Security News

Senator Ron Wyden was reacting to Vice's discovery of a brochure by Westbridge Technologies - the US sales wing of the controversial NSO Group - which pitched NSO's Pegasus technology, rebadged as Phantom, to a police force in San Diego, California. The reference to spying on an ex-partner relates to claims that an employee of NSO Group who was caught using the firm's technology to spy on a woman they were interested in romantically.

Senator Ron Wyden was reacting to Vice's discovery of a brochure by Westbridge Technologies - the US sales wing of the controversial NSO Group - which pitched NSO's Pegasus technology, rebadged as Phantom, to a police force in San Diego, California. The reference to spying on an ex-partner relates to claims that an employee of NSO Group who was caught using the firm's technology to spy on a woman they were interested in romantically.

Taking a closer look at the malware, the malicious Mac executable is located in "Contents/Resources/Base.lproj/" directory of the fake application and pretends to be a nib file, according to researchers at Malwarebytes, in a posting on Wednesday. Once it starts, it creates a property list file that specifies the application that needs to be executed after reboot, and the content of the plist file is hardcoded within the application.

Israeli spyware maker NSO Group has rubbished Facebook's claim it can be sued in California because it allegedly uses American IT services and has a business presence in the US. Last October, Facebook and its WhatsApp subsidiary sued the software developer and its affiliate Q Cyber Technologies in California, claiming that the firms made, distributed, and operated surveillance software known as Pegasus that remotely infects, hijacks, and extracts data from the smartphones of WhatsApp users. WhatsApp security manager Claudiu Gheorghe in a previous filing identified 720 malicious attacks on WhatsApp from the IP address 104.223.76.220, a server in California provided by QuadraNet and allegedly run by NSO. QuadraNet did not immediately respond to The Register's request to clarify the account holder for that IP address.

Unusually, the sample propagated through the employee pool via the infected company's mobile device management server. Perhaps most damagingly, cyberattackers can gain complete remote control of the device by running the TeamViewer remote access application.

A Microsoft vulnerability found in Microsoft Teams that could have allowed an inside attacker to weaponize a single GIF image and use it to pilfer data from targeted systems and take over all of an organization's Teams accounts. The phishing campaign used a ton of different Microsoft file sharing platforms including Microsoft Sway, which if you guys don't know what that is, it's basically Microsoft's platform for newsletters and presentations.

Dubbed PhantomLance by Kaspersky, the campaign is centered around a complex spyware that's distributed via dozens of apps within the Google Play official market, as well as other outlets like the third-party marketplace known as APKpure. Kaspersky's report follows previous research from BlackBerry, which connected OceanLotus to a trio of fake apps for Android last year.

Attorneys for Facebook and its WhatsApp subsidiary have challenged a plea from spyware maker NSO Group to dismiss the high-level hacking case the two are fighting out, arguing it has immunity from prosecution. Facebook sued the Israel-based NSO Group and its affiliate Q Cyber Technologies last October in the US, alleging the firms "Manufactured, distributed, and operated surveillance software, also known as 'spyware,' designed to intercept and extract information and communications from mobile phones and devices of WhatsApp users."

Attackers are targeting energy companies with the Agent Tesla spyware, as seen in recent spearphishing emails with malicious attachments. The emails leverage the tumultuous nature of today's oil and gas markets, which have been under tremendous stress in recent weeks, as the global COVID-19 pandemic lowered oil demand.

NSO Group - sued by Facebook for developing Pegasus spyware that targeted WhatsApp users - this week claimed Facebook tried to license the very same surveillance software to snoop on its own social-media addicts. The Israeli spyware maker's CEO Shalev Hulio alleged in a statement [PDF] to a US federal district court that in 2017 he was approached by Facebook reps who wanted to use NSO's Pegasus technology in Facebook's controversial Onavo Protect app to track mobile users.