Authorities Bust Seventeen People for Running a Botnet Affecting Nearly 500,000 Victims
DOJ busts crypto hackers who stole $243M, German cops shutter 47 exchanges used by cybercrims, Malicious actors stole $26M from BingX, Hackers post stolen data on Telegram chatbots, FTC says social media is a "vast surveillance" sea, UK victims sue NSO Group, Disney dumps Slack after hack, much more
First, a word from our sponsor Anchore
Learn the building blocks for adopting a secure software factory model in this webinar. The Department of Defense (DoD) software factory model has emerged as a cornerstone of innovation and security for national defense and cybersecurity. Software factories represent an integration of principles and practices found within the DevSecOps movement, with technical guidelines to support continuous cyber-readiness with real-time visibility.
Explore the building blocks for adopting a software factory model with firsthand insights from Platform One and Black Pearl in this on-demand webinar.
Europol announced that European and Latin American law enforcement arrested 17 suspects in a bust aimed at a criminal phishing network that has claimed nearly half a million victims.
Among those arrested was the Argentinian administrator of the phishing platform iServer, through which the alleged criminals engaged in unlocking lost or stolen mobile phones. The cyber firm Group-IB, which aided law enforcement in the crackdown, said the platform was called iServer.
“Investigators reported 483,000 victims worldwide, who had attempted to regain access to their phones and been phished in the process,” Europol said. “The victims are mainly Spanish-speaking nationals from European, North American and South American countries.”
For the operation, Europol joined forces with law enforcement agencies in Argentina, Chile, Colombia, Ecuador, Peru, and Spain, as well as Ameripol, a police organization for the Americas, and EL PACCTO, a joint European-Latin American organization that cooperates on transnational crime. It was the first Europol-Ameripol team-up. Europol shared information with law enforcement that it obtained from Group-IB.
The crackdown took place between Sept. 10 and this Tuesday, and in addition to the 17 arrests, notched 28 searches and 921 items seized, mobile phones, mainly, and other electronic devices, vehicles, and weapons. (Tim Starks / Cyberscoop)
Related: Europol, Cybernews, The Cyber Express, Telecompaper, The Record, Group-IB, PR Newswire, Ars Technica, Bleeping Computer
The US Justice Department arrested two people, Malone Lam, 20, a citizen of Singapore who lives in Miami and Los Angeles, and Jeandiel Serrano, 21, of Los Angeles, following an investigation into a $243 million heist in which the accused thieves allegedly sought to pass thousands of bitcoin through mixing services.
On Aug. 19, a creditor of defunct trading firm Genesis fell victim to a sophisticated social engineering scam after being contacted by a spoofed number that posed as a member of Google support, according to information first reported by blockchain sleuth ZachXBT.
The victim was convinced to reset their Gemini two-factor authentication settings and send funds to a compromised wallet. Transaction tracing analyzed by ZachXBT shows that the $243 million was split across multiple wallets before being sent to more than 15 exchanges.
Lam and Serrano were part of a trio of hackers, including another conspirator, Veer Chetal. Under the handles Hackers Greavys (Iam), Wiz (Chetal), and Box (Serrano), they used spoofed numbers and fake support calls to pose as Google and Gemini representatives.
Another player in the game was Danny Trauma, known as Meech in Telegram chats. His role isn’t entirely clear, but it’s known that he had access to multiple bankruptcy databases. His ex-girlfriend leaked all of his photos, so his identity is no secret.
Zach shared a private video where the hackers celebrated after receiving the funds. Wiz, who received a majority of the stolen funds, screwed up during a screenshare by accidentally saying his real name. If that wasn’t enough, his partners were heard calling him “Veer” in audio recordings and chats.
Greavys lived large, buying over 10 luxury cars and splashing out hundreds of thousands of dollars at clubs in Los Angeles and Miami.
Some nights, he dropped between $250,000 and $500,000, even handing out Birkin bags like they were nothing. (Oliver Knight / CoinDesk and Jai Hamid / Cryptopolitan)
Related: Justice Department, News7Miami, Broward FL Mug Shots, The Block, Benzinga, Crypto Briefing, The Record, CryptoPotato
In a series of actions they call Final Exchange, Germany’s federal criminal police office, Frankfurt’s main prosecutor’s office, and the country’s office for combatting cybercrime say they shuttered 47 cryptocurrency exchanges, accusing them of knowingly allowing an “underground economy” for cybercriminals to flourish and are now turning their attention to its potentially criminal users.
