Cybersecurity firm Bitdefender released a free master decryptor for the REvil ransomware operation that it developed in collaboration with a trusted law enforcement partner.

Although Bitdefender was mum on the details of how it developed the decryptor, the firm says that it works for all REvil victims encrypted before July 13th. (Lawrence Abrams / Bleeping Computer)

Related: Reddit - cybersecurity, E Hacking News, Bleeping Computer, Threatpost, TechTarget, Security Affairs, TechCrunch, HackRead, Reddit - cybersecurity, Cyberscoop, ZDNet Security, Security on TechRepublic, Bitdefender, iTech Post, IT Pro, Slashdot, Databreaches.net

Raj Samani @Raj_Samani

Kudos to @Bitdefender - remember #dontpay #nomoreransom

EC3 @EC3Europol

🎴Great news for the victims affected by #ransomware #REvil (aka #Sodinokibi)🎴 We have added a new decryption tool to the #NoMoreRansom portal, courtesy of @Bitdefender Would you like to regain control of your encrypted files for free? Visit https://t.co/5jxZ2lkEvn #DontPay https://t.co/wu9d24ZGQc

September 16th 2021

3 Retweets6 Likes

In a 3-2 vote this week, the Federal Trade Commission agreed to clarify a decade-old rule to mandate that health apps and any high-tech device handling medical data need to notify users in cases where their data gets disclosed without their permission.

The FTC will add the new policy onto the Health Breach Notification Rule that the FTC first passed back in 2009. (Shoshana Wodinsky / Gizmodo)

Related: ZDNet Security, Cyberscoop, Beckers Hospital Review, Engadget, The Record, The Hill, Gizmodo, TechCrunch, HealthCareIT News, DataBreachToday.com, Slashdot, The Mac Observer, FTC

Security researchers at Lumen’s Black Lotus Labs have found a series of malware samples configured to infect the Windows Subsystem for Linux and then pivot to its native Windows environment.

BlackLotus Labs says that this activity appeared to be narrow in scope, with targets in Ecuador and France interacting with only a single routable malicious IP address. (Catalin Cimpanu / The Record)

Related: The Register - Security, Bleeping Computer, Lumen

rootsecdev @rootsecdev

Theory confirmed: Lumen Black Lotus Labs discovers Linux executable files have been deployed as stealth Windows loaders Theory confirmed: Lumen Black Lotus Labs discovers Linux executable files have been deployed as stealth Windows loadersBlack Lotus Labs, the threat intelligence arm of Lumen Technologies (NYSE: LUMN), has proven what was previously just a theory: threat actors can use a Linux...finance.yahoo.com

September 16th 2021

5 Retweets21 Likes

In a joint advisory, the Federal Bureau of Investigation, the United States Coast Guard Cyber Command, and the Cybersecurity and Infrastructure Security Agency warned that state-backed advanced persistent threat (APT) actors are likely among those who’ve been actively exploiting a newly identified bug in a Zoho single sign-on and password management tool since early last month.

The vulnerability in the Zoho ManageEngine ADSelfService Plus platform can lead to remote code execution (RCE). Zoho issued a patch for the flaw last Tuesday. (Lisa Vaas / Threatpost)

Related: Bleeping Computer, Dark Reading, CISA, Security Affairs, Infosecurity Magazine, CISA

US-CERT @USCERT_gov

📢 Just Released! Check out the Joint Cybersecurity Advisory from @FBI, @CISAgov, and @USCG Cyber Command on Zoho ManageEngine ADSelfService Plus and immediately update to Build 6114 to avoid active #APT exploitation. us-cert.cisa.gov/ncas/alerts/aa… #Cybersecurity #InfoSec #TTPs

September 16th 2021

50 Retweets51 Likes

The Republican Governors Association said in a data breach notification submitted in Maine that hackers breached the association in February, potentially exposing the personal data of nearly 500 people affiliated with the organization.

The unknown hackers exploited a flaw in Microsoft Exchange Server that came to light in March when researchers discovered that Chinese state hackers were using it to infiltrate systems with spyware. Social security numbers may have been among the exposed data. (Kevin Collier / CNN)

Related: KAKE, Databreachtoday, Office of the Maine Attorney General

Researchers at Cisco Talos discovered a targeted phishing campaign aimed at the aviation industry, dubbed Operation Layover, that may have been spearheaded by a threat actor operating out of Nigeria.

The threat actor was not sophisticated and used off-the-shelf malware since the beginning of its activities without developing its own malware. the researchers said. (Ravie Lakshmanan / The Hacker News)

Related: Talos Intel, The Register - Security

An investigation by cybersecurity intelligence firm Cyberint and the Financial Times shows that the messaging app Telegram has exploded as a hub for cybercriminals looking to buy, sell and share stolen data and hacking tools.

Some cybercrime channels have tens of thousands of subscribers due to Telegram’s ease of use and light-touch moderation. One channel, called“combolist,” which had more than 47,000 subscribers, sold large data dumps of hundreds of thousands of leaked usernames and passwords. (Hannah Murphy / Financial Times)

Related: Engadget, Cybersecurity Insiders

Arrowz @TanArrowz

“We’ve recently been witnessing a 100%-plus rise in Telegram usage by cybercriminals. Its encrypted msging serv is increasingly popular among threat actors conducting fraud activity and selling stolen data as it’s more convenient to use than the dark web” Subscribe to read | Financial TimesNews, analysis and comment from the Financial Times, the worldʼs leading global business publicationon.ft.com

September 17th 2021

2 Retweets3 Likes

In a new report, U.N. High Commissioner for Human Rights Michelle Bachelet called on member states to put a moratorium on the sale and use of artificial intelligence systems until the "negative, even catastrophic" risks they pose can be addressed.

The report warned of AI's use as a forecasting and profiling tool, saying the technology could have an impact on "rights to privacy, to a fair trial, to freedom from arbitrary arrest and detention and the right to life." (Scott Neuman / NPR)

Related: Silicon Republic, Daily Dot, United Nations

The Justice Department announced that a Pakistani man, Muhammad Fahd, who bribed AT&T employees to install malware on the company’s internal network, has been sentenced today to 12 years in prison. Fahd helped illegally unlock more than 1.9 million phones, causing the telco to lose more than $201 million.

Fahd, working with a now-deceased partner, was arrested in Hong Kong in 2018 and extradited to the US in August 2019. He pleaded guilty in September 2020. (Catalin Cimpanu / The Record)

Related: Hackers Review, Justice.gov

Endpoint security startup Kolide announced that it had closed a $17 million Series B financing round.

OpenView Partners led the round, with Matrix Partners participating. (Kyle Wiggers / Venture Beat)

Related: FinSMEs

Photo by Vanna Phon on Unsplash