Leaked NSO group data hints at widespread Pegasus spyware infections
Israeli-based NSO Group is being investigated due to reports that allege that its Pegasus malware “is being used to target activists, journalists, business executives and politicians on a widespread level, using a variety of exploits — including a zero-click zero-day in iOS,” meaning no user interaction is required to infect personal phones. The malware can “secretly take remote control of the phone to monitor activity, enabling its “customers” to even read encrypted messages of their targets sent via Signal and Telegram.” A recent leak revealed a cache of more than 50,000 mobile phone numbers worldwide that the firm was storing. The NSO Pegasus project is separate from the Candiru story we brought you yesterday despite also being based in Israel.
UK and White House blame China for Microsoft Exchange Server hack
On Monday, the government joined companies including Microsoft, in claiming the cyberattack was “the work of Chinese state-sponsored hackers, namely Hafnium, an advanced persistent threat (APT) group.” With the U.S., NATO, and the EU joining together the UK in condemning the attack, UK Foreign Secretary Dominic Raab called it a “reckless but familiar pattern of behavior,” and “systematic cyber sabotage.” The White House issued a joint statement with the UK criticizing China’s alleged behavior.
(ZDNet)
Saudi Aramco data breach sees 1TB of stolen data for sale
The world’s largest oil producer and possibly the biggest company in the world, has been informed that its stolen data is now available for sale by a group named ZeroX at a starting price for the entire dump of $5 million. The hackers claim to have performed a “zero-day exploitation,” on Aramco’s “network and its servers,” sometime in 2020, and the group says it includes documents pertaining to Saudi Aramco’s refineries located in multiple Saudi Arabian cities, and including employee IDs and PII, project specs for electrical and other infrastructure, network layouts mapping out the IP addresses, Scada points, Wi-Fi access points, IP cameras, and IoT devices, location maps and precise coordinates. Saudi Aramco has pinned this data incident on third-party contractors and states that the incident had no impact on Aramco’s operations.
Schneider Electric patches 13 vulnerabilities affecting its EVlink charging stations
The EV product range “is associated with electric vehicles and offers charging points and stations for private properties, semi-public car parks, and on-street charging.” Schneider Electric has said that the exploitation of these vulnerabilities “could lead to things like denial of service attacks, which could (further) result in unauthorized use of the charging station, service interruptions, failure to send charging data records to the supervision system and the modification and disclosure of the charging station’s configuration.” Although some of these vulnerabilities required physical access to the stations, certain others could be achieved via the internet.
(CISO Mag)
Thanks to our episode sponsor, Varonis
Law firm for Ford, Pfizer, Exxon and others discloses ransomware attack
The law firm Campbell Conroy & O’Neill, has a client list that includes prominent companies across a wide range of industries and that includes Ford, General Motors, Boeing, Johnson & Johnson, Pfizer, Home Depot, and Exxon. It has announced an attack that affected personal data including Social Security numbers, passport numbers, and payment card data, medical information, health insurance information, biometric data, and/or online account credentials for some individuals. The firm’s official press release did not mention if ransom was paid.
Microsoft takes down domains used to scam Office 365 users
As quoted in BleepingComputer, “Microsoft’s Digital Crimes Unit (DCU) has seized 17 malicious domains used by scammers in a business email compromise (BEC) campaign targeting the company’s customers. The domains taken down by Microsoft were so-called “homoglyph” domains registered to resemble those of legitimate business.” This technique allowed the threat actors to impersonate companies when communicating with their clients. The criminals behind this campaign are “part of an extensive network that appears to be based out of West Africa” per Microsoft and have mainly targeted North American small businesses operating across several industry sectors.
Man behind LinkedIn scraping said he grabbed 700M profiles ‘for fun’
The LinkedIn scraping incident that exposed the data of 700 million users – some 92% of all those on the service, including location, phone numbers, and inferred salaries, was allegedly performed by the same person who scraped 533 million Facebook profiles in April. He states he pulled off the LinkedIn incident by hacking their API, a claim that LinkedIn denies. Security expert Troy Hunt, owner of haveibeenpwned.com says although he doesn’t consider API misuse to be a security breach, but he agrees with other security experts that there needs to be more control over the technology.
(9to5mac)
Thousands of grocery orders cancelled after Ocado robot fire
“UK online grocer Ocado has cancelled thousands of customer food orders after a fire at a fulfilment centre in south-east London on Friday.” The blaze started when three of the robots that help pick its groceries and deliver them to packers and drivers, collided. The warehouse, which handles 150,000 orders a week was only partially damaged, and no one was hurt in the incident. Ocado, which was the UK’s third biggest online grocer last year, has seen huge growth during the pandemic, with sales up 40% in the first three months of the year. It also continues to strike technology licensing partnerships with grocery chains around the world, including Groupe Casino in France and Kroger in the US.
(BBC News)