Making Sense of Security

Securing your Digital World.

Making Sense of Security
Browsing:

Category: Security

Bad Certificate Knocks Teams Offline

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2020-3939PUBLISHED: 2020-02-04 SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Cross-Site Scripting(XSS), personal information may be leaked to attackers via the vulnerability. CVE-2020-3937PUBLISHED: 2020-02-04 SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before 20191223, allowing attackers to perform unwanted SQL queries and access arbitrary file in the database. CVE-2020-3938PUBLISHED: 2020-02-04 SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Request Forgery, allowing attackers to launch inquiries into network architecture or system files of the server via forged inquests. CVE-2020-5235PUBLISHED: 2020-02-04 There is a potentially exploitable out of memory condition In Nanopb before 0.4.1, 0.3.9.5, and 0.2.9.4. Read more…


EKANS Ransomware Raises Industrial-Control Worries

Although the ransomware is unsophisticated, the malware does show that some crypto-attackers are targeting certain industrial control products. A fairly unsophisticated ransomware attack has raised a few eyebrows among security researchers for its ability to force computers to stop specific activities, or processes, related to industrial control systems, critical-infrastructure security firm Dragos stated in a report published on February 3. In the past, ransomware has generally caused disruption in industrial control system (ICS) environments as a side effect of the malware’s destructive activity — encrypting data would cause some software to fail, causing outages. Although a relatively primitive attack, Read more…


C-Level & Studying for the CISSP

One CTO tells us about his belated pursuit of a foundational infosecurity certification — why he wanted it and what it took. Why does an IT professional seek a certificate in IT security? For many, it’s a way for junior and mid-career pros to advance their careers and improve their “personal brand.” For others, it’s a requirement of their existing job. So when a C-level IT industry executive — one without security in his job title — decided that he needed a cybersecurity certification, Dark Reading asked why. (image by cirodelia, via Adobe Stock) Tim Titus is chief technology officer Read more…


Researchers Find 24 ‘Dangerous’ Android Apps with 382M Installs

Shenzhen Hawk Internet Co. is identified as the parent company behind five app developers seeking excessive permissions in Android apps. Security researchers have identified 24 Android applications seeking dangerous and excessive permissions, all of which come from app developers under Chinese company Shenzhen Hawk Internet Co., Ltd., and have a combined total of 382 million downloads. One of these developers is Hi Security, the company behind Virus Cleaner 2019 (100 million installations) and Hi VPN, Free VPN (10 million). Hi Security first appeared on the radar of VPNPro researchers when they analyzed the companies behind VPN products, and again Read more…


Attackers Actively Targeting Flaw in Door-Access Controllers

There’s been a sharp increase in scans for vulnerable Nortek Linear Emerge E3 systems, SonicWall says. Attackers are actively trying to exploit a critical, previously disclosed command injection flaw in a door access-controller system from Nortek Security and Control LLC to use the device to launch distributed denial-of-service attacks (DDoS). SonicWall, which reported on the threat Saturday, said its researchers have observed attackers scanning the entire IPv4 address range space for the vulnerable systems in recent days. According to the security vendor, its firewalls have been blocking literally tens of thousands of hits daily from some 100 IP addresses around Read more…


GE’s Nasrin Rezai: From Aspiring Chemist To Global Cybersecurity Leader

The future of cybersecurity depends on getting more young people involved – Casey Crane St. Petersburg, Fla. – Jan. 31, 2020 It’s no secret that cybersecurity and IT as a whole have long been considered male-dominated industries. As of 2019, women represented only 20 percent of professionals working in the global cybersecurity field. While this number is up from a 2013 estimate of 11 percent, it’s a statistic that still has a way to go to reach parity. That’s something Nasrin Rezai hopes to help change. Rezai is the executive vice president and global chief information security and product Read more…


3D map shows how the coronavirus is spreading worldwide

A UN aviation agency uses GIS software to track transmission lines while 20 US airports set up screening centers. View Original Source Article HERE


