Daily NCSC-FI news followup 2020-12-21

Journalists Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit

citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/ In July and August 2020, government operatives used NSO Group’s Pegasus spyware to hack 36 personal phones belonging to journalists, producers, anchors, and executives at Al Jazeera. The personal phone of a journalist at London-based Al Araby TV was also hacked. The phones were compromised using an exploit chain that we call KISMET, which appears to involve an invisible zero-click exploit in iMessage. In July 2020, KISMET was a zero-day against at least iOS 13.5.1 and could hack Apple’s then-latest iPhone 11. Forbes:

www.forbes.com/sites/thomasbrewster/2020/12/20/apple-security-warning-zero-click-iphone-hacks-hit-36-al-jazeera-journalists/. ZDNet:

www.zdnet.com/article/zero-click-ios-zero-day-found-deployed-against-al-jazeera-employees/. The Guardian:


FireEye: SolarWinds Hack ‘Genuinely Impacted’ 50 Victims

www.databreachtoday.com/fireeye-solarwinds-hack-genuinely-impacted-50-victims-a-15637 “The reality is: The blast radius for this, I kind of explain it with a funnel. It’s true that over 300, 000 companies use SolarWinds, but you come down from that total number down to about 18, 000 or so companies that actually had the backdoor or malicious code in a network, ” Mandia said in an interview with CBS news program “Face the Nation” on Sunday. “And then you come down to the next part. It’s probably only about 50 organizations or companies, somewhere in that zone, that are genuinely impacted by the threat actor.”. Related Securelist:


VMware latest to confirm breach in SolarWinds hacking campaign

www.bleepingcomputer.com/news/security/vmware-latest-to-confirm-breach-in-solarwinds-hacking-campaign/ “While we have identified limited instances of the vulnerable SolarWinds Orion software in our own internal environment, our own internal investigation has not revealed any indication of exploitation, ” the company said in a statement. VMware:


US seizes domains used for COVID-19 vaccine phishing attacks

www.bleepingcomputer.com/news/security/us-seizes-domains-used-for-covid-19-vaccine-phishing-attacks/ The US Department of Justice has seized two domain names used to impersonate the official websites of biotechnology companies Moderna and Regeneron involved in the development of COVID-19 vaccines. Over 275, 000 Americans have reported financial losses of more than $211 million following COVID-19-related scams since the start of this year according to the US Federal Trade Commission (FTC).

European Commission Proposes Bold Steps on Cybersecurity

blog.paloaltonetworks.com/2020/12/policy-european-commission-cybersecurity/ European Commission’s released on 16 December of a set of proposals related to cybersecurity, including a new cybersecurity strategy and a proposal for revision of the Directive on Security of Network and Information Systems (NIS 2).

EU Unveils Revamp of Cybersecurity Rules Days After European Medicines Agency (EMA) Hack

www.securityweek.com/eu-unveils-revamp-cybersecurity-rules-days-after-hack The plans include an “EU-wide Cyber Shield” linking national security authorities that would use artificial intelligence and machine learning to detect early signs of attacks, a cyber unit to respond to incidents and threats, and beefing up cooperation between countries and with organizations like NATO.

Launch of New Ad-hoc Working Group on European Cybersecurity Skills Framework

www.enisa.europa.eu/news/enisa-news/launch-of-new-ad-hoc-working-group-on-european-cybersecurity-skills-framework The creation of the working group on Cybersecurity Skills Framework marks another milestone in the efforts of the European Union Agency for Cybersecurity to address the workforce shortage and skills gap problem.

Hacker publishes stolen email and mailing addresses of 270, 000 Ledger cryptocurrency wallet users


You might be interested in …

Daily NCSC-FI news followup 2020-03-07

New AMD Side Channel Attacks Discovered, Impacts Zen Architecture www.tomshardware.com/news/new-amd-side-channel-attacks-discovered-impacts-zen-architecture A new paper released by the Graz University of Technology details two new “Take A Way” attacks, Collide+Probe and Load+Reload, that can leak secret data from AMD processors by manipulating the L1D cache predictor. The researchers claim that the vulnerability impacts all AMD processors from […]

Read More

Daily NCSC-FI news followup 2020-11-24

TA416 Goes to Ground and Returns with a Golang PlugX Malware Loader www.proofpoint.com/us/blog/threat-insight/ta416-goes-ground-and-returns-golang-plugx-malware-loader Following the Chinese National Day holiday in September, Proofpoint researchers observed a resumption of activity by the APT actor TA416. Historic campaigns by this actor have also been publicly attributed to Mustang Panda and RedDelta. This new activity appears to be a […]

Read More

Daily NCSC-FI news followup 2020-06-15

AWS Hit With a Record 2.3 Tbps DDoS Attack www.cbronline.com/news/record-ddos-attack-aws AWS says it was hit with a record DDoS attack of 2.3 Tbps earlier this year, with the (unsuccessful) attempt to knock cloud services offline continuing for three days in February. To put the scale of the attempt in context, it is nearly double the […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.