Public-sector mega-vendor Tyler admits it was hacked

The largest provider of software and services to the public sector in the United States said on Wednesday that it was hacked by unknown assailants who accessed the company’s phone and IT systems. Tyler Technologies said it doesn’t know who the assailants are. While most consumers may not have heard of Tyler, you’ve almost certainly interacted with them: Tyler’s software supports public sector functions such as 311 systems, inspections, permitting, and utility billing. Many local governments across the U.S. use its resource planning technology as well.

(Security Ledger)

ByteDance asks courts to block Trump order against TikTok

It’s a move that’s been anticipated since last Friday, when President Donald Trump ordered U.S.-based app stores to stop distributing the super-popular video social network by September 27. TikTok’s Chinese parent company ByteDance formally has requested that U.S. courts stop Trump’s demand from taking effect. In the court filing, ByteDance makes similar legal arguments that a group of WeChat users used successfully on Sunday to win a preliminary injunction against Trump’s interference.


Shopify says insiders to blame for stealing customer data

Two rogue members of Canadian e-commerce giant Shopify are responsible for allegedly stealing customer names, postal addresses and order details, from what the company describes as “less than 200 merchants.” While Shopify declined to state how many merchants were affected, it did say that financial data belonging to them and their customers remained unaffected.


Dark Web sting nabs hundreds in U.S and Europe

Experts are calling it one of the biggest takedowns of dark-web commerce to date. An international joint law enforcement action against organized crime called Operation DisrupTor has arrested 179 alleged drug traffickers and seized more than 1,000 pounds in drugs, including opioids, and millions of dollars in cash and virtual currencies. More than two-thirds of the arrests were in the U.S.


Thanks to this week’s sponsor, Trusona

Trusona enables enterprises to secure and simplify user access by removing passwords from the Windows 10 login experience. With a single desktop sign-in using Trusona’s passwordless MFA, employees are automatically authenticated into Office 365 or their SSO, giving them secure access to all of their corporate applications. Give your workforce a solution they don’t have to work around.

CrowdStrike acquires Preempt Security for $96 million

Zero trust is a big deal in enterprise security, and it’s worth $96 million to cloud-security giant CrowdStrike. The Silicon Valley cybersecurity company acquired zero-trust and identity-based, conditional-access specialists Preempt Security to bolster its threat prevention and real-time access control offerings. The deal is expected to close before the end of CrowdStrike’s fiscal third quarter.

(Seeking Alpha)

Cybercrime and APT operations in India are on the rise

Cyber-attacks from India are on the rise, thanks to economic, political, and social factors. That’s the latest from threat research company IntSights, which says that growing economic and geopolitical tensions with China and Pakistan are fueling a spike in online narcotic sales, extortion scams, and hacktivist campaigns, as well as more sophisticated hackers-for-hire groups and advanced persistent threat actors.

(Dark Reading)

DHS issues warning on open-source DIY malware LokiBot

LokiBot attacks have skyrocketed over the past two months, say federal and state officials. The open-source, roll-your-own malware suite targets passwords and cryptocurrency wallets on Windows computers is most often sold or traded in underground forums. Officials believe that its rise is due to how dead-easy it is to use.

(Ars Technica)

Google’s Chronicle gets threat detection

Will computers be safer at Google-scale? That’s what the company is hoping for, as it adds threat detection to its Chronicle cybersecurity investigations platform. The Chronicle Detect offering uses data to protect digital assets, including analyzing data stored on third-party cloud servers.