Metacurity

Share this post
Italian Company Developed Tools to Spy on Smartphones in Italy and Kazakhstan
metacurity.substack.com

Italian Company Developed Tools to Spy on Smartphones in Italy and Kazakhstan

Feds issue warning about VMWare Horizon and Unified Access Gateway (UAG) servers, Chinese APT group using ransomware as decoy, Intel agencies given greenlight to hire past pot smokers, more

Cynthia Brumfield
Jun 24
1
Share this post
Italian Company Developed Tools to Spy on Smartphones in Italy and Kazakhstan
metacurity.substack.com

Metacurity is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

person holding space gray iPhone X
Photo by Oliur on Unsplash

Researchers at Google’s Threat Analysis Group say that Milan-based RCS Lab, whose website claims European law enforcement agencies as clients, developed tools to spy on private messages and contacts of targeted Apple and Android smartphones in Italy and Kazakhstan.

Google said it had taken steps to protect users of its Android operating system and alerted them about the spyware. An Apple spokesperson said the company had revoked all known accounts and certificates associated with this hacking campaign.

The researchers found RCS Lab had previously collaborated with the controversial, defunct Italian spy firm Hacking Team, which had similarly created surveillance software for foreign governments to tap into phones and computers. RCS Labs said that its personnel are not exposed, nor do they participate in any activities conducted by the relevant customers. (Zeba Siddiqui / Reuters)

Related: Blockworks, Slashdot, Wired, Bleeping Computer, Startups News | Tech News, CNN.com, NDTV Gadgets360.com, PCMag.com, AppleInsider, WIRED, Cyberscoop, Insider Paper, DNA India, Tech.Co, Technology | International Business Times, The Tech Outlook, MacDailyNews, Teller Report, The Guardian, Security Week, Digital Journal, Digital Information World, The Record by Recorded Future, TechCrunch, Slashdot, Google, Bloomberg, The Guardian, heise online News, TRT World, Reuters, CNN.com, Tech-Economic Times, Macworld, SiliconANGLE, TechShout, The Mac Observer, Security Affairs, Threatpost, Silicon UK, The Register - Security, Raw Story, CyberNews, IBTimes India, Teiss, iMore, Silicon Republic, Techexplore, TechWorm, Silicon Republic, Security - Computing, TechCentral

Twitter avatar for @billyleonardbilly leonard @billyleonard
More great work on commercial surveillance vendors from @Google TAG - @benoitsevens and @_clem1 disrupting campaigns using RCS Lab 🇮🇹 capabilities against 🍎 and 🤖 users in 🇮🇹 and 🇰🇿.
blog.google/threat-analysi…Spyware vendor targets users in Italy and KazakhstanToday, alongside Google’s Project Zero, we are detailing capabilities provided by RCS Labs, an Italian vendor that uses a combination of tactics, including atypical drive-by downloads as initial infection vectors to target mobile users on both iOS and Android.blog.google

June 23rd 2022

45 Retweets80 Likes

The Cybersecurity and Infrastructure Security Agency (CISA) and the United States Coast Guard Cyber Command (CGCYBER) warned organizations that unpatched VMWare Horizon and Unified Access Gateway (UAG) servers are still being exploited through CVE-2021-44228, known widely as Log4Shell.

The agencies said that the vulnerability is being used in attacks by various threat actors, including state-backed groups. CISA noted that in one confirmed compromise, APT actors could move laterally inside the network, gain access to a disaster recovery network, and collect and exfiltrate sensitive data. In a second incident, CISA said it was forced to conduct an “onsite incident response engagement.” (Jonathan Greig / The Record)

Related: CISA, Bleeping Computer, heise online News, The Hacker News, Security Week, Reddit - cybersecurity

Researchers at Secureworks say that a China-based advanced persistent threat (APT) group called Bronze Starlight is possibly deploying short-lived ransomware families as a decoy to cover up the actual operational and tactical objectives behind its campaigns.

In less than a year, the group’s activity involved the deployment of post-intrusion ransomware such as LockFile, Atom Silo, Rook, Night Sky, Pandora, and LockBit 2.0. "It is plausible that Bronze Starlight deploys ransomware as a smokescreen rather than for financial gain, with the underlying motivation of stealing intellectual property or conducting espionage," the researchers said. (Ravie Lakshmanan / The Hacker News)

Related: Reddit - cybersecurity, ZDNet, Dark Reading, Decipher, Secureworks, The Register

A bipartisan group of senators introduced a bill that would give the Biden administration the power to block exports of U.S. personal data to countries like China that pose national security risks.

