Serbia: Authorities using spyware and Cellebrite forensic extraction tools to hack journalists and activists
Serbian police and intelligence authorities are using advanced phone spyware alongside mobile phone forensic products to unlawfully target journalists, environmental activists and other individuals in a covert surveillance campaign, a new Amnesty International report has revealed. The report, “A Digital Prison”: Surveillance and the Suppression of Civil Society in Serbia, documents how mobile forensic products made by Israeli company Cellebrite are being used to extract data from mobile devices belonging to journalists and activists. It also reveals how the Serbian police and the Security Information Agency (Bezbedonosno-informativna Agencija – BIA) have used a bespoke Android spyware system, NoviSpy, to covertly infect individuals’ devices during periods of detention or police interviews. “Our investigation reveals how Serbian authorities have deployed surveillance technology and digital repression tactics as instruments of wider state control and repression directed against civil society,” said Dinushika Dissanayake, Amnesty International’s Deputy Regional Director for Europe.
US Unveils New National Cyber Incident Response Plan
The US government has published a new draft National Cyber Incident Response Plan (NCIRP), setting out the roles and responsibilities for public and private sector organizations during cyber incidents. The Cybersecurity and Infrastructure Security Agency (CISA) is inviting feedback on the draft, with the public comment period concluding on January 15, 2025. The draft publication follows an update to the 2016 NCIRP, which was called for in the White House’s 2023 National Cybersecurity Strategy and previously set out in the Presidential Policy Directive 41 (PPD-41) in May 2021. This update responds to changes in the cyber threat landscape, federal law and policy and new organizational capabilities, CISA said.
LastPass hacked, users see millions of dollars of funds stolen
The hacker responsible for the huge LastPass breach in 2022 has continued their rampage by using stolen data to take $5.36 million from 40 crypto wallets. The August 2022 hack saw the attacker gain access to information that allowed them to later successfully breach a cloud-based storage environment which stored customer keys, API tokens, multi-factor authentication (MFA) seeds, and encrypted password vaults. While the password vaults were encrypted, the master password used to open them could still be brute forced if it was weak, reused, or previously leaked, which may be the reason for a string of crypto thefts against LastPass users since 2022.
Combatant commands mishandled classified mobile devices, audit finds
Three U.S. combatant commands and the Defense Department’s IT support agency failed to follow cybersecurity protocols when handling classified mobile devices, according to a Defense Department Office of the Inspector General report released Monday. The heavily redacted report, entitled the “Audit of Cybersecurity of DoD Classified Mobile Devices,” said U.S. European Command, two subcomponents of U.S. Special Operations Command and the Defense Information Systems Agency didn’t maintain an accurate inventory record of devices, a misstep that could leave sensitive information vulnerable to cyber threats.
Trump administration wants to go on cyber offensive against China
President-elect Donald Trump’s team wants to go on the offensive against America’s cyber adversaries, though it isn’t clear how the incoming administration plans to achieve this. Speaking to CBS News’ Margaret Brennan on Face the Nation Sunday, Congressman Mike Waltz (R-FL), Trump’s pick for national security advisor, said that years of the US prioritizing cyber defense isn’t working. “We have been, over the years, trying to play better and better defense when it comes to cyber,” Waltz said. “We need to start going on offense and start imposing, I think, higher costs and consequences to private actors and nation state actors.”
Hackers seek ransom after getting SSNs, banking info from state gov’t portal
Hackers trying to extort the Rhode Island government infiltrated the state’s public benefits system, causing state officials to shut down online services that let residents apply for Medicaid and other assistance programs. “As part of this investigation today, we discovered that within the Rhode Island Bridges system, a cybercriminal had installed dangerous malware that constituted an urgent threat,” Governor Dan McKee said at a Friday night press conference, according to The Providence Journal. “That is why tonight we have shut down the system. That means customers will temporarily not be able to access any customer portal related to the services on Rhode Island Bridges.”