Cellphones belonging to Finnish diplomats posted outside the country have been infected with the Pegasus spyware in what appears to be a cyberespionage operation.

Israeli-based cyber-arms company NSO Group, the developer of the Pegasus spyware tool, has been widely criticized by international community over allegations that Pegasus was used by some oppressive regimes for unauthorized surveillance. Pegasus is able to infect iPhones and Android smartphones running most versions of iOS and Android and is capable of reading text messages, tracking calls, collecting passwords and information from apps, accessing device’s microphone and camera, etc.

In an official press release the Finnish Foreign Affairs Ministry said that the malware was found on the phones of several diplomats stationed abroad and that the espionage campaign was thwarted, but did not elaborate on the matter. However, the ministry did admit that the perpetrators may have collected data from the hacked devices, although it noted that diplomats’ devices usually contain data that is either public, or with the lowest security classification.

Cyberattack disrupts operations of major German petrol distributor

Two subsidiaries of German logistics company Marquard & Bahls have been hit by a cyberattack of an undisclosed nature over the weekend that impacted IT systems and supply chain.

In a joint statement the two companies, Oiltanking GmbH Group and mineral oil supplier Mabanaft GmbH & Co. KG Group, said the incident was detected on January 29 and that they were working with external experts to resolve the issue as quickly as possible.

It is understood that the cyberattack has affected the suppliers’ loading/unloading processes. Due to the disruption, Oiltanking’s terminals were operating with limited capacity. Both companies have declared “force majeure” for the majority of their inland supply activities in Germany. According to an Oiltanking spokesperson, the company’s terminals in foreign markets were not impacted.

$80 million in cryptocurrency stolen in Qubit Finance hack

Hackers have stolen around $80 million in cryptocurrency from decentralized finance (DeFi) platform Qubit Finance by exploiting a logical error in the Qubit’s smart contract code.

The flaw allowed the attackers to invoke deposit() function in the QBridge contract, input malicious data and withdraw $80 million in Binance Coin without depositing ETH.

The Qubit Finance team posted a message on Twitter asking the perpetrators behind the hack to negotiate with the company before taking any other action, so as to minimize losses to Qubit’s users.

Nearly two dozen vulnerabilities in UEFI firmware impact devices from major computer vendors

Security researchers at Binarly have warned of 23 high-risk vulnerabilities in implementations of UEFI firmware used by multiple device vendors, including Fujitsu, Siemens, Dell, HP, HPE, Lenovo, Microsoft, Intel and Bull Atos.

The security issues reside within the InsydeH2O UEFI firmware developed by Insyde Software. It was found that all affected vendors were using Insyde-based firmware SDK to develop their firmware.

The majority of the discovered flaws are related to System Management Mode (SMM) and can be exploited for arbitrary code execution with SMM privileges. These vulnerabilities pose a high risk because threat actors could use them as part of the exploit chain to bypass security features (Secure Boot and VBS), and endpoint protection software, or install malware that survives OS re-installations.

Insyde Software has released security patches to address the above-mentioned issues.

Wormhole cryptocurrency platform loses over $320M in a hack

Wormhole, one of the most popular bridges linking Solana and other DeFi networks, has become yet another victim of high-value theft, resulting in the loss of 120,000 wETH tokens (over $320 million at current exchange rates). This marks the 4th largest theft of cryptocurrency of all time and the largest crypto heist so far in 2022.

According to blockchain analysis firm Elliptic, the hacker took advantage of a weakness in Wormhole platform, which stemmed from failure to validate “guardian” accounts, and minted 120,000 wETH on the Solana blockchain, and then transferred 93,750 ETH to the Ethereum blockchain.

As in the case of Qubit Finance, the Wormhole team offered the attacker a $10 million bug bounty for the exploit details and return of stolen funds.

What’s next:

Follow ImmuniWeb on Twitter and LinkedIn
Subscribe to newsletter to get the next post automatically
Explore 18 use cases how ImmuniWeb can help
See the benefits of our partner program
Request a demo, quote or special price

Application Security Weekly

Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law.

Recent Blog Posts:

Canada's Global Affairs Department Targeted in a Cyberattack

Top 8 Cybersecurity and Privacy Trends in 2022

REvil Members Arrested in Russia & Cyberattack Against Ukraine