Attacks, Threats, and Vulnerabilities
Internet disrupted in Sudan amid reports of coup attempt (NetBlocks) Network data from NetBlocks confirm a significant disruption to internet service in Sudan from the morning of Monday 25 October 2021 affecting cellular and some fixed-line connectivity on multiple providers.
APT actor Lazarus attacks defense industry, develops supply chain attack capabilities (Kaspersky) Researchers witnessed Lazarus developing supply chain attack capabilities and using its multi-platform MATA framework for cyber-espionage goals.
Cash-Starved North Korea Eyed in Brazen Bank Hack (Daily Beast) Hackers who stole tens of millions of dollars to fund North Korea’s nuclear weapons program in 2016 tried hitting another bank last year, The Daily Beast has learned.
Iran blames cyber attack as fuel supply hit (France 24) Iranian authorities on Tuesday blamed a mysterious cyber attack for unprecedented disruption to the country's fuel distribution network.
Officials say cyberattack crippled gas stations across Iran (Washington Post) Fuel sales were disrupted at gas stations across Iran on Tuesday, after what officials said was a cyberattack crippled a system that allows consumers to buy subsidized fuel using government-issued cards, Iran’s state-run IRNA news agency said.
Iran Blames Cyberattack as Fuel Supply Hit (SecurityWeek) Iranian authorities on October 26th blamed a mysterious cyber attack for unprecedented disruption to the country's fuel distribution network.
Iranian gas stations hit by outage in widespread cyberattack (Times of Israel) Those trying to buy fuel receive a message reading 'cyberattack 64411,' mirroring July attack on country's railroad system
Wslink: Unique and undocumented malicious loader that runs as a server (WeLiveSecurity) ESET research discovers a unique loader for Windows binaries that, unlike other such loaders, runs as a server and executes received modules in memory.
Schreiber Foods hit with cyberattack; plants closed (Wisconsin State Farmer) Cyber attack on Wisconsin milk plant \
Microsoft, Mandiant uncover Russian threat actor targeting cloud services (Security Brief) It is attacking resellers and other technology service providers that customise, deploy and manage cloud services and other technologies on behalf of their customers.
Nobelium Security Attacks: Microsoft Points Finger at Service Provider Partners (Redmond Channel Partner) The 'Nobelium' group, responsible for high-profile security attacks on SolarWinds earlier this year, was enabled by service providers with weak security, Microsoft said.
Huntress CEO: Microsoft Calling Out Russia’s SVR In Latest Attack Will Hopefully Drive Resellers To Act Now (CRN) Huntress CEO Kyle Hanslovan believes Microsoft calling out Russian state actors will be a wake-up call to resellers to audit their systems.
Russian Hackers Used Home Networks to Evade Detection (Bloomberg) Group behind SolarWinds breach still attacking IT supply chain. Residential proxies now tool of choice for cybercriminals.
WinRAR vulnerability allows execution of arbitrary code (Positive Technologies) The attack requires access to the same network, compromised router, or fake Wi-Fi hotspot
Positive Technologies Demonstrates How Attackers Could Hack Diebold Nixdorf ATMs (Positive Technologies) Researchers Bypassed Black-Box Attack Protections and Withdrew Cash
Banking scam uses Docusign phish to thieve 2FA codes (Naked Security) This scam is obviously inapplicable to 999 people in every 1000… but there are LOTS of 1-in-1000 people in the world!
SquirrelWaffle Loader Malspams, Packs Qakbot, Cobalt Strike (Threatpost) SquirrelWaffle, a new malware loader, is mal-spamming malicious Microsoft Office documents to deliver Qakbot malware and the penetration-testing tool Cobalt Strike – two of the most common threats regularly observed targeting organizations around the world. Cisco Talos researchers said on Tuesday that they got wind of the malspam campaigns beginning in mid-September, when they saw
Spammers use Squirrelwaffle malware to drop Cobalt Strike (BleepingComputer) A new malware threat named Squirrelwaffle has emerged in the wild, supporting actors with an initial foothold and a way to drop malware onto compromised systems and networks.