Coronavirus Phishing Attack Infects US, UK Inboxes

Cybercriminals capitalize on fears of a global health emergency with phishing emails claiming to offer advice for protecting against coronavirus. As people grow concerned about the Wuhan coronavirus, now classified as a global emergency by the World Health Organization, cybercriminals are preying on their fear with phishing emails claiming to have advice on protective safety measures. Emails have been seen in the US and UK. The attack was detected by security researchers at Mimecast. A sample email, which claims to come from a health specialist, advises the recipient to “go through the attached document on safety measures regarding the Read more…


Phishing tournament finds employees falling prey to malicious emails

The Gone Phishing Tournament tested how susceptible people are to opening fraudulent emails and entering their login information. View Original Source Article HERE


FTC alleges deception in “unbiased” review site’s ratings and rankings

Top picks, star ratings, in-depth reviews. Many consumers don’t buy anything without consulting third-party review sites or checking out the opinions of other customers. But how often are those ratings the product of buying and selling between the “independent” site and companies willing to pay for better play? And are those reviews really from satisfied customers or are they from employees acting on instructions to stuff the ballot box with five-star ratings? Those are the allegations in a lawsuit against LendEDU, a site the FTC says falsely claimed to offer “objective” evaluations of financial products. Does the proposed settlement Read more…


How Device-Aware 2FA Can Defeat Social Engineering Attacks

While device-aware two-factor authentication is no panacea, it is more secure than conventional SMS-based 2FA. Here’s why. In the ever-escalating arms race between attackers and defenders, the latest defense to crumble under fire is two-factor authentication (2FA). Hackers have become increasingly successful in using social engineering techniques that defeat 2FA and let them take control of victim accounts. Many of these attacks, however, including account takeover using SIM-jacked phone numbers, can be thwarted by restructuring part of the authentication process, using a minor modification to existing methods. It’s a shift from account-based 2FA (usually using SMS one-time passcodes, or Read more…


VPN: Useful More Than Just For Security

Virtual Private Networks (VPNs) are undoubtedly the most trusted tools for protecting your privacy while you browse the internet. Essentially, a VPN routes your internet traffic and hides your real IP address so that no one, not even your Internet Service Provider, can see your activity on the internet. Further, the entire data you send or receive online is strongly encrypted, making it extra strong from the security perspective. But this is just the tip of the iceberg when it comes to the extensive uses of VPN. Beyond just securing your online activity, there is much more than it Read more…


Apple proposes simple security upgrade for SMS 2FA codes

by John E Dunn Apple engineers think they’ve come up with a simple way to make SMS two-factor authentication (2FA) one-time codes less susceptible to phishing attacks: agree a common text format so their use can be automated without the need for risky user interaction. The concept proposed by the company’s Safari WebKit team is that apps such as mobile browsers will automatically process SMS text codes as they are received, submitting them to the correct website. This dodges today’s hazard that phishing websites can first fool people into entering their password and username, before asking them to submit Read more…


How to Conquer the Cybersecurity Challenges of the Cloud?

Cloud computing has become a significant and powerful force as it brings economies of scale and breakthrough technological advances to modern business organizations. Cloud computing has progressed at an incredible speed in several organizations and is now knotted with the sophisticated technological landscape that supports vital daily operations. According to data from Cloud Security Alliance, at least 70% of the global businesses at present work either fully or partially on the cloud. The ever-expanding cloud environment gives rise to certain types of threats and risks. Business and security leaders face several challenges while protecting their existing IT environment. However, Read more…


FTC warns VoIP providers that help robocallers: we can and will sue

by Lisa Vaas How many illegal robocalls do you get? As in, those spoofed numbers made to look like a neighbor’s calling, calls coming in even though you’re on the National Do Not Call Registry, scammers trying to get you to cough up your personal information? However many you get, it’s too much, since nearly all robocalls are illegal. And we already know that as of September 2019, the number of robocalls flooding US phones was 200 million per day. Would it be any comfort at all to learn that the US Federal Trade Commission (FTC) has growled at Read more…


Email Attackers Abusing Coronavirus Outbreak to Spread Emotet

Security researchers observed email attackers abusing the coronavirus outbreak to infect concerned users with the Emotet trojan. IBM X-Force found that the attack emails appeared to originate from a Japanese disability welfare service provider. Those emails informed recipients that officials had learned of a developing coronavirus outbreak in Japan’s Gifu prefecture. They then urged recipients to open an attached document so that they could view recommended infection prevention measures. A sample text email warning Japanese users of a coronavirus outbreak. (Source: IBM X-Force) Jurisdiction tsusho / facility related disability welfare service providerWe become indebted to.Patients were reported about the Read more…


