Security News

A forensic examination of Amazon CEO Jeff Bezos's mobile phone has pointed to it having allegedly been infected by personal-message-exfiltrating malware - likely NSO Group's notorious Pegasus mobile spyware - that came from Saudi Arabia's Crown Prince Mohammed bin Salman's personal WhatsApp account. The UN's report said that full details from the digital forensic exam of Bezos's phone were made available to its special rapporteurs.

The Crown Prince of Saudi Arabia, Mohammad bin Salman, has been officially fingered as the man responsible for hacking Amazon CEO Jeff Bezos's iPhone X, causing a massive stir in diplomatic circles. Following a report yesterday that Bezos's smartphone had been compromised by a malware-poisoned video sent directly by bin Salman to Bezos through WhatsApp, on Wednesday two UN special rapporteurs named the head of the oil state as the source of digital spyware, and called for an "Immediate investigation by US and other relevant authorities" into the "Continuous, multi-year, direct and personal involvement of the Crown Prince in efforts to target perceived opponents."

The mobile phone of Amazon CEO Jeff Bezos was hacked using a malicious file sent directly from the official WhatsApp account of Saudi Arabia's Crown Prince Mohammed Bin Salman, investigators have reportedly found. Hackers stole sensitive information from Bezos' phone "Within hours" of the hack, according to a digital forensic analysis of Bezos' phone conducted by FTI Consulting, a Washington-based business advisory group.

For the first time ever, the top five most likely global risks enumerated in the annual Global Risks Report from the World Economic Forum are all environmental: extreme weather, climate action failure, natural disasters, biodiversity loss, and human made environmental disasters. The same background is threatening the global economic outlook.

Apple previously scuttled plans to add end-to-end encryption to iCloud backups, in part because such a move would have complicated law enforcement investigations, Reuters reports. Reuters' scoop highlights a behind-the-scenes compromise that explains what happened, with Apple reportedly opting to not use end-to-end encryption for iCloud backups as it faced increasing pressure from the U.S. government to ensure investigators could access user data.

Most state CIOs see innovation as a major part of their job - 83% said innovation is an important or very important part of their day-to-day leadership responsibilities - while only 14% reported extensive innovation initiatives within their organizations, Accenture and the National Association of State Chief Information Officers reveal. Previously, NASCIO had highlighted innovation as a top ten current issue facing state CIOs.

Governments in the US and China are at the front of the line when it comes to knocking on Apple's door to request user data relating to fraud/phishing, according to the company's latest transparency report. Like any tech company that handles user data, Apple gets different types of requests: those that are made when an account holder is in imminent danger, those from law enforcement agencies trying to help people find their lost or stolen devices, those asking for Apple's help when thieves rip off credit card data so they can buy Apple products or services on somebody else's dime, and in situations where investigators think an account's been used to do something illegal.

The FBI has created a new policy to give "Timely" breach notifications to state and local officials concerning election hacking and foreign interference. It will also require agents to work directly with state and local election officials to identify and mitigate cyberthreats to election infrastructure as quickly as possible, according to the FBI announcement.

As business email compromise schemes continue to evolve, some cybercriminals are focusing on accessing companies' financial documents, which provide useful information to support the theft of money, according to a new report from security firm Agari. This case shows that business email compromise scams are becoming more ambitious, with fraudsters using social engineering techniques to steal as many financial documents as possible, according to the report.

A major Microsoft crypto-spoofing bug impacting Windows 10 made waves this Patch Tuesday, particularly as the flaw was found and reported by the U.S. National Security Agency. Microsoft's January Patch Tuesday security bulletin disclosed the "Important"-severity vulnerability, which could allow an attacker to spoof a code-signing certificate, vital to validating executable programs in Windows, and make it appear as if an application was from a trusted source.