CYBERSECURITY NEWS V. November – Apple vs NSO Group, 45M VPN users’ data leakage, Panasonic Data Breach
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates
Apple vs NSO Group
Apple sues NSO Group over the Pegasus spyware. Apple asks the court to ban the NSO Group from using its devices and software. Such a ban could help prevent the deployment of Pegasus on new Apple devices and the NSO employees updating the spyware to newer versions of iOS. The lawsuit also seeks redress for NSO Group’s violations of the U.S. federal and state laws.
In the lawsuit, Apple also stated that the NSO Group sold a 0-day vulnerability to dubious customers, who then used it to hack the devices of journalists, human rights activists, political dissidents, diplomats, and government officials.
Apple mentions the ForcedEntry exploit that was discovered this year. A report by Citizen Lab says the zero-day was sold to the Bahraini government, who used it to hack the devices of dissidents, bloggers, and opposition figures.
Apple promises to donate $ 10 million and reimburse any legal costs to organizations that research cyber-tracking tools. Since Citizen Lab had exposed most of the Pegasus spy campaigns, Apple has pledged to provide free support to the research lab.
Hackers compromised Panasonic's confidential data
On November 11, 2021, Panasonic reported a cyberattack where unknown hackers had gained access to its servers. According to the results of an internal investigation, they managed to access some data on the company’s file server.
The company did not disclose the exact date of the cyberattack, but the Japanese news agencies Mainichi and NHK say that it happened between June and November of 2021.
Data leak in GoDaddy
One of the world's largest domain registrars, GoDaddy, reported that an unknown person had accessed the personal data of more than 1.2 million customers of the Managed WordPress hosting service. GoDaddy discovered a leak on November 17. As the subsequent investigation showed, the attacker had access to the data for more than two months, at least since September 6.
Unknown hacker stole $ 55 million from bZx DeFi platform
A hacker stole $ 55 million in cryptocurrency from the DeFi platform bZx, which allows users to borrow, lend, and speculate on fluctuations in cryptocurrencies.
According to the bZx representatives, the platform developer received a phishing email containing a Word document with malicious macros disguised as a legitimate attachment. As a result, a script was launched on the developer's computer that compromised the mnemonic phrase for accessing his cryptocurrency wallet.
The attacker emptied the developer's wallet and stole two private keys used to integrate the bZx platform with the Polygon and Binance Smart Chain (BSC) blockchains. Using these keys, the hacker stole the bZx funds from Polygon and BSC, along with the funds of a small number of users who approved unlimited spending transactions for both tokens in their accounts.
In the aftermath of the incident, bZx disabled its site's user interface to block users from depositing new funds. In addition, the platform cooperates with other cryptocurrency exchanges to track down the attacker and freeze the stolen funds.
Among other things, bZx approached the hacker, inviting them to contact the platform representatives and discuss the possibility of returning the stolen cryptocurrency for a reward.
bZx hopes to repeat the story of PolyNetwork that managed to recover all of the $600 million stolen from the platform.
Data of millions of VPN users leaked online
A database of 45.5 million users of FreeVPN.org and DashVPN.io mobile VPN services was online. Both services are owned by ActMobile Networks, an international company headquartered in the United States. The user data was left on an unprotected server of the MongoDB database management system. The base contains email addresses, encrypted passwords, registration dates, profile updates, and last login times from 2017-2021.