Egyptian Government's Climate Conference App Sparks Hacking Fears Among Westerners
Cyprus launches spyware probe, Medibank’s hackers ask for $10 million ransom, ABB patches a high-severity OT security flaw, Massive SEO poisoning campaign is underway, Twitter battles fakes, more
Metacurity is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.
Western security advisers are warning delegates at the Sharm el-Sheikh Climate Change Conference (COP 27) summit not to download the host Egyptian government's official Android app amid fears it could be used to hack their private emails, texts, and even voice conversations.
Policymakers from Germany, France, and Canada were among those who had downloaded the app by November 8, according to two separate Western security officials. Other Western governments have advised officials not to download the app.
Security experts say the app, which is being promoted as a tool to help attendees navigate the event, risks giving the Egyptian government permission to read users' emails and messages. Even messages shared via encrypted services like WhatsApp are vulnerable. The experts say the app also provides Egypt's Ministry of Communications and Information Technology, which created it, with other so-called backdoor privileges, or the ability to scan people's devices.
The app is nothing short of "a surveillance tool that could be weaponized by the Egyptian authorities to track activists, government delegates and anyone attending COP27," said Marwa Fatafta, digital rights lead for the Middle East and North Africa for Access Now, a nonprofit digital rights organization. (MARK SCOTT AND VINCENT MANANCOURT / Politico)
Related: The Guardian
Cyprus's parliament opened an inquiry into the development of spyware on the island after the first draft investigation report for a European Parliament committee called PEGA said it was an important export hub for the surveillance industry.
The report said that Cyprus was an "attractive place" for selling surveillance technologies, adding that the "abuse of spyware in EU member states is a grave threat to democracy on the entire continent,” adding that three to four companies produce spyware on the island. Cypriot President Nicos Anastasiades last week said any involvement of Cyprus in spyware surveillance in other countries was “imaginary,” but MP Aristos Damianou of the opposition AKEL party, which sought the parliamentary inquiry, said "It’s been confirmed that Cyprus is a greenhouse for companies which produce spyware ... which has political backing.” (Michele Kambas / Reuters)
The suspected hackers behind the theft of Australia’s health insurance giant Medibank’s data linked to 9.7 million customers have claimed they demanded a $US10 million (AUS$15 million) ransom from the health insurer.
In a message posted on the dark web, the ransomware group, linked to the REvil ransomware gang, said they have released sensitive details of Medibank customers’ medical procedures. Medibank confirmed this morning it was “aware that the criminal has released an additional file on a dark web forum containing customer data that is believed to have been stolen from Medibank’s systems.”
The company asked the media, and the general public, to refrain from accessing the customer data and contacting them “given the sensitive nature of the stolen customer data that is being released on the dark web.” (Colin Kruger and Tim Biggs / Sydney Morning Herald)
Related: PerthNow, WA Today, Tech Xplore, UrduPoint, Tech Xplore, News.com.au, Daily Mail, Financial Review, News, The West Australian, MSN, The New Daily, Graham Cluley, Security News | Tech Times, Bleeping Computer
Swiss electrical equipment giant ABB, whose gear is widely used by large oil and gas utilities worldwide, has patched a high-severity vulnerability discovered by security company Claroty.
The flaw (CVE-2022-0902) affects ABB’s flow computers, devices that calculate oil and gas volume and flow rates, enabling attackers to overtake computers and remotely disrupt the flow computers’ ability to measure oil and gas flow accurately.
The vulnerability affects ABB’s RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5, XRCG5, uFLOG5, and UDC products. (Jonathan Greig / The Record)
Researchers at Sucuri say that hackers are conducting a massive black hat search engine optimization (SEO) poisoning campaign by compromising almost 15,000 websites to redirect visitors to fake Q&A discussion forums.
Each compromise account contains approximately 20,000 files used as part of the search engine spam campaign, with most of the sites being WordPress. The researchers believe the threat actors' goal is to generate enough indexed pages to increase the fake Q&A sites' authority and thus rank better in search engines. (Bill Toulas / Bleeping Computer)
Twitter appears to be battling a wave of celebrity and corporate impersonators on its platform who have quickly gamed the company’s new paid verification system hours after its launch.
Twitter suspended multiple accounts after other users posted screenshots showing misleading content from the accounts. The fake verified accounts had posed as former President Donald Trump, Rudy Giuliani, Nintendo of America, the basketball player LeBron James, the software company Valve, and others.
Many Twitter users on Wednesday reported having easily created verified impostor accounts. One user behind the fake Trump account, Brian Whelan, whose Twitter bio and LinkedIn identify him as head of video and social at London-based Times Radio, claimed he created a fake Trump account “within two beers” after spending £6. (Brian Fung / CNN)
VMware released security updates to address three critical severity vulnerabilities in the Workspace ONE Assist solution that enable remote attackers to bypass authentication and elevate privileges to admin.
The flaws are tracked as CVE-2022-31685 (authentication bypass), CVE-2022-31686 (broken authentication method), and CVE-2022-31687 (broken authentication control) and have received 9.8/10 CVSSv3 base scores. (Sergiu Gatlan / Bleeping Computer)
Los Angeles County dropped criminal charges against Eugene Yu, the top executive of an elections technology company, over concerns about the “pace of the investigation” and the “potential bias in the presentation” of evidence in the case. The office said the county had assembled a new team to “determine whether any criminal activity occurred.”
Last month, Los Angeles prosecutors accused Mr. Yu, the chief executive of Konnech, a small election software company in Michigan, of storing data about poll workers on servers in China, a breach of the company’s contract with the county. The charges related only to poll worker data and had no impact on votes or election results.
“Mr. Yu is an innocent man,” Gary Lincenberg, Mr. Yu’s lawyer, said in a statement, adding that “conspiracy theorists” were using the arrest to “further their political agenda.” (Stuart Thompson / New York Times)