State Department to Pay $10 Million for State-Sanctioned Malicious Cyber Actor Identification

White House launches ransomware task force and new website, Russian hackers targeted European officials with LinkedIn messages, China has new rules regarding zero-days and much more

Save 50% of individual subscriptions with a bulk subscription to Metacurity.

Get 50% off for 1 year

Under its Rewards for Justice program, the State Department will offer rewards up to $10 million for information leading to identifying anyone engaged in foreign state-sanctioned malicious cyber activity, including ransomware attacks, against critical U.S. infrastructure. As part of a broader push to counter ransomware, the White House has also launched a task force to coordinate efforts to stem the ransomware scourge.

The Biden administration is further launching a website,, to offer tips for countering the threat and building more resilience into networks. On top of these efforts, the Financial Crimes Enforcement Network at the Treasury Department said it would engage banks, technology firms, and others on better anti-money-laundering efforts for cryptocurrency and more rapid tracing of ransomware proceeds paid in virtual currency. (Frank Bajak / Associated Press)

Related: Devdiscourse News Desk, The Independent, CNN, Politico, CISA

In a report outlining a series of zero-day exploits, Google’s Threat Analysis Group (TAG) says that Russian government hackers targeted European government officials with LinkedIn messages that contained malicious links designed to exploit unknown vulnerabilities in Windows and iOS.

One campaign targeting Western European countries relied on a zero-day in WebKit, the browser engine developed by Apple, used in Safari and all the major browsers for iOS. Apple patched this vulnerability (named CVE-2021-1879) on March 26.  (Lorenzo Franceschi-Bicchierai / Motherboard)

Related: CyberscoopThe Record by Recorded FutureZDNetWindows CentralGoogle, Security AffairsAppleInsiderArs Technica, Slashdot

Twitter avatar for @b_fungBrian Fung @b_fung
Google’s @ShaneHuntley tells me the suspected Russian hackers who exploited the Apple WebKit zero-day outlined here… was more specifically the same group behind the USAID impersonation phishing campaign — e.g., Russian foreign intelligence. More from Shane: Image

The Cyberspace Administration of China (CAC) published new rules that all newly discovered zero-day exploits must be disclosed to the government. Moreover, security researchers must also first disclose bug details to vendors to give them a reasonable chance to release fixes.

The rules also warn of penalties for vendors who fail to release patches for reported vulnerabilities, organizations that collect vulnerability reports but fail to secure their platforms, and for security researchers and anyone else who abuses unpatched vulnerabilities. (Catalin Cimpanu / The Record)

Related: The Hindu - TechnologyBloomberg, Schneier on Security, Associated Press

Firewall and cybersecurity solutions company SonicWall issued an “urgent security notice” to warn customers of ransomware attacks targeting unpatched end-of-life (EoL) Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products.

The attackers target a known vulnerability, CVE-2019-7481, patched in newer versions of firmware, and they do not impact SMA 1000 series products. (Sergiu Gatlan / Bleeping Computer)

Related: ZDNet SecurityCRNThe Record, SonicWall

According to research, 75% of iOS users opt-out of being tracked by advertisers on Apple’s new mobile operating system, which explicitly asks users of each app whether they are willing to be tracked across their internet activity.

This opting-out by iOS users impacts Facebook’s ability to show a business’s products to potential new customers, which could cut the controversial social media network’s revenue by 7% to 13.6 % if current trends continue. (Kurt Wagner / Bloomberg)

Related: AppleInsideriPhone HacksMashable, The New York Times, More, MacDailyNews

Spanish police arrested 16 suspects last week on charges of laundering funds stolen through banking trojans such as Mekotio and Grandoreir, believed to be the work of Brazilian cybercrime groups who rent access to their tools.

Authorities said they found evidence that the suspects received more than €276,470 (around $327,000) from bank accounts compromised with the help of the two banking trojans. The suspects also reportedly had access to bank accounts storing around €3.5 million (around $4.1 million), which they had not yet moved and stolen from their respective owners. (Catalin Cimpanu / The Record)

Related: The Hacker News

The Committee to Protect Journalists say that police used technology supplied by notorious Israeli surveillance firm Cellebrite to track Botswanan journalist Tsaone Basimanebotlhe, collecting thousands of her messages and details from her emails, browser history, and call records.

