Security News > 2021 > May

The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The crime gang announced it was closing up shop after its servers were seized and someone drained the cryptocurrency from an account the group uses to pay affiliates.

In-depth specialist training is an essential part of this, but it's also important to step back and take a wider view now and again, taking in emerging threats, new techniques, and getting a reality check on how your peers deal with the same problems facing you. First up on this year's schedule is Purple Team Summit and Training 2021, which runs from May 17 to May 28, on US Eastern Time.

Impacted vendors have released security advisories in response to the recently disclosed Wi-Fi vulnerabilities collectively tracked as FragAttacks. A dozen CVE identifiers have been assigned to the FragAttacks flaws discovered last year by researcher Mathy Vanhoef, including three for design flaws and nine for implementation flaws.

The DarkSide ransomware operation has allegedly shut down after the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet. In the post, 'Unkn' shared a message allegedly from DarkSide explaining how the threat actors lost access to their public data leak site, payment servers, and CDN servers due to law enforcement action.

The DarkSide ransomware operation has allegedly shut down after the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet. In the post, 'Unkn' shared a message allegedly from DarkSide explaining how the threat actors lost access to their public data leak site, payment servers, and DoS servers due to law enforcement action.

A security researcher has discovered a vulnerability that allows websites to track users across a number of different desktop browsers - including Apple Safari, Google Chrome, Microsoft Edge, Mozilla Firefox and Tor - posing a threat to cross-browser anonymity. Called "Scheme flooding," the flaw "Allows websites to identify users reliably across different desktop browsers and link their identities together," Konstantin Darutkin, a researcher and developer at FingerprintJS, said in a blog post published Thursday.

Application security startup ArmorCode emerged from stealth mode on Thursday after raising $3 million in a seed funding round. Founded in 2020 by CEO Nikhil Gupta and CTO Anant Misra, the Palo Alto, Calif.-based company has developed a platform designed to give enterprises more control over their application security environments.

FingerprintJS, maker of a browser-fingerprinting library for fraud prevention, on Thursday said it has identified a more dubious fingerprinting technique capable of generating a consistent identifier across different desktop browsers, including the Tor Browser. That means, for example, if you browse the web using Safari, Firefox, or Chrome for some websites, and use the Tor browser to anonymously view others, there is a possibility someone could link your browser histories across all those sessions using a unique identifier, potentially deanonymize you, and track you around the web.

Cisco this week announced the availability of patches for a high-severity vulnerability in AnyConnect Secure Mobility Client that could be exploited for code execution. Initially disclosed in November 2020, the flaw affects the interprocess communication channel of the secure VPN application and could be abused by a local attacker to cause an AnyConnect user to run a malicious script.

This year's DBIR analyzed 5,258 breaches from 83 contributors in 88 countries: about a third more breaches than were analyzed last year. In last year's report, DBIR forecast a possible increase in phishing, use of stolen credentials, ransomware and misconfiguration breaches.