World's Largest Meat Processor Hit with Apparent Ransomware Attack

Denmark intel agency reportedly helped NSA spy on Angela Merkel and other top politicians, Biden seeks $1.2 billion more for cybersecurity, WhatsApp backs off criticized privacy policy for now, more

Know colleagues who need access to Metacurity’s exclusive daily summaries of the top infosec developments? Consider signing up for an organizational subscription at half the price!

Get 50% off for 1 year

The Australian and North American arms of the world’s largest meat processor, Brazil’s JBS Meat Processing, have been affected by what appears to be a ransomware attack, with the Australian arm completely shut down. The North American operations of JBS were closed for the Memorial Day weekend, but a similar shutdown is expected for this branch of the business in the U.S.

JBS Australia said it could not speculate when it would resume processing operations in Australia, saying the priority was to assess the impact and extent of the attack. (Jon Condon / Beef Central)

Related: Sydney Morning HeraldTechNaduCybersecurity InsidersPerthNowWA TodayDaily Mail, MicData Breaches DigestiTnews - Security, Reuters: World NewsUSA TodayUSA TodaySecurity News | Tech TimesChannel News ComputerteissSoftpedia, Raw StoryZDNetDaily MailAssociated Press TechnologyThe IndependentSecurity News | Tech Times, Business InsiderGraham CluleyFox Business, SC Magazine, CNN

Danish public broadcaster Danmarks Radio, in conjunction with the Swedish public broadcaster SVT, Norway’s NRK, France’s Le Monde, and Germany’s NDR, WDR, and Süddeutsche Zeitung, reported that Denmark’s military intelligence agency, the Danish Defence Intelligence Service (FE), helped the National Security Agency (NSA) to spy on leading European politicians officials in Germany, Sweden, Norway, and France, including the German chancellor, Angela Merkel.

According to several sources, the allegations are contained in an internal classified report on the FE’s role in the surveillance partnership agreement with the NSA from 2012 to 2014. The report says the NSA used Danish information cables to spy on senior officials, including the former German foreign minister, Frank-Walter Steinmeier, and the then opposition leader Peer Steinbrück. Denmark hosts several key landing stations for undersea internet cables to and from Sweden, Norway, Germany, the Netherlands, and Britain. (Jon Henley / The Guardian)

Related: Paris GuardianDAILYSABAHRT NewsBusiness InsiderNews from EUobserverThe SunThe GuardianEURACTIV.comFrance World NewsDaily MaverickPOLITICO EU, RT NewsDAILYSABAHRT News, Softpedia News, BBC NewsSouth China Morning PostSlashdotArutz Sheva NewsGlobal TimesRTEThe Chosun IlboEcnsSecurity Affairs, The Register - Security, The Hacker News

In a secret chat with the DarkSide operation obtained by the New York Times, a hacker named Woris provided a look into the internal workings of the now-infamous ransomware gang while they attempted to negotiate a ransom demand with a small, family-owned publisher based in the American Midwest. The New York Times gained access to the DarkSide dashboard through an intermediary.

The dashboard was operational until May 20 despite DarkSide’s claims that it had shut down operations in the immediate aftermath of the highly damaging ransomware attack on Colonial Pipeline. (Andrew E. Kramer, Michael Schwirtz and Anton Troianovski / New York Times)


The Biden administration’s 2022 federal budget proposal seeks $9.8 billion for cybersecurity funding to secure federal civilian agencies. The budget also includes an additional $500 million for the Technology Modernization Fund and $750 million to respond to the hacking campaign against SolarWinds.

Civilian departments and agencies collectively seek $1.2 billion more for cybersecurity-related investments than they did in FY2021, while the DHS is aiming for about $300 million more in funding for next year over current levels. (Natalie Alms, Justin Katz, Chris Riotta, Lauren C. Williams / FCW)

Related: ReutersChannel News AsiaInforisk TodayTech InsiderThe Hindu - TechnologyWashington ExaminerTask & PurposeThe Hill: CybersecurityDefense Daily NetworkRaw StoryBreaking DefenseDHS News ReleasesInsideDefense.comFederal News

Facebook-owned messaging app WhatsApp’s controversial messaging policy that would cripple functionality for users who fail to agree to share their information with Facebook is seemingly tabled for now.

