AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 2/6/2024

Pegasus Spyware Targeted iPhones of Journalists and Activists in Jordan 

The iPhones belonging to nearly three dozen journalists, activists, human rights lawyers, and civil society members in Jordan have been targeted with NSO Group’s Pegasus spyware, according to joint findings from Access Now and the Citizen Lab. Nine of the 35 individuals have been publicly confirmed as targeted, out of whom six had their devices compromised with the mercenary surveillanceware tool. The infections are estimated to have taken place from at least 2019 until September 2023. “In some cases, perpetrators posed as journalists, seeking an interview or a quote from victims, while embedding malicious links to Pegasus spyware amid and in between their messages,” Access Now said. 


Researchers map decision-making processes of victims of ransomware 

University of Twente has investigated the decision-making processes of victims forced to pay ransom following ransomware attacks. UT researcher Tom Meurs and his colleagues analyzed data provided by the Dutch National Police and a Dutch incident response organization on 481 ransomware attacks. They were able to show that organizations with recoverable backups were better able to avoid having to pay ransom. Data exfiltration led to higher ransom amounts paid. That was also the case for organizations insured against ransomware attacks. The paper is available as a preprint. 

More mass exploits hit the same buggy Ivanti devices 

All manner of miscreants are piling onto the latest Ivanti flaw, a server-side request forgery (SSRF) vulnerability tracked as CVE-2024-21893, according to threat hunters tracking the string of CVEs that have been plaguing the software shop’s gateways over recent weeks. Ivanti first disclosed the newest bug in the SAML component of of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x)  appliances on January 31. The vendor spotted the flaw as it was investigating and scrambling to patch, two other zero-day bugs; an authentication bypass vulnerability (CVE-2023-46805) and a common injection flaw (CVE-2024-21887), that were also under attack. 


Google and Mozilla don’t like Apple’s new iOS browser rules 

Apple is being forced to make major changes to iOS in Europe, thanks to the European Union’s “Digital Markets Act.” The act cracks down on Big Tech “gatekeepers” with various interoperability, fairness, and privacy demands, and part of the changes demanded of Apple is to allow competing browser engines on iOS. The change, due in iOS 17.4, will mean rival browsers like Chrome and Firefox get to finally bring their own web rendering code to iPhones and iPads. Despite what sounds like a big improvement to the iOS browser situation, Google and Mozilla aren’t happy with Apple’s proposed changes. 


US Cracks Down on Spyware with Visa Restrictions 

The US will impose visa restrictions on individuals involved in the misuse of commercial spyware. Anthony Blinken, the US Secretary of State, announced the decision on February 5, insisting in a public statement that the misuse of commercial spyware has been linked to “arbitrary detentions, forced disappearances and extrajudicial killings in the most egregious of cases.” This move could affect some US allies, including Israel, India, and Jordan, all of which have been involved in selling or buying spyware. This new policy reinforces US President Joe Biden’s stance on curbing the spyware industry. 

Related Posts