Three Theories Explain Why the REvil Gang Went Dark
Microsoft issues 116 patches in a major security update, CISA issues emergency directive on PrintNightmare, Microsoft pins SolarWinds' Serv-U technology hacks on Chinese group, much more
Don’t miss my CSO column from today on how NIST’s recent publication of software security measures under Biden’s EO could be a game-changer.
The infrastructure and websites for the Russia-based REvil operation, which was behind the most recent high-profile ransomware attack on Kaseya, went offline mysteriously two nights ago and security experts posit three reasons for this outcome.
The first is that the U.S. took action against REvil, following White House threats against Russia in the wake of so many damaging ransomware attacks emanating from the country. The second theory is that Putin is heeding US warnings and ordered the REvil gang to step down. The third theory holds that the REvil gang feels the political heat and is shutting down operations, perhaps temporarily. (Lawrence Abrams / Bleeping Computer)
Related: New York Times, Cyberscoop, VICE News, DataBreachToday.com, TechNadu, Mother Jones, POLITICO, CNBC, Thomas Brewster - Forbes, Bloomberg, Daily Beast, Associated Press Technology, Tech Xplore, The Independent, NBC News Technology, Gizmodo, CNN.com, iTnews - Security, Sydney Morning Herald, The Age, Exploit One, BBC News, IT Pro, The Register, UPI.com, Daily Maverick, The Guardian, Twitter, CNBC, Security News | Tech Times, Axios, VICE News, Slashdot, Politico, The Hacker News, CSO Online, Technology Review
Microsoft released Patch Tuesday security updates to fix at least 116 security holes in its Windows operating systems and related software, with four vulnerabilities under active attack. Among the critical bugs fixes is the PrintNightmare print spooler flaw, for which Microsoft issued a patch last week.
Adobe also issued security updates for Adobe Acrobat and Reader and Dimension, Illustrator, Framemaker, and Adobe Bridge. (Brian Krebs / Krebs on Security)
Related: Talos Intel, Sophos News, xda-developers, The Register - Security, Lifehacker, WCCFtech, Qualys Blog, Zero Day Initiative - Blog, Tenable Blog, Malay Mail - All, Rapid7, gHacks, Bleeping Computer, SecurityWeek, Dark Reading: Vulnerabilities / Threats, US-CERT, Bleeping Computer, Security Affairs, SecurityWeek, Threatpost
The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive 21-04, ordering federal agencies to mitigate the actively exploited Window PrintSpooler vulnerability on their networks.
Microsoft released security updates on Friday to address the vulnerability dubbed PrintNightmare in all supported Windows versions. (Sergiu Gatlan / Bleeping Computer)
Microsoft says that the recent wave of attacks that have targeted SolarWinds file transfer servers are the work of a Chinese hacking group the company has been tracking under the name of DEV-0322. SolarWinds released a patch last week to fix a zero-day vulnerability in its Serv-U technology exploited in the wild.
The attacks on Serv-U technology mark the second time a Chinese hacking group has abused SolarWinds software to breach corporate and government networks. Last December, Chinese hackers, later identified as a group tracked as Spiral, took advantage of a vulnerability to install web shells on SolarWinds Orion IT monitoring platforms. (Catalin Cimpanu / The Record)
Between January 2014 and August 2015, Facebook fired 52 employees over exploiting user data for personal means. One Facebook engineer tapped into the social media’s systems to track a woman with whom he vacationed. Another engineer accessed user data on a woman with whom he had gone on a date after she stopped responding to his messages.
Former Facebook CSO Alex Stamos informed Mark Zuckerberg, Facebook’s CEO, of the problem and asked that employees be required to submit formal requests for access to private data but received pushback from company executives. (Sheera Frankel and Cecilia Kang / Telegraph)
Related: Business Insider
Amazon-owned Ring announced the worldwide rollout of video End-to-End Encryption (E2EE) to customers with compatible devices.
Once users set up E2EE via the Ring app, they can prevent unauthorized access and ensure that no one, even Ring or Amazon, can view them. (Sergiu Gatlan / Bleeping Computer)
Related: TechHive, Techradar, BBC News, SlashGear, AppleInsider, The Verge, CNET News, TechCrunch, iMore, Android Central, Trusted Reviews, PCWorld, Tom's Guide, Engadget, Android Police, Digital Trends, TechSpot, AndroidHeadlines.com, Gizmodo, Slashdot, How-To Geek, Silicon UK, Neowin, Gizmodo, xda-developers, Silicon UK, ZDNet Security, iPhone in Canada Blog, MobileSyrup.com, AppleInsider, MobileSyrup, Ring
With Firefox 90, Mozilla introduces the next version of SmartBlock, a feature that fixes web pages that are broken by user tracking protections without compromising user privacy.
The new version has improvements designed to prevent buttons that let users log into websites using their Facebook accounts from breaking. With SmartBlock 2.0, users should be able to use Facebook login buttons while SmartBlock 2.0 still blocks cross-site tracking. (Jay Peters / The Verge)
Facebook-owned Instagram introduced a new feature called Security Checkup to help people secure their accounts following instances where they may have been hacked.
The tool will ask users to check recent login activity, review their profile information and update their contact information if they need to recover their accounts. (I. Bonifacic / Engadget)
The Federal Communications Commission voted that rural telecoms could access a $1.9 billion program to rip and replace equipment from Chinese telecom companies considered national security risks by the U.S. government, specifically Huawei and ZTE.
U.S. telecom firms must serve 10 million or fewer customers, a higher threshold than the previous 2 million or fewer figure in an earlier version of the order. Eligible companies can apply to be reimbursed for the rip and replacement costs. (Lauren Feiner, Amanda Macias / CNBC)
“Security operations-as-a-concierge” service Arctic Wolf announced it had raised $150 million in a Series F venture funding round.
Viking Global Investors and Owl Rock led the round, and other existing investors participated. (Carly Page / TechCrunch)
Breach and attack simulation solutions company AttackIQ announced it had raised $44 million in Series C funding.
Atlantic Bridge, Saudi Aramco Energy Ventures (SAEV), and Gaingels led the round, with existing vendors, including Index Ventures, Khosla Ventures, Salesforce Ventures, and Telstra Ventures, also participating. (Carly Page / TechCrunch)
Image via REvil ransomware group, Public domain, via Wikimedia Commons