The authorities allege that the exchanges' users include ransomware, botnet operators, and black market traders who use the services to convert money obtained through criminal means into the “regular currency cycle.”
The websites of the seized cryptocurrency exchanges now display a clear warning from the German government:
“We have found their servers and seized them – development servers, production servers, backup servers. We have their data – and therefore we have your data. Transactions, registration data, IP addresses,” the authorities wrote.
The German authorities suggested that a widespread prosecution wouldn’t be possible as many of these perpetrators reside in other countries.
“Since cybercriminals often reside abroad and are tolerated or even protected by some countries, they often remain inaccessible to German law enforcement,” it wrote.
It is alleged that one of the seized cryptocurrency exchanges, Xchange.cash, had been active since 2012, facilitating nearly 1.3 million transactions for 410,000 users. (Brayden Lindrea / Cointelegraph)
Related: BKA.de, Bitcoin.com, CCN, Techopedia
The Singapore-based crypto exchange BingX has confirmed it suffered a “minor asset loss” after “suspicious” outflows from one of its hot wallets were noticed online, with losses totalling more than $26 million.
In a Sept. 20 X post, BingX chief product officer Vivien Lin said that the BingX technical team “detected abnormal network access” at around 4:00 am Singapore time and suspected a “hacker attack on BingX’s hot wallet.”
“We immediately started our emergency plan, including the urgent transfer of assets and [withdrawal] suspension,” Lin added.
She said BingX stored a minimal amount of crypto in its hot wallets and that “there has been minor asset loss, but the amount is small and still being calculated.”
Blockchain security firm PeckShield had earlier posted on X that it observed a “suspicious significant fund outflow” from BingX totaling over $13.5 million. It later revised this estimate to $26.7 million, while analytics platform Lookonchain reported estimated losses of more than $26 million.
Lin added that the exchange temporarily suspended withdrawals while it conducted an “emergency inspection and [strengthens] wallet services.” She said withdrawals will be restored within 24 hours “at the latest.”
In a separate post, Lin said BingX would “fully compensate” for the losses and that user assets were safe. She reiterated that the loss was “minimal and manageable” and wouldn’t affect its business operations. (Jesse Coghlan / Cointelegraph)
Related: BingX, The Block, BeInCrypto, CoinDesk, crypto.news, CCN, The Crypto Times, Crypto Briefing, Crypto Potato, The Crypto Basic, Coinpedia FinTech, Cryptopolitan
Stolen customer data, including medical reports from India's biggest health insurer, Star Health, is publicly accessible via chatbots on Telegram, just weeks after Telegram's founder was accused of allowing the messenger app to facilitate crime.
The purported creator of the chatbots told UK security researcher Jason Parker that private details of millions of people were for sale and that samples could be viewed by asking the chatbots to divulge.
Star Health and Allied Insurance said it has reported alleged unauthorized data access to local authorities. It said an initial assessment showed "no widespread compromise" and that "sensitive customer data remains secure."
Using the chatbots, Reuters was able to download policy and claims documents featuring names, phone numbers, addresses, tax details, copies of ID cards, test results and medical diagnoses.
The use of Telegram chatbots to sell stolen data demonstrates the difficulty the app has in preventing nefarious agents taking advantage of its technology and highlights the challenges Indian companies face in keeping their data safe.
The Star Health chatbots feature a welcome message stating they are "by xenZen" and have been operational since at least Aug. 6.
Parker said he posed as a potential buyer on a online hacker forum where a user under the alias xenZen said they made the chatbots and possessed 7.24 terabytes of data related to over 31 million Star Health customers. The data is free via the chatbot on a random, piecemeal basis, but for sale in bulk form. (Christopher Bing and Munsif Vengattil / Reuters)
Related: Business Today, The New Indian Express, Benzinga, The Daily Star, InfoTechLead, Pune.News, Hindustan Times
The US Federal Trade Commission said it found that several social media and streaming services engaged in “vast surveillance” of consumers, including minors, collecting and sharing more personal information than most users realized.
