Security News > 2021 > September

The dark web servers for the REvil ransomware operation have suddenly turned back on after an almost two-month absence. On July 2nd, the REvil ransomware gang, aka Sodinokibi, used a zero-day vulnerability in the Kaseya VSA remote management software to encrypt approximately 60 managed service providers and over 1,500 of their business customers.

You can tell iOS and iPadOS apps not to track your activity. After you've been running the latest update on your iPhone or iPad, start opening different apps as you normally would.

A just-patched, critical remote code-execution vulnerability in the Atlassian Confluence server platform is suffering wide-scale exploitation, the Feds have warned - as evidenced by an attack on the popular Jenkins open-source automation engine. Atlassian Confluence is a collaboration platform where business teams can organize its work in one place: "Dynamic pages give your team a place to create, capture, and collaborate on any project or idea," according to the website.

The privacy-hugging, end-to-end encryption-providing email provider ProtonMail was forced to log the IP address of a French activist and turn it over to Europol, according to a French police report that came to light over the weekend. French police sent a request to Swiss police via Europol and thus managed to force the company to hand over the IP address and device details of the French activist.

Hackers exploiting the recently disclosed Atlassian Confluence remote code execution vulnerability breached an internal server from the Jenkins project. While the attack is concerning because Jenkins is a popular open-source server for automating parts of software development, there is no reason that the project releases, plugins, or code have been impacted.

A bug in the McDonald's Monopoly VIP game in the United Kingdom caused the login names and passwords for the game's database to be sent to all winners. After skipping a year due to COVID-19, McDonald's UK launched their popular Monopoly VIP game on August 25th, where customers can enter codes found on purchase food items for a chance to win a prize.

Another alleged member of the TrickBot gang has been apprehended, this time when trying to leave South Korea, according to published reports.His arrest was the result of an investigation U.S. authorities began into TrickBot during his time in South Korea after the botnet was used "To facilitate ransomware attacks across the US throughout 2020," according to the report.

Cookies are on the menu today for the G7 as the UK's Information Commissioner's Office proposes to the group of leading global economies that consent pop-ups should be reduced. The ICO said it would call on fellow G7 data protection and privacy authorities - three of which used to be its fellow EU member states - to work together to overhaul cookie consent pop-ups to make people's privacy "More meaningfully protected" and help businesses offer "a better web browsing experience."

"Experts have embraced the merging of the two frameworks. John Bambenek, threat intelligence advisor at IT service management company Netenrich, told Threatpost that as it is, ATT&CK hasn't really shown security team what needs to be done,"besides buy more security products. "One of the holy grails of security is 'Are we doing a good job at X?'" he said during a recent visit to the Threatpost podcast.

Encrypted email service ProtonMail has become embroiled in a minor scandal after responding to a legal request to hand over a user's IP address and details of the devices he used to access his mailbox to Swiss police - resulting in the user's arrest. Police were executing a warrant obtained by French authorities and served on their Swiss counterparts through Interpol, according to social media rumours that ProtonMail chief exec Andy Yen acknowledged to The Register.