FBI Shares 4.3 Million EMail Addresses Obtained During Emotet Takedown With HaveIBeenPwned
Cellebrite's security weaknesses cited in guilty verdict set-aside request, Nearly 75% of banks and insurers hit with cybercrime during pandemic, Warner readies mandatory breach reporting bill, more
Know someone who would benefit from Metacurity? Please give them a gift subscription today!
The FBI has provided HaveIBeenPwned (HIBP) 4,324,770 email addresses it obtained in partnership with the Dutch National High Technical Crimes Unit (NHTCU), German Federal Criminal Police Office (BKA), and other international law enforcement agencies during the take-down of the Emotet gang’s infrastructure.
The addresses come from two different corpora of data: Email credentials stored by Emotet for sending spam via victims' mail providers and web credentials harvested from browsers that stored them to expedite subsequent logins. Subscribers to the HIBP service that were impacted by the Emotet breach have already been alerted. (Troy Hunt / Troy Hunt’s Blog)
After Moxie Marlinspike, the founder of encrypted messaging app Signal, found security issues with mobile phone forensics hardware made by Cellebrite, a defense attorney asked a judge to set aside his client’s guilty verdict and order a new trial because the state’s case relied heavily on Cellebrite evidence.
"In essence, internal security on Cellebrite devices is so poor that any device that is examined may, in turn, corrupt the Cellebrite devices and affect all past and future reports," the attorney’s motion reads. (Joseph Cox / Motherboard)
According to a BAE Systems Applied Intelligence study, almost three-quarters (74 percent) of banks and insurers have experienced a rise in cybercrime since the COVID-19 pandemic began.
Unfortunately, BAE’s survey of over 900 organizations in the financial sector also shows IT security, cybercrime, fraud, or risk department budgets had been cut by almost a third (26 percent) in the past 12 months. (Ian Barker / Beta News)
Senate Intelligence Committee Chairman Mark Warner (D-VA) said that he is working on a mandatory data breach reporting bill.
Warner compared his idea with that of reporting breaches to the federal government to the National Transportation Safety Board, but with the goal of catching a breach before it occurs. (Maggie Miller / The Hill)
TikTok announced it would open a center in Europe where it will show outside experts information on how it approaches content moderation and recommendation and platform security and user privacy.
TikTok’s European Transparency and Accountability Centre (TAC) follows the opening of a similar center in the U.S. last year. (Natasha Lomas / TechCrunch)
Trend Micro researchers say that a new ransomware operation tracked by security vendors under the codenames of Hello or the WickrMe continues to target Microsoft Sharepoint servers.
In April 2020, Microsoft published a blog post urging administrators to patch a collection of vulnerabilities, including CVE-2019-0604, which the OS maker believed would soon be targeted by ransomware groups. (Catalin Cimpanu / The Record)
Privacy analysis firm AppCensus says that the Android version of Google and Apple’s COVID-19 exposure notification app had a privacy flaw that let other preinstalled apps potentially see sensitive data, including if someone had been in contact with a person who tested positive for COVID-19.
AppCensus alerted Google to the problem in February after testing it as part of its contract with the Department of Homeland Security. Google had repeatedly dismissed the firm’s concerns about the bug until The Markup contacted Google for comment on the issue late last week. (Alfred Ng / The Markup)
Endpoint management company Automox raised $110 million in a Series C venture funding round.
Insight Partners led the round with participation by Koch Disruptive Technologies and TechOperators. (Kyle Wiggers / Venture Beat)
Related: Daily Camera
According to a quarterly report from Coveware, the average demand for a digital extortion payment shot up in the first quarter of this year to $220,298, up 43% from the previous quarter.
The majority of ransomware attacks in the first quarter also involved the theft of corporate data, according to Coveware. (Shannon Vavra / Cyberscoop)
The Australian government will establish three ‘cyber hub’ pilots in some of Canberra’s largest IT shops to provide cybersecurity services to agencies with fewer resources.
The hubs will help “leading agencies such as Defence, Home Affairs and Services Australia” to provide services to agencies without the “breadth and depth of skills,” according to Employment minister Stuart Robert. (Justin Hendry / itNews)