Free webinar for businesses focuses on tax identity theft and cybersecurity

We know you’re busy with the business of your business. But we’re hoping for an hour of your time. Why? It’s tax season and tax identity thieves, government imposters, and cyber criminals are out in force. Find out how to help thwart them so you can keep focused on your bottom line.   On Tuesday, February 4, join a free webinar, “Protecting Sensitive Business and Customer Information: Practical Data Security Practices for Your Business.” Hear from the FTC and IRS about identity theft, the latest imposter scams targeting businesses, and creating a data security plan to protect your customers, employees, Read more…


FTC and DOJ Extend Deadline for Public Comments on Draft Vertical Merger Guidelines, Announce Two Related Public Workshops

The Federal Trade Commission and the Department of Justice are extending the Feb. 11, 2020 deadline for comments on the draft Vertical Merger Guidelines. The deadline is now Feb. 26. The FTC and DOJ also announced two upcoming joint public workshops on the Draft Vertical Merger Guidelines. The first workshop will take place on March 11 at the Robert F. Kennedy Department of Justice Building, 950 Pennsylvania Avenue, NW, Washington, D.C., from 1 p.m. to 5 p.m. Eastern Time. The second workshop will take place on March 18 at FTC headquarters, 600 Pennsylvania Ave. NW, Washington, D.C., from 1 Read more…


Operators of Comparison Shopping Website Agree to Settle FTC Charges Alleging Deceptive Rankings of Financial Products and Fake Reviews

The operators of a website that compares student loans and other financial products have agreed to settle Federal Trade Commission allegations that they misled consumers to believe their website provided objective product information, when in fact they offered higher rankings and ratings to companies that paid for placement. In an administrative complaint against Delaware-based LendEDU and its operators Nathaniel Matherson, Matthew Lenhard, and Alexander Coleman, the FTC also alleged the company touted fake positive reviews of its LendEDU.com website. “LendEDU told consumers that its financial product rankings were based on objective and unbiased information about the quality of the Read more…


Fraudsters posed as art dealer, bilked museum for millions

by Lisa Vaas “We got scammed!” said a London art dealer after business email compromise (BEC) scammers inserted themselves into a months-long conversation about the sale of a £2.4 million (USD $3.1 million) John Constable painting, spoofing their emails to make it look like the messages came from Simon C. Dickinson Ltd. “No, we got scammed,” said the Dutch museum Rijksmuseum Twenthe, which now has the work by the 19th century English landscape painter and whose money got whisked away by fraudsters who transferred the funds to a Hong Kong account. According to Claims Journal, lawyers for the two Read more…


Google launches open-source security key project, OpenSK

by Danny Bradbury Interested in using hardware security keys to log into online services more securely? Well, now you can make your own from scratch, thanks to an open-source project that Google announced last week. Google has released an open-source implementation called OpenSK. It’s a piece of firmware that you can install on a USB dongle of your own, turning it into a usable FIDO or U2F key. FIDO is a standard for secure online access via a browser that goes beyond passwords. There are three modern flavours of it: Universal Second Factor (U2F), Universal Authentication Factor (UAF), and Read more…


Monday review – the hot 25 stories of the week

by Naked Security writer Get yourself up to date with everything we’ve written in the last seven days – it’s weekly roundup time. Monday 27 January 2020 Tuesday 28 January 2020 Wednesday 29 January 2020 Thursday 30 January 2020 Friday 31 January 2020 News, straight to your inbox Would you like to keep up with all the stories we write? Why not sign up for our daily newsletter to make sure you don’t miss anything. You can easily unsubscribe if you decide you no longer want it. Latest Naked Security Live video [youtube https://www.youtube.com/watch?v=LGRpsYb9ZKs?version=3&rel=0&fs=1&autohide=2&showsearch=0&showinfo=1&iv_load_policy=1&wmode=transparent&w=775&h=436] (Watch directly on YouTube if Read more…


