Al Jazeera writes: Israel has established a commission to review allegations that NSO Group’s controversial Pegasus phone surveillance software was misused amid a hacking scandal that has roiled governments globally.
go to Al Jazeera website: Saudi Aramco confirms data leak after reports of cyber ransom | Business and Economy News | Al Jazeera
Jonathan Greig writes for ZD Net: The Office of the Chief Administrative Officer (CAO) — which provides support services to US House members of both parties — sent a letter to members of Congress announcing that it has terminated all contracts with iConstituent and will no longer be authorizing the platform’s use because of multiple cybersecurity incidents.
Charlie Osborne writes for ZD Net: Malicious Android apps harboring the Joker malware have been discovered in the Google Play Store. On Tuesday, cybersecurity researchers from Zscaler’s ThreatLabz said that a total of 11 apps were recently discovered and found to be “regularly uploaded” to the official app repository, accounting for approximately 30,000 installs between them.
go to ZD Net website: Joker billing fraud malware found in Google Play Store | ZDNet
Pierluigi Paganini writes for Security Affairs: A US federal judge sentenced Russian hacker Peter Levashov to 33 months, time served, and three years of supervised release for his role in operating the Kelihos botnet.
go to Security Affairs website: Kelihos botmaster Peter Levashov gets time servedSecurity Affairs
Pierluigi Paganini writes for Security Affairs: Experts discovered a Local Privilege Escalation, tracked as CVE-2021-33909, that could allow attackers to get root access on most Linux distros.
go to Security Affairs website: LPE flaw in Linux kernel allows attackers to get root privileges on most distrosSecurity Affairs
Al Jazeera writes: Mexican President Andres Manuel Lopez Obrador on Tuesday called “shameful” the alleged government-ordered spying several years ago that may have targeted him and his close allies and added that his government did not spy on anyone. British newspaper The Guardian reported on Monday that at least 50 people close to Lopez Obrador, among many others, were potentially targeted by the previous administration of President Enrique Pena Nieto after it purchased Pegasus spying software from Israel-based NSO Group.
go to Al Jazeera network: ‘Shameful’: Mexican president decries alleged NSO spying | Andres Manuel Lopez Obrador News | Al Jazeera
Pierluigi Paganini writes for Security Affairs: Fortinet fixes a serious bug in its FortiManager and FortiAnalyzer network management solutions that could be exploited to execute arbitrary code as root.
go to Security Affairs website: Fortinet bug allows unauthenticated hackers to run code as rootSecurity Affairs
we receive from Fortinet: “La sicurezza dei nostri clienti è la nostra assoluta priorità. Abbiamo rilasciato una patch e alcune mitigazioni, stiamo comunicando in modo proattivo con i nostri clienti, esortandoli ad aggiornare tempestivamente le loro soluzioni FortiManager e FortiAnalyzer. Inoltre, consigliamo ai clienti di convalidare la propria configurazione per assicurarsi che nessuna modifica non autorizzata sia stata implementata da terze parti malintenzionate. Fortinet sta monitorando la situazione e al momento non c’è evidenza che questo stia avvenendo. Per ulteriori informazioni, fare riferimento al seguente alert: https://www.fortiguard.com/psirt/FG-IR-21-067”
Pierluigi Paganini writes for Security Affairs: Microsoft has seized 17 malicious homoglyph domains used by crooks in a business email compromise (BEC) campaign targeting its users.
go to Security Affairs website: Microsoft secured a court order to take down domains used in BEC attacksSecurity Affairs