A report in Yahoo News offers details on the Stuxnet attack against Iran’s Natanz uranium enrichment plant. The US CIA and Israel’s Mossad are said to have approached the Netherlands intelligence service AIVD, which had an asset close to Iran’s nuclear program. According to the story that asset (described as a “mole” with training as an engineer) was able over a protracted period of time to deliver the Stuxnet attack code via USB to the air-gapped centrifuge controllers at Natanz.
Reports last week originating with Google’s Project Zero that detailed watering-hole attacks against iOS devices were amplified over the weekend. Forbes reports that the attacks also affected Android and Windows systems. There was speculation at the time of the initial reports that the attacks, while relatively indiscriminate, were intended to target specific groups. It now appears, according to TechCrunch, that the attackers were Chinese security services, and the targets were China’s Uyghur minority.
As unrest continues in Hong Kong and Beijing's reaction continues to escalate, Bloomberg and others report that Hong Kong protest organizers say that the Chinese government has mounted distributed denial-of-service attacks against the principal forum, LIHKG, the protestors have used to coordinate their actions.
Eclypsium has disclosed a family of authentication vulnerabilities it discovered in Supermicro X9-X11 servers’ baseboard management controllers. Eclypsium calls the vulnerabilities “USBAnywhere.” Their exploitation could enable a range of USB-based attacks.
Twitter CEO Jack Dorsey's Twitter account was hijacked Friday afternoon to display racist messages. The Verge says the "Chuckle Squad" claimed responsibility.