Security daily (01-05-2020)

NSO Group partly disputes claim about use of U.S.-based servers in WhatsApp spy campaign

Israeli surveillance software company NSO Group is back in court disputing WhatsApp’s claims that it used U.S.-based infrastructure to launch spyware against thousands of WhatsApp users last year. In court documents filed Thursday, NSO Group rejected Facebook-owned WhatsApp’s allegations that NSO Group used servers from a Los Angeles-based hosting provider, QuadraNet, over 700 times to target WhatsApp users. “Plaintiffs’ new claims about QuadraNet are false: NSO did not contract with QuadraNet to use its California servers,” the filing reads. NSO Group claimed in the filings that even if its spyware, Pegasus, did use QuadraNet servers, it was third-party activity. The company sells its software around the globe to intelligence and law enforcement agencies. “If Pegasus messages did pass through QuadraNet servers, they would have been sent by NSO’s customers, not NSO,” the filing states. “We repeat: NSO Group does not operate the Pegasus technology for its clients,” the spokesperson added. NSO Group CEO Shalev Hulio said […] The post NSO Group partly disputes claim about use of U.S.-based servers in WhatsApp spy campaign appeared first on CyberScoop. (CyberScoop)

Citing hacking threats, Trump limits foreign-sourced equipment in U.S. electric sector

President Donald Trump on Friday issued an executive order barring federal agencies and companies under U.S. jurisdiction from installing foreign-owned equipment in the electric sector that might pose “an unacceptable risk to national security.” The sweeping directive authorizes Trump’s energy secretary, Dan Brouillette, to work with U.S. national security agencies and the energy industry to vet equipment before it gets installed, and to identify vulnerable gear already in place. It is the latest move by the administration to clamp down on foreign-sourced software and hardware, following an order last year covering U.S. companies’ procurement of telecommunications gear. The new executive order covers equipment procured and installed in the “bulk-power system” — or infrastructure used in electricity generation and transmission, and generally not distribution. “Foreign adversaries are increasingly creating and exploiting vulnerabilities” in that system, including through “malicious cyber activities,” Trump said in the order. One of the more notable hacking operations to target the U.S. […] The post Citing hacking threats, Trump limits foreign-sourced equipment in U.S. electric sector appeared first on CyberScoop. (CyberScoop)

Trial delayed for former SEC watchdog accused of abusing computer access

A federal judge in New York has agreed to postpone the trial of a former U.S. government official accused of abusing his position at the Securities and Exchange Commission to access information about his new employer. U.S. prosecutors last year charged Michael Cohn, a former examiner for the SEC, with unauthorized access of a computer and obstruction of justice. During negotiations for a job at a private equity firm, GPB Holdings, Cohn told the company he possessed inside information about an SEC investigation into their behavior, according to an indictment. The exact technical nature of the alleged crime is not clear, based on the indictment. Cohn has pleaded not guilty.  U.S. District Judge Gary Brown, of the Eastern District of New York, on Wednesday agreed to delay the start of trial to September, after it was initially scheduled to begin on June 15, Law360 first reported. The decision came in response to a letter […] The post Trial delayed for former SEC watchdog accused of abusing computer access appeared first on CyberScoop. (CyberScoop)

Google fights spammy extensions with new Chrome Web Store policy

The policies are specifically meant to fight spam, but they outlaw tactics taken by malicious extensions as well, including fake reviews. (Naked Security)

COVID-19 prompts DHS warning to review Office 365 security

The DHS is urging users to secure Office 365 accounts after reporting security weaknesses in Microsoft's online productivity service. (Naked Security)

Cyber-Spies Seek Coronavirus Vaccine Secrets

(News ≈ Packet Storm)

Shade Threat Actors Call It Quits, Release 750k Encryption Keys

(News ≈ Packet Storm)

Salt Bugs Allow Full RCE As Root On Cloud Servers

(News ≈ Packet Storm)

A Private Spy Was Caught Using A Hacking Tool To Target Their Crush

(News ≈ Packet Storm)

Oracle Warns Of Attacks Against Recently Patched WebLogic Security Bug

(News ≈ Packet Storm)

Critical SaltStack RCE Bug (CVSS Score 10) Affects Thousands of Data Centers

Two severe security flaws have been discovered in the open-source SaltStack Sat configuration framework that could allow an adversary to execute arbitrary code on remote servers deployed in data centers and cloud environments.

The vulnerabilities were identified by F-Secure researchers earlier this March and disclosed on Thursday, a day after SaltStack released a patch (version 3000.2) (The Hacker News)

New Android Malware Steals Banking Passwords, Private Data and Keystrokes

A new type of mobile banking malware has been discovered abusing Android's accessibility features to exfiltrate sensitive data from financial applications, read user SMS messages, and hijack SMS-based two-factor authentication codes.

Called "EventBot" by Cybereason researchers, the malware is capable of targeting over 200 different financial apps, including banking, money transfer services, (The Hacker News)

Upgraded Cerberus Spyware Spreads Rapidly via MDM

No longer a simple Android banker, Cerberus is now a full-fledged RAT that can take complete control of devices and automatically spread via mobile device management servers. (Threatpost)

News Wrap: Microsoft Sway Phish, Malicious GIF and Spyware Attacks

Threatpost editors discuss a phishing attack abusing Microsoft Sway, a Microsoft Teams flaw and an Android spyware campaign unearthed this week. (Threatpost)

Microsoft Teams Impersonation Attacks Flood Inboxes

Two separate attacks have targeted as many as 50,000 different Teams users, with the goal of phishing Office 365 logins. (Threatpost)

TrickBot Attack Exploits COVID-19 Fears with DocuSign-Themed Ploy

Threat actors are spreading the tricky trojan through fake messages in another opportunistic COVID-19-related campaign, said IBM X-Force. (Threatpost)


/security-daily/ 02-05-2020 23:44:22