Industrial cybersecurity companies form coalition
The Operational Technology Cybersecurity Coalition will primarily work to advocate for standardized rules on industrial control systems used for critical infrastructure. The coalition will also work to create a way to standardized threat intelligence sharing between each other and the government. The group has five founding members: Claroty, Forescout Technologies, Honeywell, Nozomi Networks, and Tenable. The group plans to register as a trade association as part of its planned lobbying efforts, and will comment on proposed legislation impacting industrial security, as well as shape cyber guidelines from bodies like NIST.
(WSJ)
Microsoft disrupts ZLoader
The company obtained a court order to sinkhole 54 domains hardcoded to the organization behind the ZLoader botnet, as well as 319 domains ZLoader registered to create fallback channels. This was part of a months-long operation by Microsoft’s Digital Crimes Unit, done in coordination with multiple telecom providers and cybersecurity firms, including ESET, Black Lotus Labs, Avast, and Palo Alto Networks. ZLoader first emerged as a banking trojan in 2015, based on the leaked Zeus v2 trojan source code from 2011, but had evolved over time with more sophisticated capabilities. Recently it had been used to deliver payloads for the Ryuk and Egregor ransomware organizations.
T-Mobile hired someone to get their data back
Last year, T-Mobile confirmed that a data breach impacted the personal data of 30 million customers, with the data for sale online. Recently unsealed court documents show that the company hired a third-party which paid $200,000 in cryptocurrency to obtain the data and prevent a further leak. The data was obtained from a seller on RaidForums on the condition that the seller delete their copy, but court records state the seller continued to attempt to sell it again. The court records show that T-Mobile hired the third-party to work toward recovering the data, although it’s not clear if it authorized them directly to pay the seller.
(Vice)
Ransomware insurance claims drop in Q1
According to the Corvus Risk Insights Index research report, ransomware claims made to insurance providers decreased 30% on the quarter in Q1. The report cites several reasons involving Russia for the decrease. The report claims Russia’s invasion of Ukraine forced many Ukrainian nationals involved in ransomware activity to relocate for their own personal safety. It also speculated that the conflict caused splits within Russian-affiliated ransomware groups, most publicly the Conti ransomware group has been experiencing this. And finally the arrest of REvil ransomware operators by the Russian government likely discouraged overall cybercrime in the country to a certain extent.
Thanks to our episode sponsor, Code42
Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn more at Code42.com/showme.
Barracuda Networks shifts private equity hands
The private equity firm KKR announced it intends to buy Barracuda Networks from Thoma Bravo in a deal Reuter’s sources say is valued at $4 billion. The deal is set to close by the end of the year. Private firms have taken a lot of interest in security firms in recent months. Thoma Bravo itself agreed to buy the security firm SailPoint Technologies earlier this week for $6.9 billion, while the security solutions provider Datto was taken private by Insight Partners in a deal worth $6.2 billion.
(Reuters)
Crypto researcher went to North Korea, all he go was this lousy prison sentence
Former Ethereum Foundation member Virgil Griffith pleaded guilty to conspiring to help North Korea evade US sanctions using cryptocurrency. He was sentenced to five years in prison and fined $100,000, the minimum sought by prosecutors. Griffith traveled to North Korea through China in 2019 to speak at the Pyongyang Blockchain and Cryptocurrency Conference after being denied permission to go by the US State Department. At the time of his arrest, the Ethereum Foundation said it did not approve or support his travel.
(BBC)
DuckDuckGo launches a browser
The makers of the privacy-focused search engine launched an invite-only beta for the DuckDuckGo for Mac browser. The WebKit-based browser will automatically manage cookie consent pop-ups, use HTTPS whenever available, block trackers, and allow for site-by-site clearing of store data. It also includes a password manager, with syncing between browsers planned as a future feature. Because this is tied to WebKit, the browser engine would be tied to MacOS releases for feature and security updates. DuckDuckGo said a Windows version is coming soon. If it follows the same approach as it does on the Mac, this could use Microsoft’s Edge WebView2 as its browsing engine.
Microsoft patches two zero-days
With the advent of Microsoft’s Autopatch, the impact of Patch Tuesdays might fade into a mild tech history curiosity. But right now they are still vitally important. Microsoft released over 100 security fixes this Patch Tuesday, with 10 vulnerabilities classified as critical. This list included two zero-day exploits. One zero-day involved the WIndows User Profile Service, although Microsoft said its high complexity required an attacker to win a race condition to exploit. The second involved the Windows Common Log File System Driver, with low complexity and showed signs of being actively exploited. The Zero Day Initiative found the patch volume similar to Q1 2021.
(ZDNet)