The findings come from a study of how nine companies, including Meta, YouTube, and TikTok, collected and used consumer data. The sites, which mostly offer free services, profited off the data by feeding it into advertising that targets specific users by demographics. The companies also failed to protect users, especially children and teens.
The FTC said it began its study nearly four years ago to offer the first holistic look into the opaque business practices of some of the biggest online platforms that have created multibillion-dollar ad businesses using consumer data. The agency said the report showed the need for federal privacy legislation and restrictions on how companies collect and use data.
“Surveillance practices can endanger people’s privacy, threaten their freedoms, and expose them to a host of harms, from identity theft to stalking,” said FTC Chair Lina Khan. (Cecilia Kang / New York Times)
Related: Federal Trade Commission, Federal Trade Commission, The Record, Gizmodo, NBC News, The Guardian, Axios, Los Angeles Times, CBS News, The Verge, BleepingComputer, Engadget, AdExchanger, Gizmodo, Tech in Asia, Geek News Central Podcast, Breitbart, Office of Commissioner Alvaro M. Bedoya, Techstrong ITSM, Social Media Today, Los Angeles Times, The Register, Capital Brief, Bloomberg, Axios, Android Police, How-To Geek, SiliconANGLE, Washington Post, Reuters, Washington Post, CBS News, ZDNET, MediaPost, DeviceSecurity.io, PetaPixel, NBC News, The Hill, Scioto Valley Bloomberg Law, The Record, Werd I/O, Android Authority, Silicon Republic, PCMag
Four people in the UK who were surveilled with Pegasus spyware have filed a criminal complaint with London police against its manufacturer and a dissolved private equity firm that previously held a majority stake in the spyware company.
The hacking of the activists' and journalists' phones occurred between 2018 and 2020, according to the Global Legal Action Network (GLAN), which helped the victims bring the complaint Wednesday against Pegasus maker NSO Group, former parent Novalpina Capital, and other entities.
GLAN said that the countries responsible for the Pegasus infections are believed to be the Kingdom of Saudi Arabia (KSA), the United Arab Emirates (UAE), and the Kingdom of Bahrain.
According to GLAN, the alleged perpetrators violated the U.K.’s Computer Misuse Act, which delineates legal and illegal access to computer systems and their data.
“Each of the accused had responsibility for the decision to sell Pegasus software to states which are notorious for their human rights abuses and persecution of human rights defenders,” the blog post said. Unnamed individuals are also targets of the complaint.
The victims include the leader of a British foundation that has been critical of the UAE; a journalist who is a prominent critic of the Saudi monarchy; a mosque leader who has publicly opposed the UAE; and an activist who publicly highlights human rights abuses in Bahrain. (Suzanne Smalley / The Record)
Related: GLAN, GLAN, Middle East Eye, The Register, The Intercept
US authorities announced the disruption of the Chinese espionage Flax Typhoon botnet on the same day Black Lotus Labs, the research unit of Lumen Technologies shared details on the botnet, which has been named Raptor Train.
According to the US government, a Chinese firm named Integrity Technology Group is behind this APT.
Over the last four years, the Raptor Train botnet has ensnared an estimated 260,000 routers, network-attached storage (NAS) devices, and IP cameras. The compromised devices, over 20 models, were located in the United States and elsewhere and were hacked using zero-day and n-day vulnerabilities.
According to Black Lotus Labs, at its peak in June 2023, the botnet was powered by over 60,000 devices.
The botnet, which leverages a custom version of the notorious Mirai malware, can enable its operators to route traffic, conduct DDoS attacks, and deliver other malware.
Black Lotus Labs has seen Raptor Train being used to target critical sectors in the US and Taiwan, including military, government, higher education, telecommunications, and defense industrial base.
The US Justice Department said that a court-authorized law enforcement operation was conducted to disrupt the botnet. (Eduard Kovacs / Security Week)
Related: Lumen, BankInfoSecurity, Dark Reading, Security Affairs, Hoodline, Bleeping Computer, Ars Technica
The Rhysida gang is demanding $6 million in Bitcoin from the Port of Seattle, the operator of the Seattle-Tacoma International Airport, for documents they stole during a cyberattack last month and posted on the dark web this week and the Port of Seattle has decided not to pay.
