JBS Says Most Meat Processing Will Resume Today Following Ransomware Attack
DoJ takes control of two SolarWinds hackers' C2 domains, Firefox will make Total Cookie Protection default mode, Hacker behind @Flatl1ne Twitter account arrested om Russia, more
Know a student or other learner who would benefit from Metacurity’s daily incisive summaries of the top infosec developments? Consider giving them a gift subscription.
The ransomware attack on JBS SA, which forced the world’s largest meat processor to shut down production in Australia and North America and at one meat plant in Canada, is attributable to a Russia-linked hacking group known as REvil or Sodinokibi, according to multiple sources. JBS said that it expected to resolve the crisis today when “the vast majority” of its plants become operational again.
REvil has yet to post a blog item dedicated to JBS, and it’s unclear how the short shutdown will impact meat prices. (Mike Dorning, Fabiana Batista, Sybilla Gross / Bloomberg Quint)
Related: Al Jazeera English, The Hill: Cybersecurity, Verdict, Business Standard, SiliconANGLE, Japan Today, Washington Post, Huffington Post, Forbes, UPI.com, Telecomlive.com, South China Morning Post, CBSNews.com, Bloomberg, Fox Business, Evening Standard, Associated Press, Euro News, USA Today, Axios, RTE, PC Risk, France 24, CyberNews, Telecomlive.com, NDTV Gadgets360.com, BBC News - World, Silicon UK, Technology Decisions, Information Age, BBC News - World, E Hacking News, Foreign Policy, Eurasia Review, euronews, Reddit-hacking, Raw Story, CISO MAG, SecureReading, Exploit One, Gizmodo, CBSNews.com, Washington Post, News.com.au, AP Top News, SecurityWeekFinancial Times, Newsweek, The Intercept, SC Magazine, The Independent, Dark Reading: Attacks/Breaches, Miami Herald, SecurityWeek, DataBreachToday.com, TechCentral.ie, New York Post, The Huffington Post, The Sun, RT News, Web Pro News, The Huffington Post, Politico, Associated Press Technology, The Guardian, Al Jazeera English, HotHardware.com, Enterprise Times, New York Post, Cyberscoop, Forbes, Business Insider, Gizmodo, The Hill: Cybersecurity, MSSP Alert, AOL, Vox, isssource.com, VICE News, The Crime Report, Chicago Sun-Times - All, Security Affairs, Input, The Record by Recorded Future, Engadget, Graham Cluley, News: NPR, NBC News Top Stories, The Mac Observer, SecurityWeek, Verdict, PYMNTS.com, DataBreaches.net, Reddit - cybersecurity, Cyber News Group, Threatpost, Beef Central
The U.S. Department of Justice (DoJ) has taken control of two command-and-control (C2) and malware distribution domains used in a new spear-phishing campaign by the Russian hackers who breached SolarWinds IT management software. First flagged by Microsoft, that campaign mimicked email communications from the U.S. Agency for International Development (USAID).
DoJ said its seizure is “aimed at disrupting the malicious actors’ follow-on exploitation of victims, as well as identifying compromised victims” but that “the actors may have deployed additional backdoor accesses between the time of the initial compromises and last week’s seizures.” (Ravie Lakshmanan / The Hacker News)
Starting with the just-released Firefox 89 version, users will be protected against cross-site tracking automatically while browsing the Internet in Private Browsing mode because Firefox’s Total Cookie Protection will be enabled by default in Private Browsing windows.
With Total Cookie Protection, all websites are forced to keep their cookies in separate "jars," thus preventing them from tracking you across the web and building browsing profiles. (Sergiu Gatlan / Bleeping Computer)
Russian hacker Pavel Sitnikov, known primarily for operating the now-suspended @Flatl1ne Twitter account and the Freedom F0x Telegram channel, has been arrested in Russia on charges of distributing malicious software via his Telegram channel.
Sitnikov was allegedly charged for posting the source code of the Anubis banking trojan on Freedom F0x, a Telegram channel where Sitnikov often posted data leaks and malware sources. But the hacker’s wife says he was arrested related to a post her husband made on December 9, 2021, when he shared a download link to the personal data of more than 300,000 COVID-19 patients registered with the Moscow Department of Health. Sitnikov faces up to five years in prison. (Catalin Cimpanu / The Record)
Last week, the Swedish Public Health Agency (Folkhälsomyndigheten) shut down SmiNet, the country's infectious diseases database saying it had been targeted in several hacking attempts.
The agency could not report complete COVID-19 stats starting with Wednesday at 4 PM due to the database shut down and no updates are planned. (Sergiu Gatlan / Bleeping Computer)
Researchers at Cofense have observed a new phishing campaign that attempts to gather login credentials from employees returning to work after the pandemic using emails that pose as the Chief Information Officer (CIO).
The campaign exploits the post-pandemic workplace by having the fake CIO explain the new precautions and changes to business operations the company is taking relative to the pandemic. (Carly Page / TechCrunch)
Threat intelligence and data recovery start-up Redacted came out of stealth with an announcement of a $35 million Series B venture capital funding round.
The round was led by Ten Eleven Ventures, with participation from Valor Equity Partners and SVB Capital. (Ingrid Lunden / TechCrunch)
Cybersecurity monitoring and data analysis automation company Exabeam raised $200 million a Series F funding round.
The round was led by the Owl Rock division of Blue Owl Capital and supported by existing investors Acrew Capital, Lightspeed Venture Partners, and Norwest Venture Partners. (Exabeam)