U.S. Elevates Ransomware Attacks to Priority Level on Par With Terrorism

Supreme Court narrows the scope of CFAA, Biden bans Americans' investments in 59 Chinese tech firms, Fujifilm copes with a ransomware attack, Backup company Exagrid hit with ransomware, more

Catch up on the latest news throughout the day by following Metacurity on Twitter!

Follow Us on Twitter

The Biden administration is elevating investigations of ransomware attacks to a priority level on par with terrorism in the wake of the Colonial Pipeline hack and amid mounting damage caused by ransomware attackers and nation-state adversaries.

Justice Department guidance sent to U.S. attorney offices around the country said that investigators should centrally coordinate information about ransomware investigations in the field with a recently created task force in Washington. This coordination means that investigators should share updated case details and active technical information with leaders in Washington. (Chris Bing / Reuters)

Related: Forbes, CBS News, The Hill, Axios, Fox News, Bloomberg Law, Ars Technica, CNBC, TechCentral.ieEngadgetAsia One DigitalEURACTIV.comFudzillaNDTV Gadgets360.comSoftpedia NewsSlashGear » security, Ubergizmo, Gizmodo

In a 6-3 decision, the U.S. Supreme Court voted to overturn the hacking conviction of a Georgia police officer who snooped for personal reasons in a police database, thereby cutting off the reach of the 1986 Computer Fraud and Abuse Act (CFAA) to charge people who misused databases they are otherwise entitled to access. 

In the majority opinion written by Amy Coney Barrett, the Court concurred with critics who said the broader interpretation would "criminalize everything from embellishing an online-dating profile to using a pseudonym on Facebook." (Eric Geller and Josh Gerstein / Politico)

Related: PoliticoThe IndependentLaw & CrimeThe Record by Recorded FutureCNN.com - PoliticsGizmodoCyberscoopTech InsiderAssociated Press Technology, ProtocolVoxMalay Mail - All, iTnews - SecurityReddit - cybersecurityWall Street JournalSC MagazineSC MagazineSecurityWeekZDNet Security, DataBreachToday.comEFFReddit-hackingThe Register - Security, Slashdot

The Biden administration banned American investors from investing in 59 defense and surveillance technology Chinese companies to prevent US money from being used by Beijing to undermine national security.

The order is slated to take effect on August 2, although investors can make trades during the next 12 months to divest their holdings. While Americans are not required to divest the securities, they will be unable to sell their holdings after the one year has elapsed under the order. (ANI)

Related: TechNaduAndroidHeadlines.comAsia One ChinaThe Chosun IlboDaily MaverickchannelnewsIBTimes IndiaVerdictTelecomlive.comFrance 24CyberNewsEcns

Japanese tech giant Fujifilm Corp. shut down part of its computer network and “disconnected from external correspondence” in the face of a ransomware attack.

In a statement, Fujifilm said that it became aware of the ransomware attack on June 1 and has taken measures to suspend all affected systems in coordination with its various global entities. (Sean Lyngaas / Cyberscoop)

Related: TechCrunchTechCentral.ieSoftpediaIT Pro, Reddit - cybersecurityARNchannelnewsIndustry WeekFudzillaDataBreachToday.comDataBreachToday.com, Fujifilm, Infosecurity Magazine

TikTok’s privacy policy has a new section that says the social video app may collect biometric identifiers and biometric information” from its users’ content, including “faceprints and voiceprints.”

The introduction of biometric data collection comes when only a handful of U.S. states have biometric privacy laws, including Illinois, Washington, California, Texas, and New York. (Sarah Perez / TechCrunch)

Related: The SunSecurity News | Tech TimesBusiness Insider,  Tech Insider9to5MacMashable

Researchers at Check Point say they found an ongoing cyber-espionage operation with suspected ties to China targeting a Southeast Asian government to deploy spyware on Windows systems while staying under the radar for more than three years.

Criminals spread the campaign via phishing emails that contain weaponized copies of legitimate-looking official documents to install a previously unknown backdoor on victims’ machines. (Ravie Lakshmanan / The Hacker News)

Related: SecurityWeekCheck Point ResearchZDNet

After announcing in March that it would soon support end-to-end encryption (E2EE) in Microsoft Teams, the software and internet giant now says it will begin rolling out E2EE for Teams in early July and expects the rollout to be completed mid-July.

IT departments will have full control of who can use E2EE in the organization, which will not arrive activated by default. (Surur / MSPowerUser)

Related: WinBetaWindows CentralTimes of IndiaPCMag.comDigital Information World

Backup appliance maker ExaGrid, which touts a “ransomware recovery solution” as one of its main selling points, paid $2.6 million to ransomware actors that targeted it with Conti ransomware.

The hackers claimed that they had stolen financial and personal data related to ExaGrid’s customers and staff, including “commercial contracts, NDA forms, financial data, tax returns, and source code.” (Valéry Marchive and Antony Adshead / Computer Weekly)

Related: Reddit - cybersecurityTechNaduGraham CluleyMSSP Alert

Researchers from Cisco Talos say that Necro Python, a bot that has been in development since 2015, has many changes to increase its power and versatility, including exploits for over ten different web applications and the SMB protocol weaponized in the bot's recent campaigns.

A version of the botnet, released on May 18, also includes exploits for EternalBlue (CVE-2017-0144) and EternalRomance (CVE-2017-0147). (Charlie Osborne / ZDNet)

Related: Talos Intel, The Hacker News

Researchers from Israeli IoT security firm Vdoo discovered significant vulnerabilities in the Realtek RTL8170C Wi-Fi module that can lead to root access on the OS (such as Linux or Android) of the embedded device that uses this module.

For an attacker to exploit the flaw, they need to be on the same Wi-Fi network as the devices using the RTL8710C module or know the network's pre-shared key (PSK). There have been no known attacks that exploit the vulnerabilities, and firmware versions released after January 11, 2021, provide workarounds that address the vulnerability. (George Dascalu / Softpedia)

Related: Security AffairsThe Hacker News, Vdoo

Photo by Bjoertvedt, CC BY-SA 3.0 via Wikimedia Commons