Journalists Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit
citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/ In July and August 2020, government operatives used NSO Group’s Pegasus spyware to hack 36 personal phones belonging to journalists, producers, anchors, and executives at Al Jazeera. The personal phone of a journalist at London-based Al Araby TV was also hacked. The phones were compromised using an exploit chain that we call KISMET, which appears to involve an invisible zero-click exploit in iMessage. In July 2020, KISMET was a zero-day against at least iOS 13.5.1 and could hack Apple’s then-latest iPhone 11. Forbes:
www.zdnet.com/article/zero-click-ios-zero-day-found-deployed-against-al-jazeera-employees/. The Guardian:
FireEye: SolarWinds Hack ‘Genuinely Impacted’ 50 Victims
www.databreachtoday.com/fireeye-solarwinds-hack-genuinely-impacted-50-victims-a-15637 “The reality is: The blast radius for this, I kind of explain it with a funnel. It’s true that over 300, 000 companies use SolarWinds, but you come down from that total number down to about 18, 000 or so companies that actually had the backdoor or malicious code in a network, ” Mandia said in an interview with CBS news program “Face the Nation” on Sunday. “And then you come down to the next part. It’s probably only about 50 organizations or companies, somewhere in that zone, that are genuinely impacted by the threat actor.”. Related Securelist:
securelist.com/sunburst-connecting-the-dots-in-the-dns-requests/99862/
VMware latest to confirm breach in SolarWinds hacking campaign
www.bleepingcomputer.com/news/security/vmware-latest-to-confirm-breach-in-solarwinds-hacking-campaign/ “While we have identified limited instances of the vulnerable SolarWinds Orion software in our own internal environment, our own internal investigation has not revealed any indication of exploitation, ” the company said in a statement. VMware:
www.vmware.com/company/news/updates/2020/vmware-statement-solarwinds-supply-chain-compromise.html
US seizes domains used for COVID-19 vaccine phishing attacks
www.bleepingcomputer.com/news/security/us-seizes-domains-used-for-covid-19-vaccine-phishing-attacks/ The US Department of Justice has seized two domain names used to impersonate the official websites of biotechnology companies Moderna and Regeneron involved in the development of COVID-19 vaccines. Over 275, 000 Americans have reported financial losses of more than $211 million following COVID-19-related scams since the start of this year according to the US Federal Trade Commission (FTC).
European Commission Proposes Bold Steps on Cybersecurity
blog.paloaltonetworks.com/2020/12/policy-european-commission-cybersecurity/ European Commission’s released on 16 December of a set of proposals related to cybersecurity, including a new cybersecurity strategy and a proposal for revision of the Directive on Security of Network and Information Systems (NIS 2).
EU Unveils Revamp of Cybersecurity Rules Days After European Medicines Agency (EMA) Hack
www.securityweek.com/eu-unveils-revamp-cybersecurity-rules-days-after-hack The plans include an “EU-wide Cyber Shield” linking national security authorities that would use artificial intelligence and machine learning to detect early signs of attacks, a cyber unit to respond to incidents and threats, and beefing up cooperation between countries and with organizations like NATO.
Launch of New Ad-hoc Working Group on European Cybersecurity Skills Framework
www.enisa.europa.eu/news/enisa-news/launch-of-new-ad-hoc-working-group-on-european-cybersecurity-skills-framework The creation of the working group on Cybersecurity Skills Framework marks another milestone in the efforts of the European Union Agency for Cybersecurity to address the workforce shortage and skills gap problem.