Denial of Service Security Vulnerabilities in Netty Networking Library (JFrog) Netty client server framework security issues discovered by JFrog Security Research, causing applications to crash. Learn more about the affected versions and how to remediate them.
Ransomware group targets financial service firms with phishing campaign (SC Media) GDPR compliance and privacy concerns an issue as Russian-based ransomware group TA505 targets the financial sector in Europe, Asia and North America with its MirrorBlast phishing campaign.
These ransomware criminals lost millions of dollars in payments when researchers secretly found mistakes in their code (ZDNet) BlackMatter ransomware had a bug that allowed cybersecurity researchers at Emsisoft to hand out decryption keys to victims - removing the need to pay ransoms.
An interview with LockBit: The risk of being hacked ourselves is always present (The Record by Recorded Future) The administrator of the LockBit ransomware agrees to an interview with The Record's Dmitry Smilyanets.
What did 1,200 ransomware cases teach us (NordLocker) Cyber criminals have streamlined ransomware attacks into a $20 billion per year business. This is why everyone should be prepared to face it. Researchers analyzed 1,200 ransomware cases from 2020 and 2021 and this is what they learned.
Nearly 2/3 of Mid-Size Organizations Suffered Ransomware Attack in Pas (PRWeb) UncommonX, a SaaS-based cybersecurity managed services provider, today announced the major findings from its State of Cybersecurity for Midsize Organizations stud
Cyber-attack hits UK internet phone providers (BBC) An "unprecedented" and co-ordinated cyber-attack has struck multiple UK-based providers of voice over internet protocol (VoIP) services, according to an industry body.
Nautilus Blast Radius Analysis (Aqua Security) We analyzed real victims’ potential total impact from threat actors, by identifying hosts that have been targeted by real attacks in the wild and then analyzing their external-facing vulnerabilities.
Security Patches, Mitigations, and Software Updates
Adobe Patches Gaping Security Flaws in 14 Software Products (SecurityWeek) Adobe releases a slew of urgent patches with fixes for more than 90 documented vulnerabilities that expose Windows, macOS and Linux users to malicious hacker attacks.
Mozilla Blocks Malicious Firefox Add-Ons Abusing Proxy API (SecurityWeek) Mozilla says it blocked a series of malicious Firefox add-ons that misused the proxy API that extensions use to proxy web requests.
Fuji Electric Tellus Lite V-Simulator and V-Server Lite (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Fuji Electric
Equipment: Tellus Lite V-Simulator, and V-Server Lite
Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Write, Untrusted Pointer Dereference, Out-of-bounds Read, Access of Uninitialized Pointer, Heap-based Buffer Overflow
2.
Trends
Cyber Concerns, Classification Disagreements Lead Space Survey Results (Breaking Defense) The first-ever Breaking Defense Space Survey gathered information from national security space professionals in government, the military, and industry.
Majority of Businesses Don’t Protect Their Sensitive Data in the Cloud, Finds Thales (BusinessWire) The 2021 Thales Global Cloud Security Study, commissioned by Thales and conducted by 451 Research, part of S&P Global Market Intelligence, reports
More organizations are saying 'no' to ransomware demands (PropertyCasualty360) Greater preparedness and enhanced backup processes are driving a drop in the number of ransoms paid.
As Cyber Events Plague U.S. Execs, Some Still Have No Cyber Plan (PRNewswire) Deloitte's 2021 Future of Cyber survey shows similarities, differences in U.S. and non-U.S. C-suite responses
Deloitte: 14% of U.S. orgs remain defenseless as cybersecurity threats loom (VentureBeat) Deloitte's 2021 Future of Cyber study shows how many US organizations continue to remain defenseless against growing cybersecurity threats.
5 cybersecurity personality traits for a successful career (SearchSecurity) Discover five cybersecurity personality traits that can lead to a successful career in the infosec industry, excerpted from 'Confident Cyber Security.'
10 essential skills and traits of ethical hackers (CSO Online) Learn just what it takes to snag this demanding and rewarding job.
Lost Value in Customer Authentication Frustration [Survey] (Beyond Identity) Based on the responses of over 1,000 consumers, it can be safely concluded that passwords are the number one hurdle for account creation and transactions.
