Dateline: Hybrid wars in Ukraine, Russia, Israel, and Gaza.
Ukraine at D+670: GRU may be expanding its targeting. (CyberWire) Both sides look for ways to break out of positional warfare's unstable stalemate. Ukraine continues to expand its foothold on the east bank of the Dnipro, and Russia makes a minor advance at great cost against Avdiivka. The GRU seems to have expanded its cyber targeting to infrastructure in Western Europe.
Iran tells Hamas it will not enter the war with Israel (The Telegraph) Supreme leader accuses the terror group of not giving any prior warning of the Oct 7 attacks
NSA's Joyce: Israel faces 'enormous amount of cyber pressure' from Iran, hacktivists (Record) Israel is experiencing direct cyber and misinformation attacks from a variety of adversaries as it battles Hamas, according to NSA’s Rob Joyce.
Israel-Hamas war live: IDF says it has hit Hamas leader’s house; Biden defends refusal to call for ceasefire (the Guardian) Israel Defense Forces say airstrike hit Ismail Haniyeh’s home; US president appears to acknowledge Israeli bombing campaign has been ‘indiscriminate’
UN Security Council adopts resolution calling for urgent humanitarian pauses and corridors in Gaza (AP News) The U.N. Security Council has approved a resolution calling for “urgent and extended humanitarian pauses and corridors throughout the Gaza Strip” after four failed attempts to respond to the Israel-Hamas war.
Joe Biden issues strident defence of refusal to call for ceasefire in Gaza (the Guardian) US president argues Hamas has said it will not stop attacking Israel, and says he is ‘mildly hopeful’ of hostage deal
Attackers Exploit Crisis for Fraudulent Crypto Donations (Abnormal) Attackers attempt to solicit fraudulent donations via cryptocurrency transfers under the guise of collecting donations for children in Palestine.
Russia-Ukraine war live: Ukraine has claimed initiative in Black Sea and forced Russian navy to pull back, Zelenskiy says (the Guardian) Ukraine’s president says use of naval drones has prevented Russia from using Black Sea as springboard
The Russian Federation’s Ongoing Aggression Against Ukraine (U.S. Mission tot he OSCE) On November 20th, the international community will commemorate World Children’s Day. While most children around the world will mark this day with their families and classmates in school, Ukrainian children will continue to face the psychological stress of airstrikes on playgrounds and supermarkets, relatives gone missing, and the unbearable anguish of parents and other family members killed by Russian troops.
Being drafted into Russia’s army in Ukraine is becoming a death sentence (The Telegraph) Nobody comes back from the front line unless they're dead or wounded
With Talk Of A Stalemate And Potential Elections, Politics Seeps Back Into Ukraine
(RadioFreeEurope/RadioLiberty) As the war drags on and another winter approaches, rumblings about elections next year and talk of a “stalemate” on the battlefield have exposed fault lines in a country whose unity has been a crucial force in an existential struggle against the Russian invasion.
A Brief Summary of the Battle of the Black Sea (USNI) Last year, Ukraine put out an unusual crowdfunding request. It aimed to build 100 sea drones, which it would use to attack Russia’s Black Sea Fleet and ports.
Ukraine-Russia war live: I will keep focus on Ukraine, David Cameron assures Zelensky on first visit (The Telegraph) Lord Cameron has promised Volodymr Zelensky that the UK will help to keep the world focussed on the war in Ukraine, on his first visit as Foreign Secretary.
As Putin Girds for a Long War, Europe Seeks to Harden Sanctions on Russia (Wall Street Journal) With sanctions so far failing to dent Moscow’s attack on Ukraine, the EU is looking for new ways to erode the Russian economy.
CISA's Goldstein: Ukrainian response to Viasat hack proves need for redundancy, resilience (Record) The Ukrainian military’s ability to recover from the Russian attack on satellite company Viasat is an example of the need for redundant systems and resilient organizations, according to a top U.S. government cybersecurity official.
Suspect Russia cash movements trigger Italian intelligence alert (Decode39) The Russian Embassy in Rome is in the Italian intelligence’s crosshairs, as its staff withdrew 4 million in cash since February 2022. It’s quite likely the money was used to pay agents and spread propaganda campaigns
Prague Freezes Russian Property On Czech Territory (RadioFreeEurope/RadioLiberty) The Czech government on November 15 froze property owned by Russia on Czech soil as it put a company managing Russian property abroad on its sanction list.
