Leaked NSO group data hints at widespread Pegasus spyware infections
Israeli-based NSO Group is being investigated due to reports that allege that its Pegasus malware is being used to target activists, journalists, business executives and politicians on a widespread level, using a variety of exploits — including a zero-click zero-day in iOS, meaning no user interaction is required to infect personal phones. The malware can secretly take remote control of the phone to monitor activity, enabling its “customers” to even read encrypted messages of their targets sent via Signal and Telegram. A recent leak revealed a cache of more than 50,000 mobile phone numbers worldwide that the firm was storing. The NSO Pegasus project is separate from the Candiru story we brought you yesterday despite also being based in Israel.
UK and White House blame China for Microsoft Exchange Server hack
On Monday, the government joined others including Microsoft, in claiming the cyberattack was the work of Chinese state-sponsored hackers, namely Hafnium, an advanced persistent threat (APT) group. The United States, NATO, and the EU have joined the UK in condemning the attack. UK Foreign Secretary Dominic Raab deemed the attack “by Chinese state-backed groups” as a “reckless but familiar pattern of behavior,” calling it “systematic cyber sabotage.” The White House issued a joint statement with the UK criticizing China’s alleged behavior.
Saudi Aramco data breach sees 1TB of stolen data for sale
The world’s largest oil producer and possibly the biggest company in the world, has been informed that its stolen data is now available for sale by a group named ZeroX at a starting price for the entire dump of $5 million. The hackers claim to have performed a “zero-day exploitation,” on Aramco’s “network and its servers,” sometime in 2020, and the group says it includes documents pertaining to Saudi Aramco’s refineries located in multiple Saudi Arabian cities, and including employee IDs and PII, project specs for electrical and other infrastructure, network layouts mapping out the IP addresses, Scada points, Wi-Fi access points, IP cameras, and IoT devices, location maps and precise coordinates. Saudi Aramco has pinned this data incident on third-party contractors and states that the incident had no impact on Aramco’s operations.
Schneider Electric patches 13 vulnerabilities affecting its EVlink charging stations
The EV product range is associated with electric vehicles and offers charging points and stations for private properties, semi-public car parks, and on-street charging. Schneider Electric said that the exploitation of these vulnerabilities “could lead to things like denial of service attacks, which could (further) result in unauthorized use of the charging station, service interruptions, failure to send charging data records to the supervision system and the modification and disclosure of the charging station’s configuration.” Although some of these vulnerabilities required physical access to the stations, certain others could be achieved via the internet they said.
Thanks to our episode sponsor,
Law firm for Ford, Pfizer, Exxon and others discloses ransomware attack
Campbell Conroy & O’Neill, a law firm whose client list includes prominent companies across a wide range of industries and that includes Ford, General Motors, Boeing, Johnson & Johnson, Pfizer, Home Depot, and Exxon, reports the attack affected personal data including Social Security numbers, passport numbers, and payment card data, medical information, health insurance information, biometric data, and/or online account credentials for some individuals. The firm’s official press release did not mention if ransom was paid.
Microsoft takes down domains used to scam Office 365 users
Microsoft’s Digital Crimes Unit (DCU) has seized 17 malicious domains used by scammers in a business email compromise (BEC) campaign targeting the company’s customers. The domains taken down by Microsoft were so-called “homoglyph” domains registered to resemble those of legitimate business. This technique allowed the threat actors to impersonate companies when communicating with their clients. The criminals behind this campaign are “part of an extensive network that appears to be based out of West Africa” per Microsoft and have mainly targeted North American small businesses operating across several industry sectors.
Man behind LinkedIn scraping said he grabbed 700M profiles ‘for fun’
The LinkedIn scraping incident that exposed the data of 700 million users – some 92% of all those on the service, including location, phone numbers, and inferred salaries, was allegedly performed by the same person who scraped 533 million Facebook profiles in April. He states he pulled off the LinkedIn incident by hacking their API, a claim that LinkedIn denies. Security expert Troy Hunt, owner of haveibeenpwned.com says although he doesn’t consider API misuse to be a security breach, but he agrees with other security experts that there needs to be more control over the technology.
Thousands of grocery orders cancelled after Ocado robot fire
UK online grocer Ocado has cancelled thousands of customer food orders after a fire at a fulfilment centre in south-east London on Friday. The blaze started when three of the robots that help pick its groceries and deliver them to packers and drivers, collided. The warehouse, which handles 150,000 orders a week was only partially damaged, and no one was hurt in the incident. Ocado, which was the UK’s third biggest online grocer last year, has seen huge growth during the pandemic, with sales up 40% in the first three months of the year. It also continues to strike technology licensing partnerships with grocery chains around the world, including Groupe Casino in France and Kroger in the US.