Arctic Wolf Survey Unveils Where Firms Now Stand on Cyber Insurance (Arctic Wolf) Learn key cyber insurance insights Arctic Wolf discovered using survey data from 1,400 senior IT decision makers and business executives.
Workforce Passwordless Authentication (Secret Double Octopus) We partnered with Ponemon Institute, to conduct a US-based study focused on understanding the state of workforce passwordless authentication, from motivational drivers to results after transitioning to its use.
Marketplace
Cyber Security Insurance Market is Going to Boom | AIG, Axa, Liberty Mutual (Digital Journal) Advance Market Analytics published a new research publication on “Cyber Security Insurance Market Insights, to 2026″ with 232 pages and enriched with
The U.S. cyber workforce gap is getting bigger (Washington Post) Help wanted: more cybersecurity workers
Devo Scores $250M, Joins Cybersecurity Unicorn Club (SDxCentral) Devo Technology announced a $250 million Series E funding round which pushes its valuation to $1.5 billion.
Australian QuintessenceLabs grabs $25M to scale quantum-safe cybersecurity solutions (TechCrunch) As computing power increases exponentially, the ability to secure our data against brute force and other types of attacks gets more complicated, with the scale and sophistication of cyberattacks continuing to challenge companies’ ability to implement effective data access control and encrypti…
QuintessenceLabs raises AU$25m to take quantum-based cyber solutions global (ZDNet) Australia's QuintessenceLabs plans to grow its US headcount and broaden its geographic reach.
HelpSystems Acquires Enterprise Data Loss Prevention Leader Digital Guardian (Digital Guardian) Digital Guardian strengthens HelpSystems’ data security portfolio with SaaS and managed service-enabled endpoint, network, and cloud data loss prevention
Forcepoint acquisition of Bitglass to disrupt cybersecurity industry (Security Brief) “Bitglass and Forcepoint share the same vision for disrupting and transforming the security industry with the first modern distributed edge architecture.
Announcing Winners Of CTF 11! (Magic) The Mid-Atlantic Gigabit Innovation Collaboratory (MAGIC) is pleased to announce the success of their 11th Capture The Flag (CTF) event that took place this past Saturday, October 23rd. MAGIC’s CTF events are among the largest beginner-level cybersecurity events of their kind.
Targets and Prizes Announced for 2022 ICS-Themed Pwn2Own (SecurityWeek) ZDI announces the targets and prizes for the Pwn2Own Miami contest, which focuses on hacking industrial control system (ICS) products and associated protocols.
Northern Virginia Technology Council Names Tracepoint “Cyber Startup of the Year” (The Bakersfield Californian) Tracepoint, a Booz Allen Hamilton (NYSE: BAH) company, was selected as Cyber Startup of the Year by the Northern Virginia Technology Council (NVTC) at the 6 th annual Capital Cybersecurity Summit & Capital Cyber Awards.
As the Darktrace share price crashes, should I buy? (The Motley Fool UK) The Darktrace share price crashed 16% yesterday, due to a broker note from Peel Hunt. Is this the dip that will tempt me to buy?
Thales to open its office in Ukraine (Ukrinform) Thales French company, which specializes in the development of high-tech products for defense and security, aerospace, and transportation, will soon open its office in Ukraine. — Ukrinform.
ZeroFox expands its presence in Australia and New Zealand to tackle rising cybercrime (Help Net Security) ZeroFox announced that it is expanding its presence in the Australia and New Zealand market with Netpoleon Solutions and emt Distribution.
Quick Heal Appoints Navin Sharma As New CFO (Outlook India) Quick Heal's board had approved the previous CFO Navin Kulkarni's resignation on October 25, the company stated in a regulatory filing to the Bombay Stock Exchange on Tuesday afternoon.
