Latest News

50 mins ago
Catalin Cimpanu / ZDNet

Ryuk Ransomware Changes Can Damage Some Types of Data and Cause Data Loss, Decryptor Fix in the Works but Victims Should Create Copies of Encrypted Files

Changes were made to one of the latest versions of the Ryuk ransomware that can damage some types of data, meaning that even if the victims pay up, some of their data may be lost researchers at Emisoft report. The antivirus researchers found a bug in the decrypter app of the Ryuk ransomware causes an incomplete recovery of some types of files, leading to data loss. Emisoft says it should be able to “fix” Ryuk decrypters to decrypt files without corrupting files and losing data. However, due to a second bug, the decryptor also deletes the original encrypted files, meaning victims can’t rerun the decryption operation with a “fixed” decryptor. Therefore, Emisoft urges victims to create copies of their encrypted files.

1 hour ago
David McCable and Mike Isaac / New York Times

Facebook Says It Will Not Open Up Encrypted Messaging Products to Authorities Saying Such Backdoors Will Leave Everyone More Vulnerable

In a letter to Attorney General William P. Barr, Facebook executives Will Cathcart and Stan Chudnovsky said the company would not open up the company’s encrypted messaging products to so-called lawful access by authorities arguing that such a backdoor would make their users less safe. Barr, the FBI and law enforcement agencies, have recently called for tech companies to build a backdoor into their products, euphemistically called lawful access by law enforcement, to gain access to encrypted communications. Virtually all security experts maintain that breaking encryption with such a backdoor will open Internet users to a variety of criminals and bad actors. “The ‘backdoor’ access you are demanding for law enforcement would be a gift to criminals, hackers, and repressive regimes, creating a way for them to enter our systems and leaving every person on our platforms more vulnerable to real-life harm,” the executives told Barr. The letter was sent ahead of a Senate hearing on Tuesday about encryption access, at which Facebook and Apple executives testified.

6 hours ago
FinSMEs

Cyber Risk Exchange Provider CyberGRX Raises $40 Million in Series D Round, Total Funding to Date Reaches $100 Million

Global cyber risk exchange provider CyberGRX has closed a $40 million Series D investment round led by Iconiq Capital, with participation from existing investors AllegisCyber, Bessemer Venture Partners, The Blackstone Group, ClearSky, GV, MassMutual Ventures, Scale Venture Partners and TenEleven Ventures. The company has raised a total of $100 million to date. CyberGRX provides enterprises and their third parties with a dynamic stream of third-party data and advanced analytics to help enable them to manage risk in their partner ecosystems.

7 hours ago
Joel Schectman and Christopher Bing / Reuters

White House Veterans, Former NSA Operatives and Beltway Insiders Helped Create UAE Spy Program Spearheaded by Former Counterterrorism Czar Richard Clarke, ‘DREAD’ Unit Evolved Into Project Raven

Former U.S. counterterrorism czar Richard Clarke worked as a consultant through his company Good Harbor Consulting to guide the United Arab Emirates (UAE) as it created a cyber-surveillance capability that would employ top American intelligence contractors to help monitor threats against the country. Clarke created a unit with the acronym DREAD, short for Development Research Exploitation and Analysis Department, which, in the years following 2008 expanded its hunt far beyond suspected extremists to include a Saudi women’s rights activist, diplomats at the United Nations and personnel at FIFA, the world soccer body. The unit ultimately became known among its American operatives as Project Raven, which used former NSA operatives and other elite American intelligence veterans to help the UAE spy on a wide range of targets through the previously undisclosed program. Clarke worked with at least five former White House veterans in creating DREAD and ultimately ceded control of it to U.S. contractors who helped keep DREAD’s contingent of Americans on the UAE’s payroll

8 hours ago
Catalin Cimpanu / ZDNet

Snatch Ransomware Now Reboots Infected Computers Into Windows Safe Mode to Evade Antivirus Software

The authors of the Snatch ransomware are now using a new technique to evade antivirus software and encrypt victims’ files without detection, researchers at Sophos report.  The new method involves rebooting an infected computer into Windows Safe Mode and running the ransomware’s file encryption process from there because most antivirus software does not start in Safe Mode. Sophos researchers also say that that unlike most ransomware gangs who are primarily focused on encrypting files and asking for ransoms, the Snatch crew also engages in data theft. Until recently, the only known ransomware infection by the Snatch crew was SmarterASP.NET, a web hosting company that said it had 440,000 customers. But Coverware, a company that specializes in extortion negotiations between ransomware victims and attackers, told Sophos they’ve privately handled ransom payments of $2,000 to $35,000 for Snatch ransomware infections on 12 occasions between July and October 2019.

