Three Theories Explain Why the REvil Gang Went Dark

Microsoft issues 116 patches in a major security update, CISA issues emergency directive on PrintNightmare, Microsoft pins SolarWinds' Serv-U technology hacks on Chinese group, much more

Don’t miss my CSO column from today on how NIST’s recent publication of software security measures under Biden’s EO could be a game-changer.

The infrastructure and websites for the Russia-based REvil operation, which was behind the most recent high-profile ransomware attack on Kaseya, went offline mysteriously two nights ago and security experts posit three reasons for this outcome.

The first is that the U.S. took action against REvil, following White House threats against Russia in the wake of so many damaging ransomware attacks emanating from the country. The second theory is that Putin is heeding US warnings and ordered the REvil gang to step down. The third theory holds that the REvil gang feels the political heat and is shutting down operations, perhaps temporarily. (Lawrence Abrams / Bleeping Computer)

Related: New York Times, CyberscoopVICE NewsDataBreachToday.com, TechNaduMother JonesPOLITICOCNBCThomas Brewster - ForbesBloomberg, Daily Beast, Associated Press TechnologyTech XploreThe IndependentNBC News TechnologyGizmodoCNN.comiTnews - SecuritySydney Morning HeraldThe AgeExploit OneBBC NewsIT ProThe RegisterUPI.comDaily MaverickThe GuardianTwitterCNBCSecurity News | Tech TimesAxiosVICE NewsSlashdot, Politico, The Hacker News, CSO Online, Technology Review

Microsoft released Patch Tuesday security updates to fix at least 116 security holes in its Windows operating systems and related software, with four vulnerabilities under active attack. Among the critical bugs fixes is the PrintNightmare print spooler flaw, for which Microsoft issued a patch last week.

Adobe also issued security updates for Adobe Acrobat and Reader and Dimension, Illustrator, Framemaker, and Adobe Bridge. (Brian Krebs / Krebs on Security)

Related: Talos IntelSophos Newsxda-developersThe Register - SecurityLifehackerWCCFtechQualys BlogZero Day Initiative - BlogTenable BlogMalay Mail - AllRapid7gHacksBleeping Computer, SecurityWeekDark Reading: Vulnerabilities / Threats, US-CERT, Bleeping ComputerSecurity AffairsSecurityWeekThreatpost

The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive 21-04, ordering federal agencies to mitigate the actively exploited Window PrintSpooler vulnerability on their networks.

Microsoft released security updates on Friday to address the vulnerability dubbed PrintNightmare in all supported Windows versions. (Sergiu Gatlan / Bleeping Computer)

Related: NextGov, Mspoweruser, CISA

Microsoft says that the recent wave of attacks that have targeted SolarWinds file transfer servers are the work of a Chinese hacking group the company has been tracking under the name of DEV-0322. SolarWinds released a patch last week to fix a zero-day vulnerability in its Serv-U technology exploited in the wild.

The attacks on Serv-U technology mark the second time a Chinese hacking group has abused SolarWinds software to breach corporate and government networks. Last December, Chinese hackers, later identified as a group tracked as Spiral, took advantage of a vulnerability to install web shells on SolarWinds Orion IT monitoring platforms. (Catalin Cimpanu / The Record)

Related: Bleeping ComputerArs TechnicaMicrosoftSoftpedia News, Security Week

Between January 2014 and August 2015, Facebook fired 52 employees over exploiting user data for personal means. One Facebook engineer tapped into the social media’s systems to track a woman with whom he vacationed. Another engineer accessed user data on a woman with whom he had gone on a date after she stopped responding to his messages.

Former Facebook CSO Alex Stamos informed Mark Zuckerberg, Facebook’s CEO, of the problem and asked that employees be required to submit formal requests for access to private data but received pushback from company executives. (Sheera Frankel and Cecilia Kang / Telegraph)

Related: Business Insider

Amazon-owned Ring announced the worldwide rollout of video End-to-End Encryption (E2EE) to customers with compatible devices.

Once users set up E2EE via the Ring app, they can prevent unauthorized access and ensure that no one, even Ring or Amazon, can view them. (Sergiu Gatlan / Bleeping Computer)

Related: TechHiveTechradarBBC NewsSlashGearAppleInsiderThe VergeCNET NewsTechCrunchiMoreAndroid CentralTrusted ReviewsPCWorldTom's Guide, Engadget, Android PoliceDigital TrendsTechSpotAndroidHeadlines.comGizmodoSlashdotHow-To GeekSilicon UKNeowinGizmodoxda-developersSilicon UKZDNet SecurityiPhone in Canada BlogMobileSyrup.comAppleInsider, MobileSyrup, Ring

With Firefox 90, Mozilla introduces the next version of SmartBlock, a feature that fixes web pages that are broken by user tracking protections without compromising user privacy.

The new version has improvements designed to prevent buttons that let users log into websites using their Facebook accounts from breaking. With SmartBlock 2.0, users should be able to use Facebook login buttons while SmartBlock 2.0 still blocks cross-site tracking. (Jay Peters / The Verge)

Related: gHacksThe Daily SwigUS-CERT Current ActivityBleeping ComputerEngadget, Firefox

Facebook-owned Instagram introduced a new feature called Security Checkup to help people secure their accounts following instances where they may have been hacked. 

The tool will ask users to check recent login activity, review their profile information and update their contact information if they need to recover their accounts. (I. Bonifacic / Engadget)

Related: Facebook NewsroomiPhone Hacks9to5MaciPhone in Canada BlogCNET News, Ad WeekThe SunRT USAiPhone HacksAndroid CentralThe Verge

The Federal Communications Commission voted that rural telecoms could access a $1.9 billion program to rip and replace equipment from Chinese telecom companies considered national security risks by the U.S. government, specifically Huawei and ZTE.

U.S. telecom firms must serve 10 million or fewer customers, a higher threshold than the previous 2 million or fewer figure in an earlier version of the order. Eligible companies can apply to be reimbursed for the rip and replacement costs. (Lauren Feiner, Amanda Macias / CNBC)

Related: Federal News NetworkMalay Mail - AllSouth China Morning PostReuters: World News

“Security operations-as-a-concierge” service Arctic Wolf announced it had raised $150 million in a Series F venture funding round.

Viking Global Investors and Owl Rock led the round, and other existing investors participated. (Carly Page / TechCrunch)

Related: VentureBeatTech InsiderMSSP Alert, Channel Futures, VC News Daily, Twin Cities Business, Star Tribune, Arctic Wolf

Breach and attack simulation solutions company AttackIQ announced it had raised $44 million in Series C funding.

Atlantic Bridge, Saudi Aramco Energy Ventures (SAEV), and Gaingels led the round, with existing vendors, including Index Ventures, Khosla Ventures, Salesforce Ventures, and Telstra Ventures, also participating. (Carly Page / TechCrunch)

Related: TechCrunch, Joplin Globe, FinSMEs

Image via REvil ransomware group, Public domain, via Wikimedia Commons