Cyber Readiness Institute Names Karen S. Evans as New Managing Director (Cyber Readiness Institute) Former Assistant Secretary for Cybersecurity, Energy Security and Emergency Response at U.S. Department of Energy and Homeland Security CIO to lead Strategic Vision and Day-to-Day Operations NEW YORK, Oct. 27, 2021 – The Cyber Readiness Institute (CRI) today named cybersecurity policy leader Karen S. Evans Managing Director. For over 20 years, Evans has been at […]
Immersive Labs appoints founding CMO to drive market ownership and scale global Go-To-Market execution - Immersive Labs (Immersive Labs) Evelyn Swaim joins fast-growing cybersecurity company as Chief Marketing Officer to shape and deliver vision for workforce-wide cyber knowledge, skills and judgment
Saviynt Taps Cybersecurity and Wall Street Veteran as New Chief Financial Officer (BusinessWire) Saviynt, a provider of intelligent identity and access governance solutions, today announced the appointment of Jim Jackson to the role of CFO.
Products, Services, and Solutions
Data Theorem Introduces Industry’s First API Attack Surface Calculator (BusinessWire) Data Theorem, Inc., a leading provider of modern application security, today announced that it has introduced the industry’s first API Attack Surface
Black Kite Platform Wins Dual Risk Management Innovation Awards (Black Kite) Black Kite, the standard in third-party cyber risk ratings, has won the CISO Choice Award for Risk Management for a second consecutive year. Granted by a distinguished panel of judges from the CISOs Connect community, the win comes just weeks after Black Kite was named the 2021 Risk Management Innovation of the Year by the Cybersecurity Breakthrough Awards.
Introducing PCI DSS support for cardholder data security (Vanta) Today we’re excited to announce support for PCI DSS, Vanta’s latest integrated security framework centered on protecting customer cardholder data. Automate up to 60% of the evidence gathering process needed to prove PCI compliance.
Armis Launches APEX Partner Program with IBM, Check Point, mCloud, Exabeam, VeriStor and Lead Data Technologies (PR Newswire) Armis, the leading unified asset visibility and security platform provider, today announced its new Armis Partner Experience (APEX) program....
Feedzai Introduces World’s First RiskOps Platform to solve the Problem of FinCrime Software Overload (GlobeNewswire News Room) Single, comprehensive cloud-based platform to manage multiple forms of risk and compliance with a fully extensible architecture that allows to instantly go...
SightGain Introduces Industry's First Cyber Readiness Platform to Evaluate Existing Security Architecture Against Global Threats (PR Newswire) SightGain, the only cybersecurity risk assessment platform that tests and analyzes organizational readiness across people, processes, and...
CrowdStrike and AWS Expands Technical Integrations (CrowdStrike) CrowdStrike announced an expansion to the integrations we have with AWS to give customers enhanced protection against threats across cloud, workloads and endpoints.
Martha’s Vineyard Bank Fends off Phishing Threats With KnowBe4 for Over a Decade (Yahoo) KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today celebrates over a decade working alongside Martha’s Vineyard Bank to improve the company’s security culture and awareness. The bank’s Training and Development Manager, John Shorrock, teamed up with KnowBe4’s CEO, Stu Sjouwerman, back in 2010 when the company was founded; therefore, making them one of KnowBe4’s longest-running customers.
Armis Launches APEX Partner Program with IBM, Check Point, mCloud, Exabeam, VeriStor and Lead Data Technologies (PR Newswire) Armis, the leading unified asset visibility and security platform provider, today announced its new Armis Partner Experience (APEX) program....
Qualys Launches Australian Multi-Tenant Cloud Platform to Support Australian Compliance Requirements (Qualys) Australian government agencies and critical infrastructure organisations can now tap into the power of the Qualys Cloud Platform to protect sensitive data and critical assets
Liberal Arts College Partners with SecureAuth for Data Security (Campus Security & Life Safety) Hobart and William Smith Colleges (HWS), a liberal arts and sciences institution in Geneva, N.Y., announced this week that it is continuing its partnership with identity security solutions provider SecureAuth to secure its data regarding students, employees and research.
Qualitest Joins Forces with Bugcrowd to Bolster Cybersecurity Offerings for Its Global Customer Base (NBC 11 News) Strategic partnership provides Qualitest customers with Bugcrowd's comprehensive, crowdsourced security solutions to minimize risk associated with digital transformation initiatives
IBM Taps Cisco, Palo Alto Networks for 5G Automation, Security (SDxCentral) IBM announced two new partnerships with networking and security giants Cisco and Palo Alto Networks at MWC Los Angeles.
