Chinese Hackers Compromised Thirteen U.S. Pipeline Operators Nearly a Decade Ago
Macron, other world leaders were possible targets of NSO's spyware, Israel wants to set up a global network shield, Botnet kingpin sentenced to time served, Microsoft wins in homoglyph ruling, more
Check out my latest column, which gives the rundown on the TSA’s second security directive for pipeline operators.
A joint report from the Cybersecurity Infrastructure and Security Agency (CISA) revealed that hackers working for the Chinese government compromised more than a dozen U.S. pipeline operators nearly a decade ago.
The unclassified data revealed in the report shows that Chinese state-sponsored hackers between 2011 and 2013 had targeted nearly two dozen U.S. oil and natural gas pipeline operators with the specific goal of “holding U.S. pipeline infrastructure at risk.” The hackers successfully compromised thirteen of the targets, and an additional eight suffered an “unknown depth of intrusion.” (Dustin Volz / Wall Street Journal)
The targeting of 50,000 phone numbers with the NSO Group’s Pegasus spyware encompassed world leaders, including three sitting presidents, France’s Emmanuel Macron, Iraq’s Barham Salih, and South Africa’s Cyril Ramaphosa. Three current prime ministers, Pakistan’s Imran Khan, Egypt’s Mostafa Madbouly, and Morocco’s Saad-Eddine El Othmani are also on the list of phone numbers.
Aside from Macron, 15 members of the French government may have been among potential targets in 2019 of surveillance. Paris prosecutors say they have opened an investigation into a raft of potential charges, including violation of privacy, illegal use of data, and illegally selling spyware. (Craig Timberg, Michael Birnbaum, Drew Harwell, and Dan Sabbagh / Washington Post and Associated Press)
Related: Associated Press Technology, The Mainichi, The Independent, SecurityWeek, The Washington Post, France24, Washington Post, Bloomberg, The Guardian, ynet - News, Channel News Asia, Algemeiner, Slashdot, The Guardian, POLITICO EU, POLITICO EU, Al Jazeera English, Alghadeer TV, PerthNow, BBC News - World, The Times of Israel, The Times of Israel, Associated Press Technology, Japan Today, The Independent, Euro Weekly News Spain, France 24, Forbes, BBC News - World, Channel News Asia, Alghadeer TV, TODAYonline, ComputerWeekly: IT security, ParisGuardian, RFI, News from EUobserver, Al Bawaba, MediaNama, Presstv, Silicon UK, NDTV Gadgets360.com, E Hacking News, EURACTIV.com, The Wire
Protests broke out in India’s parliament as opposition leaders allege that Prime Minister Narendra Modi’s government used NSO’s Group Pegasus spyware to monitor political opponents, journalists, and activists.
Opposition leaders say that Modi’s alleged actions are a national security threat to India. The list of Indian targets for the spyware includes senior Congress party leader Rahul Gandhi, at least 40 journalists, a veteran election strategist critical of Modi, and a top virologist. (SHEIKH SAALIQ and KRUTIKA PATHI / Associated Press)
At Cyber Week, Prime Minister Naftali Bennett said that Israel will set up a “global network shield” within which partner governments globally can collaborate in real-time to identify cybersecurity attacks, issue alerts, and develop mitigations.
The partnership will “alert, investigate, together develop a ‘vaccine’ and disperse the ‘vaccine’ to all countries in the network. United we stand, divided we fall,” Bennett said. (Shoshanna Solomon / Times of Israel)
SentinelOne security researcher Asaf Amir found a severe vulnerability a buffer overflow, in a common printer driver used by HP, Xerox, and Samsung, that could allow attackers to bypass security products.
Some Windows systems may already have the vulnerable printer driver installed on their machines even without the user’s knowledge. (Catalin Cimpanu / The Record)
Senate Homeland Security and Governmental Affairs Chairman Gary Peters (D-MI) is launching an investigation into the connection between cryptocurrencies and ransomware attacks in the wake of several recent high-profile attacks.
Peters said the bipartisan investigation would seek to understand better how cryptocurrency emboldens cybercriminals and identify possible policy changes. (Geneva Sands / CNN)
In Connecticut, a federal judge sentenced spam kingpin Peter “Severa” Levashov to time served for his role in operating three notorious botnets, Storm Worm, Waledac, and Kelihos.
Levashov has been in federal custody since his extradition to the United States and guilty plea in 2018 and was facing up to 12 more years in prison. (Brian Krebs / Krebs on Security)
Microsoft got a court order in the Eastern District of Virginia to take down malicious infrastructure used by cybercriminals to conduct a sophisticated business email compromise (BEC) campaign against Microsoft 365 customers through 17 malicious homoglyph domains.
These domains look similar to legitimate domains but replace characters in a business name with other characters that can, on first blush, look appropriate to fool users. (Carly Page / TechCrunch)
Researchers at Bitdefender say that a new malware downloader called MosaicLoader comes camouflage cracked software via search engine results to infect wannabe software pirates' systems.
The attackers camouflage their droppers as executables belonging to legitimate software, using similar icons and including company names and descriptions within the files' metadata info to pass superficial scrutiny. (Sergiu Gatlan / Bleeping Computer)
Fortinet has released updates for its FortiManager and FortiAnalyzer network management solutions to fix a use-after-free (UAF) vulnerability that malicious hackers could exploit to execute arbitrary code with the highest privilege.
Fortinet says that the serious vulnerability Fortinet can allow attackers to send a specially crafted request to the “FGFM” port of a target device “may allow a remote, non-authenticated attacker to execute unauthorized code as root.” (Ionut Ilascu / Bleeping Computer)
Privacy-oriented search engine DuckDuckGo is launching a new email privacy service that removes ad trackers from users’ to protect them from being “spied” on by advertisers.
The email protection feature gives users a free “@duck.com” email address, which will forward emails to their regular inboxes after analyzing their contents for trackers and stripping any away. DuckDuckGo is also extending this feature with unique, disposable forwarding addresses. (Dave Gershgorn / The Verge)
Related: The Register - Security, teiss, TechNadu, The Mac Observer, Techmeme, Engadget, gHacks, Slashdot, MacRumors, iPhone in Canada Blog, WebProNews, TechSpot, The Next Web, Security News | Tech Times, MacRumors, SlashGear » security, Bleeping Computer, BetaNews, DuckDuckGo
Security auditing firm Qualys said it discovered a new vulnerability in the Linux operating system that it calls Sequoia that can grant attackers root access on most distros, such as Ubuntu, Debian, and Fedora.
Several Linux distros have released patches to fix the bug after Qualys notified the Linux kernel team in early June. (Catalin Cipanu / The Record)
Google is again partnering this year with Women in Cybersecurity and SANS Institute to help launch and advance women's cybersecurity careers in funding a Security Training Scholarship Program.
Facebook and Bloomberg have also agreed to join the program during its second year. (Adam Benjamin / CNET)