Spyware giant Intellexa faces new U.S. sanctions
The U.S. Treasury Department has hit Intellexa Consortium and its affiliates with a new round of sanctions, intensifying efforts to crack down on the company behind the notorious Predator spyware. Despite previous sanctions, Intellexa has evaded accountability by creating a web of shell companies to continue selling its highly invasive spyware products for mobile devices. This kind of spyware allows those with access to victim’s device photos, geolocation data, personal messages, and microphone records in one-click or zero-click attacks. A primary tool in targeting government officials, journalists, policy experts, tech executives, and opposing politicians in the U.S. and around the world.
(Bleeping Computer), (Security Week), (The Record)
Nearly 1 million impacted by ransomware attack on London hospitals
A ransomware attack on London-based NHS hospitals has exposed sensitive personal information for over 900,000 individuals, according to an analysis by CaseMatrix. This breach includes names, NHS numbers, dates of birth, and even intimate medical details like symptoms of conditions such as cancer and sexually transmitted infections. The data was leaked by the Qilin ransomware group, which published the stolen information in June 2024. Despite being three months since the attack, Synnovis—the pathology service provider responsible for the compromised data nor NHS England have provided any estimate as to how many people they believe were impacted.
Apple releases long-awaited update
Apple rolled out iOS 18 on Monday, patching 33 security vulnerabilities that exposed iPhones and iPads to potential attacks. Key issues addressed include flaws in accessibility, bluetooth, Control Center, and Wi-Fi that allowed attackers to access sensitive data or control devices without authorization. Notably, a bug in the a ccessibility component could let attackers use Siri to view recent photos and access data without unlocking the device, while a Bluetooth flaw allowed unpaired devices to bypass security.
CISA orders patch of exploited Windows vulnerability
CISA has warned U.S. federal agencies to secure their systems against the Windows MSHTML spoofing vulnerability (CVE-2024-43461), which has been exploited by the Void Banshee APT group. Initially, Microsoft classified the flaw as not being actively exploited, but later updates revealed that attackers had used it before the patch was issued. This vulnerability, used in conjunction with another MSHTML bug (CVE-2024-38112), allows remote code execution when victims visit a malicious website or open a compromised file.
Thanks to today’s episode sponsor, Conveyor
A few reasons.
One. Market-leading AI accuracy for any format of security questionnaire with limited knowledge base maintenance.
Two. Enterprise-grade trust center that automates every customer security request.
Three. Conveyor’s sales team is actually fun to work with.
Learn why Conveyor is the security review platform your infosec friends love at www.conveyor.com
Hacked voter data claims- not true
A joint advisory from the FBI and CISA warns the public of false claims that U.S. voter registration was compromised in cyberattacks. The agencies said that in lieu of actually compromising systems, the threat actors are spreading disinformation to make the general public believe that the voting process is being compromised. The FBI and CISA doubled down on these claims, highlighting that they have no information suggesting any cyberattack on U.S. election infrastructure at this time, though they do expect false claims like the one mentioned above to continue as election day approaches.
Ransomware groups make good on threats
This is an update to two separate ransomware incidents where the organizations involved said they were not going to pay the threat actors, and the ransomware artists did exactly what they said they would—release the data. In the first case, on Monday, the cybercriminals responsible for the attempted extortion on the Port of Seattle posted a 100-bitcoin ransom demand along with images of stolen documents. The photos appear to be scanned U.S. passports, tax identification numbers, and other personal information, with the threat of selling the data if the ransom is not met within seven days. A statement issued by the company on Friday said they refused to pay the ransom, with the understanding that the group may post the data, which they did, but the company has not issued an additional comment as of this recording. In a separate, second incident, the RansomHub ransomware group released 487 gigabytes of data allegedly stolen from the motorcycle manufacturer Kawasaki Motors Europe. Similar to the other situation, the group threatened the motorcycle company last week that they would release the data if the ransom was not paid, and on Monday, they fulfilled that promise.
RansomHub exposes sensitive data in U.S. platinum mine attack
Stillwater Mining Company, the only platinum and palladium mining operator in the U.S., has confirmed a data breach that exposed the personal information of over 7,200 employees, following a ransomware attack this summer. Hackers stole sensitive data, including Social Security numbers, passport details, and bank information, with the RansomHub gang claiming responsibility.