Ransomware gang threatens to expose police informants if ransom is not paid

The Babuk Locker gang claims it has downloaded more than 250 GB of data from the Metropolitan Police Department of the District of Columbia. It is now giving DC Police officials three days to respond to their ransom demand; otherwise, they say they will contact local gangs and expose police informants. The gang posted screenshots on Tor that suggest it had obtained access to investigation reports, officer disciplinary files, documents on local gangs, mugshots, and administrative files. The Babuk Locker gang is one of the most recent ransomware groups today and is behind the attack on the NBA’s Houston Rockets that we reported on yesterday. 

(The Record)

Vulnerabilities in Eaton product can allow hackers to disrupt power supply

Power management solutions provider Eaton has released patches for its Intelligent Power Manager (IPM) software to address several potentially serious vulnerabilities. Eaton’s IPM solution is designed to ensure system uptime and data integrity by allowing organizations to remotely monitor, manage and control the uninterruptible power supply (UPS) devices on their network. According to security advisories published by Eaton and CISA, the IPM product is affected by six high-severity vulnerabilities that can be exploited for SQL injection, command execution, deleting arbitrary files, uploading arbitrary files, and remote code execution.

(Security Week)

FBI shares four million email addresses used by Emotet with Have I Been Pwned

Now that Emotet has been removed from victim machines globally, the millions of email addresses collected by the botnet for malware distribution campaigns have been shared by the FBI as part of the agency’s effort to clean infected computers. Individuals and domain owners can now learn if Emotet impacted their accounts by searching the database. Given its sensitive nature, the Emotet data is not publicly searchable. Subscribers to the service that were impacted by the breach have already been alerted, says HIBP creator, Troy Hunt.

(Bleeping Computer)

FireEye recommends blocking internal traffic to AD FS servers over port 80 as soon as possible

In a blog post dated yesterday, FireEye is warning of a new threat in which threat actors are taking advantage of the increased use of cloud-based services such as Microsoft 365 to host applications and data to steal the Token Signing Certificate from an organization’s Active Directory Federation Services server to enable them to bypass MFA and access cloud services as any user, at any time. The best mitigation against this technique is to use the Windows Firewall to restrict access to port 80 TCP to only the AD FS servers in the farm, or if an organization has only a single AD FS server, then port 80 TCP should be blocked completely. Details are available at FireEye in the Threat Research area of their blogs.

(FireEye)

Thanks to our episode sponsor, Aptible

What do the compliance leaders at Datadog, Pagerduty, Fullstory, Sift, PartnerStack, and many other marque companies have in common? They all understand that the ultimate goal of their work is to build trust with customers. And that’s why they all use Aptible Comply to automate compliance management, and then they use the Rooms functionality to share their security documentation, making building customer trust easy. If you want to build trust like the best you can go to aptible.com/ciso to create your free Room now.

European police turn to Google ads to steer teenagers from a life of hacking

The program, called the Cyber Offender Prevention Squad (COPS), will target teenagers who exhibit behaviors that show they may be flirting with the idea of criminal hacking by using Google AdWords to pop up warnings to those who search for information on how to run a distributed denial-of-service attack, for instance, or how to conduct cybercrime. A spokesperson for the Dutch police was quoted as saying, “A Cambridge study showed us that Google advertisements were more impactful for potential offenders than, for instance, reading about someone who was arrested.”

(CyberScoop)

Smishing: Why text-based phishing should be on every CISO’s radar

Phil Richards, Chief Security Officer at Ivanti, discusses dramatic growth in smishing – SMS-based phishing on personal phones – in an article in Threatpost. He describes how much easier is is to reach employees on their personal phones than on well-protected company PCs, as well as the difficulty in verifying the authenticity of URLs on smartphones, the distracted way people use them, the significantly higher open rate and their overall lack of security. This, he says, makes it easier for employees to reveal corporate credentials, a goldmine for social engineering hacks like the one that occurred at Twitter last July.

(ThreatPost)

Apple iOS 14.5 update includes ‘app tracking transparency’ feature

The new iPhone update allows users to limit how much they are tracked for advertising purposes, something that does not sit well with FaceBook. Rolled out on Monday, it includes a new feature called AppTrackingTransparency, which will prompt iPhone users whenever an app wants to track them or access their phone’s advertising identifier. According to a statement it supplied to the New York Times, FaceBook said, “Free, ad-supported services have been essential to the growth and vitality of the internet, but Apple is trying to rewrite the rules in a way that benefits them and holds back everyone else.”

(MSN)

KrebsOnSecurity finds itself on Gartner’s “naughty quadrant”

Cybersecurity journalist and expert has found himself as a member of Gartner’s “Non-Exhaustive List of Competitors,” a blacklist of sorts that highlights online venues that are not allowed to promote Gartner reports about their products and services. Although flattered and a little mystified by the designation, given Gartner’s size and undisputed influence over the tech industry, Krebs wonders aloud on his blog, “what they’ll think of the coming collective output from an entire industry of newly emancipated reporters seeking more remuneration and freedom offered by independent publishing platforms like Substack, Patreon and Medium.”

(KrebsOnSecurity)