cyberespionage – WindowsTechs.com

NSO Group Spies on People on Behalf of Governments

Posted on November 27, 2024 by Bruce Schneier

The Israeli company NSO Group sells Pegasus spyware to countries around the world (including countries like Saudi Arabia, UAE, India, Mexico, Morocco and Rwanda). We assumed that those countries use the spyware themselves. Now we’ve learned that that’s not true: that NSO Group employees operate the spyware on behalf of their customers.

Legal documents released in ongoing US litigation between NSO Group and WhatsApp have revealed for the first time that the Israeli cyberweapons maker and not its government customers is the party that “installs and extracts” information from mobile phones targeted by the company’s hacking software…

Continue reading NSO Group Spies on People on Behalf of Governments→

North Korean Hackers Lure Critical Infrastructure Employees With Fake Jobs

Posted on September 18, 2024 by Eduard Kovacs

A North Korean group tracked as UNC2970 has been spotted trying to deliver new malware to people in the aerospace and energy industries.
The post North Korean Hackers Lure Critical Infrastructure Employees With Fake Jobs appeared first on SecurityWeek.
Continue reading North Korean Hackers Lure Critical Infrastructure Employees With Fake Jobs→

Iranian Hackers Targeting Iraqi Government: Security Firm

Posted on September 12, 2024 by Eduard Kovacs

Hackers believed to be operating on behalf of the Iranian government have deployed malware to Iraqi government networks.
The post Iranian Hackers Targeting Iraqi Government: Security Firm appeared first on SecurityWeek.
Continue reading Iranian Hackers Targeting Iraqi Government: Security Firm→

On the CSRB’s Non-Investigation of the SolarWinds Attack

Posted on July 8, 2024 by Bruce Schneier

ProPublica has a long investigative article on how the Cyber Safety Review Board failed to investigate the SolarWinds attack, and specifically Microsoft’s culpability, even though they were directed by President Biden to do so.
Continue reading On the CSRB’s Non-Investigation of the SolarWinds Attack→

Cisco Patches NX-OS Zero-Day Exploited by Chinese Cyberspies

Posted on July 2, 2024 by Ionut Arghire

Cisco has patched an NX-OS command injection zero-day exploited by China-linked cyberespionage group Velvet Ant.
The post Cisco Patches NX-OS Zero-Day Exploited by Chinese Cyberspies appeared first on SecurityWeek.
Continue reading Cisco Patches NX-OS Zero-Day Exploited by Chinese Cyberspies→

The US Is Banning Kaspersky

Posted on June 26, 2024 by Bruce Schneier

This move has been coming for a long time.

The Biden administration on Thursday said it’s banning the company from selling its products to new US-based customers starting on July 20, with the company only allowed to provide software updates to existing customers through September 29. The ban—the first such action under authorities given to the Commerce Department in 2019—follows years of warnings from the US intelligence community about Kaspersky being a national security threat because Moscow could allegedly commandeer its all-seeing antivirus software to spy on its customers…

Continue reading The US Is Banning Kaspersky→

Cisco Talos: LilacSquid Threat Actor Targets Multiple Sectors Worldwide With PurpleInk Malware

Posted on June 5, 2024 by Cedric Pernet

Find out how the cyberespionage threat actor LilacSquid operates, and then learn how to protect your business from this security risk. Continue reading Cisco Talos: LilacSquid Threat Actor Targets Multiple Sectors Worldwide With PurpleInk Malware→

On the Zero-Day Market

Posted on May 24, 2024 by Bruce Schneier

New paper: “Zero Progress on Zero Days: How the Last Ten Years Created the Modern Spyware Market“:

Abstract: Spyware makes surveillance simple. The last ten years have seen a global market emerge for ready-made software that lets governments surveil their citizens and foreign adversaries alike and to do so more easily than when such work required tradecraft. The last ten years have also been marked by stark failures to control spyware and its precursors and components. This Article accounts for and critiques these failures, providing a socio-technical history since 2014, particularly focusing on the conversation about trade in zero-day vulnerabilities and exploits. Second, this Article applies lessons from these failures to guide regulatory efforts going forward. While recognizing that controlling this trade is difficult, I argue countries should focus on building and strengthening multilateral coalitions of the willing, rather than on strong-arming existing multilateral institutions into working on the problem. Individually, countries should focus on export controls and other sanctions that target specific bad actors, rather than focusing on restricting particular technologies. Last, I continue to call for transparency as a key part of oversight of domestic governments’ use of spyware and related components…

Continue reading On the Zero-Day Market→

MITRE Hack: China-Linked Group Breached Systems in December 2023

Posted on May 7, 2024 by Eduard Kovacs

MITRE has shared more details on the recent hack, including the new malware involved in the attack and a timeline of the attacker’s activities.
The post MITRE Hack: China-Linked Group Breached Systems in December 2023 appeared first on SecurityWeek.
Continue reading MITRE Hack: China-Linked Group Breached Systems in December 2023→

Iranian Cyberspies Hit Targets With New Backdoors

Posted on May 6, 2024 by Ionut Arghire

Iranian state-sponsored group APT42 is targeting NGOs, government, and intergovernmental organizations with two new backdoors.
The post Iranian Cyberspies Hit Targets With New Backdoors appeared first on SecurityWeek.
Continue reading Iranian Cyberspies Hit Targets With New Backdoors→