Helping Healthcare Organizations Mature their Cybersecurity Practices

Cyberattacks in the healthcare industry show no signs of abating. In 2018, digital criminals breached 15 million healthcare records. Alarmingly, in the first half of 2019 alone, 32 million healthcare records were compromised as a result of multiple security incidents. Among those was the American Medical Collection Agency (AMCA) breach, an event which affected 24 million patient records when an unauthorized user accessed systems that contained sensitive information. The breach ultimately led AMCA to file for bankruptcy, and it affected over 20 AMCA customers like Quest and LabCorp. Despite the growth in cyberattacks in the healthcare industry, healthcare organizations Read more…


Why Asset Visibility Is Essential to the Security of Your Industrial Environment

Threats against industrial environments are on the rise. Near the beginning of 2019, for example, Kaspersky Lab revealed that 47% of industrial control system (ICS) computers on which its software was installed suffered a malware infection in the past year. That was three percent higher than the previous year. These digital threats confronting ICS systems come from a variety of sources including nation-state actors. Take Iran, for instance. Over the past several years, the United States Department of Justice has charged Iranians with hacking into U.S. financial institutions, accessing a dam located in New York State and using SamSam Read more…


Assessment Frameworks for NIS Directive Compliance

According to the NIS Directive, Member States should adopt a common set of baseline security requirements to ensure a minimum level of harmonized security measures across EU and enhance the overall level of security of operators providing essential services (OES) and digital service providers (DSP). The NIS Directive sets three primary objectives: to improve the national information security capabilities of the Member States; to build mutual cooperation at EU level; and to promote a culture of risk management and incident reporting among actors (OES and DSP) of importance for the maintenance of key economic and societal activities in the Read more…


soapstampingmachines.com/slider/data1/panel/admin.php

[CWHQ:18441] Type: AZORult – IP: 209.99.16.206 * This article was originally published here www.MakingSenseofSecurity.com


Will we just accept our loss of privacy, or has the techlash already begun? | Alan Rusbridger

Probably too late to ask, but was the past year the moment we lost our technological innocence? The Alexa in the corner of the kitchen monitoring your every word? The location-betraying device in your pocket? The dozen trackers on that web page you just opened? The thought that a 5G network could, in some hazily understood way, be hardwired back to Beijing? The spooky use of live facial recognition on CCTV cameras across London. With privacy there have been so many landmarks in the past 12 months. The $5bn Federal Trade Commission fine on Facebook to settle the Cambridge Read more…


Someone may have accessed your account – Support

Dear customer, Your Apple ID was used to sign in to iCloud via a web browser. Date and Time: January 29, 2020, 4:12 PM NST Browser: ChromeOperating System: Windows Country: Argentine IF THE INFORMATION ABOVE LOOKS FAMILIAR, YOU CAN IGNORE THIS MESSAGE. If you have not signed in to iCloud recently and believe someone may have accessed your account, go to Apple ID (https://appleid.apple.com) and update your informations as soo… * This article was originally published here www.MakingSenseofSecurity.com


Hackers using coronavirus scare to spread Emotet malware in Japan

Cybercriminals are using global fears about the virus to spread the Emotet trojan. View Original Source Article HERE


Winnti Group targeting universities in Hong Kong

ESET researchers uncover a new campaign of the Winnti Group targeting universities and using ShadowPad and Winnti malware In November 2019, we discovered a new campaign run by the Winnti Group against two Hong Kong universities. We found a new variant of the ShadowPad backdoor, the group’s flagship backdoor, deployed using a new launcher and embedding numerous modules. The Winnti malware was also found at these universities a few weeks prior to ShadowPad. The Winnti Group, active since at least 2012, is responsible for for high-profile supply-chain attacks against the video game and software industries leading to the distribution Read more…


Don’t get sacked! Scams to look out for this Super Bowl

As the teams prepare to battle it out on the gridiron, fraudsters are waiting to intercept your funds One of the most-anticipated sporting events of the year is almost here. Like any popular event, the Super Bowl can be a fertile breeding ground for various malicious actors looking to scam you out of your hard-earned money or your personal data. A wide variety of scams target both spectators who are watching from the comfort of their living rooms and those cheering for their teams in the stadium. Here are some ways you can tackle security offenses that may be Read more…