Palo Alto takes on home network security with SASE (Light Reading) The remote workforce is increasingly using a broader range of devices to access enterprise applications from the home, which means companies need to be on the defensive against a growing threat attack surface.
Rakuten Symphony, Intel and Juniper Networks Introduce Next Generation Distributed RAN and Transport Solution to Further Simplify Open RAN Deployments at Scale (BusinessWire) Intel, Juniper Networks and Rakuten Symphony announce a collaboration to develop Symware, a pioneering, carrier-grade Open RAN solution for MNOs.
Acalvio ShadowPlex Achieves “FedRAMP Ready” Designation (BusinessWire) Acalvio ShadowPlex Achieves “FedRAMP Ready” Designation; Only Deception Solution Currently listed in the FedRAMP Marketplace
New Cybersecurity Offense and Defense Is Possible in Seconds with Presidio’s New Managed Detection and Response (BusinessWire) To help organizations stay ahead of constantly emerging cybersecurity threats Presidio today announced Presidio Managed Detection and Response (MDR)
Verizon Business expands global managed services with Fortinet Secure SD WAN (Verizon) Verizon Business enterprise and business market customers can leverage Fortinet Secure SD WAN to take a secure “work from anywhere” approach to their
Cynerio Launches IoT Attack Detection and Response Module for Healthca (PRWeb) Cynerio, the leading provider of healthcare IoT cybersecurity, today announced the release of healthcare cybersecurity’s first IoT Attack Detection and Response
BDO partners with SCADAfence (BDO) BDO partners with SCADAfence to provide OT Visibility and Threat Detection for Industrial Organisations
Tessian | Tessian Integrates With Okta to Protect Enterprises From Threats Posed by Employees’ Identities and Behaviors (RealWire) 27 OCTOBER 2021: Tessian, the leading Human Layer Security company, today announces that it is integrating with Okta to help organizations protect against the biggest threats to enterprise security - people’s identities and behaviors
Medigate Launches Clinical Device Efficiency to Improve Operational Efficiency for HDOs (PR Newswire) Medigate, creator of the industry's first and leading healthcare-specific platform to orchestrate and integrate connected device data to...
Technologies, Techniques, and Standards
Cheap and free cybersecurity training: 8 ways to build skills without breaking the bank (CSO Online) Whether you're finding bargains online or taking advantage of your own internal resources, you can keep your team up-to-date without writing a big check.
How Healthcare Organizations Can Keep Active on Email Security (Technology Solutions That Drive Healthcare) Healthcare providers safeguard email and protect data from social engineering attacks with a mix of cloud-based and on-premises security tools.
EC-Council Launches a Free Entry-Level Cybersecurity Series, the Essentials Series (BusinessWire) EC-Council Launches a Free Entry-Level Cybersecurity Series, the Essentials Series; Makes critical cybersecurity education accessible for everyone.
Research and Development
Quantum Cyberattacks Are Coming. This Math Can Stop Them. (Popular Mechanics) In the future, quantum machines will "retroactively break" encryption schemes on today's computers. Here's how we'll protect our data.
Academia
CyberPatriot Draws Record Number of Teams (Air Force Association) AFA's CyberPatriot program launched its 14th season with more than 5,200 teams, an encouraging sign that the annual National Youth Cyber Defense Competition is back on the rise to its pre-pandemic participation.
Georgia State Creates Graduate Certificate Program in Trustworthy Artificial Intelligence - Georgia State University News - College of Arts and Sciences, Press Releases (Georgia State News Hub) Georgia State University has launched a new online graduate certificate program in Trustworthy Artificial Intelligence (AI) Systems.
Event brings cyber to high schools (University of North Georgia) The University of North Georgia (UNG) is spearheading CyberStart America in Georgia, a statewide initiative with the goal to help high school students discover their talent in cybersecurity. The program features a free, learn-as-you-go, online game designed to help students explore cybersecurity and compete for college scholarships in cyber studies.