Woman Charged In Killing Of Pro-Kremlin Blogger Pleads Not Guilty As Trial Starts (RadioFreeEurope/RadioLiberty) Darya Trepova, who is suspected of involvement in the killing of prominent pro-Kremlin blogger Vladlen Tatarsky, pleaded not guilty to a charge of terrorism as her trial started on November 15 in St. Petersburg.
Attacks, Threats, and Vulnerabilities
China, Russia And Iran Have Been Blamed For Cyber Attacks On Australia (Nation World News) The Australian Signals Directorate's (ASD) annual cyber threat report reveals that China, Russia and Iran are the main sponsors of serious hacking actions
Russia's Sandworm Linked to Unprecedented Danish Energy Hack (Bloomberg) An unprecedented cyberattack on Danish energy producers this year is linked to a familiar culprit.
Russian Hackers Linked to 'Largest Ever Cyber Attack' on Danish Critical Infrastructure (The Hacker News) Denmark's energy sector hit by massive cyberattack! In May 2023, 22 Danish energy sector companies were simultaneously targeted.
Denmark hit with largest cyberattack on record (Cybernews) Hackers potentially linked to Russia’s military intelligence carried out a series of highly coordinated cyberattacks on Danish energy infrastructure in the spring, a new report says.
#StopRansomware: Rhysida Ransomware (Cybersecurity and Infrastructure Security Agency | CISA) This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders detailing various ransomware variants and ransomware threat actors.
Investigating the New Rhysida Ransomware (Fortinet Blog) FortiGuard Labs sheds insights into the operations, tactics, and impact, including a novel technique involving ESXi-based ransomware of an incident involving the Rhysida ransomware group. Learn mor…
Analyzing Rhysida Ransomware Intrusion (Fortinet) Rhysida is a relatively new ransomware group that claimed its first public victim in May 2023. This threat actor group employs its own ransomware, also called Rhysida, which they also offer as a Ransomware-as-a-Service (RaaS).
The Chain Reaction: New Methods for Extending Local Breaches in Google Workspace (Bitdefender Blog) Modern EDR and XDR solutions do not operate deterministically.
Hackers are exploiting 'CitrixBleed' bug in the latest wave of mass cyberattacks (TechCrunch) Hackers are mass-exploiting a critical bug in Citrix NetScaler systems to launch crippling cyberattacks against big-name global organizations.
Citrix Bleed: CVE-2023-4966 Vulnerability Analysis and Exploitation (CYFIRMA) EXECUTIVE SUMMARY The CYFIRMA Research team delves into the critical cybersecurity landscape surrounding the Citrix Bleed vulnerability, marked by CVE-2023-4966....
Protestware taps npm to call out wars in Ukraine, Gaza (ReversingLabs) ReversingLabs researchers have discovered npm packages that hide scripts broadcasting messages of peace related to the conflicts in Ukraine and in Israel and the Gaza Strip.
New Intel CPU Vulnerability 'Reptar' Can Allow DoS Attacks, Privilege Escalation (SecurityWeek) A new Intel CPU vulnerability tracked as Reptar and CVE-2023-23583 can be exploited for DoS attacks and possibly privilege escalation
Attacker targeting Python developers (Checkmarx.com) For close to six months, a malicious actor has been stealthily uploading dozens of malicious Python packages, most of them mimicking the names of legitimate ones, to bait unsuspecting developers.
New ransomware groups help drive surge in attacks (ITWeb) Of the 60 multi-point extortion ransomware gangs whose activities WithSecure has tracked during the first nine months of 2023, 29 are new.
US says Royal ransomware gang plans 'Blacksuit' rebrand (TechCrunch) The prolific Royal ransomware gang targeted hospitals, healthcare organizations, and critical infrastructure across the United States.
Hackers Claim Major Data Breach at Smart WiFi Provider Plume (Hackread - Latest Cybersecurity News, Press Releases & Technology Today) Plume has not confirmed the data breach but has acknowledged that the company is aware of the claims made by hackers.
Samsung hit by new data breach impacting UK store customers (BleepingComputer) Samsung Electronics is notifying some of its customers of a data breach that exposed their personal information to an unauthorized individual.
