Accenture and Prevailion describe the recent activities of the Iranian threat group Lyceum. It's concentrated on installing backdoors in ISPs and telecommunications companies located in Israel, Morocco, Tunisia, and Saudi Arabia. An unnamed foreign ministry in Africa has also been targeted.
NCC Group reports that the Clopp ransomware gang is increasing its exploitation of the Serv-U vulnerability (CVE-2021-35211) to gain access to unpatched SolarWinds instances.
Forbes describes the activities of the RocketHack Russian criminal group, which it characterizes as a "cyber mercenary" operation specializing in gaining access to targeted individuals' Gmail, Protonmail and Telegram accounts. RocketHack is described as occupying essentially the same space as lawful intercept vendors like NSO Group.
In a 3-0 decision rendered Monday, the 9th US Circuit Court of Appeals rejected NSO Group's movement to dismiss a suit brought by WhatsApp and Facebook. According to Lawfare, WhatsApp alleges that NSO Group “sent malware [that is, the Pegasus surveillance tool] through WhatsApp’s server system to mobile devices." That suit will now proceed, and the Daily Beast writes that NSO Group is likely to be required to disclose much about its controversial dealings with governments who have abused the company's intercept tools. NSO Group sought to have the case dismissed on the grounds that it should enjoy sovereign immunity.
Microsoft addressed fifty-five vulnerabilities in yesterday's Patch Tuesday. KrebsOnSecurity says that two of the bugs are undergoing active exploitation in the wild. CISA yesterday released advisories on eight industrial control system vulnerabilities, along with information on patches and mitigations.