During its investigation of a Pegasus spyware infection of a Saudi activist’s iPhone, the University of Toronto’s Citizen Lab has found a “zero-day zero-click exploit against iMessage.” They call the exploit “FORCEDENTRY,” say it targets Apple’s image rendering library, and claim that it’s effective against Apple iOS, MacOS and WatchOS devices. Apple late yesterday addressed the vulnerability with an update to iOS 14.8. FORCEDENTRY is a zero-click attack requiring no obvious user interaction; victims may be unaware that their devices have been affected. The Wall Street Journal reports that NSO Group, maker of Pegasus, has apparently been exploiting the vulnerability since February.
Intezer has discovered a criminal version of Cobalt Strike's beacon ("Vermilion Strike," they're calling it) used by unknown threat actors against both Windows and Linux systems. Vermillion Strike may be the work of a gang, but its sophistication and evident interest in espionage could also suggest that it might have been developed and deployed by a nation-state's intelligence service. But both provenance and attribution remain unclear.
CSO thinks that recent events have revealed that the Russian government is fully capable of shutting down cyber gangs, if it wants to, and that some disruptions of criminal activity may indicate that US sanctions are having some limited effect. One gang, REvil, is now back in business, Threatpost confirms.
A cyberattack on Jefferson Parish, Louisiana, courts took advantage of the distraction of Hurricane Ida to install unspecified malware in the courts’ networks, Nola.com reports. The courts are expected to recover soon.