Sun, plus Chinese front Shenyang Geumpungri Network Technology Co., Ltd and DPRK-linked Korea Sinjin Trading Corporation. Blockchain intelligence firm Chainalysis identified Andreyev’s Bitcoin wallet as a laundering conduit, tied to nearly $600,000 in conversions. The sanctions freeze U.S.-based assets, bar American persons from transacting with the designees, and signal heightened targeting of infrastructure and crypto facilitators who help the DPRK monetize overseas IT labor.