Chinese Hackers Compromised Thirteen U.S. Pipeline Operators Nearly a Decade Ago

Macron, other world leaders were possible targets of NSO's spyware, Israel wants to set up a global network shield, Botnet kingpin sentenced to time served, Microsoft wins in homoglyph ruling, more

Check out my latest column, which gives the rundown on the TSA’s second security directive for pipeline operators.

A joint report from the Cybersecurity Infrastructure and Security Agency (CISA) revealed that hackers working for the Chinese government compromised more than a dozen U.S. pipeline operators nearly a decade ago.

The unclassified data revealed in the report shows that Chinese state-sponsored hackers between 2011 and 2013 had targeted nearly two dozen U.S. oil and natural gas pipeline operators with the specific goal of “holding U.S. pipeline infrastructure at risk.” The hackers successfully compromised thirteen of the targets, and an additional eight suffered an “unknown depth of intrusion.” (Dustin Volz / Wall Street Journal

Related: FCWThe Record by Recorded FutureBig News NetworkChinanews.netNew York Times - Nicole Perlroth, Wall Street Journal, The Hill, Chinanewsnet, CISA

The targeting of 50,000 phone numbers with the NSO Group’s Pegasus spyware encompassed world leaders, including three sitting presidents, France’s Emmanuel Macron, Iraq’s Barham Salih, and South Africa’s Cyril Ramaphosa. Three current prime ministers, Pakistan’s Imran Khan, Egypt’s Mostafa Madbouly, and Morocco’s Saad-Eddine El Othmani are also on the list of phone numbers.

Aside from Macron, 15 members of the French government may have been among potential targets in 2019 of surveillance. Paris prosecutors say they have opened an investigation into a raft of potential charges, including violation of privacy, illegal use of data, and illegally selling spyware. (Craig Timberg, Michael Birnbaum, Drew Harwell, and Dan Sabbagh / Washington Post and Associated Press)

Related: Associated Press TechnologyThe MainichiThe IndependentSecurityWeekThe Washington Post, France24, Washington Post, Bloomberg, The Guardian, ynet - News, Channel News Asia, Algemeiner, Slashdot, The GuardianPOLITICO EUPOLITICO EUAl Jazeera EnglishAlghadeer TVPerthNowBBC News - WorldThe Times of IsraelThe Times of IsraelAssociated Press TechnologyJapan TodayThe IndependentEuro Weekly News Spain, France 24ForbesBBC News - WorldChannel News AsiaAlghadeer TVTODAYonline, ComputerWeekly: IT securityParisGuardianRFINews from EUobserverAl BawabaMediaNamaPresstvSilicon UKNDTV Gadgets360.comE Hacking NewsEURACTIV.comThe Wire

Protests broke out in India’s parliament as opposition leaders allege that Prime Minister Narendra Modi’s government used NSO’s Group Pegasus spyware to monitor political opponents, journalists, and activists.

Opposition leaders say that Modi’s alleged actions are a national security threat to India. The list of Indian targets for the spyware includes senior Congress party leader Rahul Gandhi, at least 40 journalists, a veteran election strategist critical of Modi, and a top virologist. (SHEIKH SAALIQ and KRUTIKA PATHI / Associated Press)

Related: Times of IndiaCourthouse News ServiceThe Independent, The Times of IsraelThe Hinduynet - News

At Cyber Week, Prime Minister Naftali Bennett said that Israel will set up a “global network shield” within which partner governments globally can collaborate in real-time to identify cybersecurity attacks, issue alerts, and develop mitigations.

The partnership will “alert, investigate, together develop a ‘vaccine’ and disperse the ‘vaccine’ to all countries in the network. United we stand, divided we fall,” Bennett said. (Shoshanna Solomon / Times of Israel)

Related: Bloomberg TechnologyJerusalem Post

SentinelOne security researcher Asaf Amir found a severe vulnerability a buffer overflow, in a common printer driver used by HP, Xerox, and Samsung, that could allow attackers to bypass security products.