An Open Letter to the Illinois Tech Community on Cybersecurity (Illinois Institute of Technology) October is Cybersecurity Awareness Month designated to raise awareness about the importance of cybersecurity and underscore the steps we need to take to be safer and more secure online.
Legislation, Policy, and Regulation
FCC revokes license for China Telecom Americas amid national security concerns (The Record by Recorded Future) The U.S. Federal Communications Commission voted unanimously to revoke China Telecom Americas U.S. operating license on Tuesday, citing national security concerns. Among the reasons cited for the switch: China Telecom’s status as a subsidiary of a state-owned enterprise.
FCC votes to revoke China Telecom Americans authority to provide U.S. services, citing national security concerns (The Globe and Mail) China Telecom Americas must now discontinue services within 60 days
House Bill Calls on DHS to Review Cyber Incident Response (Meritalk) With cyberattacks on the rise, Rep. Don Bacon, R-Neb., introduced legislation in the House this week that would require the secretary of the Department of Homeland Security (DHS) to assess the agency’s cybersecurity incident response procedures and propose improvements.
Congress Debates Cyber Incident Reporting Deadlines in the NDAA (Just Security) Should the NDAA require cyber incident reporting for critical cyber infrastructure owners and operators within 24 or 72 hours of the incident?
Lawmakers split on next steps to secure transportation sectors against hackers (TheHill) Lawmakers are split on the next steps that should be taking to secure key transportation avenues like air and rail against cyber threats.
PERSPECTIVE: We Need a New Information Sharing Model for Cyber Defense - HS Today (Hstoday) In forcing companies to “report hacks or else,” CISA would compromise the public-private information-sharing partnerships being cultivated.
20 years later, it's time to move on from mass surveillance (TheHill) Congress should pass reforms to bar intelligence agencies from conducting surveillance in bulk and without suspicion, requiring targeted spying.
Lawmakers praise upcoming establishment of cyber bureau at State (TheHill) Lawmakers on both sides of the aisle are praising the upcoming establishment of a new cybersecurity bureau at the State Department, following years of advocacy and escalating global attacks.
Biden administration moves to elevate cyber issues at State (SC Media) While the idea has been pushed by both parties for years, Biden administration officials and boosters say the reporting structure and hierarchy of a Bureau of Cyberspace and Digital Policy would differ from past proposals and ensure that the cybersecurity considerations are integrated into the department's larger diplomatic missions and goals.
New missions could present challenges for DODs cyber workforce (Defense Systems) Mieke Eoyang, the deputy assistant secretary of defense for cyber policy said one of DOD's main cyber workforce challenges is being able to set expectations around policymakers' calls to step in and defend against cyberattacks.
CISA Announces Appointment of Washington Secretary of State Kim Wyman as Senior Election Security Lead (CISA) The Cybersecurity and Infrastructure Security Agency (CISA) today announced that Washington Secretary of State Kim Wyman will join the Biden Administration as CISA’s Senior Election Security Lead. As an expert on elections and experienced Secretary of State, her appointment speaks to the Agency’s dedication to working with election officials throughout the nation in a non-partisan manner to ensure the security and resilience of our election infrastructure.
Biden appoints Jessica Rosenworcel to lead the FCC (The Verge) And progressive Gigi Sohn as a third Democratic commissioner.
The Biden administration taps a top Republican official to lead election security (NPR.org) Kim Wyman vigorously pushed back against President Trump's unfounded claims of voter fraud and is widely seen as a mail-in ballot and security expert. She'll start her new role on Nov. 19.
Schools pause facial recognition lunch plans (BBC News) Nine schools in Scotland had planned to allow pupils to pay for their meals using the technology.
NSA, Maryland form new cybersecurity partnership to address data policies, security (Homeland Preparedness News) Through a new cybersecurity fellowship announced last week by the State of Maryland and the National Security Agency (NSA), the partners intend to pursue best data practices, policies, standards, and security. As part of this arrangement, NSA senior data analyst … Read More »
Litigation, Investigation, and Law Enforcement
Hackers-for-hire are biggest cybersecurity threat -EU agency (Reuters) Hackers-for-hire emerged as the biggest threat to online security in the last 15 months, with the COVID-19 pandemic and home working creating opportunities for cybercriminals, EU cybersecurity agency ENISA said in its annual report on Wednesday.
