Security News
Apple has just released updates for all supported Macs, and for any mobile devices running the very latest versions of their respective operating systems. Apparently, tvOS recently received a product-specific functionality fix that already used up the version number 16.3.1 for Apple TVs. As we've seen before, mobile devices still using iOS 15 and iOS 12 get nothing, but whether that's because they're immune to this bug or simply that Apple hasn't got round to patching them yet.
The New York attorney general's office has announced a $410,000 fine for a stalkerware developer who used 16 companies to promote surveillance tools illegally. Patrick Hinchy, the spyware vendor, also agreed to alert his customers' victims that their phones are being secretly monitored using one of his multiple apps, including Auto Forward, Easy Spy, DDI Utilities, Highster Mobile, PhoneSpector, Surepoint, or TurboSpy.
The State Cyber Protection Centre of Ukraine has called out the Russian state-sponsored threat actor known as Gamaredon for its targeted cyber attacks on public authorities and critical information infrastructure in the country. All the analyzed VBScript droppers and PowerShell scripts, per SCPC, are variants of GammaLoad and GammaSteel malware, respectively, effectively permitting the adversary to exfiltrate sensitive information.
The US Supreme Court has quashed spyware maker NSO Group's argument that it cannot be held legally responsible for using WhatsApp technology to deploy its Pegasus snoop-ware on users' phones. Previously, the US Solicitor General filed an amicus brief [PDF] advising the Supreme Court not to hear the spyware developer's case, noting "NSO plainly is not entitled to immunity here."
Financial institutions are being targeted by a new version of Android malware called SpyNote at least since October 2022. "This has helped other actors [in] developing and distributing the spyware, often also targeting banking institutions."
The social media conglomerate also took steps to disable accounts and block infrastructure operated by spyware vendors, including in China, Russia, Israel, the U.S. and India, that targeted individuals in about 200 countries. A second set of 250 accounts on Facebook and Instagram linked to another Israeli company called QuaDream was found "Engaged in a similar testing activity between their own fake accounts, targeting Android and iOS devices in what we assess to be an attempt to test capabilities to exfiltrate various types of data including messages, images, video and audio files, and geolocation."
We've written, admittedly with a mixture of fascination and delight, about their work on many occasions before, including wacky tricks such as GAIROSCOPE, LANTENNA and the FANSMITTER. This time, the researchers have given their new trick the unfortunate and perhaps needlessly confusing name COVID-bit, where COV is explicitly listed as standing for "Covert", and we're left to guess that ID-bit stands for something like "Information disclosure, bit-by-bit". How can you use the radio noise of an SMPS switching millions of times a second to convey anything other than noise?
Google's Threat Analysis Group said on Wednesday that its researchers discovered commercial spyware called Heliconia that's designed to exploit vulnerabilities in Chrome and Firefox browsers as well as Microsoft Defender security software. The three components perform the following functions: Heliconia Noise is a web framework for deploying an exploit for a Chrome renderer bug followed by a sandbox escape; Heliconia Soft is a web framework that deploys a PDF containing a Windows Defender exploit; and Files is a set of Firefox exploits for Linux and Windows.
A Barcelona-based surveillanceware vendor named Variston IT is said to have surreptitiously planted spyware on targeted devices by exploiting several zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of which date back to December 2018. "Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender, and provides all the tools necessary to deploy a payload to a target device," Google Threat Analysis Group researchers Clement Lecigne and Benoit Sevens said in a write-up.
A Barcelona-based surveillanceware vendor named Variston IT is said to have surreptitiously planted spyware on targeted devices by exploiting several zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of which date back to December 2018. "Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender, and provides all the tools necessary to deploy a payload to a target device," Google Threat Analysis Group researchers Clement Lecigne and Benoit Sevens said in a write-up.