U.S. Charges Workers at Fake Comms Network That Was Created by FBI for Sting Operation
Microsoft fixes six zero-day bugs in Patch Tuesday batch, Apple's Private Relay feature won't work in despotic countries, Another pipeline player quietly hit with ransomware attack last month, more
Gain access to Metacurity’s archives and premium content by signing up for a premium subscription today. Thank you!
The Department of Justice is charging seventeen people who worked for the fake encrypted communications network called Anom, created and operated by the FBI as part of a major, global criminal sting operation.
Aside from serving as a honeypot for law enforcement to monitor criminal activity, Anom was also used to obstruct investigations of drug trafficking and money laundering organizations and to enrich the workers by taking payment for each Anom device, among other things. The DOJ is charging the seventeen workers under the Racketeer Influenced and Corrupt Organizations (RICO) Act, which has been recently used to prosecute encrypted phone companies that deliberately sold devices to criminals. (Joseph Cox / Motherboard)
Related: Financial Times, Boing Boing, Daily Mail, IT Pro, intelNews.org, TODAYonline, Nord News, Axios, TechCentral.ie, Irish Times, Malwarebytes Labs, Yle News | Tuoreimmat uutiset, The New Daily, RT News, WRAL Tech Wire, Chicago Sun-Times - All, The Guardian, RTE, VICE News, Tech Xplore, The Courier Mail, The New Daily, France 24, Euronews, Reddit - cybersecurity, DataBreachToday.com, Gizmodo, WRAL Tech Wire, Miami Herald, CTVNews.ca - Top Stories, EURACTIV.com, NBC News Top Stories, South China Morning Post, SecurityWeek, protothemanews.com, The Hacker News, DAILYSABAH, NL Times, TechNadu, Europol, Security Affairs, Voice of America, Security News | Tech Times, Engadget, Neowin, Malwarebytes Labs, The Guardian, Tech Insider, BusinessWorld
Microsoft’s Patch Tuesday update plugged 49 security holes across its products and included fixes for six zero-day bugs that malicious hackers already exploit in active attacks, four of which are elevation of privilege flaws that can lead to remote code execution. Microsoft also fixed five critical bugs that criminal hackers can remotely exploit to seize control over the targeted Windows computer without any help from users.
Adobe also issued its Patch Tuesday updates for Acrobat and Reader, along with major fixes for other products, including Adobe Connect, Photoshop, and Creative Cloud. (Brian Krebs / Krebs on Security)
Apple’s new “Private Relay” features, aimed at giving users more privacy when browsing the web, won’t be available in China and some other countries, including Saudi Arabia, Egypt, Belarus, and Uganda, which critics say oppress civil liberties.
Using unauthorized VPNs to access blocked websites is illegal in China. Although Apple’s Private Relay is not technically a VPN, it acts similarly. Apple says it must obey local laws. (Arjun Kharpal / CNBC)
Transparency group DDoS Secrets revealed that another pipeline-focused business, Houston, TX-based LineStar Integrity Services, has been quietly disrupted by a ransomware attack even as 70 gigabytes of its internal files were stolen and dumped onto the dark web.
A group calling itself Xing Team last month posted to its dark website the collection of files stolen from LineStar Integrity Services, which includes 73,500 emails, accounting files, contracts, and other business documents, around 19 GB of software code and data, and 10 GB of human resources files that includes scans of employee driver's licenses and Social Security cards. LineStar has not responded to requests for comment. (Andy Greenberg / Wired)
Related: Security News | Tech Times
iConstituent, a company that provides constituent outreach services to dozens of House offices, was the target of a ransomware attack, according to officials, lawmakers, and aides.
The nearly 60 congressional offices have been unable to retrieve some constituent information for several weeks while the iConstituent deals with the attack. (JOHN BRESNAHAN, ANNA PALMER, AND JAKE SHERMAN / Punchbowl News)
Dutch newspaper Volkskrant reports that hackers allied to the Russian security service SVR were able to get into the Dutch police system in 2017 during the investigation of the downing of flight MH17.
The hack, which police did not notice but was picked up by Dutch security service AIVD, led to a ‘major panic’ because of the MH17 probe. It’s not clear if the hackers were able to access any information relevant to the MH17 investigation. Russia has denied any involvement in the downing of flight MH17. (DutchNews.nl)
Cyber risk analytics company Bringa announced it had raised $110 million in a funding round led by private equity firm Insight Partners.
Bringa’s platform aims to apply insights from the graph to inform risk management strategies, standardize data management and analysis, and automate risk remediation. (Kyle Wiggers / Venture Beat)
Global identity verification company Trulioo announced it closed a $394 Series D venture funding round.
The Series D round was led by private equity firm TCV with participation from existing investors Amex Ventures, Citi Ventures, Blumberg Capital, and Mouro Capital. (Paul Sawers / Venture Beat)
Bristol UK-based quantum security startup KETS has raised $4.38 million in a funding round co-led by Quantonation and Speedinvest, with participation from Mustard Seed Maze.
Founded in 2016, KETS is developing security measures starting with chip-based, quantum-safe development kits. (Dan Taylor / Tech.eu)
Deloitte & Touche made its second cloud cybersecurity acquisition of the year, buying almost all cloud-native security company CloudQuest’s assets.
Deloitte hopes the acquisition will help its customers more seamlessly manage security workflows, reduce risk and improve data security as it expands its portfolio of cloud security orchestration, automation, and response services and solutions. (Nick Farrell / ChannelEye)