Security News > 2020 > December

Facebook subsidiary WhatsApp has received new high-caliber support in its case against Israeli intelligence company NSO Group. The court case aims to hold NSO Group accountable for distributing its Pegasus spyware on the popular WhatsApp messaging service with the intent of planting its spyware on phones of journalists and human rights workers.

In Hey Alexa what did I just type? we show that when sitting up to half a meter away, a voice assistant can still hear the taps you make on your phone, even in presence of noise. Modern voice assistants have two to seven microphones, so they can do directional localisation, just as human ears do, but with greater sensitivity.

Joker's Stash, the carding site where cybercriminals hawk their payment-card wares, has suffered a blow after law enforcement apparently seized one of its domains. Bazar version of the site began displaying a notification that the U.S. Department of Justice and Interpol had seized the site.

Microsoft, Cisco, GitHub, Google, LinkedIn, VMware and the Internet Association have filed an amicus brief in support of WhatsApp in the legal case against the NSO Group. Facebook-owned messaging service WhatsApp filed the lawsuit in October 2019 in California, accusing Israeli technology firm NSO Group of spying on journalists, human rights activists and others.

A VPN service used by many cybercriminals has been disrupted in a global operation that involved law enforcement agencies in Germany, the United States, the Netherlands, France and Switzerland. Europol reported on Tuesday that the operation targeted a service called Safe-Inet, and the U.S. Justice Department clarified that three associated domains have been seized, namely insorg.org, safe-inet.com and safe-inet.net.

UK-based cryptocurrency exchange EXMO informed customers on Monday that it discovered large withdrawals from its hot wallets. "We are still investigating the incident, but as of now, the security audit report showed that some amounts of BTC, XRP, ZEC, USDT, ETC and ETH in EXMO's hot wallets were transferred out of the exchange," EXMO announced.

A recently uncovered zer0-click Apple zero-day flaw, used in a spyware campaign against Al Jazeera journalists, shed light this week on the impact of Apple security issues being abused by bad actors. In 2020, the security research community saw an array of "Powerful" Apple bugs afflicting iOS, iPhone and more - and at the same time, cybercriminals stepped up their game, with new attacks leveraging legitimate Apple functionalities, said Patrick Wardle, principal security researcher with Jamf.

How can and should governments respond to and better protect themselves from serious cyberattacks from hostile nations? The attackers who exploited a security flaw in SolarWinds' Orion network monitoring software to breach government agencies and large companies were almost certainly acting on behalf of a nation-state.

Law enforcement agencies around the world in a coordinated effort took down and seized the infrastructure supporting Safe-Inet and Insorg VPN and proxy services known for catering to cybercriminal activity. In announcements made today, Europol and the U.S. Department of Justice say that these VPN services were "Used by some of the world's biggest cybercriminals."

Security updates available for the Treck TCP/IP stack address two critical vulnerabilities leading to remote code execution or denial-of-service. A low-level TCP/IP software library, the Treck TCP/IP stack is specifically designed for embedded systems, featuring small critical sections and a small code footprint.