Antivirus pioneer John McAfee found dead in Spanish prison
John McAfee, the creator of McAfee antivirus software, was found dead in his jail cell near Barcelona in an apparent suicide Wednesday, hours after a Spanish court approved his extradition to the United States to face tax charges punishable by up to 30 years in prison. McAfee was arrested last October at Barcelona’s international airport following charges the same month in Tennessee for evading taxes on unreported income from promoting cryptocurrencies while he did consulting work, made speaking engagements and sold the rights to his life story for a documentary. McAfee was discovered at the Brians 2 penitentiary in northeastern Spain. According to a statement from the Catalan government, security personnel tried to revive McAfee, but the jail’s medical team finally certified his death. McAfee was The 75 years old.
(AP News)
MITRE releases D3FEND framework
On Wednesday, the MITRE Corporation released the D3FEND framework which provides defensive techniques designed to counter the practices outlined within the industry-recognized ATT&CK matrix, which was issued by the not-for-profit organization back in 2015. The MITRE Corporation released a technical whitepaper describing the core principles and design behind the new framework, and along with the NSA, urges organizations to begin implementing these principles into their security plans as soon as possible. The NSA stated in a press release, “D3FEND establishes terminology of computer network defensive techniques and illuminates previously-unspecified relationships between defensive and offensive methods.”
(The Record and MITRE)
Tulsa issues fraud warning after police citation leak
On Tuesday, the Conti ransomware gang claimed responsibility for a May cyberattack on the City of Tulsa, Oklahoma that resulted in disruption to the City’s online billing and email systems and some of its websites. The City is warning residents that their personal data may have been exposed after Conti published nearly 19,000 City records, including police citations, online. The City issued a press release stating, “Police citations contain some Personal Identifiable Information (PII) such as name, date of birth, address and driver’s license number.” The City urged those potentially impacted to monitor their credit reports and statements and to be on the lookout for suspicious emails or texts claiming to be from the City.
Unpatched Linux marketplace bugs allow wormable and drive-by RCE attacks
Two zero-day vulnerabilities affecting Pling-based marketplaces could allow for some ugly attacks on unwitting Linux enthusiasts. The first vulnerability allows for wormable supply-chain attacks against Pling-based marketplaces including AppImage Hub, Gnome-Look, KDE Discover App Store, Pling.com and XFCE-Look. The second is a PlingStore app bug which makes it susceptible to drive-by remote code-execution (RCE) attacks which could be launched from any website while the app is running. According to a blog from Fabian Bräunlein with Positive Security, the Pling team could not be reached, “which is why we have decided to publish these unpatched vulnerabilities in order to warn users.” He urged users to avoid using PlingStore applications and affected websites until the issues have been fixed.
Thanks to our episode sponsor, RevCult
SonicWall (finally) fully fixes 2020 zero-day
According to experts from the Tripwire VERT security team, a critical vulnerability uncovered in late 2020 in SonicWall VPN appliances, and that could allow a remote attacker to steal sensitive data, was only partially patched last October. The experts discovered that SonicWall VPN appliances running several SonicOS and SonicOSv versions were still vulnerable to the remote code execution flaw tagged as CVE-2020-5135 which could be exploited by an unskilled hacker using an unauthenticated HTTP request. This vulnerability is considered especially dangerous given the increased use of VPN portals by organizations during the COVID-19 pandemic. SonicWall has now completely fixed the issue in an update rolled out on June 22.
Mollitiam Industries is marketing powerful new hacking tools
Mollitiam Industries, a secretive cyber intelligence firm, is promoting new hacking tools that can remotely monitor and take control of Android, MacOS and Windows devices. According to documents obtained by WIRED, the firm’s tools dubbed ‘Invisible Man’ and ‘Night Crawler,’ can remotely access a target’s files and location, log keystrokes, and control a device’s camera and microphone. Mollitiam also claims it has a tool which can monitor digital profiles and identities across social media and the dark web. While little is publicly known about real-world use cases for Mollitiam’s tools, articles published in South America imply that their tools are being leveraged in government and military spy operations.
(WIRED)
Belgium’s City of Liège Falls Victim to a Cyberattack
In the wake of a cyberattack on Belgium’s leading internet service provider (ISP), Belnet, which left well-known universities, public administrations, and research institutes reeling, the city of Liège has also now fallen victim to a large-scale targeted cyberattack. Public services related to population, births, weddings, nationalities, and burials among others, were affected due to the massive cyberattack. The Municipality stated that no new documents such as passports, driving licenses, or identity cards could be ordered. The nature of the attack and whether any data compromise occurred has yet to be reported. A month ago, Belgium introduced its Cybersecurity Strategy 2.0, aiming to keep its cyber defenses at par with evolving threats.
(CISO MAG)
Brave launches privacy-focused search engine
On Tuesday, Brave launched a beta version of their privacy-centric search engine to bring another alternative to finding the information you want on the web without sacrificing your data.
Among Brave Search’s impressive privacy feature set are no tracking or profiling of users, putting the user’s needs ahead of advertisers and data industries, an independent search index that does not rely on other providers, and no secret methods or algorithms to bias results. Users who wish to test the latest search engine can try it in any existing browser or as the default search engine within the Brave Browser.