Operation Trojan Shield Ensnared Cybercrime Rings Across 16 Countries

Apple outlines new customer data protections, Cyberattack hobbles New York City's law department, Evil Corp rebrands malware, Massive Russian spearphishing campaign targets Ukraine, more

Check out our special report on the feds’ seizure of DarkSide’s alleged bitcoin wallet. Also, check out my CSO column from this morning on why the FBI might be so mysterious about the details of this seizure.

A global sting operation, called Operation Trojan Shield, involving an encrypted communications platform called ANOM developed by the FBI, has delivered a blow to cybercrime rings across 16 countries. More than 800 suspects were arrested, and more than 32 tons of illegal drugs were seized along with 250 firearms, 55 luxury cars, and more than $148 million in cash and cryptocurrencies.

The FBI led the operation and involved the U.S. Drug Enforcement Administration, Europol, and law enforcement agencies in more than a dozen countries. Operation Trojan Shield began after law enforcement agencies took down two other encrypted platforms popular among cybercriminals, EncroChat and Sky ECC, earlier this year. (Mike Corder, Nick Perry / Associated Press)

Related: Security News | Tech TimesRTEAxiosMalay Mail - AllDaily MailFrance 24The AgeNew York PostThe GuardianThe New DailyWA TodayNBC News Top StoriesBloomberg PoliticsJapan TodayCTVNews.ca, EURACTIV.comChannel News AsiaEuropolrthk.hk World NewsTODAYonlineintelNews.orgNord NewsNL Times, ZDNet SecurityThe Record

At its annual Worldwide Developers Conference, Apple outline new plans to increase user privacy and protect customers’ data, including the ability for users to scan ID cards in participating U.S. states and keep them in encrypted wallets.

Apple has also updated the paid version of its iCloud storage service to include a service that obscures a use’ Web-browsing habits, even from Apple. Another new iCloud feature will let users hide their real email addresses. (Stephen Nellis / Reuters

Related:  TechCrunchAppleInsiderThe GuardianTechCrunchSlashGeariPhone HacksEvening StandardAd WeekSlashGearThe Apple PostAppleInsiderCNET NewsiClarifiediPhone in Canada Blog9to5Macxda-developersSlashGearMarketwatchThe Mac ObserverMobileSyrup.comRedmond PieNew York TimesReutersDevdiscourse News DeskiNewsCult of MaciMoreMacworldxda-developersTrusted ReviewsTech XploreAssociated Press TechnologyExplicaChannel News AsiaCNET NewsMacRumorsThe Apple Post,  AppleInsiderMashableSlashdot9to5Mac, The Verge

Apple settled a case with a 21-year-old woman after two repair technicians uploaded personal explicit images and videos to her Facebook account from her phone during the repair process.

Apple said it fired the two employees and had taken steps to strengthen its vendor protocols. (James Titcomb / Telegraph)

Related: Cult of Mac9to5Mac,  iMoreiPhone HacksTechNaduThe Apple PostiPhone HacksSlashGearTechSpotMacworldMacRumorsTrusted ReviewsTech InsiderTechNaduThe Mac ObserverThe Mac Observerxda-developers, BGRThe LoopInvestor's Business DailydiginomicaTIMEWRAL Tech WireInvezzWCCFtechProtocolPocket-lint

A cyberattack, possibly a ransomware attack, has hobbled the New York City government’s 1,000-lawyer strong law department, leaving attorneys unable to access sensitive documents and possibly exposing private personnel data.

Mayor Bill de Blasio said that the city has yet to find any evidence Law Department information has been compromised. (Michael Gartland, Stephen Rex Brown, Clayton Guse, Shant Shahrigian / New York Daily News)

Related: New York TimesFox Business

Code repository GitHub updated its community guidelines that explain how the company will deal with exploits and malware samples hosted on their service.

The new guidelines respond to criticism leveled at Microsoft-owned GitHub after removing a proof-of-concept exploit (PoC) in March for the Microsoft Exchange ProxyLogon vulnerability. (Lawrence Abrams / Bleeping Computer)

Related: TechradarZDNetSecurityWeek

The Evil Corp gang, also known as Indrik Spider and the Dridex gang, rebranded its ransomware to mimick PayloadBIN ransomware to evade sanctions imposed by the US Treasury Department's Office of Foreign Assets Control (OFAC).

Fabian Wosar of Emsisoft and Michael Gillespie of ID Ransomware confirmed that the ransomware rebrands Evil Corp's previous ransomware operations. (Lawrence Abrams / Bleeping Computer)

Related: DataBreachToday.comDataBreaches.net

According to alerts published by the Ukrainian Secret Service, Ukrainian Cyber Police, and CERT Ukraine, a “massive” spear-phishing operation was carried out by Russian threat actors against the Ukrainian government and the private sector.

The operation took place in June, and the attackers sent emails posing as representatives for the Kyiv Patrol Police Department, warning recipients of their failure to pay local taxes. (Catalin Cimpanu / The Record)

Related: Security Affairs

An investigation by the Washington Post discovered that almost 2% of the top 1,000 highest-grossing apps on Apple’s app store are scams.

Those apps have bilked consumers out of an estimated $48 million during the time they’ve been on the App Store, according to market research firm Appfigures, with Apple taking up to 30% of the apps’ revenue from its App Store. (Reed Albergotti and Chris Alcantara / Washington Post)

Related: Security News | Tech TimesMacRumorsUbergizmoGizchina.com

Bain Capital Private Equity and Crosspoint Capital Partners have agreed to acquire cybersecurity company ExtraHop for $900 million.

ExtraHop provides network detection and response services, including combating ransomware attacks. (Laura Cooper / Wall Street Journal)

Related: Geekwire, Crunchbase

Photo by Bill Oxford on Unsplash