WhatsApp said in a statement that after speaking with governments and privacy advocates, it wouldn’t restrict any functionality, even if users don’t accept the widely criticized policy, at least for the time being. (Ivan Mehta / The Next Web)

Related: RTETimes of IndiaGadgets NowGizchina.comMobileSyrup.comSlashGearGulf News TechnologyTimes of IndiaPhoneArenaTelecomlive.comAndroid Central9to5MacAppleInsiderTechDatorSlashdotVox, The Verge

Raising serious concerns of security protocol breaches, U.S. soldiers assigned with protecting nuclear weapons in Europe have inadvertently leaked highly sensitive details of some of the missile bunkers containing live warheads, along with secret code words used by guards, by using online education flashcards that have been left publicly available for nearly a decade.

Bellingcat discovered learning flashcards used by US personnel on free flashcard platforms such as Chegg, Quizlet, and Cram that disclosed the locations of the shelters containing the weapons and other sensitive information. (Foeke Postma / Bellingcat)

Related: WiredSecurityWeekSlashdot

Researchers at Proofpoint discovered an elaborate campaign, the BravoMovies campaign, designed to ensnare victims in a phishing campaign that created a fake streaming service that was just one part of a convoluted, seven-step process to deliver a so-called backdoor called BazaLoader. 

Agents at the end of the call center for the phony streaming network directs users to the BravoMovies site, where they can find thumbnails for enticing fake films such as Women’s and The Dog Woof.  Users who click on the site download an Excel file, which installs BazaLoader on their computers. (Brian Barrett / Wired)

Related: Proofpoint

Russian national Aleksandr Zhukov was convicted in the U.S. of using a bot farm and rented servers to fake internet traffic at media sites, leading companies to pay inflated advertising rates.

Zhukov was the mastermind of a scheme known as Methbot in which 1,900 servers were employed to create millions of phony online ad views at websites, including those of the New York Times and the Wall Street Journal. (Patricia Hurtado / Bloomberg)


Starting on June 8, internet merchant, Web host, and entertainment behemoth Amazon will automatically enroll Alexa, Echo, or any other Amazon device users in an Internet bandwidth sharing program called Amazon Sidewalk.

The default option for Sidewalk forces users to share bandwidth with their neighbors as part of a new wireless mesh service that Amazon seeks to mount. Privacy advocates recommend that users turn off Sidewalk by going to their device settings. (Dan Goodin / Ars Technica)

Related: Reddit - cybersecuritygHacks, Android PoliceBoing Boing, Slashdot

Newly unredacted documents in a lawsuit against Google show that the company's own executives and engineers knew just how difficult the company had made it for smartphone users to keep their location data private and even pressured LG and other phone makers into hiding settings precisely because users liked them.

The lawsuit was brought against Google by the Arizona attorney general's office last year, which accused the company of illegally collecting location data from smartphone users even after they opted out. (Tyler Sonnemaker / Business Insider)

Related: EngadgetDigital Information WorldTechDatorSecurity News | Tech TimesAndroidHeadlines.comSlashGearAndroid CentralIndian ExpressAndroid Police9to5GoogleWCCFtechThe Next WebBGRCyber KendraTechNaduxda-developersDaring FireballMobileSyrup.comNDTV Gadgets360.comPocket-lint, Phandroid

Incident responders at Sophos discovered a new ransomware threat calling itself Red Epsilon has been seen leveraging Microsoft Exchange server vulnerabilities to encrypt machines across the network.

While investigating an attack at a fairly large U.S. company in the hospitality sector, the researchers found that the threat actor breached the enterprise network by exploiting unpatched vulnerabilities in the on-premise Microsoft Exchange server. (Ionut Ilascu / Bleeping Computer)

Related: DataBreachToday.comSophos, Security Week, SiliconANGLE

Photo by Doruk Yemenici on Unsplash