Russia-Linked BlackMatter Gang Demands $5.9 Million in Ransom From Iowa Grain Cooperative

BlackMatter also hit Marketron with an attack, Authorities arrest 106 people in Spain for alleged SIM swapping and BEC, Epik breach impacts 15m users, iOS 15 has lock screen bypass, much more

In a test of Joe Biden’s ultimatum that Russia rein in its ransomware actors, a Russia-linked ransomware group called BlackMatter launched an attack last Friday against a grain cooperative in Iowa called New Cooperative. The cooperative is considered to be in a protected critical infrastructure sector, food and agriculture, that Biden seeks to protect.

However, in a conversation with Bloomberg, Black Matter says that while it steers clear of hospitals, the defense industry, and the government, β€œThe volumes of [the grain cooperative] do not correspond to the volume to call them critical.”

BlackMatter is linked to the ransomware group DarkSide, which attacked Colonial Pipeline earlier this year. The threat actors are demanding a $5.9 million ransom. New Cooperative, which has over 50 locations across Iowa and is among the larger crop buyers from its farmer members, says it is working with authorities to resolve the situation. In the meantime, it is reportedly trying to create workarounds to get feed to animals while its systems are down. (William Turton / Bloomberg)

Related: IT Pro, DataBreaches.net, Slashdot, Reuters, Cyberscoop, The Hill: Cybersecurity, Associated Press, WSJ Pro - Cybersecurity - Home, Mac Observer, Bleeping Computer, DataBreaches.net, Slashdot, IT Pro, TXplore, Infosecurity Magazine

Europol, Italy's Polizia di Stato, and Spain's Policia Nacional announced a joint operation that resulted in the arrests of 106 people on the island of Tenerife, Spain who are accused of SIM swapping and business email compromise.

Europol said it seized "224 credit cards, SIM cards and point-of-sale terminals, a marihuana plantation, and equipment for its cultivation and distribution." Authorities say the alleged criminals were also involved in two homicides, violent extortion, and robberies against local businesses in Tenerife. (Lorenzo Franceschi-Bicchierai / Motherboard)

Related: Reddit-hacking, Europol, Security Affairs, The Hacker News, Homeland Security Today, Euro Weekly News Spain, Cyberscoop, Bleeping Computer, Motherboard, The Record by Recorded Future, ZDNet, Europol, ZDNet, Security Week, Silicon Republic, Graham Cluley, Infosecurity Magazine

The data that hacktivist group Anonymous stole in a hack of hard-right domain registrar and web services provider Epik impacts 15 million users, including non-customers. The non-customers appear in the data cache because Epik scraped and stored WHOIS records of domains, even those not owned by the company.

Troy Hunt’s HaveIBeenPwned data monitoring service has begun sending out alerts to millions of email addresses exposed in the Epik hack. Epik confirmed the breach and is sending emails to notify impacted parties about an β€œunauthorized intrusion.” (Ax Sharma / Ars Technica)

Related: Geek News Central

The BlackMatter ransomware gang hit broadcast organization traffic management tool provider Marketron with a ransomware attack over the weekend.

Company CEO Jim Howard sent an email to customers saying that β€œthe Russian criminal organization BlackMatter” was responsible for the attack. Howard said the company is communicating with the hackers and the Federal Bureau of Investigation (FBI) and is making efforts to restore its systems as quickly as possible. (Ionut Ilascu / Bleeping Computer)

Related: Radio Ink, Radio Online

Spanish security researcher Jose Rodriguez disclosed an iPhone lock screen bypass in iOS 15 that can be exploited to grant attackers access to a user’s notes that he reported to Apple earlier this year.

Although Apple paid Rodriguez $5,000 for two similar lock screen bypass flaws and issued patches for them in April and May, Rodriguez believes they didn’t adequately address the problems. Now Rodriguez has published a variation of the same bypass, one that uses the Apple Siri and VoiceOver services to access the Notes app from behind the screen lock. (Catalin Cimpanu / The Record)

Google said it plans to ramp up the availability of "permissions auto-reset,” an Android privacy feature that automatically rewinds an app's previously granted permissions to access a device's location, camera, and microphone if those apps haven’t been used for a while.

Google said it would expand the feature to "billions more devices" via Google Play services on devices running Android 6.0 (API level 23) from 2015 and newer.  (Liam Tung / ZDNet)

Related: Neowin, TechSpot, gHacks, The Hacker News, Android Developers Blog

British cybersecurity firm Comparitech said that more than 106 million travelers to Thailand had their personal details exposed online in August but added that authorities quickly plugged the leak.

In the last decade, any foreigner who traveled to Thailand might have had their information exposed in the incident,” including their name, passport number, and residency status. Thailand's Cyber Crime Investigation Bureau said it was unaware of the incident but is investigating. (AFP)

Related: GovernmentCyber.com

According to a class-action lawsuit filed in federal court in Maryland, Apple allowed hackers to place a spoof or "phishing" application called Toast Plus, which was disguised as a cryptocurrency wallet, in its App Store.

The plaintiffs allege that Apple is liable because it failed to vet the software in its online store, which it tightly controls by allowing only approved vendors. (Edward Ericson, Jr. / Courthouse News Service)

Related: Patently Apple, BOL News

Five months after it purchased multi-cloud management company Volterra for $500 million, applications networking company F5 announced it is acquiring Threat Stack, a Boston-based cloud security and compliance startup, for $68 million.

F5 plans to integrate its application and API protection solutions with Threat Stack’s cloud security capabilities and expertise to enhance visibility across application infrastructure and workloads, making it easier for customers to adopt consistent security in any cloud. (Carly Page / TechCrunch)

Related: ZDNet Security, TMC.net, CRN, Dark Reading, Channel Futures, GeekWire Original, Boston Globe, Business Wire, Help Net Security

Authentication and identity management company Saviynt closed a $130 million financing round.

HPS Investment Partners and PNC Bank led the funding round. (Dan Kobialka / MSSP Alert)

Related: CRN

Privacy and Data Governance Ops solution provider Relyance raised $30 million in a Seed and Series A funding round.

The round was co-led by Unusual Ventures and Menlo Ventures. (FinSMEs)

Related: TechCrunch

Photo by STEPHEN POORE on Unsplash