Security News

Attackers are targeting energy companies with the Agent Tesla spyware, as seen in recent spearphishing emails with malicious attachments. The emails leverage the tumultuous nature of today's oil and gas markets, which have been under tremendous stress in recent weeks, as the global COVID-19 pandemic lowered oil demand.

NSO Group - sued by Facebook for developing Pegasus spyware that targeted WhatsApp users - this week claimed Facebook tried to license the very same surveillance software to snoop on its own social-media addicts. The Israeli spyware maker's CEO Shalev Hulio alleged in a statement [PDF] to a US federal district court that in 2017 he was approached by Facebook reps who wanted to use NSO's Pegasus technology in Facebook's controversial Onavo Protect app to track mobile users.

A newly discovered watering-hole campaign is targeting Apple iPhone users in Hong Kong by using malicious website links as a lure to install spyware on the devices. According to research published by Trend Micro and Kaspersky, the "Operation Poisoned News" attack leverages a remote iOS exploit chain to deploy a feature-rich implant called 'LightSpy' through links to local news websites, which when clicked, executes the malware payload and allows an interloper to exfiltrate sensitive data from the affected device and even take full control.

A recently observed campaign is attempting to infect the iPhones of users in Hong Kong with an iOS backdoor that allows attackers to take over devices, Trend Micro reports. The attack involved the use of malicious links posted on forums popular in Hong Kong, which led users to real news sites where a hidden iframe would load and run malware.

Facebook has been accused of lying to a US court in its ongoing legal battle against government malware maker NSO Group. A series of filings from NSO lawyers lay out the Israeli security company's reasoning for its no-show in court on 2 March, including the accusation that Facebook never properly served its lawyers with legal papers, despite telling the court that it had. The accusations were made in court documents [PDF] in which NSO has asked the court to vacate the earlier default judgement entered at the start of last week after the security shop's lawyers failed to turn up at the California US District Court.

The Social Network chalked up an easy win this week when a US court issued a default notice in its favor against Israeli spyware builder NSO group. Facebook filed suit back in 2019, alleging NSO developed code for exploits in acquired crypto chat app WhatsApp.

In March 2019, researchers with a group called Security Without Borders - a non-profit that often investigates threats against dissidents and human rights defenders - identified more than 20 government spyware apps squatting in plain sight, pretending to be harmless, vanilla apps on Google's Play store. Those apps - which were just a decoy through which government spyware called Exodus was installed on targets' phones - were anything but harmless.

A New York Times reporter apparently was targeted with spyware developed by the NSO Group as part of a campaign that may be linked to a Saudi Arabia group, which has previously been accused of hacking attempts against dissidents, journalists and human rights lawyers, according to the think tank Citizen Lab. The spyware used against the Times reporter likely was Israel-based NSO Group's Pegasus, which has been used by governments around the world to target journalists, activists and protestors, according to the new Citizen Lab report.

TEL AVIV, Israel - An Israeli court heard a case Thursday calling for restrictions to be slapped on NSO Group, an Israeli company that makes surveillance software that is said to have been used to target journalists and dissidents around the world. The case, brought by Amnesty International, calls for Israel to revoke the spyware firm's export license, preventing it from selling its contentious product abroad, particularly to regimes that could use it for malicious purposes.

Google has pulled three malicious apps from Google Play, one of which exploits a recently patched kernel privilege escalation bug in Android to install the app aimed at spying on users. The Camero app would download a DEX file from a C&C, which would then download the callCam APK file and use the CVE-2019-2215 exploit to root the device, install the app and launch it without any user interaction or the user's knowledge.