Former U.S. Intelligence Operatives Who Were Cyber Spies for UAE Fined for Violating U.S. Law
Microsoft patches flaw exploited in the wild, Another Microsoft Azure flaw found, Mass. attorney general to probe T-Mobile hack, UC San Diego student charged in SIM swapping, blackmail scheme, more
Under a deal to avoid prosecution, three former U.S. intelligence operatives who worked as cyber spies for the United Arab Emirates (UAE) admitted to violating U.S. hacking laws and prohibitions on selling sensitive military technology.
The three men - Marc Baier, Ryan Adams, and Daniel Gericke - were part of a covert unit named Project Raven that helped the UAE spy on its adversaries. They admitted to hacking into computer networks in the U.S. and exporting sophisticated cyber intrusions tools without gaining the required permission from the U.S. government. Under a deal with federal authorities, the operatives will serve no prison sentence. They instead agreed to pay a combined $1.69 million and never again seek a U.S. security clearance.
The three operatives hacked into the iPhones of activists, diplomats, and rival foreign leaders with the help of a sophisticated spying tool called Karma, according to a 2019 Reuters scoop that exposed Project Raven. Starting in 2016, the UAE used the tool to monitor hundreds of targets, including the Emir of Qatar and a senior Turkish official to a Nobel Peace laureate human-rights activist in Yemen. (Joel Schectman and Christopher Bing / Reuters)
Related: Vice News, Justice Department, Reuters, Sputnik News, CNN.com, The Hill: Cybersecurity, Digital Journal, Gizmodo, NBC News Technology, Associated Press Technology, The Independent, TribLIVE Today's Stories, Cyberscoop, News: NPR, The Independent, The Guardian, The Record, Washington Post, Vice News, Sputnik News, CNN.com, The Hill: Cybersecurity, Digital Journal, Gizmodo, NBC News Technology, Associated Press Technology, The Independent, TribLIVE Today's Stories, Cyberscoop, News: NPR, The Independent, The Guardian, The Record, UPI.com, DAILYSABAH, Digital Journal, The New Arab, Sky News, The Register - Security, CTVNews.ca, Gizmodo, Silicon Angle
Microsoft issued its Patch Tuesday update to fix dozens of security holes in Windows and related products, including a vulnerability already being exploited in active attacks. That flaw, CVE-2021-40444, affects the “MSHTML” component of Internet Explorer (IE) on Windows 10 and many Windows Server versions. Microsoft warned last week that malicious actors had exploited the flaw in the wild.
Adobe also released several fixes for vulnerabilities in Acrobat Reader and some other software products. (Brian Krebs / Krebs on Security)
Related: Sophos News, WCCFtech, Malwarebytes Labs, gHacks, EETimes, Krebs on Security, ZDNet Security, Talos Intel, CI Security, Bleeping Computer, The State of Security, Tripwire, DataBreachToday.com, Security Week, Threatpost, Bleeping Computer, Zero Day Initiative - Blog, The Record by Recorded Future, Talos Intel, Sophos News, Help Net Security, EETimes, Dark Reading, Tenable Blog, Neowin, MSPoweruser, US-CERT Current Activity, US-CERT Current Activity, US-CERT Current Activity, Qualys Blog, Engadget, Security Brief, The Register - Security, Threatpost, Bleeping Computer, DataBreachToday.com, SANS Internet Center
Researchers at SentinelOne reported that millions of HP OMEN laptops and desktop gaming computers are exposed to attacks by a high severity vulnerability that can let threat actors trigger denial of service states or escalate privileges and disable security solutions.
The flaw (CVE-2021-3437) was found in a driver used by the OMEN Gaming Hub software that comes pre-installed on all HP OMEN desktops and laptops. Although HP released patches for the high severity vulnerability on July 27 and published a security advisory earlier, SecurityOne issued its report to reiterate the importance of patching for the flaw. (Sergiu Gatlan / Bleeping Computer)
Cloud security vendor Wiz found another massive vulnerability called OMIGOD that impacts Linux virtual machines on Microsoft Azure. The flaw could be leveraged into remote root code execution, although Azure's on-by-default, outside-the-VM firewall will limit it to most customers' internal networks only.
Despite difficulties in getting Microsoft to pay Wiz a bug bounty for discovering the complex flaw, it ultimately awarded Wiz a total of $70,000 for the four bugs that make up OMIGOD. (Jim Salter / Ars Technica)
According to a 4Chan “press release” put out by the hacktivist collective Anonymous, the group claims to have hacked hard right-oriented web registration company Epik, allegedly stealing “a decade’s worth of data,” including reams of information about its clients and their domains.
Epik has gained a higher profile recently for hosting the notorious website prolifewhistleblower.com which aims to collect names of women seeking abortions and anyone who helps these women obtain abortions under Texas’ newly enacted anti-choice law. The hacktivist group Distributed Denial of Secrets said that a source had provided them with the leak. They plan to curate it for public consumption on their website. Anonymous also claims to have taken down and defaced the Texas GOP website over the weekend. (Lucas Ropek / Gizmodo)
Massachusetts Attorney General Maura Healey said she would investigate the cyberattack against T-Mobile US that exposed the personal information of more than 53 million people.
