The UN has asked the US to investigate the spyware incident involving the phone belonging to Amazon founder Jeff Bezos, the Guardian reports. Motherboard has obtained a copy of FTI Consulting’s forensic report on the device, and notes this conclusion: “Bezos’ phone was compromised via tools procured by Saud al Qahtani,” a close adviser to the Saudi Crown Prince. Experts Motherboard consulted note that the investigators may not have achieved the root access needed to fully inspect the phone, since “good state-sponsored malware” wouldn’t betray itself by appearing in backups. NSO Group’s Pegasus tool is the usual suspect, but the basis for that conclusion, while compelling, remains largely circumstantial.
Comparitech found five Microsoft Elastisearch servers exposed online on December 29th. Microsoft secured them over the next two days, and disclosed details of the incident yesterday. The data were held in a customer service database. Some two-hundred-fifty-million records were exposed.
A ransomware infestation must now be considered a data breach until investigation proves otherwise. BleepingComputer notes that both Maze and Sodinokibi are prepared to leak data belonging to victims who fail to pay. Dark Reading writes that organizations are increasingly disposed to pay.
According to CNET, Apple and Google are engaged in a dispute over Google’s claims that Apple’s Safari anti-tracking features may actually facilitate tracking.
Windows 7 may have gone west, but the German government just can’t quit it. Berlin will pay Redmond €800,000 in 2020 for extended security updates for about thirty-three-thousand PCs still running Windows 7, OnMSFT reports.