Category Archives: NSO Group

Rights groups probe investments in NSO Group’s private equity firm

Posted on by

Since a February shakeup of the management structure of Israeli spyware vendor NSO Group, whose software has allegedly been used to target journalists and other civilians, human rights activists have stepped up their scrutiny of the vendor’s new private equity firm. The probing of London-based Novalpina Capital, which now controls the NSO Group board, is an effort to highlight what critics say is a failure by NSO Group and its investors to prevent the abuse of the company’s mobile-phone hacking tools. Now, the inquiry is drawing attention to the unexpected role that pension funds in the U.S. and the UK are playing in the standoff between the Israeli vendor and digital rights groups like Amnesty International and Citizen Lab, a research center at University of Toronto’s Munk School. In a letter last week to Britain’s South Yorkshire Pensions Authority (SYPA), Citizen Lab Director Ron Deibert asked the pension fund to take a hard look […]

The post Rights groups probe investments in NSO Group’s private equity firm appeared first on CyberScoop.

Continue reading Rights groups probe investments in NSO Group’s private equity firm

Stop demonizing encryption

Posted on by

The security industry has more than its fair share of buzzwords and gimmicks. End-to-end encryption is not one of them. The recent discovery of a vulnerability in WhatsApp has instigated discussions and spawned hot takes surrounding spyware and export controls, with some declaring that end-to-end encryption is ineffective. With this particular vulnerability, spyware created by the NSO Group could be uploaded onto a phone through a series of malicious data packets sent via VoIP calls. This enabled access to the content and data on a targeted phone. While this particular vulnerability may prompt concerns over WhatsApp’s overall security (a patch has since been released), it does not negate the value of end-to-end encryption. Furthermore, the current negativity toward encryption perpetuates misinformation and provides fodder for governments seeking to undermine security and privacy across the globe. Yes, end-to-end encryption alone is not sufficient for complete security and privacy across every attack […]

The post Stop demonizing encryption appeared first on CyberScoop.

Continue reading Stop demonizing encryption

Critical WhatsApp Vulnerability, Facial Recognition Ban, Wormable Flaw in Windows

Posted on by

This is your Shared Security Weekly Blaze for May 20th 2019 with your host, Tom Eston. In this week’s episode: A serious spyware vulnerability in WhatsApp, San Francisco bans facial recognition, and a wormable vulnerability in older Microsoft sys… Continue reading Critical WhatsApp Vulnerability, Facial Recognition Ban, Wormable Flaw in Windows

WhatsApp Zero-Day let NSO Spyware Pwn Phones

Posted on by

A buffer-overflow vulnerability in WhatsApp is being exploited to remotely take over victims’ devices. All it took was a missed call to infect the app on iOS and Android.
The post WhatsApp Zero-Day let NSO Spyware Pwn Phones appeared first on Security… Continue reading WhatsApp Zero-Day let NSO Spyware Pwn Phones

WhatsApp flaw used to install spyware by simply calling the target

Posted on by

A security vulnerability in the popular Facebook-owned end-to-end encrypted messaging app WhatsApp allowed attackers to install spyware on smartphones without any user interaction, Financial Times has reported. Exploitation of the flaw could be trigger… Continue reading WhatsApp flaw used to install spyware by simply calling the target

WhatsApp flaw lets spies install surveillance software with a simple call, even unanswered

Posted on by

A serious flaw in instant messaging service WhatsApp lets attackers remotely install surveillance software and spy on selected, high-profile targets, the company’s security team confirmed today. The attack was discovered earlier this month, the B… Continue reading WhatsApp flaw lets spies install surveillance software with a simple call, even unanswered

Human rights groups to ask Israeli court to revoke NSO Group’s export license

Posted on by

Human rights advocates, including Amnesty International, plan to file a petition Tuesday in Israeli court to revoke mobile spyware vendor NSO Group’s export license, citing alleged abuses stemming from the vendor’s technology. The legal action is an escalation in the confrontation between civil society groups and NSO Group, and comes after the company’s Pegasus surveillance software was reportedly used to track an Amnesty International researcher. Pegasus is so potent in its ability to compromise a mobile phone that it requires a license from the Israeli defense ministry to export. Where NSO Group’s spyware has been reportedly been misused, “we’re going to keep looking for accountability on a case-by-case basis,” said Amnesty’s Danna Ingleton, who will submit an affidavit as part of the court filing. “In the meantime, there has to be enough evidence to revoke the export license.” The legal motion, to be submitted in the District Court of Tel […]

The post Human rights groups to ask Israeli court to revoke NSO Group’s export license appeared first on CyberScoop.

Continue reading Human rights groups to ask Israeli court to revoke NSO Group’s export license