The South African ports of Cape Town and Durban last Thursday disclosed that operations had been disrupted by an unspecified cyberattack, Reuters reports. According to IOL, the disruptions appear to be connected to problems at Johannesburg-based and state-owned intermodal transportation company Transnet, with road transportation to the port of Durban also seeing the effects of the attack. Splash 24/7 says that Transnet has identified and isolated the source of the incident, but that it's released no details of the cyberattack itself. Services are resuming manually, with priority going to refrigerated containers.
Morocco World News claims that French President Macron was not spied on by Moroccan intelligence services using NSO's Pegasus, but rather by other parties using tools from the UAE company Dark Matter.
Amnesty International published more criticism of NSO Group's alleged role as a key enabler of surveillance by repressive regimes.
Where Kaseya got the decryptor for REvil ransomware remains unclear. CNN reports that Kaseya is requiring businesses that want to receive the key to sign a non-disclosure agreement before the decryptor is released to them. Emsisoft has verified that the key works, but it's not disclosing where it came from, either. It's worth noting, as Threatpost does, that decrypting locked files still leaves open the possibility that REvil could sell, publish, or otherwise abuse data stolen over the course of the attack. Kaseya's most recent update on the incident came Friday afternoon, and simply said that the company was supplying the key and helping customers decrypt affected files.