Healey plans to investigate whether the Bellevue, Washington-based company had proper safeguards to protect personal information and mobile devices. (NBC Boston)
A University of California, San Diego student Richard Yuan faces conspiracy to commit wire fraud and conspiracy to engage in interstate communication with intent to extort and to commit computer fraud and abuse, among other charges, for allegedly engaging in a SIM swapping scheme.
Prosecutors say he activated at least 40 numbers on his iPhone between July and December 2018 to steal an unspecified amount of cryptocurrency and blackmailed at least one victim, threatening to release compromising photos stolen from the victim’s phone. (Louis Casiano / Fox Business)
Related: Justice Department
Researchers at Imperva say that close to half the on-premises servers used by businesses contain vulnerabilities that may be ripe for exploitation.
The researchers analyzed roughly 27,000 databases and their security posture. In total, 46% of on-premises databases worldwide contained known vulnerabilities. (Charlie Osborne / ZDNet)
Researcher Felix Lange discovered a security flaw in the software testing solution Travis CI that potentially exposed the secrets of thousands of open source projects that rely on the service.
The flaw allowed a bad actor to exfiltrate secure environment variables, such as signing keys, access credentials, and API tokens of all public open-source projects. The bug (CVE-2021-41077) is present in Travis CI's activation process and impacts specific builds created between September 3 and September 10. (Ax Sharma / Ars Technica)
Researchers at SentinelOne say that a targeted campaign delivering the ZLoader banking trojan is spreading via Google AdWords and is using a mechanism to disable all Windows Defender modules on victim machines.
The infection chain for the campaign also includes the use of a signed dropper, plus a backdoored version of the Windows utility wextract.exe to embed the ZLoader payload itself. For now, the campaign is targeting Australian and German banking institutions. (Tara Seals / Threatpost)
A New York man, Christopher Naples, has been charged with secretly installing dozens of machines at his workplace in a cryptocurrency scheme that cost Suffolk County, New York, at least $6,000 in electricity bills.
Naples worked in the county clerk’s office as a supervisor of information technology operations. Authorities charged him with several counts, including public corruption, grand larceny, and computer trespass. (Associated Press)
Related: Infosecurity Magazine
FBI Deputy Director Paul Abbate said there has been “no indication” that the Russian government has taken steps to stop ransomware gangs’ activities despite threats from the Biden administration.
“Based on what we’ve seen, I would say there is no indication that the Russian government has taken action to crack down on ransomware actors that are operating in the permissive environment that they have created there,” Abbate said during a panel at the Intelligence and National Security Summit. (Maggie Miller / The Hill)
Chinese police are using a new anti-fraud app launched by the public security ministry’s National Anti-Fraud Center to identify and question people who have viewed overseas financial news sites, according to individuals summoned by the authorities.
The app is installed on more than 200 million phones and blocks suspicious phone calls, and reports malware. It has generated thousands of privacy-related complaints online from people who said they had to download it to rent apartments or enroll their children in schools. (Sun Yu / Financial Times)
The U.S. House Energy and Commerce Committee voted to give the Federal Trade Commission $1 billion to set up a bureau dedicated to improving data security and privacy and fighting identity theft.
The proposal would fund a new bureau over ten years to address "unfair or deceptive acts or practices relating to privacy, data security, identity theft, data abuses, and related matters.” (Diane Bartz / Reuters)
The foundation that oversees Wikipedia has banned seven mainland Chinese users from its websites globally and revoked administrator access and other privileges for 12 other users following a Hong Kong Free Press report of alleged threats to Hong Kong users.
An “unrecognized group” of almost 300 Wikipedia users known as Wikimedians of Mainland China posed “security risks” relating to “infiltration of Wikimedia systems, including positions with access to personally identifiable information and elected bodies of influence,” Maggie Dennis, the foundation’s vice president of community resilience & sustainability, said. (Selina Cheng / Hong Kong Free Press)
A failed attack on the Ethereum blockchain managed to trick a few nodes but could not fool the rest of the network.
The attacker published a chain of roughly 550 blocks, which had invalid proofs of work, meaning that instead of mining the blocks correctly according to the network’s rules, the blocks were created at will and broadcast to the network. Most Ethereum nodes rejected the blocks, but a small percentage of nodes running Nethermind switched to the fake version. All affected nodes have now moved back onto the main blockchain. (Tim Copeland / The Block)
Israeli startup Rezilion, which makes automation tools for DevSecOps, raised $30 million in a Series A funding round.
Guggenheim Investments led the round. JVP and Kindred Capital contributed to the round alongside new investment partners, including current and former security executives and luminaries from Google, Microsoft, CrowdStrike, IBM, Cisco, PayPal, JP Morgan Chase, Nasdaq, eBay, Symantec, RedHat, RSA, and Tenable. (Ingrid Lunden / TechCrunch)