Posts

Google sues two Russian nationals for allegedly hacking computers


Google is suing two Russian nationals it claims are part of a criminal enterprise that has silently infiltrated more than a million computers and devices around the world, creating “a modern technological and borderless incarnation of organised crime.”

In a complaint being unsealed Tuesday in the US District Court for the Southern District of New York, Google names two defendants, Dmitry Starovikov and Alexander Filippov, as well as 15 unnamed individuals. Google claims the defendants have created a “botnet” known as Glupteba, to use for illicit purposes, including the theft and unauthorised use of Google users’ login and account information.

A botnet is a network of internet-connected devices that have been infected with malware. When summoned together, they can do the bidding of a hacker, often with the devices’ owners not realising their machines have been hijacked. A swarm of devices can jam traffic at websites, run malware to steal login credentials, sell fraudulent credit cards online and grant unauthorized access to other cyber criminals.

Botnet attack

The Glupteba botnet stands out from others because of its “technical sophistication,” using blockchain technology to protect itself from disruption, Google said in the complaint. At any moment, the power of the Glupteba botnet could be used in a powerful ransomware attack or distributed denial of service attack, Google said.

It’s the first time that Google is going after a botnet, a spokesperson for the Mountain View, California-based company said in an email. “We are taking this action to further protect internet users and to send a message to cyber criminals that we will not tolerate this type of activity.”

The spokesperson said the company worked with the…

Source…

Apple sues ‘abusive’ iPhone spyware firm | Information Age


Apple is suing an “abusive” Israeli software firm whose spyware has been used by numerous totalitarian governments to spy on journalists, human rights activists, and other persons of interest.

The technology giant this month filed a lawsuit against Tel Aviv firm NSO Group and its parent company, Q Cyber Technologies, seeking damages and a permanent ban preventing the group from using any Apple software, services, or devices.

As part of its campaign against NSO, Apple will fund and provide technical support for anti-surveillance technology groups.

The NSO’s use of FORCEDENTRY – a now-fixed vulnerability that can bypass security controls in Apple’s iOS operating system – enabled it to install Pegasus spyware on targetted iPhones without the victim’s knowledge.

Once installed, Pegasus monitors iPhone activity and communications over iMessage, FaceTime, and third-party software like Facebook and WhatsApp.

It is putatively designed to support law-enforcement agencies and the company claims to “hold ourselves to the highest standards for ethical businesses”, but its historical sales to governments such as Bahrain, Panama, Dubai, and Saudi Arabia – which used it to surveil Washington Post journalist Jamal Khashoggi before he was murdered – have drawn widespread condemnation.

In July, a major multinational investigation, called the Pegasus Project, united 16 media outlets to investigate NSO Group and found a list of 50,000 journalists and politicians targetted by its clients.

More recently, Pegasus was found on the devices of six Palestinian human-rights activists.

“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability,” said Apple senior vice president of software engineering Craig Federighi in announcing the lawsuit, which also seeks damages for “flagrant violations of US federal and state law”.

“Private companies developing state-sponsored spyware have become even more dangerous,” Federighi said, lauding the efforts of security researchers at the University of Toronto’s Citizen Lab – who discovered that the ‘zero-click’ Pegasus malware can be…

Source…

BabaDeda is out. RATDispenser is out in the wild. Phishng in Farsi. Microsoft bug proofs-of-concept. Apple sues NSO Group.


Attacks, Threats, and Vulnerabilities

New PowerShortShell Stealer Exploits Recent Microsoft MSHTML Vulnerability to Spy on Farsi Speakers (Safebreach) SafeBreach Labs discovered a new Iranian threat actor using a Microsoft MSHTML Remote Code Execution (RCE) exploit for infecting Farsi-speaking victims with a new PowerShell stealer.

The BABADEDA Crypter – an Emerging Crypter targeting the Crypto, NFT, and DeFi communities (Morphisec) Morphisec Labs encountered a new malware called Babadeda targeting cryptocurrency enthusiasts through Discord. We reveal how it can be stopped.

RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild (HP Wolf Security) With a 11% detection rate, RATDispenser appears to be effective at evading security controls and delivering malware.

New JavaScript malware works as a “RAT dispenser” (The Record by Recorded Future) Cybersecurity experts from HP said they discovered a new strain of JavaScript malware that criminals are using as a way to infect systems and then deploy much dangerous remote access trojans (RATs).

PoC Exploit Published for Latest Microsoft Exchange Zero-Day (SecurityWeek) Proof-of-concept exploit code released for code execution flaw affecting on-prem Exchange 2016 and 2019 installations.

Exchange Server admins advised to patch vulnerable machines after POC exploit released for high-severity bug (Computing) Microsoft has described the flaw as having a high impact on data integrity, confidentiality and availability

New Security Shock For Millions Of Windows 10, 11 And Server Users (Forbes) A failed November Patch Tuesday fix could leave millions of Windows 10, Windows 11 and Windows Server users at risk of system takeover.

New Windows zero-day with public exploit lets you become an admin (BleepingComputer) A security researcher has publicly disclosed an exploit for a new Windows zero-day local privilege elevation vulnerability that gives admin privileges in Windows 10, Windows 11, and Windows Server.

Serious Vulnerability Found in Imunify360 Web Server Security Product (SecurityWeek) A vulnerability in the Imunify360 security suite for web servers can be exploited for remote code execution using specially crafted files.

Recent…

Source…

Apple sues NSO Group, company known for hacking iPhones on behalf of governments


Apple CEO Tim Cook delivers the keynote address during the 2020 Apple Worldwide Developers Conference (WWDC) at Steve Jobs Theater in Cupertino, California.

Brooks Kraft/Apple Inc/Handout via Reuters

Apple on Tuesday sued NSO Group, an Israeli firm that sells software to government agencies and law enforcement that enables them to hack iPhones and read the data on them, including messages and other communications.

Earlier this year, Amnesty International said it discovered recent-model iPhones belonging to journalists and human rights lawyers that had been infected with NSO Group malware called Pegasus.

Apple is seeking a permanent injunction to ban NSO Group from using Apple software, services, or devices. It’s also seeking damages over $75,000.

Apple considers the lawsuit to be a warning to other spyware vendors. “The steps Apple is taking today will send a clear message: in a free society, it is unacceptable to weaponize powerful state-sponsored spyware against innocent users and those who seek to make the world a better place,” said Ivan Krstic, Apple’s head of security engineering and architecture, in a tweet.

NSO Group software permits “attacks, including from sovereign governments that pay hundreds of millions of dollars to target and attack a tiny fraction of users with information of particular interest to NSO’s customers,” Apple said in the lawsuit filed in federal court in the Northern District of California, saying that it is not “ordinary consumer malware.”

Apple also said on Tuesday it has patched the flaws that enabled the NSO Group software to access private data on iPhones using “zero-click” attacks where the malware is delivered through a text message and leaves little trace of infection.

Pegasus’ users can remotely surveil the iPhone owner’s activities, collect emails, text messages and browsing history, and access the device’s microphone and camera, Apple alleged in its lawsuit.

Apple said the attacks were only targeted at a small number of customers, and said on Tuesday it will inform iPhone users that may have been targeted by Pegasus malware.

“To deliver FORCEDENTRY to Apple devices, attackers created Apple IDs to send malicious data to a victim’s device — allowing…

Source…