Security News

The threat actor's goal is Microsoft Office 365 account takeovers. Microsoft, which began tracking the activity in late July 2021, detailed the attacks in an alert released Monday, adding that the culprits appear to be bent on espionage and have ties to Iran.

Cherie Blair tipped off a Jordanian princess that the royal's estranged husband, the Sheikh of Dubai, had deployed NSO Group's Pegasus malware against her and her lawyers, a series of explosive High Court judgments [PDFs] have revealed. Sheikh Mohammed bin Rashid al Maktoum, the absolute ruler of Dubai, was found to have ordered the deployment of one of the world's most potent malware strains against Princess Haya bint Hussein, his former wife and a member of the Jordanian royal family, during a bitter court battle over custody of their children.

A formerly unknown Chinese-speaking threat actor has been linked to a long-standing evasive operation aimed at South East Asian targets as far back as July 2020 to deploy a kernel-mode rootkit on compromised Windows systems. Attacks mounted by the hacking group, dubbed GhostEmperor by Kaspersky, are also said to have used a "Sophisticated multi-stage malware framework" that allows for providing persistence and remote control over the targeted hosts.

A cyberespionage group dubbed "FamousSparrow" by researchers has taken flight, targeting hotels, governments and private organizations around the world with a custom backdoor called, appropriately, "SparrowDoor." It's one of the advanced persistent threats that targeted the ProxyLogon vulnerabilities earlier this year, according to ESET, though its activity has only recently come to light. According to the firm, the backdoor's malicious actions include the ability to: rename or delete files; create directories; shut down processes; send information such as file attributes, file size and file write time; exfiltrate the content of a specified file; write data to a specified file; or establish an interactive reverse shell.

The novel backdoor technique called SideWalk, seen in campaigns targeting US media and retailers late last month, has been tied to an adversary that's been around for quite a while: namely, China-linked Grayfly espionage group. According to a report published by Symantec on Thursday, the SideWalk malware has been deployed in recent Grayfly campaigns against organizations in Taiwan, Vietnam, the US and Mexico.

A security vulnerability has been found affecting several versions of ThroughTek Kalay P2P Software Development Kit, which could be abused by a remote attacker to take control of an affected device and potentially lead to remote code execution. Tracked as CVE-2021-28372 and discovered by FireEye Mandiant in late 2020, the weakness concerns an improper access control flaw in ThroughTek point-to-point products, successful exploitation of which could result in the "Ability to listen to live audio, watch real time video data, and compromise device credentials for further attacks based on exposed device functionality."

Security researchers are sounding the alarm on a critical vulnerability affecting tens of millions of devices worldwide connected via ThroughTek's Kalay IoT cloud platform.A remote attacker could leverage the bug to gain access to the live audio and video streams, or to take control of the vulnerable device.

A California-based IT consultancy has sued Huawei and its subsidiary in Pakistan alleging the Chinese telecom firm stole its trade secrets and failed to honor a contract to develop technology for Pakistani authorities. The complaint [PDF], filed on Wednesday in the US District Court in Santa Ana, California, describes how Business Efficiency Solutions, LLC, began working with Huawei Technologies in 2016 to overhaul the IT systems available to the Punjab Police Integrated Command, Control and Communication Center of Lahore, capital of the Punjab province of Pakistan.

"We found a simple loophole that allowed us to intercept a portion of worldwide dynamic DNS traffic going through managed DNS providers like Amazon and Google," researchers Shir Tamari and Ami Luttwak from infrastructure security firm Wiz said. The exploitation process hinges on registering a domain on Amazon's Route53 DNS service with the same name as the DNS name server - which provides the translation of domain names and hostnames into their corresponding Internet Protocol addresses - resulting in a scenario that effectively breaks the isolation between tenants, thus allowing valuable information to be accessed.

"We found a simple loophole that allowed us to intercept a portion of worldwide dynamic DNS traffic going through managed DNS providers like Amazon and Google," researchers Shir Tamari and Ami Luttwak from infrastructure security firm Wiz said. The exploitation process hinges on registering a domain on Amazon's Route53 DNS service with the same name as the DNS name server - which provides the translation of domain names and hostnames into their corresponding Internet Protocol addresses - resulting in a scenario that effectively breaks the isolation between tenants, thus allowing valuable information to be accessed.