It's not just the economy and bad management messing with Kmart - ransomware crews are there too

In Brief It looks like the Egregor crew is at it again, and this time the ransomware-flingers have caught venerable but struggling US retail biz Kmart.

In a ransom note spotted online the Egregor team seems to be sticking to it's current policy of targeting ailing firms that aren't paying attention to IT. Kmart was a retail giant in the US but the increase in online shopping, some epic mismanagement, and the decline of retail has hit the chain hard, leading it to declare bankruptcy in 2018.

The attack was said to have locked down backend systems and the internal management portal. Egregor, like the Maze gang, is known for exfiltrating data as well as locking up servers. Kmart will now have to decide if it's worth the hit to pay the ransom or restore from backups and hope for the best.

Chrome updates needed now

On Wednesday Google released an update for Chrome - 87.0.4280.88 for Windows, Mac and Linux - which fixes six flaws, two-thirds of which are rated as high severity.

Three of the four high-risk flaws are use-after-free issues, and the other big issue is a verification flaw in Google's V8 JavaScript engine, as is one of the more minor flaws. You'd think after 25 years of the language they'd have knocked that on the head.

Don't fear the reaper, but do fear DeathStalker

Russian security shop Kaspersky has warned about the crew dubbed DeathStalker, which has new malware up for sale as a hacking-for-hire service.

The DeathStalker team seems to make a target of legal and financial services companies and the new malware hides itself in images of pictures of ferns and peppers (thus the name) and uses a DNS over HTTPS to set up a channel to exfiltrate data.

“PowerPepper once again proves that DeathStalker is a creative threat actor: one capable of consistently developing new implants and toolchains in a short period of time,” said Pierre Delcher, security expert at Kaspersky.

“PowerPepper is already the fourth malware strain affiliated with the actor, and we have discovered a potential fifth strain. Even though they are not particularly sophisticated, DeathStalker’s malware has proven to be quite effective, perhaps because their primary targets are small and medium-sized organizations — that tend to have less robust security programs. We expect DeathStalker to remain active, and we will continue to monitor its campaigns.”

US Feds get data grabby again with Section 215 of Patriot Act

The Office of the Director of National Intelligence, headed by John Ratcliffe, has admitted that it slurped up data about who is visiting watched websites.

In a response to Senator Ron Wyden's (D-OR) questions on the matter the government admitted it had been collecting browser history data under the provisions of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act, passed in the wake of the September 11th atrocities.

Ratcliffe first denied that any browsing data was harvested but has now amended that to admit: "One of those 61 orders resulted in the production of information that could be characterized as information regarding browsing,” the New York Times reported.

He said that “this additional information was not included in my earlier letter,” and promised "corrective action," so that's all right then. ®