Lance Lyttle, the port’s managing director of aviation, told a US Senate committee that the airport appears to have stopped the attack, but the hackers were able to encrypt some data. (Associated Press)
Related: Simple Flying, The Seattle Times, KIRO7
Disney plans to discontinue using Slack as a companywide workplace collaboration system after a hacking entity stole and leaked more than a terabyte of company data online.
The company’s Chief Financial Officer, Hugh Johnston, announced the planned change in an internal memo this week. The memo said most of Disney’s businesses would stop using the service later this year. The memo said many teams at the company had already started to transition to “streamlined enterprise-wide collaboration tools. "
The data leaked online this summer included financial and strategy information and personally identifiable information of some staff and customers. The trove of information that a hacking entity called Nullbulge released spanned over 44 million messages from Disney’s Slack workplace communications tool, upward of 18,800 spreadsheets, and at least 13,000 PDFs.
Nullbulge said it accessed Disney’s data through a company manager of software development, whose computer it compromised. The material appeared limited to public and private channels within Disney’s Slack to which one employee had access. (Robbie Whelan / The Wall Street Journal)
Related: Reuters, The Information, Status, NBC New York, Business Insider, PYMNTS.com, Tech.co, Tech-Economic Times, MediaNama, Fudzilla, The Cyber Express, Slashdot
This week, many GitHub users received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware.
Clicking on the link generates a web page that asks the visitor to “Verify You Are Human” by solving an unusual CAPTCHA. Clicking the “I’m not a robot” button generates a pop-up message asking the user to take three sequential steps to prove their humanity.
Step 1 involves simultaneously pressing the keyboard key with the Windows icon and the letter “R,” which opens a Windows “Run” prompt that will execute any specified program that is already installed on the system.
Step 2 asks the user to press the “CTRL” key and the letter “V” simultaneously, which passes malicious code from the site’s virtual clipboard. Step 3—pressing the “Enter” key—causes Windows to launch a PowerShell command and then fetch and execute a malicious file from github-scanner[.]com called “l6e.exe.”
PowerShell is a powerful, cross-platform automation tool built into Windows. It is designed to simplify the administration of automating tasks on a PC or across multiple computers on the same network.
According to an analysis at the malware scanning service Virustotal.com, the malicious file downloaded by the pasted text is called Lumma Stealer, and it’s designed to snarf any credentials stored on the victim’s PC.
This phishing campaign may not have fooled many programmers, who no doubt natively understand that pressing the Windows and “R” keys will open up a “Run” prompt, or that Ctrl-V will dump the contents of the clipboard. But it may have fooled some less tech-savvy users. (Brian Krebs / Krebs on Security)
Microsoft says a ransomware affiliate it tracks as Vanilla Tempest now targets US healthcare organizations in INC ransomware attacks.
INC Ransom is a ransomware-as-a-service (RaaS) operation whose affiliates have targeted public and private organizations since July 2023, including Yamaha Motor Philippines, the US division of Xerox Business Solutions(XBS), and, more recently, Scotland's National Health Service (NHS).
In May 2024, a threat actor called "salfetka" claimed to sell the source code of INC Ransom's Windows and Linux/ESXi encrypter versions for $300,000 on the Exploit and XSS hacking forums.
In a series of X posts, Microsoft said that its threat analysts have observed the financially motivated Vanilla Tempest threat actor using INC ransomware for the first time in an attack on the US healthcare sector.
During the attack, Vanilla Tempest gained network access through the Storm-0494 threat actor, who infected the victim's systems with the Gootloader malware downloader.
Once inside, the attackers backdoored the systems with Supper malware and deployed the legitimate AnyDesk remote monitoring and MEGA data synchronization tools.
The attackers then moved laterally using Remote Desktop Protocol (RDP) and the Windows Management Instrumentation Provider Host to deploy INC ransomware across the victim's network.
While Microsoft didn't name the victim hit by the Vanilla Tempest-orchestrated INC ransomware healthcare attack, the same ransomware strain was linked to a cyberattack against Michigan's McLaren Health Care hospitals last month.
