DC Police Department Becomes Latest Law Enforcement Arm Struck by Ransomware Attack
FBI and CISA issue warning over continued SVR attacks, Thoma Bravo to pay $12.3 billion for Proofpoint in biggest cybersecurity acquisition ever, Critical macOS bug patched, much more
Stay tuned for a special free book offer we will make available only to our premium subscribers. Don’t miss out on this limited opportunity. Sign up for a paid subscription today!
The Washington DC police department became the third law enforcement agency in six weeks to be hit by a ransomware attack. The Babuk ransomware gang claims it downloaded 250 gigabytes of data from the department and threaten to release it unless their ransom demands are met.
They also threaten to release information about police informants to criminal gangs and continue attacking “the state sector,” including the F.B.I. and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. In Presque Isle, Maine, the police department was hit earlier this month by a separate ransomware group that leaked their data online. In March, the police in Azusa, Calif., outside Los Angeles, were also hit. (Julian E. Barnes, Nicole Perlroth / New York Times)
Related: IT Pro, Infosecurity Magazine, NBC Washington, Associated Press, New York Times, Telecomlive.com, Bleeping Computer, News: NPR, News: NPR, Tech Xplore, Daily Mail, SecurityWeek, HOTforSecurity, The Record by Recorded Future, AOL, Fox Business
The FBI and DHS’s Cybersecurity and Infrastructure Security Agency (CISA) warned in a joint advisory of continued attacks coordinated by the Russian Foreign Intelligence Service (SVR) (aka APT29).
The advisory provides additional info on APT29 tactics, tools, techniques, and capabilities, including password spraying, zero-day vulnerabilities, the use of malware known as Wellmess, and the expanded access to an expanded number of networks using SolarWinds-enabled Intrusions. (Sergiu Gatlan / Bleeping Computer)
Private equity firm Thoma Bravo said it plans to acquire cloud-oriented cybersecurity company Proofpoint in a deal worth $12.3 billion, marking the deal as the largest cybersecurity acquisition in history.
The deal, which is expected to close in Q3 2021, will pay a 34% premium on Proofpoint’s closing price at the last full trading day (April 23), with shareholders set to receive $176 for each share they own. (Paul Sawers / Venture Beat)
Related: Investor's Business Daily, Reuters, TechCrunch, San Jose Business News, Bloomberg Technology, Fortune, CRN, The Register, MSSP Alert, SecurityWeek, Tech Insider, ZDNet, ARN, PYMNTS.com, Infosecurity Magazine, Help Net Security
Sabre subsidiary Radixx said that a malware attack on its Radixx Res app caused a dayslong outage prompting reservations systems to crash at about 20 low-cost airlines worldwide.
The company said that no airline passenger information had been affected in the attack, and it is working to restore the 20 downed systems. (Winston Shek / Airline Geeks)
Security researcher Cedric Owens discovered a bug in macOS that can bypass layers of protections in the operating system, including Apple’s Gatekeeper mechanism and its software notarization process.
Owens reported the bug to Apple and also shared his findings with longtime macOS security researcher Patrick Wardle for analysis. Apple released a patch for the bug in macOS Big Sur 11.3. (Lily Hay Newman / Wired)
Related: Objective-See's Blog, Thomas Brewster - Forbes, TechCrunch, VICE News, Dr. Web, Pocketnow, Explica, Bleeping Computer, The Hacker News, Help Net Security, Security Affairs, The Record by Recorded Future, Security News | Tech Times
Apple released yesterday its new privacy feature for iPhone, which allows users to ban apps from tracking them across the Internet, highlighting the divergent and now contentiously opposed business models of Apple and Facebook. Facebook is highly dependent on tracking users to deliver targeted advertising, while Apple views its tighter privacy protection as a selling point for its phones and computers.
The relationship has become so rancorous that nine advertising industry associations filed a complaint against Apple in Germany over the introduction of its App Tracking Transparency feature, which is what allows consumers to bar advertiser tracking. (Mike Isaac, Jack Nicas / New York Times)
Nicole Perlroth wrote the definitive obituary for security researcher and hacker Daniel Kaminsky, noting that he is “hailed as a latter-day, digital Paul Revere after he found a serious flaw in the internet’s basic plumbing that could allow skilled coders to take over websites, siphon off bank credentials or even shut down the internet.”
Despite scurrilous rumors fostered by conspiracy theorists that Kaminsky died from an adverse coronavirus vaccine reaction, he died of diabetes ketoacidosis, a serious diabetic condition that led to his frequent hospitalization in recent years. (Nicole Perlroth / New York Times)
The REvil ransomware group that last week stole schematics from Apple supplier Quanta Computer and threatened to release the trove of documents has mysteriously removed all references related to the extortion attempt from its dark web blog.
The group demanded Quanta pay $50 million to recover the files but demanded that Apple pay that sum after Quanta refused. (Tim Hardwick / MacRumors)
Researchers from the University of Minnesota apologized to the maintainers of the Linux Kernel Project for intentionally including vulnerabilities in the project's code, which caused the open-source project to ban the school from contributing in the future.
The university’s project aimed to deliberately add use-after-free vulnerabilities to the Linux kernel in the name of security research. (Ravie Lakshmanan / The Hacker News)
Related: ZDNet Security
Microsoft announced that Microsoft Defender for Endpoint, the enterprise version of its Windows 10 Defender antivirus, now comes with support for blocking cryptojacking malware using Intel's silicon-based Threat Detection Technology (TDT).
Intel TDT is part of the Hardware Shield's suite of capabilities available on Intel vPro and Intel Core platforms. (Sergiu Gatlan / Bleeping Computer)
A rapidly spreading Android malware campaign known as FluBot that seeks to steal personal information, including bank details, is installed via text messages claiming to be from a delivery company that asks users to click a link to track package delivery.
The UK’s NCSC has issued guidance on how to identify and remove FluBot malware. (Danny Palmer / ZDNet UK)
Australian hospital and aged care service provider UnitingCare Queensland (UCQ) said that some of its digital and technology systems were rendered “inaccessible” by a cyber attack, presumably a ransomware attack, on Sunday.
All UCQ hospitals and aged care homes are working without IT systems until further notice. (Nathan Edwards / Nine News)
According to a redacted ruling by the Foreign Intelligence Surveillance Court, FBI personnel conducted queries of data troves containing Americans’ emails and other communications, seeking information without proper justification.
However, James E. Boasberg, the court’s presiding judge, approved the searches. “While the Court is concerned about the apparent widespread violations . . . it lacks sufficient information at this time” to assess the adequacy of FBI system changes and training, Boasberg wrote in his ruling. (Ellen Nakashima / Washington Post)
Data defense tech startup Cigent emerged from stealth with $7.6 million in a Series A funding round.
In-Q-Tel, CyberJunction, WestWave Capital, and several prominent individual investors participated in the funding round. (Derek Johnson / SC Magazine)
Related: PR Newswire