Pegasus row: India's top court orders probe into snooping allegations (BBC News) Several Indians were reportedly targeted with phone spyware sold to governments by an Israeli firm.
India’s Supreme Court orders independent probe following Pegasus Project investigation (Washington Post) A three-member committee appointed by the top court will investigate allegations of use of spyware to surveil Indians
WSJ News Exclusive | Federal Trade Commission Scrutinizing Facebook Disclosures (Wall Street Journal) Federal Trade Commission staffers have begun looking into disclosures that Facebook’s internal company research had identified ill effects from its products, according to people familiar with the matter.
Notorious REvil Ransomware Gang Goes Dark Again; Tor Sites Taken Offline by Joint Government Operation (CPO Magazine) A collaborative international law enforcement effort, involving multiple US agencies and unnamed foreign governments, appears to have at least temporarily crippled the notorious REvil ransomware gang. The FBI, U.S. Cyber Command, and the Secret Service reported having control of REvil’s servers, taking the group’s Tor sites and dark web infrastructure off the internet and putting it beyond reach.
TikTok dodges questions about biometric data collection in Senate hearing (TechCrunch) In its first-ever Congressional hearing, TikTok successfully dodged questions about what it plans to do with the biometric data its privacy policy permits it to collect on the app’s U.S. users. In an update to the company’s U.S. privacy policy in June, TikTok added a new section that no…
Seagate violated sanctions by selling hard drives to Huawei, says Senate committee (The Verge) Huawei used the drives for its external storage business.
John Durham to Call Former FBI Lawyer to Testify in Case Involving Former Democrat Lawyer (Epoch Times) Prosecutors working with special counsel John Durham's team indicated on Tuesday they may call former FBI General Counsel ...
DoJ & Europol Arrest 150 in Disruption of DarkNet Drug Operation (Dark Reading) Operation Dark HunTor targeted opioid traffickers on the DarkNet, leading to the seizure of weapons, drugs, and $31 million.
Coordinated Bust of Dark-Web Dealers Yields 150 Arrests in U.S., Europe (Wall Street Journal) The Justice Department and European police authorities used evidence drawn from the world’s largest illegal online marketplace after it was taken down in January.
Authorities arrest 150 suspects who sold illegal goods on the dark web (The Record by Recorded Future) Law enforcement agencies from nine countries have arrested 150 suspects who sold illegal goods on the dark web, Europol and the US Department of Justice announced today.
Global 'Operation Dark HunTor' dark web sting leads to 150 arrests (CyberScoop) The U.S. Justice Department and Europol announced Tuesday the arrest of 150 individuals allegedly involved in the sale of illegal drugs and other illicit goods on the dark web. The sweeping campaign, named Operation Dark HunTor, spanned 10 months, three continents, and involved more than 12 international law enforcement agencies.
FBI Raids Chinese Point-of-Sale Giant PAX Technology (KrebsOnSecurity) U.S. federal investigators today raided the U.S. offices of PAX Technology, a Chinese provider of point-of-sale devices used by millions of businesses and retailers globally. KrebsOnSecurity has learned the raid is tied to reports that PAX's systems may have been…
FBI Jacksonville, Homeland Security and other agencies investigating Southside business (104.5 WOKV) Agents with the Federal Bureau of Investigation and the Department of Homeland Security are investigating at a business on Jacksonville’s Southside.
US Citizens Sue Company That Processes Billions of Texts For Exposing Data (Vice) The plaintiffs hope to turn their lawsuits into class actions potentially representing millions of people against Syniverse.
A Chinese jet has caught the eye of Boeing and Airbus, but analysts say it's built on espionage (WBUR) Analysts say the plane is another example of China's industrial espionage.
Ninth Circuit bows out of NSA spying case (Courthouse News Service) The panel's order caps 12 years of litigation over the NSA's massive surveillance campaign in the wake of 9/11.