Adrian Kingsley-Hughes/ZDNETPower stations are quickly replacing gasoline generators. They’re quieter, safer, require less maintenance, and don’t erupt into a fireball when the instructions aren’t followed. I’m also seeing more campsites, festivals, and commercial outdoor markets starting to prohibit the old generator. Also: The best Labor Day deals live nowPower stations are great, but they aren’t cheap, running into the hundreds and even thousands of dollars, so any time you can grab a discount is a good day. And if you’ve been looking for a power station, I have the discounts.Bluetti, one of the premium power station manufacturers, is slashing prices for Labor Day, and there are some truly unmissable deals on offer. I’ve been using Bluetti power stations extensively for many years and have no hesitation recommending any of these units.The AC200L is the biggest power station on sale now. This is a 2048Wh unit capable of 2400W output (3600W surge), and has an array of AC, USB, 12V, 48V/8A DC port, and even a 30A RV port. This can be charged using AC, solar More

Palo Alto Networks’ Unit 42 released a deep-dive into the BlackCat ransomware, which emerged in mid-November 2021 as an innovative ransomware-as-a-service (RaaS) group leveraging the Rust programming language and offering affiliates 80-90% of ransom payments.

ZDNet Recommends

In December, the ransomware family, also known as ALPHV, racked up at least 10 victims, giving it the seventh-largest number of victims listed on their leak site among ransomware groups tracked by Unit 42. Doel Santos, threat intelligence analyst with Unit 42, told ZDNet the group has already attacked a wide range of industries, including construction and engineering, retail, transportation, commercial services, insurance, machinery, professional services, telecommunication, auto components and pharmaceuticals. Last week, Italian fashion brand Moncler was revealed to be a BlackCat victim from December. In addition to being written in Russian and coded in the Rust programming language, the malware stood out to Santos for a number of other reasons.”What makes Blackcat standout is the use of their private access-key token. Most of the groups we have looked at in the past include a direct link and the keys embedded in the samples, which makes it easy to look at and confirm the ransomware victims,” Santos said.Also: White House, EPA release 100-day cybersecurity plan for water utility operators 

“Blackcat ransomware samples don’t include the keys. Instead, they need to be submitted by the operator. Without it, there is no way for an external entity to get access to their negotiation site or identify the victim unless they have an exact copy of a ransom note with the exact key used for executing the ransomware.”Unit 42 noted that the affiliates of the group have “taken an aggressive approach to naming and shaming victims, listing more than a dozen on their leak site in a little over a month.” “The largest number of the group’s victims so far are US organizations, but BlackCat and its affiliates have also attacked organizations in Europe, the Philippines and other locations,” the report noted. 
Unit 42
“Use of BlackCat ransomware has grown quickly for a variety of reasons (for comparison, AvosLocker had only listed a handful of victims publicly within two months of becoming known). Effective marketing to affiliates is a likely factor. In addition to offering an enticing share of ransom payments, the group has solicited affiliates by posting ads on forums such as Ransomware Anonymous Market Place (RAMP),” the report added. “Though this is not the first piece of malware to use Rust, it is one of the first, if not the first, piece of ransomware to use it. By leveraging this programming language, the malware authors can easily compile it against various operating system architectures. Given its numerous native options, Rust is highly customizable, which facilitates the ability to pivot and individualize attacks.”Also: QNAP warns NAS users of DeadBolt ransomware, urges customers to updateThe group also extorts victims by stealing their data before deploying the ransomware, threatening to leak the data and launch distributed denial-of-service (DDoS) attacks.BlackCat has been seen targeting both Windows and Linux systems, according to Unit 42, which added that it has observed affiliates asking for ransom amounts of up to $14 million. In some instances, affiliates have offered discounts of $9 million if the ransom is paid before the established time. They allow ransom to be paid in Bitcoin and Monero.”In some cases, BlackCat operators use the chat to threaten the victim, claiming they will perform a DDoS attack on the victims’ infrastructure if the ransom is not paid. When it appears in addition to the use of a leak site, this practice is known as triple extortion, a tactic that was observed being used by groups like Avaddon and Suncrypt in the past,” Unit 42 explained. “One unique feature of BlackCat ransomware is that negotiation chats can only be accessed by those holding an access token key or ransom note — the group has made efforts to avoid third-party snooping.”Recorded Future ransomware expert Allan Liska said that based on a couple of factors, including the use of the Rust programming language, Black Cat/ALPHV appears to be a well-sourced group. Liska said the fact that the group started with ransomware variants targeting Windows, Linux and ESXi systems “shows a level of sophistication.””They have quickly become one of the top tier ransomware groups. This is credited, in part, to the fact that their RaaS offering is very aggressive, offering affiliates the ability 80%-90% of ransom paid, an unusually high percentage. Despite some early success, not every affiliate has been impressed, as this very negative review shows,” Liska said, sharing a screenshot of an affiliate who complained about being banned by BlackCat for targeting an organization in Turkmenistan.While Turkmenistan is not in CIS, it does have close ties to Russia.

