Cybersecurity News


Dubai ruler hacked ex-wife using NSO Pegasus spyware, high court judge finds

Dubai ruler hacked ex-wife using NSO Pegasus spyware, high court judge finds

Sheikh Mohammed used spyware on Princess Haya and five associates in unlawful abuse of power, judge rules

The ruler of Dubai hacked the phone of his ex-wife Princess Haya using NSO Group’s controversial Pegasus spyware in an unlawful abuse of power and trust, a senior high court judge has ruled.

The president of the family division found that agents acting on behalf of Sheikh Mohammed bin Rashid al-Maktoum, who is also prime minister of the United Arab Emirates, a close Gulf ally of Britain, hacked Haya and five of her associates while the couple were locked in court proceedings in London concerning the welfare of their two children.

Continue reading...
06 October 2021

‘The walls are closing in on me’: the hacking of Princess Haya

‘The walls are closing in on me’: the hacking of Princess Haya

Court judgments reveal how Sheikh Mohammed’s use of Pegasus spyware against his ex-wife was uncovered

Eleven court judgments, covering 181 pages, plus hundreds of other pages of legal documents have revealed an extraordinary spying scandal: state-sponsored mobile phone hacking conducted on behalf of the ruler of Dubai against his fearful sixth and former wife, Princess Haya, Britain’s most famous divorce lawyer and her associate, plus three others – against the backdrop of a bitter child protection battle being played out day after day in the English courts.

The conclusion, after just over a year of intense and costly legal arguments, is that “servants or agents” of Sheikh Mohammed bin Rashid al-Maktoum, the vice-president and prime minister of the United Arab Emirates, engaged in “the surveillance of the six phones” in Britain using technology supplied by Israel’s NSO Group, a company already embroiled in a string of hacking scandals, apparently to further his cause in the welfare battle.

Continue reading...
06 October 2021

Apache HTTP Server Project patches exploited zero-day vulnerability

The critical vulnerability is being actively exploited in the wild.
06 October 2021

Meet ESPecter: a new UEFI bootkit for cyber spying

The bootkit is able to load unsigned drivers to hijack the ESP.
06 October 2021

To the moon and hack: Fake SafeMoon app drops malware to spy on you

Cryptocurrencies rise and fall, but one thing stays the same – cybercriminals attempt to cash in on the craze

The post To the moon and hack: Fake SafeMoon app drops malware to spy on you appeared first on WeLiveSecurity

06 October 2021

IP Surveillance Bugs in Axis Gear Allow RCE, Data Theft

IP Surveillance Bugs in Axis Gear Allow RCE, Data Theft Three security vulnerabilities in Axis video products could open up the door to a bevy of different cyberattacks on businesses.
05 October 2021

Apache Web Server Zero-Day Exposes Sensitive Data

Apache Web Server Zero-Day Exposes Sensitive Data The open-source project has rolled out a security fix for CVE-2021-41773, for which public cyberattack exploit code is circulating.
05 October 2021

Request for Comments: PTS POI Modular Security Requirements v6.1


From 5 October to 3 November 2021,  eligible PCI SSC stakeholders are invited to review and provide feedback on the PTS POI Modular Security Requirements v6.1 draft during a 30-day request for comments (RFC) period. The full list of stakeholders eligible to participate can be found on the PCI SSC RFC webpage.

05 October 2021

Facebook whistleblower: 'Morally bankrupt' social giant will have to 'hook kids' to grow

The whistleblower has accused Facebook of putting its "astronomical profits before people."
05 October 2021

How to Build an Incident-Response Plan, Before Security Disaster Strikes

How to Build an Incident-Response Plan, Before Security Disaster Strikes Joseph Carson, Chief Security Scientist at ThycoticCentrify, offers a 7-step practical IR checklist for ensuring a swift recovery from a cyberattack.
05 October 2021

Facebook Blames Outage on Faulty Router Configuration

Facebook Blames Outage on Faulty Router Configuration One easily disproved conspiracy theory linked the ~six-hour outage to a supposed data breach tied to a Sept. 22 hacker forum ad for 1.5B Facebook user records.
05 October 2021

Oops! Compound DeFi Platform Gives Out $90M, Would Like it Back, Please

Oops! Compound DeFi Platform Gives Out $90M, Would Like it Back, Please The Compound cryptocurrency exchange accidentally botched a platform upgrade and distributed millions in free COMP tokens to users - then threatened to dox the recipients.
05 October 2021

New Python ransomware targets virtual machines, ESXi hypervisors to encrypt disks

By targeting ESXi, encryption was achieved in less than three hours on a corporate network.
05 October 2021

Atom Silo ransomware operators target vulnerable Confluence servers

A weaponized exploit used by the cybercriminals was only disclosed in August.
05 October 2021

Misconfigured, old Airflow instances leak Slack, AWS credentials

Unprotected instances are exposing secrets across industries including IT, health, and cybersecurity.
05 October 2021

UEFI threats moving to the ESP: Introducing ESPecter bootkit

ESET research discovers a previously undocumented UEFI bootkit with roots going back all the way to at least 2012

The post UEFI threats moving to the ESP: Introducing ESPecter bootkit appeared first on WeLiveSecurity

05 October 2021

Facebook Outage Drags Down Instagram, WhatsApp, Messenger, Oculus VR

Facebook Outage Drags Down Instagram, WhatsApp, Messenger, Oculus VR They were all flat on their faces for hours on Monday, throwing off DNS error messages or other server-related errors.
04 October 2021

Encrypted & Fileless Malware Sees Big Growth

Encrypted & Fileless Malware Sees Big Growth An analysis of second-quarter malware trends shows that threats are becoming stealthier.
04 October 2021

What Happened to Facebook, Instagram, & WhatsApp?

Facebook and its sister properties Instagram and WhatsApp are suffering from ongoing, global outages. We don't yet know why this happened, but the how is clear: Earlier this morning, something inside Facebook caused the company to revoke key digital records that tell computers and other Internet-enabled devices how to find these destinations online.
04 October 2021

Transnational Fraud Ring Bilks U.S. Military Service Members Out of Millions

Transnational Fraud Ring Bilks U.S. Military Service Members Out of Millions A former medical records tech stole PII that was then used to fraudulently claim DoD and VA benefits, particularly targeting disabled veterans.
04 October 2021