Italian Company Developed Tools to Spy on Smartphones in Italy and Kazakhstan
Feds issue warning about VMWare Horizon and Unified Access Gateway (UAG) servers, Chinese APT group using ransomware as decoy, Intel agencies given greenlight to hire past pot smokers, more
Metacurity is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.
Researchers at Google’s Threat Analysis Group say that Milan-based RCS Lab, whose website claims European law enforcement agencies as clients, developed tools to spy on private messages and contacts of targeted Apple and Android smartphones in Italy and Kazakhstan.
Google said it had taken steps to protect users of its Android operating system and alerted them about the spyware. An Apple spokesperson said the company had revoked all known accounts and certificates associated with this hacking campaign.
The researchers found RCS Lab had previously collaborated with the controversial, defunct Italian spy firm Hacking Team, which had similarly created surveillance software for foreign governments to tap into phones and computers. RCS Labs said that its personnel are not exposed, nor do they participate in any activities conducted by the relevant customers. (Zeba Siddiqui / Reuters)
Related: Blockworks, Slashdot, Wired, Bleeping Computer, Startups News | Tech News, CNN.com, NDTV Gadgets360.com, PCMag.com, AppleInsider, WIRED, Cyberscoop, Insider Paper, DNA India, Tech.Co, Technology | International Business Times, The Tech Outlook, MacDailyNews, Teller Report, The Guardian, Security Week, Digital Journal, Digital Information World, The Record by Recorded Future, TechCrunch, Slashdot, Google, Bloomberg, The Guardian, heise online News, TRT World, Reuters, CNN.com, Tech-Economic Times, Macworld, SiliconANGLE, TechShout, The Mac Observer, Security Affairs, Threatpost, Silicon UK, The Register - Security, Raw Story, CyberNews, IBTimes India, Teiss, iMore, Silicon Republic, Techexplore, TechWorm, Silicon Republic, Security - Computing, TechCentral
The Cybersecurity and Infrastructure Security Agency (CISA) and the United States Coast Guard Cyber Command (CGCYBER) warned organizations that unpatched VMWare Horizon and Unified Access Gateway (UAG) servers are still being exploited through CVE-2021-44228, known widely as Log4Shell.
The agencies said that the vulnerability is being used in attacks by various threat actors, including state-backed groups. CISA noted that in one confirmed compromise, APT actors could move laterally inside the network, gain access to a disaster recovery network, and collect and exfiltrate sensitive data. In a second incident, CISA said it was forced to conduct an “onsite incident response engagement.” (Jonathan Greig / The Record)
Researchers at Secureworks say that a China-based advanced persistent threat (APT) group called Bronze Starlight is possibly deploying short-lived ransomware families as a decoy to cover up the actual operational and tactical objectives behind its campaigns.
In less than a year, the group’s activity involved the deployment of post-intrusion ransomware such as LockFile, Atom Silo, Rook, Night Sky, Pandora, and LockBit 2.0. "It is plausible that Bronze Starlight deploys ransomware as a smokescreen rather than for financial gain, with the underlying motivation of stealing intellectual property or conducting espionage," the researchers said. (Ravie Lakshmanan / The Hacker News)
A bipartisan group of senators introduced a bill that would give the Biden administration the power to block exports of U.S. personal data to countries like China that pose national security risks.
The bill, modeled on a discussion draft released by Senator Ron Wyden (D-OR) last year, would direct the Secretary of Commerce to identify categories of personal data that, if exported, could harm U.S. national security. It would also direct the Commerce Department to require licenses for bulk exports of the identified categories of personal data to other countries and deny exports to high-risk countries. Data exports to low-risk countries would be unrestricted. (Alexandra Alper and David Shepardson / Reuters)
Congressional aides say that U.S. intelligence agencies would be permitted to hire job applicants who have used marijuana in the past under legislation that passed a Senate committee this week.
The potential easing of the prohibition on past marijuana use is contained in a provision in the annual intelligence authorization act. This bill is generally viewed as a must-pass because it authorizes funding and sets policy for the U.S. government’s national security agencies. Senior U.S. national security leaders have said for years that restrictions on hiring, like the bar on past marijuana use, have limited some agencies’ ability to attract young professionals into important security roles. (Dustin Volz / Wall Street Journal)
Dustin Volz @dnvolzNew: National security agencies will not be able to turn down job applicants solely on the basis of past marijuana use under a provision in the intelligence authorization act that unanimously passed the Senate Intel Committee this week behind closed doors https://t.co/RLY5FRsJJv
The Italian data protection authority, Garante, found a local web publisher’s use of the popular Google analytics tool to be non-compliant with EU data protection rules owing to user data being transferred to the U.S., which lacks an equivalent legal framework to protect the info from being accessed by U.S. spooks.
The decision has wider significance because Garante has also warned other local websites using Google Analytics to take note and check their compliance. (Natasha Lomas / TechCrunch)
According to Akamai, out-of-control scalper bots have created havoc in Israel by registering public service appointments for various government services and then offering to sell them to disgruntled citizens.
The bots tried to sell appointments for a range of government agencies for over $100, including passport renewal, the Israeli Ministry of Interior, the Ministry of Transport, National Insurance, Israel Post, and the Israeli state Electricity Company. To help with the backlog of over 700,000 passport applications, software developers created an appointment scheduling bot named GamkenBot that checks available appointments on the state's site (MyVisit) and books them automatically.
But malicious actors grabbed it and modified its functions to scalp all the available appointments. For now, Israel's state services and citizens that use them appear enslaved to this rogue operation and unable to find an easy way to stop it. (Bill Toulas / Bleeping Computer)
IT service and security software management company Kaseya said it finalized its $6.2 billion acquisition of cybersecurity company Datto.
The company's public messaging about the Datto deal emphasized impending price cuts—an average of 10% across the board. (John Gold / CSO Online)
Related: Business Wire
Denver-based identity vendor says Ping Identity is launching a $50 million in-house corporate venture fund called Ping Ventures to support identity and access management technology startups, betting it can spot, fund, and integrate cutting-edge technology into its own stack.
Ping Ventures will back new businesses in online fraud and risk services, real-time identity verification, identity, and data access governance, decentralized identity, machine identity, experience automation, and dynamic authorization and entitlement. (Michael Novinson / Databreachtoday)
Related: PR Newswire