8 hours ago
Tom Dotan / The Information

Apple’s Intelligent Tracking Prevention Feature Has Caused Advertisers to Lose Access to Lucrative Safari Audience, Only 9% of Safari Users Permit Web Tracking

Since Apple introduced what it calls its Intelligent Tracking Prevention feature in September 2017 and implemented subsequent updates, advertisers have largely lost the ability to target the lucrative advertising audience on Safari based on their browsing habits with cookies. The cost of reaching Safari users has fallen over 60% in the past two years, according to data from ad tech firm Rubicon Project. Safari makes up 53% of the mobile browser market in the U.S., and only about 9% of Safari users on an iPhone allow outside companies to track where they go on the web.

9 hours ago
Paul Sawers / Venture Beat

Microsoft Launches Campaign Views in Office 365 Advanced Threat Protection to Give Companies Greater Insight Into Phishing Campaigns

Microsoft has launched a new email security feature called Campaign Views as part of its Office 365 Advance Threat Protection (ATP) security suite designed to give businesses greater insights into phishing campaigns targeted at their workforce. With campaign views, companies can now look with greater visibility into phishing campaigns, including how attackers are targeting them and which users within the organization are most vulnerable. Campaign views can also highlight inherent weaknesses in companies’ security so they can take corrective action in the future.

9 hours ago
Lindsey O'Donnell / Threatpost

Two Romanian Hackers Who Operated Bayrob Theft Group Sentenced to 20 and 18 Years in Prison

Two Romanian hackers, Bogdan Nicolescu and Radu Miclaus, were sentenced to 20 years and 18 years in prison, respectively, or infecting 400,000 computers with malware that stole credentials and financial information and scammed victims out of millions of dollars. The pair was convicted in April by a federal jury in Ohio on 21 charges including conspiracy to commit wire fraud, conspiracy to traffic in counterfeit service marks, aggravated identity theft, conspiracy to commit money laundering and 12 counts each of wire fraud. The hackers allegedly operated a cybercrime ring called “Bayrob Group” out of Bucharest, Romania, which developed malware and distributed it through malicious emails to victims, purporting to be from companies like Western Union, Norton AntiVirus and the IRS. According to the Justice Department, the duo earned the two more than $4 million from their crimes.

24 hours ago
Catalin Cimpanu / ZDNet

Forum Users Create Tool to Bypass Microsoft Restrictions and Install Windows 7 Extended Security Updates

Users on an online tech support forum, My Digital Life, found a way to bypass Microsoft’s restrictions and allow the installation of Windows 7 Extended Security Updates on all systems and not just those who paid Microsoft’s fee. The official end of Windows 7 support is January 14, 2020. The Windows 7 Extended Security Updates (ESU) will deliver security updates to businesses that are still running Windows 7 computers past this date but only for a fee of $25 to $200 per workstation, but only for organizations with volume-licensing agreements and small-and-midsize businesses (SMBs). The forum’s users created a tool that circumvents the ESU key check operation and enables the installation of the test ESU.

1 day ago
Dell Cameron and Dhruv Mehrotra / Gizmodo

Potential Locations of up to Tens of Thousands of Ring Cameras Identified Through Posts Shared on Surveillance System’s Neighbors App