The attack disrupted IT and phone systems, caused the health system to lose access to patient information databases, and forced it to reschedule some appointments and non-emergent or elective procedures "out of an abundance of caution." (Sergiu Gatlan / Bleeping Computer)
Related: Dark Reading, SC Media, Security Affairs,
Recorded Future’s Insikt Group reports that a prolific cybercrime group known as Marko Polo has compromised “tens of thousands of devices” worldwide through cryptocurrency and gaming-related scams.
The group primarily targets online gaming personalities, cryptocurrency influencers and technology professionals,"high-value targets," who are at risk of suffering significant financial losses if they fall for the scams.
Hackers from the group approach potential victims on social media, often posing as human resources or talent acquisition representatives. They lure targets with fake job opportunities and direct them to malicious websites, where they are tricked into downloading malicious software.
Marko Polo is a financially motivated "traffic team" — a group of organized individuals who redirect victims' online traffic to malicious content operated by other threat actors. The group primarily consists of Russian, Ukrainian and English speakers, with administrators and operators likely based in post-Soviet states. (Daryna Antoniuk / The Record)
Related: Recorded Future, Recorded Future, SC Media, Dark Reading
Apple released its latest computer operating system update, macOS 15, or Sequoia, and, according to social media posts, the software update has broken the functionality of several security tools made by CrowdStrike, SentinelOne, Microsoft, and others.
It’s unclear exactly what the issue is, but it appears to affect several products made by companies that provide software for macOS users and enterprises. This has caused frustration among people who work on and with macOS-focused security tools.
“As a developer of macOS security tools, it’s incredibly frustrating to time and time again have to deal with (understandably) upset users (understandably) blaming your tools for breaking their Macs, when in reality it was Apple’s fault all along,” said Patrick Wardle, the founder of Mac and iOS security startup DoubleYou, and a longtime expert on macOS security.
”We’re also tracking some similar issues with other vendors, and have feedback and a case in to Apple. While we would love for there to be a fast-follow patch that resolves this for us, we’re acting under the assumption there won’t be and we’ll need to fix it in our code with a sensor release,” the sales engineer wrote.
The engineer also said CrowdStrike sent out a “Tech Alert” to customers, adding that “there’s quite a lot going on with the changes in the network stack.”
On the day of macOS Sequoia’s release, a CrowdStrike sales engineer said in a Slack room for Mac admins that the company had to delay support for the new version of Mac’s operating system. “I’m very sorry to report that we will not be supporting Sequoia on day 1 in spite of our intention (and previous track record) to support the latest OS within hours of [General Availability],” the engineer said in the message
CrowdStrike spokesperson Kevin Benacci said that the company is “currently waiting for a macOS Sequoia update and will provide official support. We respectfully refer you to Apple for any additional questions. (Lorenzo Franceschi-Bicchierai / TechCrunch)
Related: Wacław Jacek, AppleInsider, 9to5Mac, mjtsai.com, Apple Support Community, r/macr, r/crowdstrike, r/MacOS, r/MacOS, MacRumors Forums, ESET Knowledgebase
GitLab has released security updates to address a critical SAML authentication bypass vulnerability impacting self-managed installations of the GitLab Community Edition (CE) and Enterprise Edition (EE).
Security Assertion Markup Language (SAML) is a single sign-on (SSO) authentication protocol that allows users to log in across different services using the same credentials.
The flaw, tracked as CVE-2024-45409 arises from an issue in the OmniAuth-SAML and Ruby-SAML libraries, which GitLab uses to handle SAML-based authentication.
Specifically, the flaw involves insufficient validation of key elements in the SAML assertions, such as the extern_uid (external user ID), which uniquely identifies a user across different systems.
An attacker can craft a malicious SAML response that tricks GitLab into recognizing them as authenticated users, bypassing SAML authentication and gaining access to the GitLab instance. (Bill Toulas / Bleeping Computer)
Related: Dark Reading
Australian hardware store chain Total Tools was the target of a data leak that is believed to have affected more than 38,000 people, with credit card numbers, emails, postal addresses and other important log-in details compromised.
