Dark Angels Ransomware Receives Record-Breaking $75 Million Ransom

“A Fortune 50 company paid a record-breaking $75 million ransom payment to the Dark Angels ransomware gang,” writes BleepingComputer’s Lawrence Abrams, citing a report (PDF) by Zscaler ThreatLabz. From the report: The largest known ransom payment was previously $40 million, which insurance giant CNA paid after suffering an Evil Corp ransomware attack. While Zscaler did not share what company paid the $75 million ransom, they mentioned the company was in the Fortune 50 and the attack occurred in early 2024. One Fortune 50 company that suffered a cyberattack in February 2024 is pharmaceutical giant Cencora, ranked #10 on the list. No ransomware gang ever claimed responsibility for the attack, potentially indicating that a ransom was paid.

Zscaler ThreatLabz says that Dark Angels utilizes the “Big Game Hunting” strategy, which is to target only a few high-value companies in the hopes of massive payouts rather than many companies at once for numerous but smaller ransom payments. “The Dark Angels group employs a highly targeted approach, typically attacking a single large company at a time,” explains the Zscaler ThreatLabz researchers. “This is in stark contrast to most ransomware groups, which target victims indiscriminately and outsource most of the attack to affiliate networks of initial access brokers and penetration testing teams.” According to Chainalysis, the Big Game Hunting tactic has become a dominant trend utilized by numerous ransomware gangs over the past few years.

Read more of this story at Slashdot.

Meta To Pay Record $1.4 Billion To Settle Texas Facial Recognition Suit

Meta will pay Texas $1.4 billion to settle a lawsuit alleging the company used personal biometric data without user consent, marking the largest privacy-related settlement ever obtained by a state. The Texas Tribune reports: The 2022 lawsuit, filed by Texas Attorney General Ken Paxton in state court, alleged that Meta had been using facial recognition software on photos uploaded to Facebook without Texans’ consent. The settlement will be paid over five years. The attorney general’s office did not say whether the money from the settlement would go into the state’s general fund or if it would be distributed in some other way. The settlement, announced Tuesday, does not act as an admission of guilt and Meta maintains no wrongdoing. This was the first lawsuit Paxton’s office argued under a 2009 state law that protects Texans’ biometric data, like fingerprints and facial scans. The law requires businesses to inform and get consent from individuals before collecting such data. It also limits sharing this data, except in certain cases like helping law enforcement or completing financial transactions. Businesses must protect this data and destroy it within a year after it’s no longer needed.

In 2011, Meta introduced a feature known as Tag Suggestions to make it easier for users to tag people in their photos. According to Paxton’s office, the feature was turned on by default and ran facial recognition on users’ photos, automatically capturing data protected by the 2009 law. That system was discontinued in 2021, with Meta saying it deleted over 1 billion people’s individual facial recognition data. As part of the settlement, Meta must notify the attorney general’s office of anticipated or ongoing activities that may fall under the state’s biometric data laws. If Texas objects, the parties have 60 days to attempt to resolve the issue. Meta officials said the settlement will make it easier for the company to discuss the implications and requirements of the state’s biometric data laws with the attorney general’s office, adding that data protection and privacy are core priorities for the firm.

Read more of this story at Slashdot.

HPE Set For Unconditional EU Nod For $14 Billion Juniper Deal

According to Reuters, Hewlett Packard Enterprise (HPE) is expected to secure unconditional EU antitrust approval for its $14 billion acquisition of networking gear maker Juniper Networks. From the report: HPE announced the deal in January, underscoring the rush by companies to upgrade and develop new products amid a sharp rise in artificial intelligence-driven services. The European Commission, which is scheduled to decide on the deal by Aug. 1, declined to comment. HPE was expected to underline the power of market leader and Juniper rival Cisco to allay any possible European Union competition concerns, other people with direct knowledge of the matter had previously told Reuters. The deal is also being assessed by Britain’s antitrust enforcer, with a decision due on Aug. 14.

Read more of this story at Slashdot.

Mike McQuaid on 15 Years of Homebrew and Protecting Open-Source Maintainers

Despite multiple methods available across major operating systems for installing and updating applications, there remains “no real clear answer to ‘which is best,'” reports The Next Web. Each system faces unique challenges such as outdated packages, high fees, and policy restrictions.