Gamblers’ data compromised after casino giant Strendus fails to set password (Security Affairs) Mexican online casino Strendus has exposed sensitive user data, including home addresses and the amounts of money they spent on gambling.
Security incident at Beaverton School District may have compromised student passwords (KGW) The district said IT teams are working on reinstating student accounts and devices but didn't give a time frame for when that would happen.
Anger as Fife GP patients' private details leaked in 'deeply concerning' data breach (The Courier) Invoices containing names, dates of birth and details of private work carried out at Tayview Medical Practice were released in an email.
Digital pharmacy startup Truepill says hackers accessed sensitive data of 2.3 million patients (TechCrunch) The digital health unicorn says the data breach includes the personal information of millions of patients.
Cyber-related rail incidents have killed more than 490 people (Control Global) The government and industry cybersecurity guidelines have often failed to address the control system cyber issues that have resulted in catastrophic control system cyber rail ...
Clorox CISO flushes self after multi-million-dollar attack (Register) Plus: Ransomware crooks file SEC complaint against victim
Clorox Cyber Chief Leaves While Company Recovers From Devastating Hack (Bloomberg) Attack disrupted manufacturing operations for several weeks. Group known as ‘Scattered Spider’ suspected in security breach.
Security Patches, Mitigations, and Software Updates
Chipmaker Patch Tuesday: Intel, AMD Address Over 130 Vulnerabilities (SecurityWeek) Intel and AMD have informed their customers about a total of more than 130 vulnerabilities found in their products.
Trends
GRIT Ransomware Report: October 2023 (Guidepoint Security) October proved to be much quieter than expected. Compared to the massive month of September 2023, where threat actors posted 495 victims, October represents a significant cooling off with a 32% reduction in victims month over month. Despite the slowdown this month, October’s victim counts still dwarf those from the beginning of 2023. This likely short-term reduction is mostly indicative of just how busy ransomware groups were in Q3. Despite the smaller pool of victims, the number of active ransomware groups has not significantly changed, with many of the larger Established groups showing stability while the smaller Ephemeral and Emerging actors demonstrate staying power.
Cyber budgets fail to meet expectations with only 1% increase on previous year in the U.S., finds S-RM (S-RM) In 2023, the average cyber budget for large organizations grew by 3.1% YOY globally to USD 27.10 million — but only by 1% YOY in the U.S.
Identity Fraud Report (Onfido) Get the latest identity fraud trends and threats, and get best practice advice for fraud prevention in this report.
New Report Shows 95% of CISOs, CSOs and CIOs Fear Identity-related Threats (PR Newswire) Omada A/S ("Omada"), a global leader of Identity Governance and Administration (IGA), today released its State of Identity Governance Report...
Marketplace
SonicWall Acquires Managed Detection and Response Services Tailor-Made for MSPs/MSSPs (SonicWall) Acquiring Solutions Granted, Inc. expands SonicWall’s cybersecurity solutions creating a cost-effective, flexible, and technology-driven managed security offering
For top cybersecurity talent, companies pay over $500,000: Report (CSO Online) Cybersecurity strategy success depends on appropriate staff size and salary to retain top talent, according to a report from security analysis firm IANS.
Ping Identity lays off employees after merger with San Francisco-based ForgeRock (Bay Area Inno) Ping Identity, a cloud-based cybersecurity company, recently laid off several employees following a merger with San Francisco-based ForgeRock.
Denver-based Ping Identity goes through layoffs after merger with San Francisco company (Denver Business Journal) Denver-based Ping Identity, a cloud-based cybersecurity company, recently laid off several employees. This round of layoffs comes less than three months after Ping merged with San Francisco-based ForgeRock, an identity and access management software company.
Blacklisted spyware firm looks for inroads amid war in Gaza (POLITICO) NSO Group has been meeting with lawmakers from both parties since the attack on Oct. 7.
Cybersecurity Warning Puts Palo Alto’s 85% Rally in Spotlight (Bloomberg) One investor sold Palo Alto Networks shares ahead of earnings. Bulls see it gaining more as a leader in the cyber industry.
Juniper Networks Falls as CISA Calls for Feds to Secure Devices (HS Today) Juniper Networks (NYSE:JNPR) shares fell almost 1% on Monday as the Cybersecurity and Infrastructure Security Agency reportedly warned federal offices today to secure their Juniper-made devices by this week after it found issues with its code.