The bill, modeled on a discussion draft released by Senator Ron Wyden (D-OR) last year, would direct the Secretary of Commerce to identify categories of personal data that, if exported, could harm U.S. national security. It would also direct the Commerce Department to require licenses for bulk exports of the identified categories of personal data to other countries and deny exports to high-risk countries. Data exports to low-risk countries would be unrestricted. (Alexandra Alper and David Shepardson / Reuters)

Related: Wyden.Senate.Gov

Twitter avatar for @DavidHenigUKDavid Henig 🇺🇦 @DavidHenigUK
Important trade policy developments with regard to data - fairly evident that we are moving towards restrictions on data flows, possibly with models not dissimilar to that of the EU.
U.S. lawmakers unveil bill barring U.S. data flows to high-risk countriesA bipartisan group of U.S. senators introduced legislation on Thursday that would give the Biden administration the power to block exports of U.S. personal data to countries like China that they say pose national security risks.reuters.com

June 24th 2022

10 Retweets32 Likes

Congressional aides say that U.S. intelligence agencies would be permitted to hire job applicants who have used marijuana in the past under legislation that passed a Senate committee this week.

The potential easing of the prohibition on past marijuana use is contained in a provision in the annual intelligence authorization act. This bill is generally viewed as a must-pass because it authorizes funding and sets policy for the U.S. government’s national security agencies. Senior U.S. national security leaders have said for years that restrictions on hiring, like the bar on past marijuana use, have limited some agencies’ ability to attract young professionals into important security roles. (Dustin Volz / Wall Street Journal)

Twitter avatar for @BlakeSobczakBlake Sobczak @BlakeSobczak
If this advances, it'd be a big deal for national security agencies' ability to recruit #cybersecurity talent. Many otherwise qualified security specialists have <gasp!> smoked pot, which is legal in the tech hub of California and in 18 other states + D.C.

Dustin Volz @dnvolz

New: National security agencies will not be able to turn down job applicants solely on the basis of past marijuana use under a provision in the intelligence authorization act that unanimously passed the Senate Intel Committee this week behind closed doors https://t.co/RLY5FRsJJv

June 23rd 2022

4 Retweets8 Likes
Twitter avatar for @RonWydenRon Wyden @RonWyden
Big thanks to @MartinHeinrich and @SenGillibrand for their support of this common-sense provision, which will ensure the intelligence community can continue to recruit the most capable people possible.

June 23rd 2022

7 Retweets55 Likes

The Italian data protection authority, Garante, found a local web publisher’s use of the popular Google analytics tool to be non-compliant with EU data protection rules owing to user data being transferred to the U.S., which lacks an equivalent legal framework to protect the info from being accessed by U.S. spooks.

The decision has wider significance because Garante has also warned other local websites using Google Analytics to take note and check their compliance. (Natasha Lomas / TechCrunch)

Related: Slashdot

According to Akamai, out-of-control scalper bots have created havoc in Israel by registering public service appointments for various government services and then offering to sell them to disgruntled citizens.

The bots tried to sell appointments for a range of government agencies for over $100, including passport renewal, the Israeli Ministry of Interior, the Ministry of Transport, National Insurance, Israel Post, and the Israeli state Electricity Company. To help with the backlog of over 700,000 passport applications, software developers created an appointment scheduling bot named GamkenBot that checks available appointments on the state's site (MyVisit) and books them automatically.

But malicious actors grabbed it and modified its functions to scalp all the available appointments. For now, Israel's state services and citizens that use them appear enslaved to this rogue operation and unable to find an easy way to stop it. (Bill Toulas / Bleeping Computer)

Related: Akamai, ZDNet

IT service and security software management company Kaseya said it finalized its $6.2 billion acquisition of cybersecurity company Datto.

The company's public messaging about the Datto deal emphasized impending price cuts—an average of 10% across the board. (John Gold / CSO Online)

Related: Business Wire

Denver-based identity vendor says Ping Identity is launching a $50 million in-house corporate venture fund called Ping Ventures to support identity and access management technology startups, betting it can spot, fund, and integrate cutting-edge technology into its own stack.

Ping Ventures will back new businesses in online fraud and risk services, real-time identity verification, identity, and data access governance, decentralized identity, machine identity, experience automation, and dynamic authorization and entitlement. (Michael Novinson / Databreachtoday)

Related: PR Newswire

Share this post
Italian Company Developed Tools to Spy on Smartphones in Italy and Kazakhstan
metacurity.substack.com
Comments

Create your profile

0 subscriptions will be displayed on your profile (edit)

Skip for now

Only paid subscribers can comment on this post

Already a paid subscriber? Sign in

Check your email

For your security, we need to re-authenticate you.

Click the link we sent to , or click here to sign in.

TopNew

No posts

Ready for more?

© 2022 DCT Associates
Privacy ∙ Terms ∙ Collection notice
Publish on Substack Get the app
Substack is the home for great writing