Catalan leaders targeted by NSO spyware
According to security researchers at Citizen Lab, dozens of pro-independence Catalan officials, including the past four presidents of the Spanish region, have been targeted by NSO Group’s Pegasus spyware. Journalists, members of European Parliament, and activists in the region were among a total of 63 targeted using Pegasus. While Citizen Lab did not attribute the spyware to a specific governmental entity, it notes that Spain is a reported government client of NSO Group. NSO Group maintains its software is only used by government clients against terrorists and criminals, and said that the Citizen Lab report was based on “vague and incomplete information.”
Researchers share a deep dive into PYSA ransomware operations
The Swiss security company PRODAFT completed an 18-month long analysis of the ransomware organization, sharing its findings in a new report. This found the organization ran a five-stage software development cycle since August 2020. This showed the malware creators focusing on features to increase overall workflow efficiency, like a user-friendly full-text search engine to run on extracted metadata. The researchers found PYSA supported by competent developers using modern operational development paradigms and suggesting a professional environment. The organization used dockerized containers and 31.47TB of S3 cloud storage for encrypted files. PYSA was estimated to be the third-most prevalent ransomware strain in Q4 2021, hitting 747 victims and receiving payments from 58% of victims.
Most security teams feeling the talent shortage
According to the State of Pentesting report from Cobalt, 82% of cybersecurity and software development teams are either experiencing a talent shortage currently in their organization or have felt the impacts of the shortage within the past six months. Of those not in that group, 11% expected to deal with the talent shortage challenge in the future, which means 7% of respondents were feeling just fine. 90% of those with a talent shortage report struggling with workload management, like consistently monitoring for vulnerabilities, responding to security incidents, and maintaining high security standards.
Gizmodo starts publishing the Facebook Papers
The site began publishing the leaked documents obtained from Meta by whistleblower Frances Haugen. These documents were previously only directly available to Congress and some media outlets. Gizmodo published 28 documents in this initial batch, which were reviewed and redacted by legal and academic partners to minimize potential harms and impacts to Meta employee privacy. The initial batch of documents deals with how Meta responded to election misinformation and the aftermath of the January 6th riots.
(Gizmodo)
Thanks to our episode sponsor, Votiro
Quantum encryption goes the distance
The practicality of quantum computing raises a lot of concerns for cryptography developed for conventional computers. But quantum-based encryption holds a lot of potential. A new paper in the journal Nature shows that researchers from Tsinghua University set a new distance record for quantum secure direct communication over fiber, transmitting data 64 miles at a rate of 0.54 bits per second. The team broke their own record, previously set at 11 miles. This approach uses quantum entanglement to secure networks, which would theoretically make eavesdropping on communications immediately obvious, as measuring the property of one entangled particle would instantly change the other as well.
(Engadget)
FBI warns of “reverse” instant payment scams
According to a new alert from the FBI, a new phishing scheme targets users of digital payment apps, sending fake texts posing as legitimate banks. These messages ask a victim to verify they initiated a money transfer. Responding to the message to lead to a call from the scammer posing as a fraud department representative, displaying a spoofed number that matches up to the bank. Using already obtained leaked data on the victim, the scammer will walk people through “reversing” the supposed instant transfer by transferring money back to themselves. Instead this will just transfer funds to the attacker.
Stablecoin collapses after hack
We’ve covered the recording break hack of the Ronin Network bridge used by the game Axie Infinity. Now another crypto project has been hit with a high stakes hack, with the security firm PeckShield reporting that the Ethereum-based stablecoin protocol Beanstalk Farms lost $182 million from a recent attack. Beanstalk did not back up its stablecoin with cash reserves, claiming it had no venture funding, and instead financed through financial incentives for protocol participants, which loaned the platform tokens while receiving a yield. The hackers used a flash loan to buy enough voting power to push through a change that let them steal from Beanstalk. Beanstalk had been pegged at $1 USD, but currently trades at around $0.15 after the attack.