US Jury Orders NSO Group to Pay $168 Million to WhatsApp in Landmark Spyware Case

A federal jury in California has ordered Israeli spyware maker NSO Group to pay WhatsApp approximately $168 million in damages, marking a watershed moment in the fight against commercial cyberespionage. The verdict, delivered on Tuesday, concludes a six-year legal battle between Meta Platforms, the parent company of WhatsApp, and NSO Group, whose Pegasus spyware was used to hack the messaging app’s users around the world.

Inside DragonForce, the Group Tied to M&S, Co-op and Harrods Hacks

Anonymous individuals identifying as members of the DragonForce cybercriminal syndicate have claimed to be behind the cyber-attacks on Marks & Spencer, Co-op and Harrods. They contacted several media outlets, including the BBC and Bloomberg, with evidence that they had infiltrated the three UK retailers’ IT networks and stolen large amounts of customer and employee data. Notably, they told BBC News that the Co-op breach was more extensive than Co-op had previously admitted.

Unsophisticated cyber actors are targeting the U.S. Energy sector

The US cybersecurity agency CISA, the FBI, EPA, and the DoE issued a joint alert to warn of cyberattacks targeting US-based organizations in the oil and natural gas sector. Unsophisticated threat actors are targeting ICS/SCADA systems in U.S. energy and transport sectors, exploiting poor cyber hygiene to cause major disruptions. The researchers observed that attackers are using “basic and elementary intrusion techniques.” “CISA is increasingly aware of unsophisticated cyber actor(s) targeting ICS/SCADA systems within U.S. critical Infrastructure sectors (Oil and Natural Gas), specifically in Energy and Transportation Systems.” reads the alert. “Although these activities often include basic and elementary intrusion techniques, the presence of poor cyber hygiene and exposed assets can escalate these threats, leading to significant consequences such as defacement, configuration changes, operational disruptions and, in severe cases, physical damage. “

Employee browser activity creates a security blindspot

Thanks to a growth in remote working and the use of SaaS applications enterprise reliance on browsers is growing, but this leaves them open to risks stemming from dangerous employee web behavior. According to a cybersecurity expert at network security platform NordLayer, some employee activity that may go undetected by security teams can result in confidential data and industry secrets leaks or violations of GDPR. “Companies are embracing web-based software as a service (SaaS) applications for various benefits, such as cost reduction and increased efficiency. However, due to increasing dependency, the browser is becoming a significant cybersecurity concern,” says Andrius Buinovskis of NordLayer.

Toll road scams are in overdrive: Here’s how to protect yourself

Driving is a way of life in the US. The country’s sprawling suburbs and nationwide network of highways and toll roads is testament to this. But it also creates a large potential pool of victims for scammers to target, as American drivers have been finding out this year. One report claims there has been a 604% surge in toll road scam texts since the start of the year, with the week beginning March 2 recording a 98% increase from the previous week. It has prompted the FTC, governor of New York and attorney general of California to issue warnings to the public. It’s time to get clued up on toll road scams.