Following a series of articles that expose the privacy hazards of Amazon-owned Ring, a Gizmodo investigation has now identified the potential locations of up to tens of thousands of Ring cameras, casting further doubt on the effectiveness of the home surveillance service’s privacy safeguards. Privacy experts say the result of this most recent investigation offers some of the most “striking” and “disturbing” glimpses yet of Amazon’s privately run, omni-surveillance system that is spreading across America, thanks in part to aggressively pursued partnerships between Ring and local law enforcement. Based on an analysis of network traffic connected to nearly 65,800 individual posts shared by users of Ring’s Neighbors app, which included hidden geographic coordinates connected to each post, Gizmodo was able to pinpoint the location of the apps’ users within roughly a square inch of ground, despite Ring’s contention that users’ exact locations are obfuscated. Gizmodo was then able to produce detailed maps depicting the locations of tens of thousands of Ring cameras across 15 U.S. cities with varying degrees of accuracy. Ring did not refute that it was possible for anyone, armed with the data Gizmodo acquired, to pinpoint the exact locations of users’ homes. The company argues, however, that it secures the data between Ring devices and apps and that only the data users choose to share on the Neighbors app is accessible by the public or police.

1 day ago
Jim Little / Pensacola News Journal

‘Cyber Attack’ Cripples City of Pensacola Computer Systems, Many Phone Systems and Email Shut Down, Public Safety Still Operational

A “cyber attack” has crippled the city of Pensacola’s computer communication systems, and officials are working to determine whether personal data has been compromised. The attack has shut down many city systems, including phones and email at City Hall and some of the city’s other buildings. Once the attack became apparent, the city severed essential operations such as public safety services, which are still operational. The city is still reeling from a deadly shooting at NAS Pensacola on Friday morning, and officials say they don’t know if the two incidents are related.

1 day ago
Zack Whittaker / TechCrunch

Applications for Birth Certificate Copies Exposed Online Due to Unsecured AWS Storage Bucket

An unnamed online company that allows users to obtain a copy of their birth and death certificates from U.S. state governments exposed birth certificate applications for 752,000 people including their personal information because they were stored on an Amazon Web Services (AWS) storage bucket unprotected by a password researchers at Fidus Information Security discovered. The applications, which date back to 2017, contained the applicant’s name, date-of-birth, current home address, email address, phone number and personal historical information, including past addresses, names of family members and the reason for the application such as applying for a passport or researching family history. Fidus and TechCrunch sent several emails before publication to warn of the exposed data but received only automated responses, and no action was taken. Amazon said it would inform the customers of the problem.

1 day ago
Yuan Yang and Nian Liu / Financial Times

Beijing Orders All Government Offices and Public Institutions to Remove Foreign Computer Equipment and Software Within Three Years

In a blow to major U.S. technology companies such as HP, Dell, Microsoft, and others, the government of China has ordered all government offices and public institutions to remove foreign computer equipment and software within three years. The order, which apparently came from the Chinese Communist party’s Central Office earlier this year, is the first of its kind emanating from Beijing to switch to domestic technology vendors and echoes efforts by the Trump administration to curb the use of Chinese technology in the US and its allies. Analysts at broker China Securities estimate that 20m to 30m pieces of hardware will need to be swapped out as a result of the Chinese directive, with large-scale replacement beginning next year. The swap-outs are slated to take place at a pace of 30 percent in 2020, 50 percent in 2021, and 20 percent the year after, earning the policy the nickname “3-5-2.”

1 day ago
Shadab Nazmi / BBC News

Flaw in API for India’s Airtel Mobile App Exposed Personal Data of More Than 300 Million Users

A flaw in the Application Program Interface (API) of India’s third-largest phone carrier Airtel’s mobile app exposed the personal data of more than 300 million users, independent security researcher Ehraz Ahmed discovered. The exposed data included names, emails, birthdays, and addresses, along with the customers’ International Mobile Equipment Identity (IMEI) numbers. Airtel fixed the problem when the BBC brought it to the carriers’ attention.

1 day ago
Jack Stubbs, Guy Faulconbridge and Mark Hosenball / Reuters

UK’s NCSC Investigating Whether Documents That Surfaced on Reddit Showing Purported Plan to Sell Off Parts of NHS Were Hacked

Britain’s National Cyber Security Centre (NCSC), part of the GCHQ signals intelligence agency, is helping the government to investigate how classified documents shared online ahead of Thursday’s election got into the public domain and whether they were hacked. The investigation raises raised questions about the security of sensitive discussions between the United States and one of its closest allies. The documents purportedly show that Prime Minister Boris Johnson’s Conservatives were plotting to sell off parts of the state-run National Health Service (NHS) in trade talks with U.S. President Donald Trump. The documents originally surfaced on Reddit and then were promoted online closely resembled a disinformation campaign uncovered earlier this year on Facebook. Reddit announced that the document leak was tied to that previous Russian disinformation campaign discovered on Facebook.

