News Heading - 1

Invisible Calendar Invites Used to Hack iPhones and Install QuaDream Spyware

  • Written by Ari Denial Cybersecurity & Tech Writer

The spyware was found to be particularly advanced, using techniques such as sandbox evasion and persistence to remain undetected on the compromised device.

According to the report, QuaDream’s spyware has been linked to a group known as Candiru, which is also based in Israel and has been accused of selling spyware to various governments around the world.

Microsoft has stated that it has taken steps to protect its customers from QuaDream, but warns that these types of attacks will continue to occur as long as spyware companies are allowed to operate without oversight.

Attackers were able to compromise iPhones by using backdated and “invisible” iCloud calendar invitations, according to reports.

The attackers used this technique to exploit the ENDOFDAYS vulnerability, which runs automatically once an iCloud calendar invitation is added to the user’s calendar without notification or prompt. This allowed the attacks to remain undetected by the targets, making it an effective technique for compromising devices.

Citizen Lab researchers have reported that “at least five civil society victims of QuaDream’s spyware and exploits” were found in various regions, including Central Asia, Southeast Asia, Europe, North America and the Middle East. The victims reportedly include journalists, political opposition figures, and an NGO worker, but no names were provided.

The malware used in the campaign, dubbed KingsPawn by Microsoft, was designed to self-delete and clean out any traces from victims’ iPhones to evade detection, according to the report. Additionally, Citizen Lab discovered a process name used by the spyware through their analysis of the self-destruct feature.

The capabilities of QuaDream’s spyware, discovered during analysis, include recording audio from phone calls and the microphone, taking pictures with the device’s camera, exfiltrating items from the device’s keychain, generating iCloud time-based one-time password login codes for future dates, running SQL queries, tracking the device’s location, and performing various filesystem operations. The spyware also has the ability to clean remnants left behind by zero-click exploits.

QuaDream servers were discovered by Citizen Lab in several countries, including Bulgaria, the Hungary, Israel, Mexico, Czech Republic, Romania, Ghana, Uzbekistan, Singapore, the United Arab Emirates (UAE), and Mexico.

News Heading - 2

KFC and Pizza Hut’s Parent Company Reveals Data Breach Following Ransomware Attack

  • Written by Ari Denial Cybersecurity & Tech Writer

Yum! Brands, the parent company of popular fast food chains KFC, Taco Bell and Pizza Hut has provided details regarding a ransomware attack that took place on January 2023.

With the support of approximately 36,000 employees worldwide, Yum! Brands and its subsidiaries manage over 55,000 restaurants in 155 countries and territories.

The company has confirmed that personal information of the affected individuals, including their names, driver’s license numbers, and other ID card numbers, was compromised in the attack. As a result, Yum! Brands is sending out data breach notification letters to inform the impacted parties about the incident.

According to the latest updates from the investigation, Yum! Brands has found no indications of the stolen data being used for identity theft or fraud. However, as a precautionary measure, the company was compelled to close down approximately 300 restaurants in the UK.

The annual report filed by Yum! Brands with the U.S. Securities and Exchange Commission (SEC) has revealed that the company was a victim of a ransomware attack in 2022. The attack resulted in the temporary disruption of certain IT systems within the organization.

As a consequence, around 300 restaurants in one market were closed for a day, and data was taken from the network during the incident.

Yum! Brands has stated that it may incur expenses related to the ransomware attack, including costs associated with responding to, remediating, and investigating the incident. The disclosure was made in a statement issued by the company in response to the attack.

In a filing made with the U.S. Securities and Exchange Commission (SEC) in January, Yum! Brands expressed confidence that the ransomware attack would not result in any significant financial impact on the company.

The statement indicated that the incident had caused only temporary disruptions, and Yum! Brands did not anticipate any material adverse effects on its business, operations, or financial results.

The report stated that while the ransomware attack caused temporary disruptions, the company does not expect the incident to materially affect its business, operations, or financial results. Additionally, the company has not reported any restaurant disruptions beyond the affected market.