#security
- REvil's Kaseya Attack Is the Supply-Chain Ransomware Nightmare We Kept Warning About
REvil exploited a zero-day in Kaseya VSA to hit ~60 MSPs and over 1,000 downstream businesses, demanding $70M for a decryptor.
- FireEye Splits Itself in Two, Sells the Products Business to Private Equity
FireEye is selling its products division to Symphony Technology Group while keeping Mandiant, a deal that lands right as ransomware attacks dominate headlines.
- El Salvador Just Made Bitcoin Legal Tender. Now What?
El Salvador's Legislative Assembly voted to adopt Bitcoin as legal tender, a world first that raises real questions about volatility and infrastructure.
- Ransomware Just Took Down a Big Chunk of North America's Meat Supply
A ransomware attack on meat giant JBS shut plants across the US, Canada, and Australia, days after Colonial Pipeline showed critical infrastructure is fair game.
- Colonial Pipeline Is Running Again, But the Pain Isn't Over
Colonial Pipeline restarted operations after nearly a week offline, but gas shortages across the Southeast are taking days longer to clear.
- Colonial Pipeline Goes Dark: A Ransomware Gang Just Hit Critical Infrastructure
DarkSide ransomware forced Colonial Pipeline to shut down the pipeline supplying 45% of East Coast fuel, and reports say the company paid a $4.4 million ransom.
- Windows 10 Is Quietly Force-Upgrading You to Chromium Edge
Microsoft's April Patch Tuesday update is auto-replacing legacy EdgeHTML Edge with the Chromium-based browser on Windows 10 machines.
- 533 Million Facebook Accounts Just Leaked, and 'It's Old Data' Isn't the Comfort Facebook Thinks It Is
A scraped database of 533 million Facebook users' phone numbers and personal details surfaced free on a hacking forum, and Facebook is downplaying it.
- Fire Destroys OVH's Strasbourg Data Center, Takes Millions of Sites Offline
A fire at OVHcloud's SBG2 facility in Strasbourg destroyed the data center and forced a shutdown of SBG1, knocking millions of sites offline.
- Old Edge Is Gone, and So Is Flash
Microsoft's March Patch Tuesday quietly retired legacy Edge and expanded the rollout that strips Flash Player out of Windows for good.
- HAFNIUM Is Tearing Through Exchange Servers, and You Need to Patch Right Now
Microsoft disclosed active exploitation of multiple Exchange Server zero-days by the HAFNIUM group, and admins everywhere are scrambling to patch.
- Why 'Zero Trust' Became Security's Favorite Buzzword
Remote work is permanent and the perimeter is gone, so security teams are pitching zero trust architectures instead of trusting the corporate network.
- CD Projekt Red Hit by Ransomware, Attackers Claim to Have Source Code
CD Projekt Red says it was hit by ransomware; attackers claim to have stolen source for Cyberpunk 2077, The Witcher 3, and Gwent.
- SolarWinds Finally Patches Sunburst and Supernova
SolarWinds shipped fresh patches on January 25 addressing both the Sunburst backdoor and the separate Supernova malware found in its Orion platform.
- SolarWinds and the Uncomfortable Truth About Trusting Your Vendors
A joint FBI/CISA/NSA statement pins the SolarWinds breach on a likely Russian actor, and the technical details show just how deeply attackers can hide inside a trusted build pipeline.
- Parler Goes Dark After Apple, Google, and Amazon Cut the Cord
Apple, Google, and AWS pulled support from Parler within days of the Capitol riot, and the app has nowhere left to run.
- Twitter Pulls the Plug on @realDonaldTrump
Twitter permanently banned President Trump's account on January 8th, citing incitement risk after the Capitol riot, cutting off his 88.9 million followers.
- SolarWinds Has Everyone Staring Hard at the Software Supply Chain
In SolarWinds' wake, package registries and security researchers are pushing code-signing, provenance, and MFA for publishing to the front of the conversation.
- SolarWinds: How a Trusted Software Update Became a Backdoor Into the US Government
FireEye's disclosure of a compromised SolarWinds Orion update exposes one of the most consequential software supply-chain breaches yet.
- GitHub Reinstates youtube-dl After RIAA's DMCA Takedown Backfires
GitHub restored youtube-dl and launched a $1M developer defense fund after the EFF pushed back on RIAA's Section 1201 takedown claim.
- RIAA's DMCA Takedown of youtube-dl Roils Developers
The RIAA got GitHub to pull youtube-dl overnight, and developers are calling it a bad-faith abuse of DMCA Section 1201.
- Nitro PDF Breach Exposes 70 Million Email Addresses
Nitro's PDF service disclosed a breach exposing over 70 million email addresses and document titles, now circulating on hacking forums.
- TikTok Gets a Corporate Life Raft, WeChat Gets a Judge on Its Side
ByteDance's Oracle-Walmart deal aims to keep TikTok alive in the US, while a federal judge halts the WeChat download ban.
- Contact Tracing Goes Bluetooth: Inside the Exposure Notification API
Apple and Google's joint Exposure Notification API is now powering state and national COVID-19 apps, but adoption and privacy design remain hotly debated.
- Pressure to ban TikTok in the US keeps escalating
CFIUS scrutiny and talk of a forced ByteDance divestiture show the US moving closer to real action against TikTok.
- Twitter Just Had Its Worst Security Day in Years
A phone-based social engineering attack let hackers hijack roughly 130 verified Twitter accounts to run a bitcoin scam.
- India Pulls the Plug on TikTok and 58 Other Chinese Apps
India banned TikTok, UC Browser, WeChat, Helo and 55 other Chinese apps tonight, citing national security in the wake of the Galwan Valley clash.
- Zoom Reverses Course, Will Encrypt Free Calls Too
Zoom says free users will get end-to-end encryption after all, with phone verification required and beta testing starting in July.
- IBM Walks Away From Facial Recognition
IBM's CEO told Congress the company will stop selling general-purpose facial recognition software, citing surveillance and racial profiling risks.
- Apple and Google Flip the Switch on Exposure Notification
The joint Apple/Google Exposure Notification API is now live for public health agencies, running Bluetooth-based COVID exposure alerts at the OS level.