A new report by the University of Torontos Citizen Lab has identified suspected government customers of Paragon Solutions spyware in six additional countries: Australia, Canada, Cyprus, Denmark, Israel, and Singapore, according toCyberScoop.Researchers mapped Paragons Graphite spyware infrastructure after receiving a tip and found potential links to these nations, along with a possible connection to the Ontario Provincial Police. The report also expands on previously reported cases of Paragon spyware targeting activists in Italy, including surveillance of a personal friend of Pope Francis and organizations involved in migrant rescue efforts in the Mediterranean. One targeted individual, activist David Yambio, was allegedly spied on while sharing information with the International Criminal Court about torture victims in Libya. Despite Paragons claims that it only sells spyware to clients that respect human rights, Citizen Labs findings challenge this assertion. Amnesty International warned that the revelations deepen Europes digital surveillance crisis, particularly given the risks faced by humanitarian groups. Paragon responded by denying specific claims but did not address concerns about potential abuses.
The FBI has sought public information that would help identify Chinese state-backed Salt Typhoon hackers, reiterating an up to $10 million bounty from the U.S. State Department's Rewards for Justice Program for any details that would help in the clampdown of the threat operation that has targeted telecommunications providers in the U.S. and other parts of the world, resulting in the compromise of highly sensitive data, reports BleepingComputer.
Organizations using Ivanti Connect Secure and Pulse Secure VPN systems have been urged to update their instances following a ninefold increase in suspicious IP scanning activity recorded on Apr. 18, The Register reports.
Threat actors have been combining a pair of critical Craft CMS vulnerabilities to facilitate server compromise as part of ongoing attacks, according to BleepingComputer.