Super Bowl 54: How 5G will help keep fans safe at the game

High-tech security features will help keep 49ers and Chiefs fans safe during Super Bowl weekend in Miami. View Original Source Article HERE


Super Bowl 2020: How 5G will help keep fans safe at the game

High-tech security features will help keep 49ers and Chiefs fans safe during Super Bowl weekend in Miami. View Original Source Article HERE


Ashley Madison breach victims have more to worry about

Five-year old data from the site’s breach is at the center of a new cryptocurrency ransom campaign, and it may be the beginning of a new trend. View Original Source Article HERE


What It’s Like to Be a CISO: Check Point Security Leader Weighs In

Jony Fischbein shares the concerns and practices that are top-of-mind in his daily work leading security at Check Point Software. Check Point Software CISO Jony Fischbein has a lot on his plate. Like many CISOs, he juggles the security of multiple corporate departments with thousands of employees, all of whom possess different personalities, security requirements, and potential risk factors. “A lot of these departments … they want to drive to the same place, but they have different needs,” said Fischbein in a keynote at this week’s CPX 360 conference, in New Orleans. Each day he is tasked with making Read more…


The Number One Cybersecurity Statistic That C-Suite Executives Should Know

CEOs should not be in the dark about cybercrime –Steve Morgan, Editor-in-Chief Northport, N.Y. – Jan. 21, 2020 For years now CEOs and board members have been flunking their cybersecurity exams. That’s because there are far too many vendor (and analyst) reports that fail to use easy-to-understand language, and concepts, for C-suite executives. Do CEOs need to enroll into cybersecurity school? We don’t think so. Instead, they need better reading material from our community. And it starts with some language re-programming. Our colleague and thought leader, Ann Johnson, corporate vice president for Microsoft’s Cybersecurity Solutions Group (CSG), and a Read more…


‘George’ the Most Popular Password That’s a Name

A new study of stolen passwords reflects the consequences of password overload. The most common type of password is a name, and the most common name password is George, according to a new analysis of compromised credentials found in the Dark Web. ID Agent, a Kaseya company, found that names account for nearly 37% of password types per 1,000 records, followed by words (16.1%) and easy-to-remember keystroke patterns (8.7%). The findings were pulled from a random sample of more than 1 billion pilfered credentials in the past 12 months. Passwords on average were 7.7 characters in length; the most Read more…


Threat Roundup for January 24 to January 31

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Jan 24 and Jan 31. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting Read more…


Ashley Madison Breach Returns with Extortion Campaign

The recent attack messages use new techniques to extort Bitcoin payments from Ashley Madison users hit in massive 2015 data breach. Five years after a huge data breach at extramarital affair website Ashley Madison gave criminals access to the credentials of roughly 32 million users, some victims are being hit once again, this time with a highly personalized extortion attempt. The extortion message includes detailed personal and financial information on the victim and demands a Bitcoin payment (the equivalent of $1,000 on up) to ensure that incriminating details won’t be shared with friends, family, and employers. The message includes Read more…


Name That Toon: Private (Button) Eye

Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card. A new month is upon us, and with it a new contest! Submit your caption for John Klossner’s latest cartoon (above) in the Comments here, and our editors will reward the winner with a $25 Amazon gift card. The contest ends Feb. 29 — you get an extra day, courtesy of leap year. If you don’t want to enter a caption, help us pick a winner by voting on the submissions. Click thumbs-up for those you Read more…


AppSec Concerns Drove 61% of Businesses to Change Applications

Some have even left behind commercial software and migrated to open source or in-house homegrown applications. Continue for synopsis or read full research report. The marketplace is beginning to pinch the software industry for application security failings and complications, according to a new Dark Reading study. Sixty-one percent of respondents to the survey, released today, stated that security concerns about one application have caused them to migrate to an alternative. Twenty-seven percent swapped one commercial off-the-shelf (COTS) application for another. Others migrated over to a COTS solution, leaving behind either open source (6%) or in-house developed (16%) tools. However, Read more…


