Google researchers discovered a MacOS zero-day exploit being used against Hong Kong activists. It was a “watering hole” attack, which means the malware was hidden in a legitimate website. Users visiting that website would get infected.
From an article:
Google’s researchers were able to trigger the exploits and study them by visiting the websites compromised by the hackers. The sites served both iOS and MacOS exploit chains, but the researchers were only able to retrieve the MacOS one. The zero-day exploit was similar to another in-the-wild vulnerability analyzed by another Google researcher in the past, according to the report.
In addition, the zero-day exploit used in this hacking campaign is “identical” to an exploit previously found by cybersecurity research group Pangu Lab, Huntley said. Pangu Lab’s researchers presented the exploit at a security conference in China in April of this year, a few months before hackers used it against Hong Kong users.
The exploit was discovered in August. Apple patched the vulnerability in September. China is, of course, the obvious suspect, given the victims.
EDITED TO ADD (11/15): Another story.
Posted on November 12, 2021 at 9:07 AM •
Carolyn McCarthy gave an excellent TEDx talk about becoming a tech policy activist. It’s a powerful call for public-interest technologists.
Posted on December 4, 2019 at 6:04 AM •
WhatsApp is suing the Israeli cyberweapons arms manufacturer NSO Group in California court:
WhatsApp’s lawsuit, filed in a California court on Tuesday, has demanded a permanent injunction blocking NSO from attempting to access WhatsApp computer systems and those of its parent company, Facebook.
It has also asked the court to rule that NSO violated US federal law and California state law against computer fraud, breached their contracts with WhatsApp and “wrongfully trespassed” on Facebook’s property.
This could be interesting.
EDITED TO ADD: Citizen Lab has a research paper in the technology involved in this case. WhatsApp has an op ed on their actions. And this is a good news article on how the attack worked.
EDITED TO ADD: Facebook is deleting the accounts of NSO Group employees.
EDITED TO ADD (11/13): Details on the vulnerability.
Posted on October 30, 2019 at 9:36 AM •
Sidebar photo of Bruce Schneier by Joe MacInnis.