Products, Services, and Solutions
Tanium Unveils the Future of its Autonomous Platform at Annual Converge Conference (Business Wire) Company announces Tanium AI and new innovations in Autonomous Endpoint Management to drive operational efficiency and faster risk mitigation through automation
Wiz becomes the first CNAPP to provide AI Security Posture Management (Wiz Blog) Wiz extends its platform to secure AI with AI-SPM capabilities, helping organizations accelerate their AI innovation in the cloud.
Onfido launches first Fraud Lab capable of creating synthetic attacks at scale as deepfakes increase 31X (Onfido) Onfido publishes 2024 Identity Fraud Report, revealing steep rise in deepfake fraud and other security trends and recommendations: Video spoofs now account for 80% of…
Microsoft unveils expansion of AI for security and security for AI at Microsoft Ignite (Microsoft) The increasing speed, scale, and sophistication of recent cyberattacks demand a new approach to security.
Versa Networks Announces Participation in Microsoft Security Copilot Partner Private Preview (Versa Networks) Versa Networks Announces Participation in Microsoft Security Copilot Partner Private Preview Combination of Microsoft Security Copilot with Versa’s Secure Networking Telemetry and Insights will Provide more Robust Protection against Cyberthreats in areas of Better Anomaly Detection, Faster Response to Security Incidents, and more Effective Mitigation of Risk Santa Clara, Calif. – Nov. 15, 2023 Versa
ContraForce is a Proud Participant in Microsoft’s Security Copilot Partner Private Preview (Business Wire) ContraForce today announced its participation in the Microsoft Security Copilot Partner Preview. ContraForce was selected based on their proven experience with Microsoft Security technologies, willingness to explore and provide feedback on cutting edge functionality, and close relationship with Microsoft.
Zimperium Recognized as a Proud Participant in the Microsoft Security Copilot Partner Private Preview (PR Newswire) Zimperium, the only mobile-first security platform for mobile devices and mobile apps, today announced its participation in the Microsoft...
HUMAN is a proud participant in the Microsoft Security Copilot Partner Private Preview (HUMAN) HUMAN Security, Inc. announced it has disrupted a key monetization mechanism of a sophisticated series of cybercriminal operations involving backdoored off-brand mobile and CTV Android devices, sold to end users through major retailers originating from repackaging factories in China.
Cyware is a Proud Participant in the Microsoft Security Copilot Partner Private Preview (Business Wire) Cyware today announced its participation in the Microsoft Security Copilot Partner Private Preview. Cyware was selected based on their proven experience with Microsoft Security technologies, willingness to explore and provide feedback on cutting edge functionality, and close relationship with Microsoft.
HYAS is a Proud Participant in the Microsoft Security Copilot Partner Private Preview (Business Wire) HYAS Infosec today announced its participation in the Microsoft Security Copilot Partner Private Preview. HYAS Infosec was selected based on their proven experience with Microsoft Security technologies, willingness to explore and provide feedback on cutting-edge functionality, and close relationship with Microsoft.
Gigamon is a Proud Participant in the Microsoft Security Copilot Partner Private Preview (Business Wire) Gigamon Deep Observability Pipeline joins Security Copilot ecosystem supporting AI for security teams
CISO Global Participates in Microsoft Security Copilot Partner Private Preview (GlobeNewswire News Room) CISO Global (NASDAQCM: CISO) today announced its participation in the Microsoft Security Copilot...
Qualys Participates in the Microsoft Security Copilot Partner Private Preview (PR Newswire) Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of disruptive cloud-based IT, security, and compliance solutions, today announced...
Quorum Cyber is a proud participant in the Microsoft Security Copilot Partner Private Preview (Quorum Cyber) Quorum Cyber today announced its participation in the Microsoft Security Copilot Partner Private Preview. Read more.
Trustwave Joins Microsoft’s Security Copilot Partner Private Preview (Trustwave) Trustwave is proud to announce it is now a full participant in the Microsoft Security Copilot Partner Private Preview.
