Security News

The public preview for the Android apps for Windows 11 is now live in the US, allowing users to run Android apps natively on the Windows desktop. The feature relies on a new platform called Windows Subsystem for Android that runs Android apps in a virtual machine to provide compatibility with the Android Open Source Project and hardware input devices.

The San Francisco 49ers were recently kneecapped by a BlackByte ransomware attack that temporarily discombobulated the NFL team's corporate IT network on the Big Buffalo Wing-Snarfing Day itself: Superbowl Sunday. Joseph Carson, chief security scientist and advisory CISO at provider of privileged access management solutions provider Delinea, suggested to Threatpost that it's likely that an affiliate hacked the 49ers, as opposed to the authors behind the ransomware, given that BlackByte is an RaaS. BlackByte recently posted some files purportedly stolen from the team on a dark web site in a file marked "2020 Invoices." The gang hasn't made its ransom demands public.

The US Federal Bureau of Investigation revealed that the BlackByte ransomware group has breached the networks of at least three organizations from US critical infrastructure sectors in the last three months. "As of November 2021, BlackByte ransomware had compromised multiple US and foreign businesses, including entities in at least three US critical infrastructure sectors.," the federal law enforcement agency said [PDF].

The US government has added 15 vulns under active attack to a little-known but very useful public database: its Known Exploited Vulnerabilities catalogue. Building on numerous advisory notes over the past few years warning of currently exploited tools, the Cybersecurity and Infrastructure Security Agency now maintains a public list of vulnerabilities that are, or have been, actively exploited.

Democratic Senators Ron Wyden and Martin Heinrich, of Oregon and New Mexico respectively, on Thursday announced that in April 2021 they sent a co-signed letter [PDF] to director of national intelligence Avril Haines and CIA director William Burns, seeking expedited declassification of the Privacy and Civil Liberties Oversight Board's review of two CIA counterterrorism programs - named "Deep Dive I" and "Deep Dive II". The Deep Dives were made possible by Executive Order 12333 - a Reagan-era order that allows widespread data collection, and data-sharing with the CIA, in the name of national security. The senators wanted a review of the documents' status because they felt the CIA had conducted a bulk information collection effort that harvested data on US citizens - probably illegally.

Democratic Senators Ron Wyden and Martin Heinrich, of Oregon and New Mexico respectively, on Thursday announced that in April 2021 they sent a co-signed letter [PDF] to director of national intelligence Avril Haines and CIA director William Burns, seeking expedited declassification of the Privacy and Civil Liberties Oversight Board's review of two CIA counterterrorism programs - named "Deep Dive I" and "Deep Dive II". The Deep Dives were made possible by Executive Order 12333 - a Reagan-era order that allows widespread data collection, and data-sharing with the CIA, in the name of national security. The Senators wanted a review of the documents' status because they felt the CIA had conducted a bulk information collection effort that harvested data on US citizens - probably illegally.

Ransomware attacks are proliferating as criminals turn to gangs providing turnkey post-compromise services, Britain's National Cyber Security Centre has warned. The warning comes hot on the heels of several high-profile attacks against oil distribution companies and also businesses that operate ports in the West - though today's note insists there was a move by criminals away from "Big game hunting" against US targets.

The US Department of Justice announced that law enforcement seized billions worth of cryptocurrency linked to the 2016 Bitfinex cryptocurrency exchange hack. In 2016, the 119,756 bitcoins stolen during the attack were worth almost $78 million and are now valued at roughly $4.5 billion.

The United States Federal Communications Commission has revealed that carriers have applied for $5.6 billion in funding to rip and replace China-made communications kit. The applications were made under the Secure And Trusted Communications Reimbursement Program, which offers to reimburse carriers with under ten million subscribers to ditch kit from Chinese manufacturers Huawei and ZTE. The FCC and Congress want them to do so because the USA fears made-in-China comms kit contains backdoors that Beijing could exploit to either eavesdrop on communications or cut them off entirely.

The U.S. Department of Justice has announced the indictment of several India-based call centers and their directors for targeting Americans with Social Security, IRS, and loan phone call scams. The call centers allegedly placed scam robocalls that were rerouted through an already-indicted VoIP service provider to make it appear as if the calls were coming from U.S.-based entities.