A forensic report says that Cellebrite’s Universal Forensic Extraction Device (UFED) and Physical Analyzer were used to mistakenly target the journalist as police sought to find the source behind an apparent leak that revealed the identities of several undercover security agents, which  Basimanebotlhe’s newspaper Mmegi had recently covered. (Shannon Vavra / Daily Beast)

Related: Daily Beast, Reuters, Committee to Protect Journalists

Twitter avatar for @HowellONeillPatrick Howell O'Neill @HowellONeill
Related: Cellebrite's plan to go public in NY is being challenged by digital rights groups over reported abuse in places like Hong Kong, Russia, and Bangladesh… &…

Shannon Vavra @shanvav

NEW: A journalist claims police in Botswana broke into her phone, collecting thousands of her messages, and details from emails, browser history, and call records using Cellebrite surveillance tech. Her story, just the latest example, @thedailybeast

Google said that beginning with its M94 revision, it will add an HTTPS-First Mode to the Chrome web browser to block attackers from intercepting or eavesdropping on users' web traffic.

By upgrading all connections to HTTPS, Google Chrome 94 will protect users from man-in-the-middle (MITM) attacks trying to snoop on or alter data exchanged with Internet servers over the unencrypted HTTP protocol. (Sergiu Gatlan / Bleeping Computer)

Related: Android Authority9to5Google, Dark ReadingSlashGear » securityAndroid PoliceEngadget, Chromium Blog

Hackers who previously stole data from gaming giant Electronic Arts (EA) have moved from trying to sell the data to giving it away publicly, even as they continue trying to extort EA.

A compressed, 1.3GB cache the hackers released appears to include references to internal EA tools and the company's Origin store. (Joseph Cox / Motherboard)

Related: PC Games Insider

Federal prosecutors charged a Greek man, Apostolos Trovias, also known as The Bull, with securities fraud for allegedly selling insider stock information on the dark web site AlphaBay.

The indictment says that Trovias created an account on AlphaBay in 2016 and used it to advertise and sell stock tips until the dark web criminal marketplace was shut down the following year.  (Dan Goodin / Ars Technica)

Related:, Bleeping Computer, The Verge, Gizmodo, Futurism

Cybersecurity company Cybereason announced it had raised $275 million in a Series F venture funding round.

The round was led by Liberty Strategic Capital, a venture capital fund recently founded by Steven Mnuchin and included Neuberger Berman and Softbank as investors. (Carly Page / TechCrunch)

Related: CRNMSSP AlertBleeping ComputerThe Times of IsraelGlobesSolutions ReviewTechCrunchAlgemeiner.comVenture Capital Journal, CNBC, NoCamelsCrunchbase News, Cybereason

Software security solutions company Virsec announced it had raised $100 million in a Series C venture funding round.

The round was led by BlueIO, with participation from Allen & Company LLC, Arena Holdings, Intuitive Venture Partners, JC2 Ventures, Artiman Ventures, Quantum Valley Investments, and Marker Hill Capital, as well as John Chambers, the former Chairman and CEO of Cisco, Mike Ruettgers, the former Chairman and CEO of EMC, and several former high-ranking government and intelligence officials. (FinSMEs)

Related: VentureBeatSecurityWeekCrunchbase News, Silicon Valley Business Journal

Passwordless technology company Stytch announced it had raised $30 million in a Series A round of funding as it launches out of beta with its API-first passwordless authentication platform.

Thrive Capital led the round, which also included participation from Coatue Management and existing backers Benchmark and Index. (Mary Ann Azevedo / TechCrunch)

Related: FinSMEs, GamePolar, Business Wire

NortonLifeLock is in talks to buy cybersecurity firm Avast, which has a market value of $7.2 billion.

Avast said NortonLifeLock has until Aug. 11 to make a firm offer according to the U.K. takeover code, which prescribes formal timelines. (Cara Lombardo and Dana Cimilluca / Wall Street Journal)

Related: Financial Times TechnologyReutersMarketwatch

Motorola Solutions announced plans to acquire Openpath Security, a mobile access control provider.

Motorola Solutions CEO Greg Brown said that Openpath enables Motorola Solutions to consolidate video security and access control. (Dan Kobialka / MSSP Alert)

Related: SecurityInformed, Motorola

Photo by 金 运 on Unsplash