Collaborate Disseminate
A bunch of fairly recent Android phones suffer from a nasty zero-day vulnerability. The flaw is currently being exploited, but by whom?
The post Android Zero-Day Panic as Ancient Linux Flaw Forgotten appeared first on Security Boulevard.
Continue reading Android Zero-Day Panic as Ancient Linux Flaw Forgotten
Android smartphones are vulnerable to a zero-day exploit that Google thought it had patched for good two years ago. Continue reading Android devices hit by zero-day exploit Google thought it had patched
Flaw impacts 18 Android models including Google’s flagship Pixel handset as well as phones made by Samsung, Huawei and Xiaomi. Continue reading Google Warns of Android Zero-Day Bug Under Active Attack
Like any competitive company, a spyware vendor has to innovate when its proprietary data is exposed or stolen. For Gamma Group, the maker of the notorious FinSpy spyware, the definitive moment came in 2014, when it was hacked and information about its software and clients was dumped online. Since then, FinSpy’s authors have revamped big portions of the software, improving the encryption and making the code harder for analysts to parse, according to new research from Kaspersky Lab. The updated spyware implants for iOS and Android have been used in nearly 20 countries in the last year or so across Asia, Europe, and the Middle East, the researchers said Wednesday. In Myanmar, an ongoing campaign has infected several dozen phones. The researchers suspect there are many more victims out there, given how popular FinSpy has been with government clients. “The developers behind FinSpy constantly monitor security updates for mobile platforms and tend to quickly […]
The post The developers of the notorious FinSpy spyware are innovating — and thriving appeared first on CyberScoop.
Continue reading The developers of the notorious FinSpy spyware are innovating — and thriving
Since a February shakeup of the management structure of Israeli spyware vendor NSO Group, whose software has allegedly been used to target journalists and other civilians, human rights activists have stepped up their scrutiny of the vendor’s new private equity firm. The probing of London-based Novalpina Capital, which now controls the NSO Group board, is an effort to highlight what critics say is a failure by NSO Group and its investors to prevent the abuse of the company’s mobile-phone hacking tools. Now, the inquiry is drawing attention to the unexpected role that pension funds in the U.S. and the UK are playing in the standoff between the Israeli vendor and digital rights groups like Amnesty International and Citizen Lab, a research center at University of Toronto’s Munk School. In a letter last week to Britain’s South Yorkshire Pensions Authority (SYPA), Citizen Lab Director Ron Deibert asked the pension fund to take a hard look […]
The post Rights groups probe investments in NSO Group’s private equity firm appeared first on CyberScoop.
Continue reading Rights groups probe investments in NSO Group’s private equity firm
The security industry has more than its fair share of buzzwords and gimmicks. End-to-end encryption is not one of them. The recent discovery of a vulnerability in WhatsApp has instigated discussions and spawned hot takes surrounding spyware and export controls, with some declaring that end-to-end encryption is ineffective. With this particular vulnerability, spyware created by the NSO Group could be uploaded onto a phone through a series of malicious data packets sent via VoIP calls. This enabled access to the content and data on a targeted phone. While this particular vulnerability may prompt concerns over WhatsApp’s overall security (a patch has since been released), it does not negate the value of end-to-end encryption. Furthermore, the current negativity toward encryption perpetuates misinformation and provides fodder for governments seeking to undermine security and privacy across the globe. Yes, end-to-end encryption alone is not sufficient for complete security and privacy across every attack […]
The post Stop demonizing encryption appeared first on CyberScoop.
This is your Shared Security Weekly Blaze for May 20th 2019 with your host, Tom Eston. In this week’s episode: A serious spyware vulnerability in WhatsApp, San Francisco bans facial recognition, and a wormable vulnerability in older Microsoft sys… Continue reading Critical WhatsApp Vulnerability, Facial Recognition Ban, Wormable Flaw in Windows
A buffer-overflow vulnerability in WhatsApp is being exploited to remotely take over victims’ devices. All it took was a missed call to infect the app on iOS and Android.
The post WhatsApp Zero-Day let NSO Spyware Pwn Phones appeared first on Security… Continue reading WhatsApp Zero-Day let NSO Spyware Pwn Phones
WhatsApp has patched a vulnerability that allowed attackers to install spyware on victims’ phones. Continue reading WhatsApp Zero-Day Exploited in Targeted Spyware Attacks
A WhatsApp zero-day has allowed an “advanced cyber actor” to successfully install spyware on victims’ phones with no more than a phone call. Continue reading Update WhatsApp now! One call could give spies access to your phone