2 days ago
Sergiu Gatlan / Bleeping Computer

Vietnamese Hackers Infiltrated BMW’s Networks Starting in Spring 2019 and Were Monitored to Track Their Activity Until Last Weekend, No Sensitive Data or Company Headquarters Computers Compromised

After spotting a legitimate instance of the Cobalt Strike penetration testing tool on a company computer, the German automotive giant BMW discovered and monitored a group of hackers who infiltrated the company’s networks and stayed active since at least the spring of 2019, researchers at Munich-based Bayerischer Rundfunk’s report. The hackers were allowed to remain active to monitor their actions and purpose.  Last weekend, BMW’s security team finally took down the compromised computers and blocked the attackers access to the network. No sensitive information was accessed during the infiltration, and no BMW headquarters computers were compromised, according to an anonymous security expert. The researchers say the networks of South Korean car manufacturer Hyundai were also under attack as part of the same campaign. The two sets of attacks shared tools, techniques, and procedures used by the Vietnamese threat group APT32, also known as OceanLotus or Cobalt Kitty, a group with an affinity for auto industry targets as of late.

2 days ago
Kevin Rawlinson and Aamna Mohdin / The Guardian

Reddit Says Anonymous Poster Who Leaked Documents Damaging to Conservative Party Was Part of Russian Campaign ‘Secondary Infektion,’ Suspends Subreddit and Sixty-One Accounts

An anonymous online poster called Gregoriator, who disseminated documents later used by Jeremy Corbyn as evidence the Conservatives would put the NHS “on the table” in US trade talks, was part of a campaign directed by Moscow, Reddit said.  Reddit said it as banning one subreddit, and 61 accounts under its policies against vote manipulation and misuse of the platform after determining the leaked documents were part of a Russian campaign called Secondary Infektion, which was discovered earlier this year by Facebook on its platform. Working with law enforcement, Reddit said it found the suspended accounts showed a pattern of coordination. The suspended account posted the documents in late October, and Labour leader Jeremy Corbyn presented the same documents last week to demonstrate that Boris Johnson would leave the NHS in tatters if the conservatives were to win the upcoming UK elections. The release of the document also puts pressure on Johnson to release a report that he has withheld on Russian meddling in UK politics.

3 days ago
Susan Heavey / Reuters

FTC Rules That Cambridge Analytica Violated the Law by Engaging in Deceptive Practices to Harvest Personal Information From Tens of Millions of Facebook Users

The Federal Trade Commission (FTC) found that now-defunct consulting firm Cambridge Analytica engaged in deceptive practices to harvest personal information from tens of millions of Facebook users for voter profiling and targeting. The FTC also found that Cambridge Analytica engaged in deceptive practices relating to its participation in the EU-U.S. Privacy Shield framework. The Commission found that Cambridge Analytica violated the FTC Act through the deceptive conduct alleged in the complaint. The FTC’s order prohibits Cambridge Analytica from making misrepresentations about the extent to which it protects the privacy and confidentiality of personal information, as well as its participation in the EU-U.S. Privacy Shield framework and other similar regulatory or standard-setting organizations. The FTC’s investigation into Facebook and Cambridge Analytica followed allegations that Facebook violated a 2012 consent decree by inappropriately sharing information belonging to 87 million users with Cambridge Analytica.

3 days ago
Makena Kelly / The Verge

TikTok Settles Within One Day Lawsuit Alleging It Collected and Exposed Personal Information on Minors, Agrees to Pay $1.1 Million

Viral online video company TikTok’s parent company ByteDance quickly settled a lawsuit that alleged TikTok in its former incarnation as Musical.ly collected and exposed the data and personal information of minors, in violation of the children’s privacy law. One day after the suit was filed, the company agreed to pay plaintiffs $1.1 million. The lawsuit alleged that TikTok failed to provide the proper safeguards to prevent children from using the app. If a minor under the age of 13 created an account, the app requested that they fill in personally-identifying information like their name, phone number, email address, photo, and bio, all of which were publicly available for others to see. The complaint against TikTok also alleges that the app collected the location data of its users, including minors, for close to a year between December 2015 and October 2016.

