Master Decryptor for REvil Operation Released

FTC requires health apps and other devices to notify users of data disclosures, Feds warn of Zoho flaw, Republican Governors Association breached, Telegram emerges as hub for cybercrime, much more

Cybersecurity firm Bitdefender released a free master decryptor for the REvil ransomware operation that it developed in collaboration with a trusted law enforcement partner.

Although Bitdefender was mum on the details of how it developed the decryptor, the firm says that it works for all REvil victims encrypted before July 13th. (Lawrence Abrams / Bleeping Computer)

Related: Reddit - cybersecurity, E Hacking News, Bleeping Computer, Threatpost, TechTarget, Security Affairs, TechCrunch, HackRead, Reddit - cybersecurity, Cyberscoop, ZDNet Security, Security on TechRepublic, Bitdefender, iTech Post, IT Pro, Slashdot, Databreaches.net

In a 3-2 vote this week, the Federal Trade Commission agreed to clarify a decade-old rule to mandate that health apps and any high-tech device handling medical data need to notify users in cases where their data gets disclosed without their permission.

The FTC will add the new policy onto the Health Breach Notification Rule that the FTC first passed back in 2009. (Shoshana Wodinsky / Gizmodo)

Related: ZDNet Security, Cyberscoop, Beckers Hospital Review, Engadget, The Record, The Hill, Gizmodo, TechCrunch, HealthCareIT News, DataBreachToday.com, Slashdot, The Mac Observer, FTC

Security researchers at Lumen’s Black Lotus Labs have found a series of malware samples configured to infect the Windows Subsystem for Linux and then pivot to its native Windows environment.

BlackLotus Labs says that this activity appeared to be narrow in scope, with targets in Ecuador and France interacting with only a single routable malicious IP address. (Catalin Cimpanu / The Record)

Related: The Register - Security, Bleeping Computer, Lumen

In a joint advisory, the Federal Bureau of Investigation, the United States Coast Guard Cyber Command, and the Cybersecurity and Infrastructure Security Agency warned that state-backed advanced persistent threat (APT) actors are likely among those who’ve been actively exploiting a newly identified bug in a Zoho single sign-on and password management tool since early last month.

The vulnerability in the Zoho ManageEngine ADSelfService Plus platform can lead to remote code execution (RCE). Zoho issued a patch for the flaw last Tuesday. (Lisa Vaas / Threatpost)

Related: Bleeping Computer, Dark Reading, CISA, Security Affairs, Infosecurity Magazine, CISA

The Republican Governors Association said in a data breach notification submitted in Maine that hackers breached the association in February, potentially exposing the personal data of nearly 500 people affiliated with the organization.

The unknown hackers exploited a flaw in Microsoft Exchange Server that came to light in March when researchers discovered that Chinese state hackers were using it to infiltrate systems with spyware. Social security numbers may have been among the exposed data. (Kevin Collier / CNN)

Related: KAKE, Databreachtoday, Office of the Maine Attorney General

Researchers at Cisco Talos discovered a targeted phishing campaign aimed at the aviation industry, dubbed Operation Layover, that may have been spearheaded by a threat actor operating out of Nigeria.

The threat actor was not sophisticated and used off-the-shelf malware since the beginning of its activities without developing its own malware. the researchers said. (Ravie Lakshmanan / The Hacker News)

Related: Talos Intel, The Register - Security

An investigation by cybersecurity intelligence firm Cyberint and the Financial Times shows that the messaging app Telegram has exploded as a hub for cybercriminals looking to buy, sell and share stolen data and hacking tools.

Some cybercrime channels have tens of thousands of subscribers due to Telegram’s ease of use and light-touch moderation. One channel, called“combolist,” which had more than 47,000 subscribers, sold large data dumps of hundreds of thousands of leaked usernames and passwords. (Hannah Murphy / Financial Times)

Related: Engadget, Cybersecurity Insiders

In a new report, U.N. High Commissioner for Human Rights Michelle Bachelet called on member states to put a moratorium on the sale and use of artificial intelligence systems until the "negative, even catastrophic" risks they pose can be addressed.

The report warned of AI's use as a forecasting and profiling tool, saying the technology could have an impact on "rights to privacy, to a fair trial, to freedom from arbitrary arrest and detention and the right to life." (Scott Neuman / NPR)

Related: Silicon Republic, Daily Dot, United Nations

The Justice Department announced that a Pakistani man, Muhammad Fahd, who bribed AT&T employees to install malware on the company’s internal network, has been sentenced today to 12 years in prison. Fahd helped illegally unlock more than 1.9 million phones, causing the telco to lose more than $201 million.

Fahd, working with a now-deceased partner, was arrested in Hong Kong in 2018 and extradited to the US in August 2019. He pleaded guilty in September 2020. (Catalin Cimpanu / The Record)

Related: Hackers Review, Justice.gov

Endpoint security startup Kolide announced that it had closed a $17 million Series B financing round.

OpenView Partners led the round, with Matrix Partners participating. (Kyle Wiggers / Venture Beat)

Related: FinSMEs

Photo by Vanna Phon on Unsplash