Russia-Based Hacking Group Released Pro-Brexit Leaders' Emails on Leak Site
Twitter to pay $150 million to settle government privacy lawsuit, Nigeria arrests likely SilverTerrier leader, Spain's PM to implement reforms in wake of Pegasus scandal, ProtonMail is now Proton, mor
Check out my latest CSO column, which examines how the Ukrainian tractor bricking incident reported earlier this month points to possible security threats to the agriculture industry.
A new website called Very English Coop d'Etat that published leaked emails from several leading proponents of Britain's exit from the European Union is tied to a Russia-based hacking group called Cold River, according to Google’s Threat Analysis Group and the former head of UK foreign intelligence Richard Dearlove.
The website published private emails from Dearlove, leading Brexit campaigner Gisela Stuart, pro-Brexit historian Robert Tombs, and other supporters of Britain's separation from the EU. The emails mainly appear to have been exchanged using ProtonMail. The site contends it is part of a group of hardline pro-Brexit figures secretly calling the shots in the United Kingdom.
Thomas Rid, a cybersecurity expert at Johns Hopkins University, said, "What jumps out at me is how similar the M.O. is to Guccifer 2 and DCLeaks," he said, referring to two of the sites that disseminated leaked emails stolen from Democrats in the run-up to the 2016 U.S. presidential election. (Raphael Satter, James Pearson, and Christopher Bing / Reuters)
Raphael Satter @razhaelNew & developing story: A leak website has emerged and is distributing private emails from high-profile Brexit supporters, including ex-MI6 boss Richard Dearlove. Dearlove blames Moscow. And now Google's Threat Analysis Group backs his assessment. https://t.co/rmkFF3RyGJ
In one of the most significant privacy settlements involving a tech company, the Federal Trade Commission (FTC) and the Justice Department announced that Twitter would pay a $150 million fine to settle allegations that it deceptively used email addresses and phone numbers it had collected to target advertising.
The regulators said the company is also banned from profiting off the “deceptively collected” data and be required to notify the more than 140 million users who were affected that it used their phone numbers and email addresses for advertising. The Twitter fine is significantly smaller than the $5 billion fine that the FTC imposed on Facebook in 2019 but is slightly higher than the 2018 settlement that states reached with Uber over a 2016 data breach. (Cat Zakrzewski / Washington Post)
Related: News : NPR, 9to5Mac, Bleeping Computer, UPI.com, CNBC Technology, The Block, Motherboard, Courthouse News Service, protocol, Engadget, Insider Paper, Reuters: World News, Technology News | Boston.com, The New Daily, Associated Press Technology, The Independent, Security Week, Business Insider, Variety, Washington Examiner, Washington Post, DNA India, Variety, Insider Paper, Technology | The Hill, Telecompaper Headlines, UPI.com, UPI.com, CNBC, The Hacker News, Courthouse News Service, Protocol, Pixel Envy, 9to5Mac, OpIndia, Washington Examiner, Business Insider, The Financial Express, Silicon Republic, Mashable, TechDator, Tech Xplore, Technology News | Boston.com, Associated Press Technology, The New Daily, The Independent, Security Week, iTech Post : Latest News, CNN, Federal Trade Commission, Justice Department
After a year-long investigation codenamed Delilah, the Nigeria Police Force has arrested an individual believed to be in the top ranks of a significant business email compromise (BEC) group known as SilverTerrier or TMT.
Palo Alto Networks and Group IB collaborated with Interpol for Operation Delilah and cybersecurity company Trend Micro, providing threat intelligence, telemetry data, and other insights about BEC actors. This latest operation follows two other Interpol operations, Falcon I in 2020 and Falcon II in 2021, which resulted in the arrest of 14 SilverTerrier members. The individual arrested in March escaped the arrest during the Falcon II operation by fleeing Nigeria in June 2021, and he was caught when trying to get back home. (Ionut Ilascu / Bleeping Computer)
Privacy-focused email provider ProtonMail is rebranding itself simply as Proton, emphasizing its whole suite of privacy-focused services and updating its plans.
The company has a new website (proton.me), and both new and existing users can use the @proton.me address rather than the old @protonmail.com option. In addition, proton now offers Free, Mail Plus, and Unlimited tiers. The new free tier expands storage to 1GB but remains relatively constrained, with users able to send only 150 messages per day and have three labels and folders, for example. (Nathan Ingraham / Engadget)
Researchers from Crowdstrike observed a threat actor that focused mainly on targeting Linux and Solaris systems using the custom-built BPFDoor implant on telecommunications providers to steal personal user information (e.g., call detail records, data on specific phone numbers).
The company is tracking the backdoor under the name JustForFun and attributes it to an adversary they refer to as DecisiveArchitect. They have provided details about how defenders can detect the BPFDoor implant and highlight techniques used across Solaris systems. (Ionut Ilascu / Bleeping Computer)
Spain’s Prime Minister said that his government would “strengthen judicial control” over its secret services in the wake of a scandal over the hacking of the mobile phones of top politicians with Israeli-produced spyware.
“It is a question of strengthening the guarantees of this control but also of ensuring maximum respect for the individual and political rights of people,” Sanchez told parliament as he announced the reform. (AFP)
Related: Al Jazeera
Europa Press @europapressSánchez dice que desconocía el espionaje a independentistas y cuestiona la metodología del informe de Citizen Lab https://t.co/ufavh8Kgle
Developers for Tails (short for The Amnesic Incognito Live System) warned users to stop using the portable Debian-based Linux distro until the next release if they enter or access sensitive information using the bundled Tor Browser application.
Researchers at Red Canary report that the ChromeLoader malware is seeing an uptick in detections this month, following a relatively stable volume since the start of the year, causing the browser hijack to become a widespread threat.
ChromeLoader is a browser hijacker that can modify the victim's web browser settings to show search results that promote unwanted software, fake giveaways and surveys, and adult games and dating sites. The operators of the hijacker use a malicious ISO archive file to infect their victims, which masquerades as a cracked executable for a game or commercial software, so the victims likely download it themselves from torrent or malicious sites. (Bill Toulas / Bleeping Computer)
Related: Red Canary
Operational technology and critical infrastructure security solutions provider Xona announced it had raised $7.2 million in a Series A venture funding round.
DataTribe Opportunities Fund led the round with participation from TFX Capital and individual investors. (Matt Hooke / Biz Journals)