3 days ago
Catalin Cimpanu / ZDNet

Microsoft Found 44 Million Regular and Azure AD User Accounts Used Credentials That Leaked in Other Breaches

Between January and March 2019, the Microsoft threat research team scanned all Microsoft regular and Azure AD user accounts and found that 44 million users were employing usernames and passwords that leaked online following security breaches at other online services. Microsoft scanned user accounts using a database of over three billion leaked credentials, which it obtained from multiple sources, such as law enforcement and public databases. For those with leaked credentials, Microsoft forced password resets.

Podcasts

7 hours ago
Brakeing Down Cybersecurity

Noid and Dave Dittrich discusses recent keybase woes – Part 1

Brakesec is joined by @_noid_& @davedittrich to discuss the recent keybase issues and talk about security design and responsible disclosure.

8 hours ago
ITSP Magazine

It Is The Most Cybercriminal Time Of The Year | A Conversation Tonia Dudley & Daniel Eliot

It’s the holiday season, and that means open season for cybercriminals. Just like the Elves in Santas’ Shop they work extra time for you. Either you have been good or bad it doesn’t matter because we are all in for the hunt.

8 hours ago
Darknet Diaries

EP 53: SHADOW BROKERS

The NSA has some pretty advanced, super-secret, hacking tools. What if these secret hacking tools were to end up in the wrong person’s hands? Well, that happened.

8 hours ago
ISC StormCast

Another Word Maldoc; Snatch Ransomware; Ryuk Decryptor Fail; Sysmon DNS Rules @swiftonsecurity

Johannes Ullrich talks about Another Word Maldoc, Snatch Ransomware Reboots System Into Safe Mode To Disable Anti Virus, Ryuk Ransomware Decryptor May No Longer Work / Corrupt Documents, Extending Windows 7 Security Updates, Swift on Security Updates Sysmon Rules, RSA Webcast.

8 hours ago
Cybersecurity Law Podcast

Episode 292: Debating FISA 215 after Pensacola

Conservative legal experts discuss the week’s top news including whether the apparent terror attack at Naval Air Station Pensacola spurs a debate among our panelists about whether the FISA Section 215 metadata program deserves to be killed, China has resurrected the Great Cannon to attack a popular Hong Kong forum for protesters, lawsuits against TikTok, airport facial scans on U.S. citizens and more.

8 hours ago
Securiosity

More disclosures, less vulnerabilities

DHS has set the agenda for agencies when it comes to vulnerability disclosure programs, we will break down what it means. Firedome co-founder Sharon Mirsky talks about IoT security and the future of her company.

Spotlight











Cybersecurity Events

Dec. 11 FutureCon Nashville Cyber Security ConferenceNashville, TNUSA
Dec. 11Utility Cyber Security ForumChicago, ILUSA
Dec. 29-30Chaos Communications CongressLeipzigGermany
Jan. 6SANS Austin WinterAustin, TXUSA
Jan. 6FloConSavannah, GAUSA
Jan. 8EdgeConLong Branch, NJUSA
Jan. 10-12ICCSP 2020NanjingChina
Jan. 13-18SANS Miami 2020Miami, FLUSA
Jan. 20-23S4Miami, FLUSA
Jan. 22-23The Oil and Gas IoT Summit 2020LisbonPortugal
Jan. 24-25SH3LLCON 2020SantanderSpain
Jan. 27-31NextGen SCADA Global 2020BerlinGermany
Jan. 27-Feb. 1San Francisco East Bay 2020Emeryville, CAUSA
Jan. 30-Feb. 2ShmooconWashington, DCUSA
Feb. 18-19Rail Cybersecurity SummitLondonUK


Listen to Metacurity on Alexa

Metacurity now has over 500 monthly listeners, and thousands of plays for our ongoing summaries on Amazon Alexa.

Sign up on Alexa today and just ask “Alexa, what’s the latest in cybersecurity news!


Help Keep Metacurity Going – Become a Patron

Our server and development costs are eating away at our budget and Metacurity needs your help. Become a patron today and get goodies and exclusive content that is available only to our patrons! Visit patreon.com/metacurity now.