Serious Security – How ‘special case’ code blew a hole in OpenSMTPD

by Paul Ducklin If there’s one open source project with an unashamedly clear focus on security, it’s the OpenBSD operating system. In its own words, its efforts “emphasize portability, standardization, correctness, proactive security and integrated cryptography.” Indeed, numerous sub-projects under the OpenBSD umbrella have become well-known cybersecurity names in their own right, notably OpenSSH – which ships with almost every Linux distribution and, since Windows 10, with Windows – and LibreSSL. There’s also OpenSMTPD, a mail server that aims to allow “ordinary machines to exchange emails with other systems speaking the SMTP protocol”, for example to let you run Read more…


How to change iOS 13 settings for better security

Learn how to secure your iOS 13 devices and protect your privacy by tweaking the default settings. View Original Source Article HERE


How to avoid the mistakes made in the UN data breach

Falling prey to a hacker because it neglected to properly patch its systems, the United Nations also failed to publicly disclose the hack. Here’s how your organization can avoid the same mistakes. View Original Source Article HERE


Embracing a Prevention Mindset to Protect Critical Infrastructure

A zero-trust, prevention-first approach is necessary to keep us safe, now and going forward. In the TV series Mr. Robot, Elliot Alderson, a gifted cybersecurity engineer by day, moonlights as a vigilante hacktivist for the “fsociety” group, which conspires to topple corporate America by canceling the debt records of every citizen. In this doomsday scenario, cyber anarchists aim to disrupt the financial infrastructure that supports the global economy as a means to bring about their ideological political goals. Beyond this dramatic metaphor lies a sobering truth: Our world is interconnected to such a degree that the notion of critical Read more…


UK High Court Approves Freezing Injunction on $1M Ransomware Payment

The UK High Court of Justice approved a freezing injunction on over $1 million paid by an English insurance company to ransomware actors. The Honorable Mr. Justice Bryan announced his approved judgement in a decision released for publication by the High Court of Justice on January 17, 2020. As relayed in the judgement, a Canadian insurance company suffered a ransomware infection in the fall of 2019 when malicious actors slipped past its security defenses and encrypted its systems using BitPaymer. They then dropped a ansom note on the encrypted systems. This message read as follows: Hello [insured customer] your Read more…


UN hacked via unpatched SharePoint server

by Danny Bradbury The UN suffered a major data breach last year after it failed to patch a Microsoft SharePoint server, it emerged this week. Then it failed to tell anyone, even though it produced a damning internal report. The news emerged after an anonymous IT employee leaked the information to The New Humanitarian, which is a UN-founded publication that became independent in 2015 to report on the global aid community. According to the outlet, internal UN staffers announced the compromise on 30 August 2019, explaining that the “entire domain” was probably compromised by an attacker who was lurking Read more…


US Interior Dept extends drone grounding over foreign hacking fears

by John E Dunn Now can’t be an easy time to be a professional drone pilot working for the US Department of the Interior (DOI). After years of enthusiastic expansion, in November 2019 the agency announced the temporary grounding of its fleet of Unmanned Aircraft Systems (UAS) over hacking fears unnamed sources claimed were connected to their manufacture in China or use of Chinese parts. This week, the DOI doubled down on that order, with Secretary of the Interior David Bernhardt signing a follow-up that will keep the agency’s drones on the ground for another 30 days until a Read more…


Financial tech firms disagree on ban of customer data screen-scraping

by Lisa Vaas For years, financial technology (fintech) companies have used screen-scraping to retrieve customers’ financial data with their consent. Think lenders, financial management apps, personal finance dashboards, and accounting products doing useful things: like, say, your budgeting app will use screen-scraping to get at the incoming and outgoing transactions in your bank account, using the information to power its analysis… …putting your privacy, passcode and other security information in danger of getting lost along the way. Because of those potential dangers to people’s privacy and data, many in fintech are urging the Australian government to follow in the Read more…


Jeff Bezos met FBI investigators in 2019 over alleged Saudi hack

Jeff Bezos met federal investigators in April 2019 after they received information about the alleged hack of the billionaire’s mobile phone by Saudi Arabia, the Guardian has been told. Bezos was interviewed by investigators at a time when the FBI was conducting an investigation into the Israeli technology company NSO Group, according to a person who was present at the meeting. Reuters first reported on Thursday that the FBI was investigating the role of NSO in possible hacks of US residents and companies, citing four people familiar with the inquiry. Reuters also reported that the FBI had met Bezos Read more…