Egyptian Government's Climate Conference App Sparks Hacking Fears Among Westerners

Cyprus launches spyware probe, Medibank’s hackers ask for $10 million ransom, ABB patches a high-severity OT security flaw, Massive SEO poisoning campaign is underway, Twitter battles fakes, more

Nov 10

Western security advisers are warning delegates at the Sharm el-Sheikh Climate Change Conference (COP 27) summit not to download the host Egyptian government's official Android app amid fears it could be used to hack their private emails, texts, and even voice conversations.

Policymakers from Germany, France, and Canada were among those who had downloaded the app by November 8, according to two separate Western security officials. Other Western governments have advised officials not to download the app.

Security experts say the app, which is being promoted as a tool to help attendees navigate the event, risks giving the Egyptian government permission to read users' emails and messages. Even messages shared via encrypted services like WhatsApp are vulnerable. The experts say the app also provides Egypt's Ministry of Communications and Information Technology, which created it, with other so-called backdoor privileges, or the ability to scan people's devices.

The app is nothing short of "a surveillance tool that could be weaponized by the Egyptian authorities to track activists, government delegates and anyone attending COP27," said Marwa Fatafta, digital rights lead for the Middle East and North Africa for Access Now, a nonprofit digital rights organization. (MARK SCOTT AND VINCENT MANANCOURT / Politico)

Related: The Guardian

Alfons López Tena 🦇 @alfonslopeztena

Egypt’s COP27 summit app is a cyber weapon against attendees, at risk of having their private emails, texts, and even voice conversations surveilled by Egypt's dictatorship if they download the summit's official smartphone app

politico.euEgypt’s COP27 summit app is a cyber weapon, experts warnSecurity officials raise fears over the Egyptian government’s mobile app as POLITICO analysis shows it can listen to private conversations and access encrypted texts.

Timothy E Kaldas @tekaldas

You may wonder what Egyptian leaders were thinking when they designed the offical app for #COP27 as a spyware app that allowed them to access participants' private communications. They were thinking a decade of crimes against humanity came with no consequences. Why would this?

Marwa Fatafta مروة فطافطة @marwasf

My comments on Egypt’s #COP27 app: It’s nothing short of a surveillance app to monitor activists and gov delegates. Egypt “cannot be entrusted with managing people’s personal data given its dismal human rights record and blatant disregard for privacy.”https://t.co/ChNrmBpryb

Cyprus's parliament opened an inquiry into the development of spyware on the island after the first draft investigation report for a European Parliament committee called PEGA said it was an important export hub for the surveillance industry.

The report said that Cyprus was an "attractive place" for selling surveillance technologies, adding that the "abuse of spyware in EU member states is a grave threat to democracy on the entire continent,” adding that three to four companies produce spyware on the island. Cypriot President Nicos Anastasiades last week said any involvement of Cyprus in spyware surveillance in other countries was “imaginary,” but MP Aristos Damianou of the opposition AKEL party, which sought the parliamentary inquiry, said "It’s been confirmed that Cyprus is a greenhouse for companies which produce spyware ... which has political backing.” (Michele Kambas / Reuters)

Related: KNews, VOI

The suspected hackers behind the theft of Australia’s health insurance giant Medibank’s data linked to 9.7 million customers have claimed they demanded a $US10 million (AUS$15 million) ransom from the health insurer.

In a message posted on the dark web, the ransomware group, linked to the REvil ransomware gang, said they have released sensitive details of Medibank customers’ medical procedures. Medibank confirmed this morning it was “aware that the criminal has released an additional file on a dark web forum containing customer data that is believed to have been stolen from Medibank’s systems.”

