NSO Group spyware reportedly used against European Commission
According to documents seen by Reuters as well as sources, at least five senior officials of the European Commission were targeted last year by an unknown actor using NSO Group’s ForcedEntry spyware. The spyware is delivered to have been on phones since at least February 2021, but it’s unclear what information was obtained. The commission became aware of the spyware in November after Apple sent warning messages to iPhone owners that they were “targeted by state-sponsored attackers.” The European Parliament will launch a committee to investigate spyware in European member states on April 19th.
(Reuters)
The malware is coming from inside the phone
Security researchers at Kaspersky discoverda new Android banking trojan dubbed Fakecalls, which takes over calls to a bank’s customer support and instead directs them to the threat actors. Fakecalls attempts to impersonate a specific banking app, asking on installation for permissions to access the contact list, microphone, camera, and call handling. This lets it open its own dialer and send the caller to another number. The malware first appeared last year and seems to target users in South Korea. In addition to call faking, the trojan essentially operates as a complete spying kit, able to drop incoming calls, copy files, and broadcast audio and video.
OpenSSH gets ready for quantum computing
The eventual advent of practical quantum computing has been worrying the security and cryptography community for a while. That’s because the prime factorisation at the heart of a lot of cryptographic algorithms becomes simple to solve simultaneously with quantum superposition, where adding to the length of a prime number doesn’t materially impact the difficulty. To get ahead of this, OpenSSH 9 implemented a public-key encryption system called NTRU Prime by default. This was based on of NIST’s shortlist from the ongoing Post Quantum Cryptography (PQC) competition. This is a hybrid between traditional encryption and more quantum resistant approaches that OpenSSH believes “offers at least as good security as the status quo.”
Atlassian and the Terrible, Horrible, No Good, Very Bad Outage
The popular software development collaboration tool maker first reported it was investigating an outage on April 5th, saying the next day that it unintentionally disabled some sites while running a maintenance script, and estimating full restoration within a few days. The company now says that fully restoring services to impacted customers may take up to two more weeks. The company reiterated that this was not the result of a cyberattack. Currently the company estimates it restored functionality to over 35% of the roughly 400 impacted customers with no data loss. Whie only a small number of Atlassian’s over 200,000 customers were impacted, this does come as the company stopped selling on-prem licenses in February 2021.
Thanks to our episode sponsor, Code42
In fact, the Code42 Annual Data Exposure Report revealed there’s a 1 in 3 chance that your company will lose IP when an employee quits. To learn more about stopping data leaks with Insider Risk Management visit Code42.com/showme.
Meta revised residential address policy
Last year, Meta asked its Oversight Board for guidance on handling private residential information. In February, the board recommended Meta tighten policies on sharing private addresses, citing doxxing concerns. Based on that recommendation, Meta will remove an exception that permitted users to share a residential address as long as it was publically available by the end of 2022. Users can share images of a residential address if tied to a news story, but not for the purposes of organizing a protest, unless that person is a high government official. Meta will let users share their own addresses, but other users cannot reshare them.
Senate bill looks to streamline cybersecurity intel sharing
Last week, a bipartisan group of Senators introduced the Intragovernmental Cybersecurity Information Sharing Act, designed to ensure that actionable cybersecurity information is directly and quickly sent from the Department of Homeland Security to Congress. The bill would require regular intelligence briefings to Congress, as well as timely updates in the case of emergencies. In introducing the bill, senators criticized lengthy delays in congressional staff receiving cybersecurity updates from the executive branch, saying that the US’ adversaries don’t distinguish between branches of government.
Elon backtracks on Twitter’s board
Twitter CEO Parag Agrawal announced that Elon Musk declined joining the company’ board of directors. Agrawal said that as Twitter’s biggest shareholder “we will remain open to his input.” Musk currently owns 9.2% of Twitter, and being a member of the board would have limited him to holding a 14.9% stake, as well as make him a fiduciary of the company.
(Twitter)
Autonomous car cruises past police
Back in February, GM’s Cruise self-driving unit started offering public taxi rides in San Francisco. A video posted April 2nd showed San Francisco police trying to pull over a driverless Cruise vehicle in the city’s Richmond District, only to watch the car temporarily take off. Commenting on the clip, Cruise said its car yielded to police and moved to the nearest safe location for that traffic stop, adding “no citation was issued.” Cruise also said “We work closely with the SFPD on how to interact with our vehicles, including a dedicated phone number for them to call in situations like this.” This phone number allows for remote operators to monitor and stop vehicles at law enforcement’s request. Cruise also produced a video to teach first responders how to approach its vehicles.
(Engadget)