Cyber Security Headlines – July 27, 2021

No More Ransom project five-years in

The project was launched in 2016 as a public-private partnership between European law enforcement and security industry leaders McAfee, and Kaspersky. Five years into the project, it now boasts 170 members, and claims to have helped six million ransomware victims, saving over €1 billion in ransom payments. The project currently offers 121 free tools able to decrypt 151 ransomware families, with a Crypto Sheriff tool that attempts to match uploaded encrypted files to matched decryptors. 

(Bleeping Computer)

Google Cloud Commits to APIs

Whether consumer products or commercial APIs, Google has a reputation for abruptly killing services. To combat this image as an enterprise vendor, the company announced it will now designate a subset of APIs across the company as Google Enterprise APIs, which will be subject to strict guidelines about any change to them that would impact consumer software built around them. This will include APIs from Google Workspace, Google Maps, and “a majority” of Google Cloud. According to Google Cloud VP Kripa Krishnan, the program is “built on the principle that no feature may be removed or changed in a way that is backwards incompatible for as long as customers are actively using it.” 

(Protocol)

WhatsApp CEO details 2019 Pegasus spyware attack

CEO Will Cathcart said that the recently disclosed list of phone numbers allegedly targeted for spyware by NSO Group clients mirrored a similar incident WhatsApp defended in 2019. Back then, the platform found Pegasus spyware used to target 1400 WhatsApp users including senior government officials, journalists and human rights activists over a two week period. WhatsApp brought a lawsuit against NSO Group in 2019 for the attack that is still ongoing. The underlying facts in the case are not in dispute, rather if NSO or its “sovereign customers” are to blame for the use of its spyware. 

(The Guardian)

FTC asks for an extension on its amended Facebook lawsuit

Last month, Judge James E. Boasberg dismissed an FTC antitrust lawsuit against Facebook saying it failed to provide enough facts to back its claims, but giving the agency 30 days to refile. The FTC has now asked for a three-week extension through August 19th to amend the lawsuit. The FTC said in its filing that Facebook has already agreed to the extension. 

(NYTimes)

Thanks to our episode sponsor,
Varonis

What is your ransomware blast radius? The average user can access 17 million files. Varonis reduces your blast radius in days, not years. Combined with advanced detection that monitors every file touch, ransomware doesn’t stand a chance. Learn more at varonis.com/risk

Google releases Privacy Sandbox timeline

The company set a timetable for the rollout of its Privacy Sandbox initiatives, including its third-party cookie replacement FLoC. Currently only the spam and fraud prevention Trust Tokens API is in testing, scheduled to be ready for adoption in Q1 2022. FLoC and other digital ad APIs are scheduled to begin testing in Q4 2021, with a stage 1 transition period set to begin in Q4 2022. Google says the timeline will be updated monthly, and may be subject to change with the result of discussion on API proposals, additional testing, and deployment details. 

(9to5Google)

Far-right militias and white supremacists added to social media extremist content list

The Global Internet Forum to Counter Terrorism was founded by Twitter, Facebook, Microsoft, and YouTube in 2017 to share best practices and databases of terrorist content, with an initial focus on Islamist extremist organizations. The organization now plans to add content from white supremacists and far-right militias to its collective database, using lists of organizations from the Five Eyes intelligence-sharing group. Content will include attacker manifestors and links flagged by the UN Tech Against Terrorism initiative.

(Reuters)

Programming languages used to obscure malware

A new report by the BlackBerry Research and Intelligence Team found that threat actors are increasingly using Go, Rust, Nim and DLang to create new malware tools or rewrite existing ones. While Rust and Go are increasingly popular languages overall, the researchers found they were still effective at hindering analysis. While most malware monitored is still written in C, the report found APT28 and APT29 increasingly using Go for malware, which have used malware rewritten in the language since 2018. The initial stager for Cobalt Strike malware was also seen written in Go and Nim. The report found that using more obscure languages can make reverse engineer malware slower, prevent signature-based scanning, and better target multiple platforms.   

(ThreatPost)

Kaseya requires customers to sign NDA for ransomware decryptor

We previously reported that Kaseya “obtained” a universal decryptor for the REvil ransomware that hit its clients through a third-party. Several cybersecurity experts employed by Kaseya customers report that the company is requiring customers to sign non-disclosure agreements when accepting it. Many customers reported that access to the decryption solution was weeks too late, having already spend thousands of work hours recovering and resolving the situation. 

(CNN)


Rich Stroffolino
Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. Since 2015, he's worked in technology news podcasting and media. He dreams of someday writing the oral history of Transmeta.