Microsoft to Let Users Go Passwordless
Customer support and sales service company TTEC grappling with a ransomware attack, American firm Accuvant provided iPhone hacking tool to UAE, Anonymous claims of Epik hack verified, much more
After running a pilot program earlier this year, Microsoft announced that it would let users remove the passwords from their Microsoft accounts and go passwordless.
Under the new passwordless option, Microsoft will instead allow users to choose other authentication options, including security keys, verification codes sent via email or SMS, the Windows Hello biometric system, or the Microsoft Authenticator Mobile app. (Catalin Cimpanu / The Record)
Related: Security Week, Reddit - cybersecurity, Bleeping Computer, ZDNet Security, The Record by Recorded Future, Microsoft Malware Protection Center, MSSP Alert, Business Wire Technology: Security News, Reddit - cybersecurity, Reddit - cybersecurity, TechCrunch, Security on TechRepublic, Security Week, USA Today, Ars Technica, Security Affairs, gHacks, SD Times, Silicon Republic, Security on TechRepublic, BBC, Healthcare Infosecurity, Security Week, HotHardware.com, SD Times, Input, SlashGear » security, SlashGear » security, Dark Reading, DataBreachToday.com, San Jose Business News, Tech.Co, gHacks, Security Affairs, TechDator, Engadget
President Biden announced a new working group with the UK and Australia, dubbed AUKUS, to share information and know-how in key technological areas such as artificial intelligence, cybersecurity, quantum, underwater systems, long-range strike capabilities, and, in particular, nuclear submarines.
Although the countries do not explicitly mention China, the pact is widely seen countering China’s growing provocations in the East China sea. (Alexander Ward and Paul McCleary / Politico)
Related: POLITICO EU, Axios, The Sun, RT News, WebProNews, Japan Today, Business Insider, rthk.hk World News, Axios, The New Daily, USNI News, EurAsian Times, RT News, EurAsian Times, ZDNet Security, Washington Examiner, Digital Journal, Devdiscourse News Desk, Devdiscourse News Desk, Digital Journal, The Diplomat, Gov.uk
Customer support and sales service company TTEC is dealing with the fallout from a ransomware attack that began on September 12.
The attack was ostensibly launched by the Ragnar Locker group or an entity posing as Ragnar. However, TTEC says it has launched an investigation that has not identified compromise to clients’ data. (Brian Krebs / Krebs on Security)
ExpressVPN said it was aware of the "key facts" of its chief information officer Daniel Gericke's previous employment before hiring him. Gericke was one of the three men who the U.S. Justice Department fined for breaking into computers in the U.S. and worldwide on behalf of the United Arab Emirates as part of Project Raven.
"We were confident at the time and continue to be confident now in Daniel’s desire and ability to contribute to our mission of enabling users to better protect their privacy and security. He has demonstrated nothing but professionalism and commitment to advancing our ability to keep user data safe and private. Our trust in Daniel remains strong," ExpressVPN said in a statement. (Joseph Cox / Motherboard)
An American firm named Accuvant, which is now part of a larger company called Optiv, sold a stealthy and powerful iPhone hacking tool to the United Arab Emirates for $1.3 million. A trio of American mercenaries who were fined by the Justice Department earlier this week used the tool on behalf of the UAE to spy on targets worldwide.
The iMessage exploit was the primary weapon in an Emirati program called Karma, which was run by DarkMatter, an organization that posed as a private company but was a de facto spy agency for the UAE. (Patrick Howell O'Neill / MIT Technology Review)
The South African Department of Justice confirmed that its systems had been breached last Monday, leading to“all information systems being encrypted and unavailable to both internal employees as well as members of the public.” However, the Department contends it has not received a ransom note.
“We haven’t paid and nobody has requested any money from us,” said Steve Mahlangu of the DOJ. “We don’t have any information for now (about the identity of the hackers).” (Mfuneko Toyana / Business Maverick)
Email security company INKY discovered that shortly after the Senate passed the $1 trillion infrastructure bill, hackers posing as Transportation Department officials offered fake project bid opportunities to seduce companies into handing over Microsoft credentials.
As part of the timely, current events-based scam, the malicious actors sent phishing emails from a “transportationgov.net” domain that mimics an authentic government website and includes a link to a big blue button reading “CLICK HERE TO BID.” (Tim Starks / Cyberscoop)
Food delivery company DoorDash has filed a lawsuit against New York City over a new law that requires it to share customer data with restaurants.
DoorDash argues that it violates an obligation to protect its customers’ sensitive data, including customers’ names, phone numbers, emails, and delivery addresses. In its complaint, DoorDash argues that its customers “would not entrust [the data] to small businesses that do not have similar robust data safety and security protocol.” (Kim Lyons / The Verge)
Data obtained and reviewed by The Record confirms the veracity of hacktivist group Anonymous’ claims that they hacked far-right web hosting company and domain registrar Epik.
Based on the timestamps, the leaked data took place on February 28. Most of the archived data contain what the hackers claimed, including SSH keys, source code, email inbox contents, and many private keys, which neither the hackers nor The Record could link to anything. The Epik leak, codenamed EpikFail, is part of the Anonymous group’s #OperationJane, a campaign aimed to protest the recently approved Texas Senate Bill 8, which, for all intents and purposes, bans abortions in Texas. (Catalin Cimpanu / The Record)
Hackers stole the personal data of around 1.4 million people who took Covid-19 tests in the Paris region in the middle of 2020. That data was stolen from the Paris public hospital system, AP-HP.
The stolen data include the names, social security numbers, contact information, and results for those tested in mid-2020 in the Paris area and the names and contact information for the health professionals treating them. (Sarah Elzas / RFI)
Related: The Local
The House Homeland Security Committee approved an additional $865 million in the Cybersecurity and Infrastructure Security Agency funding.
Much of the money, $400 million, is obligated to help CISA meet PresidentBiden’s May cybersecurity executive order on improving the nation’s cybersecurity. In particular, funds would be dispersed for “the implementation of multi-factor authentication, endpoint detection and response, improved logging, and securing cloud systems.” (Frank Konkel / NextGov)
Data backup and recovery startup Rewind raised $65 million in a Series B venture funding round.
Bessemer Venture Partners, FundFire, Inovia Capital, Ridge Ventures, ScaleUp Ventures, and Union Ventures participated in the oversubscribed round. Atlassian Ventures also made a strategic investment. (MarTechSeries)
Former Amazon cloud executive Charlie Bell said he had joined Microsoft Corp to lead a newly formed role overseeing cybersecurity operations.
Bell will report directly to Microsoft Chief Executive Officer Satya Nadella. (Dina Bass / Bloomberg)
Capgemini Government Solutions said it has a deal to acquire cybersecurity and software contractor VariQ for an undisclosed sum.
Capgemini says that the transaction is expected to strengthen the company’s position in the Federal market and build momentum for continued growth. (Jackson Barnett / Fedscoop)