Poland Bought NSO Group's Spyware in 2017 Following Prime Ministers' Meeting
China's Cyberspace Administration sets approval requirement for overseas listings, McMenamins says ransomware attackers stole employee data back to 1998, Google buys Siemplify for reported $500m, more
Polish newspaper Gazeta Wyborcza reports that Poland’s Central Anticorruption Bureau bought Israel’s NSO Group’s Pegasus spyware for hacking cellphones in 2017, not long after then prime minister Benjamin Netanyahu met with Polish Prime Minister Beata Szydło.
This report follows a joint investigation by the Associated Press and the University of Toronto’s Citizen Lab that concluded the cellphones of three individuals associated with Poland’s opposition were hacked using NSO’s Pegasus. (Yonah Jeremy Bob / Jerusalem Post)
Starting on February 15, China will require some companies with large amounts of user data to get approval from regulators to list overseas in a move that putatively aims to protect national security.
The network security review process, first proposed last year, will be implemented by China's increasingly powerful Cyberspace Administration (CAC) as the country tightens regulations on its domestic technology sector. Internet platforms holding personal information of more than 1 million users must apply for a network security review with the regulators before carrying out an initial public offering (IPO) abroad. (Arjun Kharpal / CNBC)
The Cyberspace Administration of China (CAC) said that a new set of rules on algorithm recommendation services would become effective on March 1.
The new rules, jointly issued by the CAC and three other departments, stipulate that algorithmic recommendation service providers shall not use technology to engage in illegal activities or spread illegal information and shall take measures to prevent the dissemination of harmful online content. They also call on algorithmic recommendation service providers to promote mainstream values and spread positive energy. (Xinhua)
Portland restaurant and hotel chain McMenamins confirmed last week that a recent ransomware attack compromised the company's internal employee data, affecting staff records as far back as 1998.
The company said it had sent letters detailing the stolen information to all employed individuals between July 1, 2010, and December 12, 2021, when the hack was discovered and blocked. The stolen data potentially included names, addresses, phone numbers, email addresses, Social Security Numbers, dates of birth, race, ethnicity, gender, disability status, medical notes, performance and disciplinary notes, health insurance plan elections, income amounts, and retirement contribution amounts. McMenamins is offering identity and credit protection services to past and current employees. (KGW)
Amid outrage in India over a Github-hosted app called Bulli Bai that posted often-doctored photographs of several prominent Muslim journalists and activists without their permission, the cybercrime cell of Delhi Police arrested an engineering student, Vishal Kumar. It also detained a woman, who they say is the lead suspect in the case.
The Bulli Bai app is a second attempt to harass Muslim women by "auctioning" them online. Last year, an app and website called "Sulli Deals” created profiles of more than 80 Muslim women and offered them as “the deal of the day.” In both cases, there was no actual sale. Still, the purpose was to degrade and humiliate Muslim women, many of whom have been vocal about the rising tide of Hindu nationalism under Prime Minister Narendra Modi. Github has removed the app. (BBC News)
Security researcher Trevor Spiniolas discovered a novel persistent denial of service vulnerability named doorLock in Apple’s smart home appliance software HomeKit, affecting iOS 14.7 through 15.2.
To trigger doorLock, an attacker needs to change the name of a HomeKit device to a string larger than 500,000 characters. Spiniolas said he disclosed the details to Apple on August 10, 2021, but despite repeated promises to fix it, Apple has continually pushed the security update further, and it remains unresolved. (Bill Toulas / Bleeping Computer)
So-called “Ethereum killer” Solana went down for several hours during the early morning on Tuesday after an alleged DDoS attack, marking the third time the project has faced an outage over the last couple of months.
It appears as if the platform was down for around five hours. Major crypto exchange Coinbase also warned users about Solana's issues on Monday, which Coinbase now says have been resolved. (Tim Fries / The Tokenist)
Researchers at Minerva Labs say that a malicious Telegram for Desktop installer, a compiled AutoIt script named "Telegram Desktop.exe,” distributes the Purple Fox malware to install further malicious payloads on infected devices.
It is unknown how the malware is distributed, but similar malware campaigns impersonating legitimate software were distributed via YouTube videos, forum spam, and shady software sites. (Bill Toulas / Bleeping Computer)
Researchers at Cluster25 say a North Korean cyber-espionage group known as Konni has targeted Russian embassy diplomats over the winter holidays with phishing emails carrying New Year greetings in the hopes of infecting them with malware.
Unlike in the past, the group did not use malicious documents as attachments; instead, they attached a .zip file type named ‘поздравление.zip,’ which means congratulation in Russian. Cluster25 said it only detected emails sent to the Russian Embassy in Indonesia but the attack most likely targeted other embassies. (Catalin Cimpanu / The Record)
In an extremely rare move for the U.S. intelligence community, the director of national intelligence, Avril Haines, intervened last year in a lawsuit brought by a company owned by the Saudi Public Investment Fund, which belongs to Saudi Arabia and Saudi Crown Prince Mohammed bin Salman (MBS). Haines said that state secrets could come out if the case were to proceed without restrictions.
In response, a judge in Massachusetts has dismissed the case against a former Saudi intelligence official, Saad Aljabri. The nature of the secrets Haines wants to keep classified is unclear because the documents detailing the government’s arguments are not public. (Shannon Vavra / Daily Beast)
Banks see massive potential for cloud technology to make their systems faster, more agile, and responsive to the needs of their customers. Still, they are also concerned that computing over the internet will open the door to cyberattacks, particularly given some of their old systems that are difficult to revamp or retire.
In North America, banks handle only 12 percent of their tasks on the cloud, but that could double in the next two years, according to Accenture. (Lananh Nguyen / New York Times)
Two Greek academics have tested endpoint detection & response (EDR) software from 18 of today’s top cybersecurity firms and found that many fail to detect some of the most common attack techniques used by advanced persistent threat actors.
They designed their research to find out how the EDRs from some of today’s most prominent companies fair in the face of various simple attacks that simulate common APT kill chains. They tested attacks against EDR software from Bitdefender, Carbon Black, Check Point, Cisco, Comodo, CrowdStrike, Elastic, ESET, F-Secure, Fortinet, Kaspersky, McAfee, Microsoft, Panda Security, Sentinel One, Sophos, Symantec, and Trend Micro. They discovered, among other things, that none of the tested EDRs had full coverage for all attack vectors, allowing threat actors a way to slip through a company’s defenses. (Catalin Cimpanu / The Record)
Marking the first time the internet and tech giant has purchased an Israeli cybersecurity company, Google is acquiring cybersecurity startup Siemplify for an estimated $500 million.
Siemplify employs 200 people in Israel, the U.S., and London, who will join Google following the acquisition. Google will use Siemplify to form the basis for its cybersecurity operations in Israel which will be part of the corporation’s cloud activity. (Meir Orbach / CTech)