A new report by FireEye on Iran's APT39 discerns a disturbing new interest of the Islamic Republic's hacking unit: it's going after personally identifiable information. This is said to be unusual for Iranian state-directed actors, who've hitherto concentrated on other objectives, like trade secrets, state secrets, and access to infrastructure.
Reuters reports on a UAE program to intercept iPhone traffic.
US Intelligence Community leaders yesterday testified before the Senate about the threat landscape. Cyber threats figured prominently, the Washington Post says. Russia, China, Iran, and North Korea were specifically singled out as aggressive and dangerous, and as having significantly increased their cyber capabilities. Criminal or terrorist activity in cyberspace is a less serious problem, although the testimony did note growing systematic and opportunistic collaboration between nation-states and criminal groups.
Last week Cisco issued patches for its Small Business RV320 and RV325 dual gigabit WAN VPN routers. Attackers are currently scanning actively for unpatched routers, SC Magazine reports. Exploit code has been published, and users should patch.
Huawei's indictment in the US could prove crippling, WIRED reports, if it results in loss of access to US technology.
The FaceTime bug (which as CNN and others note was discovered by a fourteen-year-old gamer and disclosed to Apple by his mom) is now the subject of a lawsuit. Ars Technica reports that a Texas attorney is suing Apple because the bug allowed a deposition to be recorded. The plaintiff says he updated his phone to allow "group Facetime calls but not unsolicited eavesdropping."