“Their public targets have been larger organizations, and they appear to be very aggressive when dealing with negotiators and their affiliates (e.g. a ban from the affiliate program after 2 weeks of inactivity). We’ll see whether their penchant for being overbearing outweighs the attractive percentages they are offering,” Liska added.  More

Image: Getty Images/iStockphoto
Proofpoint has entered into an agreement with Thoma Bravo that will see the cybersecurity company become a wholly owned entity of the private equity firm.Thoma Bravo has agreed to spend around $12.3 billion on the acquisition.Under the terms of the all-cash agreement, Proofpoint shareholders will receive $176 per share. The company said this represents a premium of approximately 34% over Proofpoint’s closing share price on 23 April 2021.”Upon completion of the transaction, Proofpoint will become a private company with the flexibility and resources to continue providing the most effective cybersecurity and compliance solutions to protect people and organisations around the world,” the company said in a statement. “Additionally, Proofpoint will benefit from the operating capabilities, capital support, and deep sector expertise of Thoma Bravo — one of the most experienced and successful software investors in the world.”Thoma Bravo is no stranger to the tech market. The firm has acquired a sizable portfolio of technology brands, including Qlik, Flexera, Riverbed, Blue Coat, and Barracuda Networks. Thoma Bravo has also built a portfolio of security brands with the acquisitions of Sophos, Veracode, ConnectWise, and Imperva, as well as automotive software company Autodata. Last month, Thoma Bravo announced it was adding data integration provider Talend for $2.4 billion. Talend, which went public in 2016, said the deal will position the company for long-term growth and provide the necessary capital and resources to execute its market strategy. 

In 2020, Proofpoint generated more than $1 billion in annual revenue, a milestone the company’s chairman and CEO Gary Steele said made it the first SaaS-based cybersecurity and compliance company to do so.”We believe that as a private company, we can be even more agile with greater flexibility to continue investing in innovation, building on our leadership position, and staying ahead of threat actors,” Steele said. See also: Proofpoint sues Facebook to get permission to use lookalike domains for phishing testsProofpoint’s board of directors unanimously approved the agreement.The agreement includes a 45-day “go-shop” period expiring on 9 June 2021, which allows the board and its advisors to actively initiate, solicit, and consider alternative acquisition proposals from third parties, Proofpoint said. The transaction is expected to close in the third quarter of 2021, subject to customary closing conditions, including approval by Proofpoint shareholders and receipt of regulatory approvals. Proofpoint will also continue to be headquartered in Sunnyvale, California.The announcement was made on the same day the company’s first quarter results were released.Net loss for the three months to March 31 was $45.3 million. Total revenue for the first quarter of 2021 was $287.8 million, an increase of 15%, compared to the $249.8 million reported for the first quarter of 2020.GAAP gross profit for the first quarter of 2021 was $214.3 million, up from the $180.8 million reported a year prior. Non-GAAP gross profit was $232 million.  More

<!–> Tim Robberts/Getty Images Google and Yahoo are upping their efforts in the fight against bulk email spam. Starting in early 2024, both companies will kick off new and stricter requirements for bulk senders who use their platforms to send mass emails. On Tuesday, Google and Yahoo both published blog posts outlining the new rules […] More

[embedded content]A few years ago, deepfakes seemed like a novel technology whose makers relied on serious computing power. Today, deepfakes are ubiquitous and have the potential to be misused for misinformation, hacking, and other nefarious purposes. Intel Labs has developed real-time deepfake detection technology to counteract this growing problem. Ilke Demir, a senior research scientist at Intel, explains the technology behind deepfakes, Intel’s detection methods, and the ethical considerations involved in developing and implementing such tools.Also: Today’s AI boom will amplify social problems if we don’t act now, says AI ethicistDeepfakes are videos, speech, or images where the actor or action is not real but created by artificial intelligence (AI). Deepfakes use complex deep-learning architectures, such as generative adversarial networks, variational auto-encoders, and other AI models, to create highly realistic and believable content. These models can generate synthetic personalities, lip-sync videos, and even text-to-image conversions, making it challenging to distinguish between real and fake content. More