The devastating leak is believed to have been at the hands of professional cyber hackers, with Total Tools’ parent company Metcash discovering the issue earlier this week.
The company has contacted its customers to inform them about the data leak and provide recommendations on how to keep their sensitive information safe.
Total Tools chief executive Richard Murray confirmed the incident but said he believed the cause of the data leak had since been fixed.
“The cyber incident has illegally compromised certain personal information, however Total Tools is confident that the cause of this incident has been removed from its website,” Murray said. (Jasmine Kazlauskas / News.com)
Related: Daily Mail, Inside Retail, News.com, Cyber Daily, 9News, The Canberra Times, Channel News, 7News
Ivanti warned that threat actors are exploiting another Cloud Services Appliance (CSA) security flaw in attacks targeting a limited number of customers.
Tracked as CVE-2024-8963, this admin bypass vulnerability is caused by a path traversal weakness. Successful exploitation allows remote unauthenticated attackers to access restricted functionality on vulnerable CSA systems (used as gateways to provide enterprise users secure access to internal network resources).
Attackers are using exploits that chain CVE-2024-8963 with CVE-2024-8190, a high-severity CSA command injection bug fixed last and tagged as actively exploited to bypass admin authentication and execute arbitrary commands on unpatched appliances.
Ivanti advises administrators to review alerts from endpoint detection and response (EDR) or other security software and configuration settings and access privileges for new or modified administrative users to detect exploitation attempts.
They should also ensure dual-homed CSA configurations with eth0 as an internal network to reduce the risk of exploitation drastically. (Sergiu Gatlan / Bleeping Computer)
Related: Ivanti, Security Affairs, Security Week, Cyber Daily, CIO News
Earlier this week, Russian anti-malware company Doctor Web (Dr.Web) disclosed a security breach after its systems were targeted in a cyberattack over the weekend.
Dr.Web disconnected all servers from its internal network after detecting "signs of unauthorized interference" to its IT infrastructure.
The company was also forced to stop delivering virus database updates to customers on Monday while investigating the breach.
Dr.Web stated that virus database updates resumed on Tuesday and added that the security breach didn't impact any of its customers.
"To analyse and eliminate the incident's consequences, we implemented a series of measures, including the use of Dr.Web FixIt! for Linux," the company said.
"The gathered data allowed our security experts to successfully isolate the threat and ensure that our customers remained unaffected by it." (Sergiu Gatlan / Bleeping Computer)
Related: Dr. Web, Dr. Web, Security Affairs, SC Media
CISA and the FBI urged technology manufacturing companies to review their software and ensure that future releases are free of cross-site scripting vulnerabilities before shipping.
The two federal agencies said that XSS vulnerabilities still plague software released today, creating further exploitation opportunities for threat actors even though they're preventable and should not be present in software products.
The cybersecurity agency also urged executives of technology manufacturing companies to promptly review their organizations' software to implement mitigations and a secure-by-design approach that could eliminate XSS flaws entirely.
To prevent such vulnerabilities in future software releases, CISA and the FBI advised technical leaders to review threat models and ensure that software validates input for both structure and meaning.
They should also use modern web frameworks with built-in output encoding functions for proper escaping or quoting. Detailed code reviews and adversarial testing throughout the development lifecycle are also advised to maintain code security and quality. (Sergiu Gatlan / Bleeping Computer)
Related: CISA, ExecutiveGov, Industrial Cyber
City officials say that a ransomware attack that crippled the city of Wichita’s network for more than a month starting in May was limited to a Wichita Police Department records system.
That means the Russian hacker group LockBit that claimed credit for the attack did not access bank card numbers, social security numbers or other private information about city customers or residents unless the Police Department kept those records as part of an investigation.
The breached records include potentially sensitive information about witnesses, victims, and suspects in 77,000 police cases. They included incident reports, arrest reports, supplemental reports, property reports, accident reports, and traffic citations, City Manager Robert Layton said.
Layton, who has previously avoided disclosing key details about the cyber attack, said on Wednesday that the city’s internal investigation is now considered closed so he can provide more information to the public. (Chance Swaim / The Wichita Eagle)
Missouri-based aviation executive Farhad Azima said he had settled with the law firm Dechert and two of its former senior attorneys over allegations they took part in a scheme to hack his emails and use them in court to destroy his business.