Cohesity Expands Collaboration with Microsoft to Bring Enhanced Data Security and Backup Protections to Microsoft 365 (Business Wire) Integration of Cohesity DataProtect and Microsoft 365 Backup Storage Aims to Deliver Fast Data Recovery and Resilience Against Cyber Risk
Illumio is a proud participant in the Microsoft Security Copilot Partner Private Preview (GlobeNewswire News Room) Illumio, Inc., the Zero Trust Segmentation company, today announced its participation in the...
BlueVoyant is a Proud Participant in the Microsoft Security Copilot Design Advisory Council (PR Newswire) BlueVoyant, a cybersecurity company that illuminates, validates, and mitigates internal and external risks, today announced its participation...
Corelight is a Proud Participant in the Microsoft Security Copilot Partner Private Preview (PR Newswire) Corelight, the leader in open network detection and response (NDR), today announced its participation in the Microsoft Security Copilot Partner...
Centripetal Launches Global Partner Program, Empowering Partners to Proactively Leverage Threat Intelligence for Unparalleled Protection (Business Wire) Company Kicks Off Program with Worldwide Partners to Drive Growth and Accelerate Customer Value
Bulletproof is a proud participant in the Microsoft Security Copilot Partner Private Preview (Yahoo Finance) Bulletproof today announced its participation in the Microsoft Security Copilot Partner Private Preview. Bulletproof was selected based on their proven experience with Microsoft Security technologies, willingness to explore and provide feedback on cutting edge functionality, and close relationship with Microsoft.
The latest Titan Security Key is in the Google Store (Google) During today’s Aspen Cyber Summit in New York City, we rolled out the latest version of our Titan Security Key — now available on the Google Store.
SecurityBridge Ramps Up U.S. Support Teams To Further Bolster SAP Cybersecurity Growth Throughout North America (ABC27) Elizabeth Murphy Joins SecurityBridge's U.S. team as VP of Global Sales, Alliances, and Channels SecurityBridge, a leading global provider of SAP security solutions.
KnowBe4 Is Now FedRAMP® (Federal Risk and Authorization Management Program) Moderate Authorized (PR Newswire) KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced that its KMSAT and...
Flexxon’s AI-based cybersecurity solution promises to tackle cybercrime (WIPO) The cost of cybercrime set to rise to USD 10.5 trillion by 2025, crippling businesses and critical infrastructure. Camellia (Cam) Chan, CEO and co-founder of Flexxon, a Singapore-based hardware-based cybersecurity solutions manufacturer, and co-founder, Camellia (Cam) Chan, discusses outlines Flexxon’s novel approach to cybersecurity and its commitment to innovation and IP to safeguard digital citizens everywhere.
iTWire - Radware to deliver advanced DDoS protection for data centre infrastructure of leading telecom (IT Wire) COMPANY NEWS: Radware (NASDAQ: RDWR), is a leading provider of cyber security and application delivery solutions, announced it signed an agreement with a leading European telecom and managed security service provider. Ranking among its country’s top four largest telecoms based on revenue,...
IBM Launches Watsonx.governance to Optimize AI Management (Yahoo Finance) IBM introduces automated AI governance features to enhance transparency and mitigate bias in predictive AI models.
IONIX Extends Leading Attack Surface Management Platform Adding Threat Exposure Management Capabilities (GlobeNewswire News Room) New Threat Exposure Radar Enables Security Teams to Visualize and Prioritize Hundreds of Attack Surface Threats into a Manageable Set of Specific,...
Devo Introduces Collective Defense to Enable Enterprises to Respond to Emerging Threats (PR Newswire) Devo Technology, the security data analytics company, has launched Devo Collective Defense, a threat intelligence feed within the Devo Security...
ESET launches all-in-one home cybersecurity protection package (Hardware Zone) It comes with options like antivirus, password manager, browser privacy extensions, and covers most operating systems across laptops, phones, and even smart TVs.
Finance of America Chooses Spera Security to Bolster its Identity Security (GlobeNewswire News Room) Leading identity security vendor reduces cybersecurity risk and improves compliance for Finance of America...
Flare Launches Enhanced MSSP Partner Program (Newswire) Flare, the leading continuous threat exposure management solution provider, today announced the launch of their new tiered Managed Security Servi ...
Technologies, Techniques, and Standards
Cyber Talent Acquistion Woes for Enterprises (N2K Networks) Enterprises face significant challenges when it comes to acquiring and retaining top cybersecurity talent. Here are top challenges and how to address them.