Enter Homebrew.

“Initially created as an option for developers to keep the dependencies they often need for developing, testing, and running their work, Homebrew has grown to be so much more in its 15-year history.” Created in 2009, Homebrew has become a leading solution for macOS, integrating with MDM tools through its enterprise-focused extension, Workbrew, to balance user freedom with corporate security needs, while maintaining its open-source roots under the guidance of Mike McQuaid. In an interview with The Next Web’s Chris Chinchilla, project leader Mike McQuaid talks about the challenges and responsibilities of maintaining one of the world’s largest open-source projects: As with anything that attracts plenty of use and attention, Homebrew also attracts a lot of mixed and extreme opinions, and processing and filtering those requires a tough outlook, something that Mike has spoken about in numerous interviews and at conferences. “As a large project, you get a lot of hate from people. Either people are just frustrated because they hit a bug or because you changed something, and they didn’t read the release notes, and now something’s broken,” Mike says when I ask him about how he copes with the constant influx of communication. “There are a lot of entitled, noisy users in open source who contribute very little and like to shout at people and make them feel bad. One of my strengths is that I have very little time for those people, and I just insta-block them or close their issues.”

More crucially, an open-source project is often managed and maintained by a group of people. Homebrew has several dozen maintainers and nearly one thousand total contributors. Mike explains that all of these people also deserve to be treated with respect by users, “I’m also super protective of my maintainers, and I don’t want them to be treated that way either.” But despite these features and its widespread use, one area Homebrew has always lacked is the ability to work well with teams of users. This is where Workbrew, a company Mike founded with two other Homebrew maintainers, steps in. […] Workbrew ties together various Homebrew features with custom glue to create a workflow for setting up and maintaining Mac machines. It adds new features that core Homebrew maintainers had no interest in adding, such as admin and reporting dashboards for a computing fleet, while bringing more general improvements to the core project.

Bearing in mind Mike’s motivation to keep Homebrew in the “traditional open source” model, I asked him how he intended to keep the needs of the project and the business separated and satisfied. “We’ve seen a lot of churn in the last few years from companies that made licensing decisions five or ten years ago, which have now changed quite dramatically and have generated quite a lot of community backlash,” Mike said. “I’m very sensitive to that, and I am a little bit of an open-source purist in that I still consider the open-source initiative’s definition of open source to be what open source means. If you don’t comply with that, then you can be another thing, but I think you’re probably not open source.”

And regarding keeping his and his co-founder’s dual roles separated, Mike states, “I’m the CTO and co-founder of Workbrew, and I’m the project leader of Homebrew. The project leader with Homebrew is an elected position.” Every year, the maintainers and the community elect a candidate. “But then, with the Homebrew maintainers working with us on Workbrew, one of the things I say is that when we’re working on Workbrew, I’m your boss now, but when we work on Homebrew, I’m not your boss,” Mike adds. “If you think I’m saying something and it’s a bad idea, you tell me it’s a bad idea, right?” The company is keeping its early progress in a private beta for now, but you can expect an announcement soon. As for what’s happening for Homebrew? Well, in the best “open source” way, that’s up to the community and always will be.

Read more of this story at Slashdot.

DigiCert Revoking Certs With Less Than 24 Hours Notice

In an incident report today, DigiCert says it discovered that some CNAME-based validations did not include the required underscore prefix, affecting about 0.4% of their domain validations. According to CA/Browser Forum (CABF) rules, certificates with validation issues must be revoked within 24 hours, prompting DigiCert to take immediate action. DigiCert says impacted customers “have been notified.” New submitter jdastrup first shared the news, writing: Due to a mistake going back years that has recently been discovered, DigiCert is required by the CABF to revoke any certificate that used the improper Domain Control Validation (DCV) CNAME record in 24 hours. This could literally be thousands of SSL certs. This could take a lot of time and potentially cause outages worldwide starting July 30 at 19:30 UTC. Be prepared for a long night of cert renewals. DigiCert support line is completely jammed.

Read more of this story at Slashdot.