KrebsOnSecurity says that Experian has patched an API flaw in a partner website that exposed individuals' credit ratings. The researcher believes the flaw may persist, unaddressed, in other partners' APIs.
IBM reviews the history and activity of the REvil ransomware gang (also known as Sodinokibi), a new-breed mob as interested in stealing information as it is in encrypting it.
As the US Department of Justice organizes its anti-ransomware task force, a report by the Institute for Security and Technology offers forty-eight recommendations. Prominent among them are calls for close international regulation of cryptocurrencies and assistance for victims who refuse to pay ransom.
May 7th is Quds Day, Jerusalem Day, observed by the Islamic Republic of Iran. By coincidence this year it falls near Israel's own Jerusalem Day, May 10th, which commemorates Israel's unification of the city during the Six-Day War. The Times of Israel reports that Israel's National Cyber Directorate has issued an alert to expect Iran-associated cyberattacks in connection with the observances. The Directorate expects any cyberattacks this year to be more ambitious than the customary website defacements.
Interfax quotes senior Russian official Andrei Krutskikh the effect that it would be technologically impossible for the US to mount an undetected cyberattack in retaliation for Russia's SolarWinds campaign (which Russia doesn't admit it conducted). "It's all stupidity," Krutskikh said: anything the Americans might try, Russia will surely see coming.
Bipartisan sentiment grows in the US Congress for establishing a cyber reserve that could surge for incident response, Defense News reports.