Disinformation is an Open Source Problem (ActiveState) In social media & open source anyone can post/upload anything leading to abuse. Social media can learn from open source innovative solutions.
Design and Innovation
Large language models: The foundations of generative AI (InfoWorld) Large language models evolved alongside deep-learning neural networks and are critical to generative AI. Here's a first look, including the top LLMs and what they're used for today.
Google DeepMind wants to define what counts as artificial general intelligence (MIT Technology Review) AGI is one of the most disputed concepts in tech. These researchers want to fix that.
Research and Development
[New research] How tough is bcrypt to crack? And can it keep passwords safe? (Specops Software) New Specops research shows the time it takes to crack passwords encrypted with the bcrypt hashing algorithm – plus how attackers get around its protection.
Monash University and CSIRO create quantum-secure online transaction algorithm (SecurityBrief Australia) CSIRO, in association with Monash University, creates 'LaV', a quantum-secure algorithm enhancing online transactions.
Academia
Norwich enters first-ever Educational Partnership Agreement with U.S. Cyber Command (WCAX) Norwich University has entered into a first-of-its-kind educational partnership with the U.S. Cyber Command.
Legislation, Policy, and Regulation
UK National Cyber Force operations to become ‘more embedded’ with policing (Record) The elite U.K. hacking unit eventually will be more integrated into police operations, alongside military and intelligence ones, according to Gen. Sir Jim Hockenhull, the chief of Strategic Command.
Australian Intelligence Report Identifies China as Major Backer of Cyber Crime (Voice of America) Australia to boost its cyber defenses
ITI Reacts to Senate Introduction of the Artificial Intelligence Research, Innovation, and Accountability Act of 2023 (Information Technology Industry Council) Today, global tech trade association ITI responded to the introduction of the Artificial Intelligence Research, Innovation, and Accountability Act of 2023 by Senators John Thune (R-SD) and Amy Klobuchar (D-MN). Among its provisions, the bill would promote AI transparency and accountability and preserve existing laws that govern AI.
FBI Director: FISA 702 warrant requirement 'de facto ban' (Register) War of words escalates as deadline draws near
State plans to lead by example in tech diplomacy politics (Nextgov.com) Between following a new executive order and modernizing agency operations, the State Department is building its policy on artificial intelligence through promoting U.S. innovation.
FCC Adopts Rules to Protect Consumers' Cell Phone Accounts (FCC) Strengthens FCC Protections Against SIM Swapping and Port-Out Scams
Meta says vetting teens’ ages should fall on app stores, parents (Washington Post) The tech giant is calling for legislation requiring that parents approve teens’ downloads on app stores like Google and Apple
Login-dot-gov is 'fraudulent,' says House Republican gunning to defund 18F (Nextgov.com) Texas Republican Pete Sessions said 18F “misled and lied to the government” about the credentialing service’s capabilities .
Silicon Valley’s Top Data Enforcer in Europe Is Leaving Her Post (Bloomberg) Helen Dixon this year slapped Meta with biggest GDPR fine yet. Irish watchdog is lead EU data enforcer for Meta and Apple.
Australia’s cybersecurity coordinator goes on unplanned leave (CSO Online) Air Marshal Darren Goldie gets recalled to Defence to deal with workplace matters and goes on leave.
Litigation, Investigation, and Law Enforcement
EFF Urges FTC to Address American Resellers of Malware on Android TV Set-Top Boxes (Electronic Frontier Foundation) The Federal Trade Commission (FTC) must act to halt sales by Amazon, AliExpress, and other resellers of Android television set-top boxes and mobile devices manufactured by AllWinner and RockChip that have been pre-infected with malware before ever reaching consumers, the Electronic...
Lawsuit over 'authorized' courthouse burglary bounces back to state court (Iowa Capital Dispatch) A judge has ruled that two men who broke into a county courthouse have failed to prove they had a “constitutional right not to be arrested.”
DraftKings teen hacker who boasted 'fraud is fun' pleads guilty in fantasy sports betting theft (Yahoo News) A Wisconsin teenager pleaded guilty Wednesday in New York federal court to conspiracy in connection with a scheme to hack user accounts at the DraftKings fantasy sports betting website and with others steal about $600,000 from its customers.