Some Windows systems may already have the vulnerable printer driver installed on their machines even without the user’s knowledge. (Catalin Cimpanu / The Record)

Related: Bleeping ComputerSentinelLabsThe Hacker News

Senate Homeland Security and Governmental Affairs Chairman Gary Peters (D-MI) is launching an investigation into the connection between cryptocurrencies and ransomware attacks in the wake of several recent high-profile attacks.

Peters said the bipartisan investigation would seek to understand better how cryptocurrency emboldens cybercriminals and identify possible policy changes. (Geneva Sands / CNN)

Related: Homeland Security and Government Affairs Committee

In Connecticut, a federal judge sentenced spam kingpin Peter “Severa” Levashov to time served for his role in operating three notorious botnets, Storm Worm, Waledac, and Kelihos.

Levashov has been in federal custody since his extradition to the United States and guilty plea in 2018 and was facing up to 12 more years in prison. (Brian Krebs / Krebs on Security)

Related: The IndependentLaw & CrimeAssociated Press Technology, The Record by Recorded FutureGadgets NowDevdiscourse News DeskExploit OneSecurity Week

Microsoft got a court order in the Eastern District of Virginia to take down malicious infrastructure used by cybercriminals to conduct a sophisticated business email compromise (BEC) campaign against Microsoft 365 customers through 17 malicious homoglyph domains.

These domains look similar to legitimate domains but replace characters in a business name with other characters that can, on first blush, look appropriate to fool users. (Carly Page / TechCrunch)

Related: Bleeping ComputerIT ProSecurity Affairs, ZDNet, Microsoft, Security AffairsNeowin, Windows Central

Researchers at Bitdefender say that a new malware downloader called MosaicLoader comes camouflage cracked software via search engine results to infect wannabe software pirates' systems.

The attackers camouflage their droppers as executables belonging to legitimate software, using similar icons and including company names and descriptions within the files' metadata info to pass superficial scrutiny. (Sergiu Gatlan / Bleeping Computer)

Related: Security News | Tech TimesThreatpostThe Hacker NewsZDNet, Bitdefender

Fortinet has released updates for its FortiManager and FortiAnalyzer network management solutions to fix a use-after-free (UAF) vulnerability that malicious hackers could exploit to execute arbitrary code with the highest privilege.

Fortinet says that the serious vulnerability Fortinet can allow attackers to send a specially crafted request to the “FGFM” port of a target device “may allow a remote, non-authenticated attacker to execute unauthorized code as root.” (Ionut Ilascu / Bleeping Computer)

Related: Security AffairsThe Register, Fortinet

Privacy-oriented search engine DuckDuckGo is launching a new email privacy service that removes ad trackers from users’ to protect them from being “spied” on by advertisers.

The email protection feature gives users a free “@duck.com” email address, which will forward emails to their regular inboxes after analyzing their contents for trackers and stripping any away. DuckDuckGo is also extending this feature with unique, disposable forwarding addresses. (Dave Gershgorn / The Verge)

Related: The Register - SecurityteissTechNaduThe Mac ObserverTechmemeEngadgetgHacksSlashdot, MacRumorsiPhone in Canada BlogWebProNewsTechSpotThe Next WebSecurity News | Tech Times, MacRumorsSlashGear » securityBleeping ComputerBetaNews, DuckDuckGo

Security auditing firm Qualys said it discovered a new vulnerability in the Linux operating system that it calls Sequoia that can grant attackers root access on most distros, such as Ubuntu, Debian, and Fedora.

Several Linux distros have released patches to fix the bug after Qualys notified the Linux kernel team in early June. (Catalin Cipanu / The Record)

Related: Qualys BlogTechDator

Google is again partnering this year with Women in Cybersecurity and SANS Institute to help launch and advance women's cybersecurity careers in funding a Security Training Scholarship Program.

Facebook and Bloomberg have also agreed to join the program during its second year. (Adam Benjamin / CNET)

Related: ZDNet

Photo by the blowup on Unsplash