Signal Founder Delivers Dirt on Dodgy Phone Hacking Company Cellebrite's Security Flaws
Facebook exposes two Palestinian espionage campaigns, DOJ forms task force to curtail ransomware campaigns, USPS has a surveillance effort to spy on Americans social media posts, more
Don’t wait for each morning’s issue of Metacurity to stay current on cybersecurity developments. Follow us on Twitter for breaking news throughout the day.
Moxie Marlinspike, the founder of the popular encrypted chat app Signal, revealed details of poor security involved in mobile unlocking company Cellebrite’s devices after getting his hands on such a unit after it“fell off a truck.”
Cellebrite devices lack industry-standard mitigation defenses and feature many opportunities for exploitation, Marlinspike said in a blog post. Cellebrite announced several months ago it had added Signal to its phone-hacking repertoire. Marlinspike joked that future versions of Signal might very well contain files that"are never used for anything inside Signal and never interact with Signal software or data.” (Lorenzo Franceschi-Bicchierai / Motherboard)
Related: Ars Technica, Slashdot, SlashGear, SlashGear » security, Signal, Reddit-hacking, Gizmodo, Cyberscoop, IT News, The Register - Security, ZDNet, AppleInsider, Bleeping Computer, Security News | Tech Times, Mashable, Slashdot, Ars Technica, SlashGear » security
Matthew Green @matthew_d_greenWe all understand that Signal probably isn’t going to *actually* install Cellebrite exploits in the app’s filesystem? I see a lot of people worrying that Signal is going to get banned for this, when all they have to do is say “LOL”.
Facebook says that two digital espionage campaigns out of Palestine that were active in 2019 and 2020 exploited many devices and platforms, including unique spyware that targeted iOS. The researchers linked one set of attackers to Palestine's Preventive Security Service, an intelligence group under the West Bank's Fatah ruling party. The hackers focused on attacking human rights and anti-Fatah activists, journalists, and entities like the Iraqi military and Syrian opposition.
The other group is the longtime actor Arid Viper, associated with Hamas, which focused on targets within Palestine like Fatah political party members, government officials, security forces, and students. (Lily Hay Newman / Wired)
Related: Motherboard, Ynet News, Forbes, Thomas Brewster - Forbes, CyberNews, Devdiscourse News Desk, Haaretz.com, The Independent, SecurityWeek, Stars and Stripes, Reuters, Israel National News, ZDNet, Motherboard, Haaretz.com, Devdiscourse News Desk, CyberNews, Yahoo! News, The Record, Daily Beast, Facebook, Cyberscoop
The U.S. Justice Department has formed a task force to curtail the seemingly uncontrolled proliferation of ransomware cyberattacks in a bid to make the popular extortion schemes less lucrative by targeting the entire digital ecosystem that supports them.
The task force consists of the Justice Department’s criminal, national security, civil divisions, the Federal Bureau of Investigation, and the Executive Office of U.S. Attorneys, supporting the 93 top federal prosecutors across the country. (Dustin Volz / Wall Street Journal)
A bipartisan group of lawmakers, including Sen. Ron Wyden (D-OR), Sen. Rand Paul (R-KY), and 18 other members of the Senate, have introduced The Fourth Amendment Is Not For Sale Act that will ban law enforcement agencies from buying data from controversial firm Clearview AI, as well as force agencies to obtain a warrant before sourcing location data from brokers.
The complex bill addresses various surveillance technologies in different ways. It requires federal agencies to obtain a court order to gather information from brokers rather than simply buying it like a company in the private sector might do. But for Clearview and other law enforcement suppliers, the bill bans agencies from purchasing data that has been obtained illicitly or through terms of services violations. (Joseph Cox / Motherboard)
Google released Chrome 90.0.4430.85 to address an actively exploited zero-day and four other high severity security vulnerabilities impacting the popular web browser. Google will roll out to all users over the coming weeks.
Google said little about the zero-day aside from describing it as a 'Type Confusion in V8' and saying that VerSprite Inc's Jose Martinez reported it. (Sergiu Gatlan / Bleeping Computer)
After a group of University of Minnesota researchers was caught submitting a series of malicious code commits in the official Linux codebase as a part of their research activities, Linux kernel project maintainers imposed a ban on the university to the open-source Linux project.
The project maintainers further decided to revert any code commits that were ever submitted from a @umn.edu email address. (Ax Sharma / Bleeping Computer)
The U.S. arm of Japanese vision care company Hoya Vision Care experienced disrupted operations following a ransomware attack.
The hacker group called Astro Team said it targeted Hoya servers and stole about 300 gigabytes of confidential corporate data, including finance, production, email messages, passwords, and safety reports. (Daniele Lepido / Bloomberg)
The U.S. Postal Service has been running a surveillance effort known as iCOP, or Internet Covert Operations Program, unbeknownst to many government experts, legislators and policymakers.
The iCOP requires analysts to trawl through social media sites to look for what the document describes as “inflammatory” postings and then sharing that information across government agencies. (Jana Winter / Yahoo News)
Email and collaboration security company Perception Point raised $28 million in a Series B funding round.
The round was led by Red Dot Capital Partners and joined by global investor NGP Capital along with existing investors Pitango Venture Capital and State of Mind Ventures (SOMV). (NoCamels)
Software-as-a-service (SaaS) security management AppOmni closed a $40 million Series B venture funding round.
Scale Venture Partners led the round, with Salesforce Ventures and ServiceNow Ventures, previous backers ClearSky, Costanoa Ventures, Inner Loop Capital, and Silicon Valley Data Capital also participating. (Ingrid Lunden / TechCrunch)
Cybersecurity visibility, analytics, and automation company Rapid7 announced it had acquired open-source technology Velociraptor to gain more expertise around endpoint monitoring, digital forensics, and incident response.
The Velociraptor standalone offering is designed to allow incident response teams to rapidly collect and examine artifacts from across a network and deliver forensic detail following a security incident. (Michael Novinson / CRN)