Security News
Since COVID-19 cast its pall in March, the Agent Tesla remote-access trojan has exploited the pandemic and added a raft of functionality that has helped it dominate the enterprise threat scene. Though Agent Tesla first made a splash six years ago, it hasn't lost any momentum - in fact, it is featured in more attacks in the first half of 2020 compared to the infamous TrickBot or Emotet malware, according to SentinelOne's SentinelLabs.
DEF CON In July, the makers of millions of smartphones powered by Qualcomm's Snapdragon system-on-chips received mitigation recommendations to address a bevy of security flaws in their products, all introduced by Qualcomm's technology. Technical details have been withheld from the public to give gadget makers time to implement and roll out Qualcomm's fixes, which will take time.
A stack of Linux backdoor malware used for espionage, compiled dynamically and customizable to specific targets, is being used as a shared resource by five different Chinese-language APT groups, according to researchers. Finally, the sixth item is the Linux XOR DDoS botnet, which is the largest known Linux botnet, first coming to notice in 2015.
Hebeisen walks listeners through what these new tools are and how they were used in a seven-year long surveillanceware campaign against the Uyghur ethnic minority group. The campaign really started to take shape in our view of all of this in late 2019, when we were looking into the SilkBean family in particular, when we started looking deep into the infrastructure involved in SilkBean, we found many connections to the other malware families involved in this and this whole web of interconnections started to unravel.
Facebook won a significant legal victory on Thursday when the judge hearing the lawsuit against Israeli spyware maker NSO Group declined to dismiss the case - and allowed the crucial discovery process to move forward. Last October, Facebook and its WhatsApp subsidiary sued NSO Group, and its Q Cyber Technologies affiliate, in the Northern District of California.
An Israeli court Monday rejected a bid by rights group Amnesty International to revoke the export license of spyware firm NSO Group over hacking allegations. NSO has faced multiple accusations of cyber-espionage on human rights activists and others, including by the messaging service WhatsApp, which is suing the company in a US court.
Google this week announced that, starting next month, an update to its policy will effectively result in the rejection of ads for surveillance technology. The updated Google Ads Enabling Dishonest Behavior policy, which will "Prohibit the promotion of products or services that are marketed or targeted with the express purpose of tracking or monitoring another person or their activities without their authorization," will be enforced starting August 11, 2020, the Internet giant announced.
Morocco's prime minister has demanded Amnesty International provide evidence to support its allegations that Rabat used spyware to bug a journalist's phone. Amnesty said in June the Moroccan authorities used software developed by Israeli security firm NSO to insert spyware onto the cellphone of Omar Radi, a journalist convicted in March over a social media post.
Researchers have uncovered a surveillance campaign, dating back to at least 2013, which has used a slew of Android surveillanceware tools to spy on the Uyghur ethnic minority group. Researchers say, the surveillance apps in the campaign were likely distributed through a combination of targeted phishing and fake third-party app stores - however, they fortunately haven't been discovered on official app marketplaces, like Google Play.
Cybersecurity researchers today uncovered new details of watering hole attacks against the Kurdish community in Syria and Turkey for surveillance and intelligence exfiltration purposes. The APT has been linked to a 2018 operation that abused Türk Telekom's network to redirect hundreds of users in Turkey and Syria to malicious StrongPity versions of authentic software.