Reports claim Apple can now block Pegasus spyware / Iranian cyberattack against U.S. uncovered / U.K. police members avoid $1.2M fine

Plus: Maltego acquired by Charlesbank Technology Opportunities Funds to provide software for FBI and Interpol

Inside.com Part of   Network April 19, 2023

Apple's high-security mode can block the infamous Pegasus spyware, according to a new report from security researchers. The feature is known as Lockdown Mode. More: Researchers claim this is the first case that Lockdown Mode has successfully protected a device from NSO'S Pegasus spyware attacks. The report claims that this marks the first time Apple's Lockdown Mode goes a step further than simply notifying the user of an attempted breach, something that it has been able to do for a while now. This report comes only days after several journalists stated that they were targeted by spyware that showed digital traces tied to Pegasus. Pegasus, developed by controversial Israeli company NSO, can steal information such as: location, messages, photos, videos, contacts, call history. Zoom Out: Only a year ago, Spanish government regulators began investigating claims that Pegasus was used to spy on opposition political opponents. The Pegasus spyware was reportedly also used to spy on high-ranking officials in the European Union, causing a debate in the political organization on whether NSO Group, the company behind the spyware, should be blacklisted.

Researchers have tracked a hacking campaign from government-backed Iranian hackers on critical U.S. energy infrastructure. The campaign was active from late 2021 to 2022. More: The threat actor that deployed this hacking campaign was Mint Sandstorm, previously known as Phosphorus.  Mint Sandstorm is believed to be tied to the Islamic Revolutionary Guard Corps. In this hacking campaign that lasted more than six months, Mint Sandstorm targeted: U.S. seaports, energy companies, transit systems, and utility and gas companies.  The activity is suspected to be retaliatory and in response to attacks targeting its maritime, railway, and gas station payment systems that took place between May 2020 and late 2021. Researchers stated that these attacks show Sandstorm's ability to constantly refine its tactics as part of highly-targeted phishing campaigns to obtain access to targeted environments. Zoom Out: Mint Sandstorm has previously attacked U.S. companies such as HBO, threatening to leak scripts from famous TV shows such as Game of Thrones. The hacker who deployed the attack was later indicted. The group was also involved in a hacking campaign that targeted U.S. infrastructure after the 2015 Nuclear deal between Iran and the U.S. The Iranian government denied having any knowledge of the cyberattack. In 2022, the U.S. Department of Treasury sanctioned several members of Mint Sandstorm for previous hacking campaigns.

Two U.K. police members have avoided a $1.2M fine for recording the phone calls of over 200,000 citizens without permission. The U.K. police claim that the policemen were not aware of having the ability to record conversations through their devices. More: The Information Commissioner's Office has stated that the institution will change how it reprimands its officials for breaking laws, replacing monetary fines with other methods, which is why these police officers will not have to pay any money. The ICO claims that the app was downloaded by over 1,015 staff members. Police officers using the app claim that they were unaware that all calls were being recorded, and interviewees were therefore not informed of the fact either. This fact means that the interviewees had their privacy rights broken because they did not give consent to having their personal information recorded. The app was meant to be used only by only a small number of police officers, but Surrey Police and Sussex Police apparently made the decision to make the app widely available. The ICO, however, claims that it became aware of this situation only in 2020.

Maltego has been acquired by Charlesbank Technology Opportunities Funds, which is investing $100M to grow the company that helps forensic investigators become more efficient through data integration. The company works with agencies such as the FBI and Interpol. More: The company is used by security professionals, pen testers, forensic investigators, investigative journalists, and market researchers. Maltego aims to use this funding round to expand in the North American market. The company has over 100 employees who will remain employed under the new ownership. The purchase price was not disclosed. Maltego is based in Munich, Germany.

Semgrep has raised a $53M Series C funding round to help developers find security flaws in their code. The platform is used by companies such as Shopify, Snowflake, and Dropbox. More: Semgrep can determine whether a piece of code contains known vulnerabilities, such as those tracked in the CVE cybersecurity database. It’s also capable of checking an application’s susceptibility to common hacking tactics. Semgrep claims that by using its product, developers can transparently view the rules that alerted the vulnerabilities and make sense of them. The company claims that it saw 750% YoY user growth in 2022. Lightspeed Venture Partners led the funding round, with participation from Felicis Ventures, Redpoint Ventures, and Sequoia Capital.

Quick Hits: Say goodbye to silos. With Miro, teams can sync, flow, and feel the connection of working side by side, even in remote and hybrid work environments.* SpecterOps, a cybersecurity solutions and services provider, has raised $25M in a Series A round led by Decibel. Hackers with ties to Russian military intelligence are reportedly behind a new phishing campaign that is targeting Ukrainian organizations. Transparent Tribe, a Pakistan-based hacker group, is launching Linux cyberattacks against Indian government agencies. The attacks use 2FA manipulation to steal login credentials. Sales pros worldwide say sales ops are key to productivity. Download the new "Trends in Sales Ops" report to learn more.* *This is sponsored content.

Upcoming events at Inside: April 19 - Human Resources Summit'23 (Watch Now) April 26 - The world's largest gathering that brings together all sides of the cryptocurrency, blockchain and Web3 community (Register Here) * April 27 - Inside.com Book Club - REWORK by 37signals (Register Here) May 02 - Inside Startups Coffee Break (Register Here) *This is a sponsored listing.

Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. Editor Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords.

767 Bryant St. #203, San Francisco, CA 94107 Copyright © 2023 Inside.com

Did someone forward this email to you? Head over to inside.com to get your very own free subscription! You received this email because you subscribed to Inside Security. Click here to unsubscribe from Inside Security list or manage your subscriptions.