hacking

https://www.nrk.no/norge/dataangrep-mot-norkart_-3_3-millioner-kan-vaere-berort-1.15962268

Selskapet Norkart, som leverer IT-systemer for kart- og eiendomsinformasjon, er utsatt for et dataangrep. Persondata for opp mot 3,3 millioner innbyggere er på avveier.

Selskapet varslet om dataangrepet tirsdag. Alle som eier eiendom i Norge kan være berørt.

[…]

– Det vi ønsker nå er at alle som er eiere eller festere er ekstra årvåkne når det gjelder forsøk på svindel. Et godt råd er å sperre seg for sjekk av kredittopplysninger og følge med på hva som skjer i postkassen din.

https://www.theverge.com/2022/3/16/22981806/facebook-removes-deepfake-ukraine-zelenskyy-meta-instagram

In the fake video, Zelenskyy surrenders to Russian invasion

…

The deepfake appears to have been first broadcasted on a Ukrainian news website for TV24 after an alleged hack

https://arstechnica.com/information-technology/2022/03/researcher-uses-dirty-pipe-exploit-to-fully-root-a-pixel-6-pro-and-samsung-s22/

It was bound to happen. Worst Linux vulnerability in 6 years fells two popular handsets.

https://arstechnica.com/information-technology/2022/03/attackers-can-force-amazon-echos-to-hack-themselves-with-self-issued-commands/

Popular “smart” device follows commands issued by its own speaker. What could go wrong?

https://arstechnica.com/information-technology/2022/01/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan/

A fake two-factor-authentication app that has been downloaded some 10,000 times from Google Play surreptitiously installed a known banking-fraud trojan that scoured infected phones for financial data and other personal information, security firm Pradeo said.

https://www.npr.org/2022/01/18/1073828708/israel-spyware-citizens-nso-group

Israeli police have used spyware from controversial Israeli company NSO Group to hack the cell phones of Israeli citizens without judicial oversight, including activists protesting former Prime Minister Benjamin Netanyahu, an Israeli newspaper reported Tuesday.

The Israeli spyware company faces mounting global scrutiny and recent U.S. sanctions for equipping regimes with powerful surveillance tools used to target human rights activists, journalists and politicians. Recently, Palestinian activists said their phones were infected with NSO spyware.

https://www.reuters.com/technology/exclusive-us-state-department-phones-hacked-with-israeli-company-spyware-sources-2021-12-03/

iPhones of at least nine U.S. State Department employees were hacked by an unknown assailant using sophisticated spyware developed by the Israel-based NSO Group

https://www.vice.com/en/article/93bw8y/google-caught-hackers-using-a-mac-zero-day-against-hong-kong-users

The hackers had set up a watering hole attack, meaning they hid malware within the legitimate websites of “a media outlet and a prominent pro-democracy labor and political group” in Hong Kong. Users who visited those websites would get hacked with an unknown vulnerability—in other words, a zero-day—and another exploit that took advantage of a previously patched vulnerability for MacOS that was used to install a backdoor on their computers, according to Hernandez. 

Apple patched the zero-day used in the campaign in an update pushed out on September 23, according to the report.

https://www.nrk.no/innlandet/ostre-toten-kommune-far-fire-millioner-i-bot-etter-dataangrepet-mot-kommunen-1.15695776

kommunen har hatt store mangler på grunnleggende sikkerhet.

– Vi ser at det har vært mangler i logging, av tofaktorautorisering, innen sikkerhetskultur og i rutiner for backup.

Tilsynet skriver i vedtaket at de ser særlig alvorlig på at personopplysninger og opplysninger om barn er rammet av angrepet. Begge har krav på et særskilt vern. Dataene er tapt for kommunen og delt i ukjent omfang på det mørke nettet.

https://www.vice.com/en/article/93ypke/the-nsa-and-cia-use-ad-blockers-because-online-advertising-is-so-dangerous

The news highlights the continued risk from the online advertising ecosystem. Some hackers leverage how adverts are delivered to send target devices malware. Data brokers and potentially intelligence agencies can leverage the ecosystem to gather information on devices and by extension people, sometimes including their physical location. The IC taking steps to protect itself from the dangers of the advertising ecosystem shows just how malicious it can be.