Lawyers' use of hackers to win cases has drawn increasing attention. A 2022 Reuters investigation showed how a group of mercenary hackers had targeted more than 1,000 different attorneys at more than 100 law firms worldwide.
In a statement, Azima said he was "extremely pleased" to announce that the New York lawsuit against Dechert and former Dechert lawyers Neil Gerrard and David Hughes had been settled.
The settlement terms were not disclosed, Representatives for Dechert said the claim, which they denied, had been settled "without admission of liability." (Raphael Satter / Reuters)
Google is introducing a Google Password Manager PIN that allows users to securely save and synchronize passkeys for use across Windows, macOS, Linux, and Android devices, which are currently available in beta on ChromeOS, with iOS support “coming soon.”
Prior to this update, passkeys needed to be saved to Google Password Manager on Android and required users to scan a QR code on their Android device to access them on other platforms.
The new PIN replaces the need to scan the QR code while ensuring that your saved passkeys remain protected by end-to-end encryption so that not even Google can access them. Users must either unlock their Android screen or use their Password Manager PIN to use passkeys on a new device. (Jess Wetherbed / The Verge)
Related: The Keyword, How-To Geek, PYMNTS.com, PCMag, Android Police, BetaNews, Google Help Center, Android Central, Thurrott, iPhone in Canada Blog, Engadget, Forbes, TechCrunch, Droid Life, The Tech Basic, 9to5Google, Android Authority, BleepingComputer
In a 26-page audit, the Department of Justice (DOJ) Inspector General Michael Horowitz outlined the department’s actions related to ransomware from April 2021 to September 2023, concluding that the Justice Department and FBI need to redefine what counts as success in fighting the scourge of ransomware.
The inquiry found three areas the DOJ and FBI need to improve on to fight ransomware more effectively.
The Justice Department needs a better way “to determine what metrics for the ransomware threat, including metrics tracking disruption efforts, are most impactful, and which demonstrate the effectiveness of its actions to combat the ransomware threat.”
Documents examined by the investigators found that “success” at the Justice Department concerning ransomware is based on increasing the percentage of reported ransomware incidents “where cases are opened, added to existing cases, resolved, or action was taken within 72 hours to 65 percent.”
The FBI said action was taken within 72 hours in 47% of ransomware incidents, an improvement on the 39% for 2022.
The FBI and DOJ also sought to increase the number of seizures or forfeitures in ransomware matters by 10 percent in 2022 and 2023.
“We believe the Department’s existing metrics for ransomware do not capture the effectiveness of its disruptive activities against malicious actors,” the investigators said. (Jonathan Greig / The Record)
Related: DOJ OIG, Executive Gov
Security validation company Picus Security announced it had closed a $45 million growth investment round.
Riverwood Capital led the round with the participation of existing investor Earlybird Digital East Fund. (Ingrid Lunden / TechCrunch)
Related: SiliconANGLE, Picus Security, SecurityWeek, BankInfoSecurity, Business Wire, FinSMEs
c/side, a cybersecurity company with tools for monitoring, optimizing, and securing vulnerable browser-side third-party scripts, announced it had raised $6 million in a seed venture funding round.
Uncork Capital led the round with participation from Mantis VC, Scribble Ventures, Roar Ventures, and PrimeSet. (Mike Wheatley / Silicon Angle)
Related: Techzine, Globe Newswire, FinSMEs, FinTech Global
Best Thing of the Day: Jen Calls It Like She Sees It
Software developers who ship buggy, insecure code are the true baddies in the cybercrime story, Jen Easterly, head of the US government's Cybersecurity and Infrastructure Security Agency, said during a keynote address at Mandiant's mWise conference.
Worst Thing of the Day: When Your Government Violates Your Civil Rights
The US Commission on Civil Rights (UCCR) asserts that the use of facial recognition technology by three federal agencies, the Department of Justice (DOJ), the Department of Homeland Security (DHS), and the Department of Housing and Urban Development (HUD), is deeply concerning, not sufficiently standardized, and not transparent enough.
Closing Thought