The company asked the media, and the general public, to refrain from accessing the customer data and contacting them “given the sensitive nature of the stolen customer data that is being released on the dark web.” (Colin Kruger and Tim Biggs / Sydney Morning Herald)

Brett Callow @BrettCallow

The #Medibank hackers claim the ransom was initially $10 million USD, but offer to reduce it to $9.7 million or $1/customer. They also claim to have released a file named "abortions.csv." Pure evil. 1/2

Jeremy Kirk @Jeremy_Kirk

Here's a clear explanation of the complexities in play on the @medibank ransom situation from @macgibbon on @QandA. #auspol

QandA @QandA

How can the government and business respond proactively to privacy breaches without enabling cyber criminals? #QandA https://t.co/qXWHBMZHq9

Swiss electrical equipment giant ABB, whose gear is widely used by large oil and gas utilities worldwide, has patched a high-severity vulnerability discovered by security company Claroty.

The flaw (CVE-2022-0902) affects ABB’s flow computers, devices that calculate oil and gas volume and flow rates, enabling attackers to overtake computers and remotely disrupt the flow computers’ ability to measure oil and gas flow accurately.

The vulnerability affects ABB’s RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5, XRCG5, uFLOG5, and UDC products. (Jonathan Greig / The Record)

Related: Claroty, The Hacker News, ABB

Researchers at Sucuri say that hackers are conducting a massive black hat search engine optimization (SEO) poisoning campaign by compromising almost 15,000 websites to redirect visitors to fake Q&A discussion forums.

Each compromise account contains approximately 20,000 files used as part of the search engine spam campaign, with most of the sites being WordPress. The researchers believe the threat actors' goal is to generate enough indexed pages to increase the fake Q&A sites' authority and thus rank better in search engines. (Bill Toulas / Bleeping Computer)

Related: Sucuri

Twitter appears to be battling a wave of celebrity and corporate impersonators on its platform who have quickly gamed the company’s new paid verification system hours after its launch.

Twitter suspended multiple accounts after other users posted screenshots showing misleading content from the accounts. The fake verified accounts had posed as former President Donald Trump, Rudy Giuliani, Nintendo of America, the basketball player LeBron James, the software company Valve, and others.

Many Twitter users on Wednesday reported having easily created verified impostor accounts. One user behind the fake Trump account, Brian Whelan, whose Twitter bio and LinkedIn identify him as head of video and social at London-based Times Radio, claimed he created a fake Trump account “within two beers” after spending £6. (Brian Fung / CNN)

Jack Lawrence @JackMLawrence

It took me less than 25 minutes to set up a fake anonymous Apple ID using a VPN and disposable email, attach a masked debit card to it (with the address being Twitter's HQ), and get a verified account for a prominent figure. Just think what a nation-state or bad actor could do...

Twitter Support @TwitterSupport

We’re not currently putting an “Official” label on accounts but we are aggressively going after impersonation and deception.

Chad Loder @chadloder

Massive phishing scams underway.

Twitter screenshot showing a verified blue check account with a phishing scam pretending to be Twitter itself

Whoa, Twitter Blue is now available for free
Crypto/NFT holders can now get Twitter Blue for free by authenticating their wallet assets
Authenticate now: twitter-blue.com
Ps, there might be a little surprise after authenticating... bird NFT?

VMware released security updates to address three critical severity vulnerabilities in the Workspace ONE Assist solution that enable remote attackers to bypass authentication and elevate privileges to admin.

The flaws are tracked as CVE-2022-31685 (authentication bypass), CVE-2022-31686 (broken authentication method), and CVE-2022-31687 (broken authentication control) and have received 9.8/10 CVSSv3 base scores. (Sergiu Gatlan / Bleeping Computer)

Los Angeles County dropped criminal charges against Eugene Yu, the top executive of an elections technology company, over concerns about the “pace of the investigation” and the “potential bias in the presentation” of evidence in the case. The office said the county had assembled a new team to “determine whether any criminal activity occurred.”

Last month, Los Angeles prosecutors accused Mr. Yu, the chief executive of Konnech, a small election software company in Michigan, of storing data about poll workers on servers in China, a breach of the company’s contract with the county. The charges related only to poll worker data and had no impact on votes or election results.

“Mr. Yu is an innocent man,” Gary Lincenberg, Mr. Yu’s lawyer, said in a statement, adding that “conspiracy theorists” were using the arrest to “further their political agenda.” (Stuart Thompson / New York Times)

Related: Reuters